From d3e24f2ecde5aa23aa7b2aed806725350f490629 Mon Sep 17 00:00:00 2001 From: "Maciej J. Karpiuk" Date: Tue, 14 Jul 2015 11:31:28 +0200 Subject: [PATCH 01/16] Encrypted Initial Values: re-factoring the schema to support new requirements. New requirements are: support for encrypting data and certificate objects. This requires providing hybrid encryption: device key encrypts AES key, which is used to encrypt the values. Device key cannot directly encrypt values due to block size limitation of RSA OAEP algorithm. Change-Id: I61f52bad74d7cf2f6018a1e0e38cc852a932619e --- doc/example.xml | 142 ++++++++++++++++++++++++++ doc/example_device_key.xml | 4 +- doc/initial_values.xsd | 24 ++++- doc/sw_key.xsd | 2 +- packaging/key-manager.spec | 12 +++ tests/XML_3_encrypted.xml | 244 +++++++++++++++++++++++++++++++++++++++++++++ tests/XML_3_encrypted.xsd | 154 ++++++++++++++++++++++++++++ tests/XML_4_device_key.xml | 32 ++++++ tests/XML_4_device_key.xsd | 41 ++++++++ tests/test_xml-parser.cpp | 31 +++++- 10 files changed, 679 insertions(+), 7 deletions(-) create mode 100644 tests/XML_3_encrypted.xml create mode 100644 tests/XML_3_encrypted.xsd create mode 100644 tests/XML_4_device_key.xml create mode 100644 tests/XML_4_device_key.xsd diff --git a/doc/example.xml b/doc/example.xml index 7b07961..9c0917c 100644 --- a/doc/example.xml +++ b/doc/example.xml @@ -1,5 +1,18 @@ + + + QL/5RW1VfS1uya04CWkVy1eykdhnRaTFiQ6Lcv0XFYhqgUKp6+PxxT1xjaz8TCVp + UcKorZayMPCuStRAylViZfxHFhXKR3awH+FcnGMZrhV6kORy39YCba0NGc5eAk3s + CBPYdRRiV7ejJSOI8n3zFjituVhHLcLuZB6xHvQQpQFFYV0BuF3BXfx6roP4+Olj + bZ1fYDrj8QIzqi3RV/ORGbl1BqHVRoMN/5XB+8oVKVn/EMRZPao4hnkV3pTI01Ss + Wid4fIHzBpi8rkkxr80/ym2BkeA/piaPNGOQtKjVfBOn/SuR2LQJreG6QbI6MYXC + ZVOanzc0euaenw1q9b+yEQ== + -----BEGIN PUBLIC KEY----- @@ -71,4 +84,133 @@ + + + + BflJyNgOcGyJSqTegG+y7MJXI1crgsGY3PjFfMpbmMbwJkVexvxoEPdf2yE5Z7da + 6Vp4Qo2WOCUv/hllNTfm/dH7kOJOjcs/vaV1eRIfzEx3hvgKOyP82Hhkm1POynsF + 0GyMm/VwtJFwFHA5DaJzwLln2/AoD//vC731Qhucw0Zvi2hi74d6igPog9EugIj/ + tStvpgiNE6/Hb2ZRMDswgZ8o+tKCn+QHktR/YoZ19HfX7nDVRkMQxsiA8P4zO9Do + +iuiu/mGPVavlZA3df47TLG0kz+sz72jzPeEbfmvQo3gHWSuJ87TUwIcIoXDvaxY + xE8/On5OTqJy8HZ+jGvEThKI/96LQsFqKlEeGGenvzVJ+BVAF9x65uOkRll9yE6v + FIQcqbgipuBkdC6XLLaWTMgs5iiWvMn/lpNYrfZr52/TKqr09mNdei6yGvy+YuG8 + vu/xN7/3An/zE4FOIJadgI5eADj+Dz7exml3tKTuuDpR9fhxiXd7HmZhCCf11C3r + 54S6X9bZb7335L/5UfLxs4jMMfGhYD+1UF1Qb5zVW9IVMZ+owGeC6QQPUiX6HAxy + Rx7kLzd78uSbLNqeuiUeGiprxnuwMY2BgSqLq4WNCDWxY4hGTdkC7yg6DgY+L9Lz + wqVuJ6STmK9Hj9bL9YUe0KrzmVUfmsaq5PL+gfcv+S5lp2YlKw1cIVP9utw1ZuOo + j25EozWU8J+tuEa3l60Mmmh/sKzH9SH7C9EscwTYWOYjYYPwfCM9UIlNE9lnbl9s + bzkqJvaaXpB/HVY/b4wrldr1rK73+y9LOOzfNpV4L+R4spZXXjZ2HIW/iKQj/c14 + + + + + + H/1CXNoQJ13MLdMESto1BHP5583n7fbwkN4mRVELQepeJNUhX2Kc+6foG3eTOBEH + N/z5xPFlYZLxeRArknVaCE/2Nmrk9STQZpja//B6FEXTUg4PbVEQl1zE5vJV8RUE + W1jetcEoxPZtNirqH03P1izud/vQVCQRy+WYe00Nm/MluGTJ8sytW+k+wCO+GmHf + 5vyCal0xr+o2rIHzPPJId3eg/6IbWCAmOeNU+l03im98zSrqD9bG2cdgdciNUb4B + ANCv/3r+Vx6Xcs3N1p33ewXP+suCqDYBUE9YwsIaZABMB9yk02cuZtpeYytBCkNk + QzESDqzFoIV3JREjxKL69VyJWm+ttL4OnrAinZIndJ/0zk77Dg64vg63HBRGL+qi + w9C5eOXfIWylfUn/CMmHbRjg378G2svAOAynZhHmTLWqfviGKJcS6Mulxs2o/egL + /uuITbEQNKPX5LVvtBPygUPPgV66Q3zjBGX/vbPwpMn/M8Z5gOOrUfoIKTTTh7a+ + VwkujHjC68TJ21AJSauTH7qg291cQZOMeC3LfXXjCXQYg3qOyJnlmDrfZFfnzRk6 + W4z6i868Dk12B8KDXtSPSR9AigSiooTOgvhqVk+diILYBdpwfrEUTIt2Cq5hgcoO + 2e9gIe03vxD3dxOQjvEC7XYbdWeB87mlEgkOKjm9sC/XRJCnF33xVJPxsc+ixoRk + 4udR5UdYVZMc8tkGIgO7v/aOJyaAwSnRc5NVA8L+4w/0MUNtfD911buUzeV/wmwg + q/YqNI7AluNifXEK5CTYBP0CmAVlGUC3k4Q0W+gRIg1peiURl0pvantE26NXsNEr + GuIHCkKrQcUKkcCpCGeAuzjZAfXLdtEm9oLg44BGBNEP6cBvgoryJATv5XPSR7TJ + SvKPQM/hkPwc2NIzJEFP2729+HagOp2ANyMob/5Z4dE6ynDpZ1hTBBRanI6WBerX + SBClj+MnJJhnxUsSXL9r6O9s24ajCqNUib8K8M+P5+7+K+rO07C+ckzNiy9j7uyX + RZm7eWfsZ7zbjwKsFPqBp0v0pDUJZ1LvTwpL/OOHE19LDE0sdpVXJqp7JyMbnFvn + yiT7xfFAOp0kseCee0UVk4V5Og4u+vdSrjt6HBFcueTnE1OtDkMlX0sSL3+mEyF+ + +mkPx8bIkSvvitoPHfipP13kG8qBQ/yKaKjCgQYb7OwFOGOtwkaUaqHRm0GEBxe1 + xr0v1lyJzpaS6ZMU/kSH2QGNrfhiiif9+nlKiUbfPmUMKqrLKAYn8KFEDkU7Wrrm + /cW0Y+cCntKyhszBs8jcKHyoJDCi4imUlZHg4t4MwYrD8GgaeBfUxPP5rUroHMRy + 6K/UKXhraU9CoEtKIyAk0oXH3JlqCz0WRxjA322kAhVxDYIHa6D1pSVFY1K8FXfq + 0hSZOw4yFBYhyEIwBkstpNiRXWtFR1xRlVTdb9ksmAPTfr0TyNWbygz8Pa6gz7qx + j3B+24jAShhq8PHWxpJgfsObLsr4aASNZKSxpzSC140o+BTxqmSIjljdTKF+golD + /XBwmrhqsfI/3mRocIte34Pcfqj0T3zKUZ45zRLQGvA= + + + + + zuBDjp8ptFthrU69Ua5cfg== + + + + + weK/LmGIPHeNA2YipqJa4B7DRMJBaoGSldawgSDQeIIIXgrmypSH42Gbm6m09gp0 + Wn0frkCcALHGxJyDK3rOsWDjJisYweblBgcFGa/eG7DiLgL1mv/fjstjSda1bh8x + sLtmKCrYPPZI6RVEZKdl6oBXK7+uVavY9vdo69DrTZulZMGR2NW3i665kTVhvIUn + 6HYQe7ibU2oQJYr166ZI8WviLFsEVOWOgi+EFulVyn5vUHXjyCIlKi9xOfE7opMh + qeciELIFZCb6gFLmp//P2C8BRnkJ2bIdem+Z+l72W+jLmhdQx70y6toZS6YuK+TD + LGdD8AFH4rFlkFUcp1O/MQinS3w67dBj6/KniYUH5OurOJFTDt446LwctYujshTQ + IgPHT0uREoxQKbf+Sw5FGR2alXLntzeW/r7OG9oOLuXh0jOVM1z+hifxC87y20L+ + 0EHcCL7yB5q1ggs9sucLXKq3WrKz8nLXmeWB5zUi8LPRGM+avcNnlfB+OAXUAeB9 + Z1xeJwmva3eIG0GCu+pVD3O7dSHfCAZpZfvsqxkhOrZKBUJ5prg/0Qy3S326xYCk + z41oKF4KlGVTj46f7CxvC/4KLSLzhHdu1LGIKleaU+5ITSAUu8AUxRg4Jl9NjblW + 3ZOqV0Rd7jkheOg5WlSdyD9Ku2pIg9A8uWylUNMgyFIhep23S3/JVC0fUa3Sj3Gq + 7EqI3EPl5tAjXs23kndfz/9iHstsRpVlH1A9iilBRJlUKHsiN9H3/lGQ5BjU0lVr + v33X1BJhMc4f3F52AQMvCPLvTbpqqJwGKJ2A++ok9mZdxeR4ZapKWhiw+N2bbOWQ + I+Oil9f1KC2XKBB9QDK0bBQsOn39PaZkrIztD4pyhMduoohX1BP1KmLQ7RohLJc+ + aVg/OuYub3D1aw0F3r5TJGGbrxmrYA1p6i+JktwUnBYw8vaPM8Ucf5rw4LI/18PQ + fkdSc6J4z/ExxVvSOFMyZQiK+YDSVKtVw/3lZSzLyNx/pyZbX785rqn7zPfsT81k + mK8fwcrTW3KPf+cdrGzL3y/TIXCGwIX59fXsjhS9R8JT7eO1NcggEwT/jCIei1Lo + FawJolBSguIQxLZjpAQ8qfbghU6HvSJHcKq+ZDZ/sM4EGaPd1y33WBYp6ivEHFhu + TODFB2wa+vCmhQqybAXg5HCVUsimq3zru84/67uP0sbMz6mWMevR2nW+CUP1DV5C + XaPiJe223zD7wBh+M+FxIb1zufh21if0NxyJtt7vfZNRxUC1LQ8SpwCTRTqKoZ/m + KCDPm8EyL+xuVL1IYU3U5DYv6JEzpiyRoMIHQrZ1QPc4G8SwU4cyxqlyGHDMDUGk + 7uIC18lu1qVeVzz1B/E894q7aE00kkmBG5gtyoPeBUM68EYZy/xL9HtCgF8dUgsD + ryx2lZC/V5A/7nbHWiGffqaoNRP8VIQjgtxUQHHqKRP1E6VKpcTqr/D8oRm8nVuU + ZhvUkmNSZmV/pnM+s75/I0Z1hWu0atTa0Xo2B7bvzz0gIcGG+YhCzVZ/Lj/7BfDL + fqqrIoYW4XGrbkSYHiNPmHip5A9FNkZHhxzFKKlRHfrQUO95j7qhAZkpdxSen6Td + Ba1xqpykFJ5tFCl9nXioNEdxPfMaHgrGwPy4TILKh4hW6rlfvMB1ZxRxVDjcRoKf + EPwcFm78nSwtt+7Z5wII0XXG2pkD8PiabFTZGCn/7VtQiEM0mcwYvCJTt9dD2Tms + fbjannZ2L55xYPLquFVBZ/Xn6RxG45qArjJjAT9vOPg84XRtYbwVPvcMzzUpEHFU + TctcNVnus+1eXqPdJ/tpJLeoHl7KQY1AoQAfhGXwnnvyKOuX0niYcFMJMdSzwA11 + IDlb05CAunySC87Jy7I7dZ5riCYh3cWJ3t+rkARXzjKYkXqwfvkbjiGNMU5cds/w + IaCIgNiOi9FqvUYMWfiG9CdiVm6fcHvfZur2Vq3lCBlq6LhYi1rcXR+0Ghc0NFcT + HNuk8qdmBEUrjd3T4qLp0b7pniaF+7rqup0FU3eAW+X4gGkYA1YT8DY5XW0N702b + A2OJkwLi08GiemQjJgtyaA5VQblWEPlkTHpEBqsqb1JpcFWD+Sp1Yabzxr8bXp1h + GxizqXPyMOxJby5YscGm2UwepFW9BPxsrFSU1k7wTCq1Yu9tEFM1Qv9lMo1+Qhhs + BXK6uP/+TMJhREENxtBsq0faGC1f8qNJGc/W3SbUrbVmwaE3jMU+5hYRV7MpYAFD + +T6ka2BbNqMp/WlNjeX8Z4smtpKuwhLdcyVzCU0hm7E+3RBhSlVtacrqGt3i6Wo/ + 8wfNo7IsEYEDd2U6JP9AOZ1Gu5LMCiKpM5NBNCUiBNuUUkgVK8w2YxmF1WBYiXOk + KF4W0+iwUnl7iyDTv2StXT4CqGPApz5Zs1MUTsakH+T9dl/95hjy86TSStV6Hn9p + 788QZ3P7++ML5F1J9hj1Yo8NyZbecOr0EKTSigIWdcnJQ1t9stUQOsnsUqrKdvkd + RpQ30LMrtOGRa9qGYZHl5IjfvGJMRBzemI7i10AcKRM7ntfGUOP/lmDUofBfajPe + JyC1aoLhwr3G84eWf5ZlYc3HB+o4EU3EloHY3re3TnFUsbNlp2u9hMcsZttZ4FQY + Bg44RJnoshVCgiUztLNwFddpmY9IT/aX0I9FRd4076S0YiCemdksetKwC662y3kP + iGTIeHys/6RmxSePJw60LcQyfVst11J8o67z4d3C9qi6N91m+Vdwz+1qs7MM6uPw + SAoy1HPeUleshGydRzaKd01lIMPwNZhgi9Uvo6tVqBuOEkxPyX9HAbbaAhvNTnMC + Dcl/eQEqbIdwUAv2iscE62w4sEUngHYHibpo57kJ9pMVioI5yuPXCITojDtSjYwH + O92VlE+C49Df1beIyN8wTF5yllIBnEPwUZmN1pYFWUL4x3BI7HRbW6+e50dXx946 + k4iKFRknFCXtDnOzWBw4wUfZENilbEOxI2mVvnJtuj2lDgVLYnrnpoLmfjFUZ7l/ + d6ett+7qJuZ+dHSIPlj+BhfnRFhu4w9bt+J55qh/8qs93SWvFd3xQ3eRUlmKERwu + 3GYIdv4S4X4VHVxiS55AnclWBivpoHl+pEDRpDuOCy+siQ2Gz+rYHbC7Dy5By6uF + m/8WiVT+d5ea05B86fcyWj3hB/t/lkJiHDMdPzSyk6Zf9ghXRb5elvPZv3y9H7Yr + 2/inakeNW7uhzdNwtmIfZUwjo3nppScq5JRkMUnpnBPT3RPDwMPg7pInz/VSosTT + dmpwKFIFdHdQdUJDLqyJpduhR7wvDU+hHcaEo9u1jodMMOE2duBKyaYOoqz027yt + dKztGmYtqlTHuSVirDJ9osqIpA9EWPXgJ4222b1/FfoE+pOON59BRcsW4/E2i68v + tGDji+mdzLGBpKoz1gaWzal5wDcceUzU6Eeaa9nqyYI3zXoTpiKrzZ58hB13l6Xy + QVuY8jfU1av9BV5VdnyBeuJ/mQz2lms1LhFtRRF/0oS7LeeAxX9JUPchdMOiXcfo + KQNTRAxR/+CXh4YFH9aP/JQJM2c5YL7qppalhbavWVHlzOCc0bepiAQlKfq5VMox + ZZBjy/xZ7SVhGEYK+ycwd/gCB04E7H6gMzlP1xJLpi7hfW7iXJgW9AHPeIqJI4no + o1arl4uFQwS9Rw2o6Q6GK3uFf7TMdKOPmx0efHSi7yIC+WhUpS2MrG68/UsQZPkc + LigR1b1QEUmXVIh6szYJSlAuDdy9VKo3W1A6xdFUXmzxG9yOloZh9IsxOdLRfLOE + bJLgabgKes8mWaph3PHgNPFK8rjsX1iINu2/pTvP2YsZEXg8RHY2y2fXGp+SAx6x + XcW1kl+xITjKJOVxmafFKYDTc+yWdJsLdup6rznnQuqTKqcZaKDOoDDXQPlZW6n1 + ZvHHOIRez1UcLw9kmKOmVyiTGow1GWkuYk71dE1a+JylpIlp99uH1+Tt1eqNRQEC + myfG5NajUBNc+GA1FZCB1Lm3S2noMymg11NF6dZ1evLevD6JCKVQuojGIdx28zz6 + MX1Xb08aRm3zEX/oY2IPuFxvNbLmnJMtnFn+6/Kboe5pXAI5CChqyL0zSlx2z/hJ + /KZQkps7G4V/Mno59Qb2F5BE4as2uyhr0dGLAOlVRE9AabU5Ci0QbzDzZhvnOcg8 + HJeOY13+8zfxpDZrw3ZORuVR9/+xv1ItFlu++wb9BHtBxiWAu3hxQk7RE3AleAoB + avTuLW6BLgtjqDmJKF9sKpBBCMkqzYTQdcEw9FNInc0= + + diff --git a/doc/example_device_key.xml b/doc/example_device_key.xml index e191221..dbf6b85 100644 --- a/doc/example_device_key.xml +++ b/doc/example_device_key.xml @@ -1,7 +1,7 @@ - + MIIEpAIBAAKCAQEAyJjUHY2pJJUBRBCrlerrgcS7aBiWlY3594dufu3m4qy48b9hsw1R/AHSNUPU 11vzQ+kUcXkEZOby5SHRHBAXIJ1dLbTPtRwsVwgf1nmc/ZGGV/XOrOaKi7nSKgYHaglPgc9dLPuu osRHs/EdIWh3o59MdY6rA6y+QTJrQm3axRKdT7unX3kFS3SsId02GWBkLtrw+yQVtvhCYlY/n2/T @@ -23,6 +23,6 @@ MG+ueiqvxWRJCy1PHbPTWUmPQtsbUkOMqtJZLpzZjXO5pkkCgYA9uyQ8os9yfjALc1VDZ4HtGxaC Uq8zy0jJEJxchRn1JUNHop/skaRA65x613lWDygfNCuakozjP5x+GA5WEIuxIE8V7JPac1zpEZW4 5nwmxoR1l3HUDT8kRYkLzMIo55PpLG9arNLwH9mSRh/taG8020aGg3nFSNCJNDs12x/9RA== - + diff --git a/doc/initial_values.xsd b/doc/initial_values.xsd index c28c33c..9a836fa 100644 --- a/doc/initial_values.xsd +++ b/doc/initial_values.xsd @@ -4,6 +4,7 @@ + @@ -52,8 +53,8 @@ - + @@ -86,6 +87,9 @@ + + @@ -104,6 +108,12 @@ + + + + @@ -123,6 +133,16 @@ + + + + + + + + + + diff --git a/doc/sw_key.xsd b/doc/sw_key.xsd index d4434b4..27f3d7e 100644 --- a/doc/sw_key.xsd +++ b/doc/sw_key.xsd @@ -19,7 +19,7 @@ - + + + + QL/5RW1VfS1uya04CWkVy1eykdhnRaTFiQ6Lcv0XFYhqgUKp6+PxxT1xjaz8TCVp + UcKorZayMPCuStRAylViZfxHFhXKR3awH+FcnGMZrhV6kORy39YCba0NGc5eAk3s + CBPYdRRiV7ejJSOI8n3zFjituVhHLcLuZB6xHvQQpQFFYV0BuF3BXfx6roP4+Olj + bZ1fYDrj8QIzqi3RV/ORGbl1BqHVRoMN/5XB+8oVKVn/EMRZPao4hnkV3pTI01Ss + Wid4fIHzBpi8rkkxr80/ym2BkeA/piaPNGOQtKjVfBOn/SuR2LQJreG6QbI6MYXC + ZVOanzc0euaenw1q9b+yEQ== + + + + -----BEGIN PUBLIC KEY----- + MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzIft00bxMjLwkweLexg3 + +dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17jj5TOO4tIVzTUT6b/RxZ1wui + tagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA4IfzzTQqJEaB + x8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2 + QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t8 + 9paSCZakBt8SGjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4 + m41dD/Lzv0ZQE1mSDwxjrZWpxOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA + +wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQTEr8wX12cT1fLmGBwAgbgTdzz1Kp + f6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPfVRgEuc3mLESGDNp4 + +klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5JiwRTZ + 4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+ + 8lLQwmLiBLx0Yr/RXKf6gJUCAwEAAQ== + -----END PUBLIC KEY----- + + + + + + MIIJKgIBAAKCAgEAzIft00bxMjLwkweLexg3+dmcibxEJRf6veU+9uYMLxnZfWS6YX0EGab6Ab17 + jj5TOO4tIVzTUT6b/RxZ1wuitagFvGhm3Uy6pMvj64AI1e3IjZ6TAQKw7Fb+YO6r7X9gzY8MnAKA + 4IfzzTQqJEaBx8yLSKIcza6SOxcUywNb1Ij+ro7mTus3fLP3ZbhEuA/sd3+wsgaw0uL04kgC72H2 + QNv3kBPuYdQQrXhoxCcIVtSIl8pUfI367KQQ3MsXCucjkAvm6xAr/Wig91yue6t89paSCZakBt8S + GjA6mSpmrp7lPlKE9FYZ8Sxgj3H4fXIcyyD0aOa0RxZBE6t06OE4m41dD/Lzv0ZQE1mSDwxjrZWp + xOzblliTiGDLhdWMF3zxeDhcWY9cTALOedJI3GNA+wRMf3yd41q6yvTC1rVd/+R6P37JIudLZqwQ + TEr8wX12cT1fLmGBwAgbgTdzz1Kpf6AeVzqY2OYgdOHMCQzcTg9PqdS4V3mUq6gnguhf/2iTgCPf + VRgEuc3mLESGDNp4+klR5zlh8+kN5ZjfzEgpZ+eWlDesNBBCZni0ELe1+JHD9V5oaloLEOk5e5Ji + wRTZ4rsmBqOwuglHFW52dIZEG9u/20taQMImzIym1nxl1e6GoL+yeNVs6oK90+lX3s7+8lLQwmLi + BLx0Yr/RXKf6gJUCAwEAAQKCAgEAmHp1yN7Ijd4AD/y99WTWxkN/OgfK3cSEv/EaAcL7LlodFCh1 + 8pva5KzhEU8Lv72jGXwm1Qp418bPT+FE8NbR1I+QxycmGLFNK/J81mK7M5FzxHCFs2koMOmh9u23 + 6vTdXCHbCqurHLj9/ut2x1hxBFzvMZT52DTe+4J3k+nLGiWPiN8rv4YH9cXNGF5JjNcCOQxO1Em8 + pVthqRh6Z7Amf6/9XcIeI3yPemOb5zAaPXFw64iBd+H5QVYG5DPb19r9XjQhUPjbcq3/4qmLwtLT + 9JnIAbH2UtEWk8OEzA8aQfBfgxjN2cIe0Pd+fTJASHU8FgtZaqMjnyNuHJXkMIFHSwrn4IyVJgSK + 6wX2IQ+7vJoWQyg2w6DbpSRqcyqNvHiJ7z/4IcKC7zCT/Wv/DgmIl8W395UThEMvdqxQtiDLkxee + RpNqFU9OCw0Bd3tJr4bR2VCigikOhP2noSbhHNxgYRdwXrLhuMmygnEgcCTGzUZzNk3ZabdXgo1O + bCdHrK3Fe1iHm82JtDAWLZo6KjXrlTrDKM7RIbvKFDvp8Omet8GGCFcFU5cz+QBWgUyLSdxR5RoE + jBbe0a1KUptdQvXmYiks0krd3UdO1mVeHel4CcMxn8+iHn8SaSbPggFZ8JnuwgtNo0soVKsWGATH + 65Xe7nskmrnDFUheoKmtUWPpLUECggEBAOUt+OX80jqYuPsgNWHH1MxMwXR+fw5N68LWJXIdWw5H + 1TYDjwA1iBFku/O/xx7Jag7Y0A2l1Z+3pMZmx64KaSu5VWwGvM08kPXxUXTAgI8qGfS395mqv+MO + GFTs5r9QyM//sm5D2osdK1Urs2D7+3r6QDXbNhhSeWG4fYhwzfgOwZtZkEcqa5IHqYoxDrJ1PrDO + UCx6xUAkWBEsSclzT3/5CpdcqKkbwxF8uPF8zs56olJyU81HDoLIlQcw7HgcP6w060I0/zX4MFMD + /Iq9Umb38mXPT1HjkQytHN0n0DklpgooGXzdeTfO1HgW+jY9gP398BWdkKpm9xcFddATlT0CggEB + AOR3gVRswKrXGOOsUdV3ErJF1lKYssYxq2neKA6A0WvEqgKHOgZO9ztD6/UgX41uc+3rKfvmY5As + ldGZgd0ov/DyeF0N834LeBVayG1fdcEtamqjfVnQSHY437JyQ/qn63j/Se+HqbeEifJi+11OwPD9 + TwoUWS2xmldc+nehCdHsWQUQiNuDSVoBgLlj3FbI9WXlkE/zQxb3qG48SCiiyQBfuyrD/5L/siq+ + ETjKemdKHQaxJ4TcBnHSU92tpG7AFrtSa8T+kE335Z6f+/jawxFbJln3+uUnrljfo0EuD//5ZB7e + v8B0XWU+RK9y4KWnK0wmwwKyheNmGhN3Q9H3vjkCggEBALNGTQeLx+Ayi7FWNqvwp9PQzxwTv8wu + xBg7cDteH1aCdpS0H+7n8TK5/BTmlhrNL/vBOq8SZJN2Ep1o1Rad6jtb1SiV9KcPk83wIeoUk/xp + 0LgQGM3KNiSlZ/82+iH6Tbv3p1p+Fbzw6m7LqpxZQRWoIQaAHkbUbUM2EGzk4RoEYQrm+ufQlSk8 + eTEywu5yrMGeAjVpLFfKlmGIpYfCfhP7en+A6iavIt7RE9ND8Hqwj72y1T8lMIK56WogqTojzuMk + 2kuGLYXISfUGj0zwYD9QAfwGOWQzgcnKuWN+u3GYs9QKHjYBAcvYLXhrcPtxDTCirmYaRYom1W7a + xJgqWXkCggEBALwWbpDUn6GGR+VX/l8hEnFV8WY6dCOazKXx0URvZPm2BMjkDy8WX4+ZEW7S4heL + sUFT81KAj8MoEYdnO3SZkbuJwvHJBIbmZkweWxdAGa+Z9hwo0I/aW22I0REV5UU8bS1F7taV93Ew + WmkEeDCPH2THBgUkT27A4nG+CC3olC8QxxDWVfVyFjdVOWZnAgUomG71GWPYv4jvBukKE9Xwfk4i + gfJpPcUFYOazZ3Y7q53RdCgIPKKyiVO3dnfv9ol+9rfs2PBrKt4lkhKPX1+2qhVl1yMGdrWlf3GH + W93TUDTKWlTXyUFmC2XIZ7+RccSu5YRh/PYBhxx4+ErCS0FXFnECggEAAr/slAO0x10V7kmshltY + G08tfEBcynlHoZxJGCLAxd5uFfIl8GxsywKYsaKcdbewFbH3+0b3BuQYzyuzTo1wtNL606qeBC8x + oVqcuLaOP1ZVl6nPSK83DGE3YTq1Afk0QclydBm1hpBLQyoI5CjIHKTQpyVWfB+F2ppBOYtKvNub + yKd6blBK2j1IawGJEG/6wDfFSvWJziT7zTk+mIecxb+IQj8I06c1T31kzfJ71Vx1DUWZW/65xmFD + 4D6vkEFsGfjkcmSMK83PHhrSE1CmZ/rquPjo7MY8fylkeVfefQoKhTUkr6Nz/DVaGTbTostgRog+ + Vx676FQrM4EzjSSqgA== + + + + + + MIIDnzCCAoegAwIBAgIJAMH/ADkC5YSTMA0GCSqGSIb3DQEBBQUAMGYxCzAJBgNVBAYTAkFVMRMw + EQYDVQQIDApTb21lLVN0YXRlMQ0wCwYDVQQKDARBQ01FMRAwDgYDVQQLDAdUZXN0aW5nMSEwHwYD + VQQDDBhUZXN0IHJvb3QgY2EgY2VydGlmaWNhdGUwHhcNMTQxMjMwMTcyMTUyWhcNMjQxMjI3MTcy + MTUyWjBmMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTENMAsGA1UECgwEQUNNRTEQ + MA4GA1UECwwHVGVzdGluZzEhMB8GA1UEAwwYVGVzdCByb290IGNhIGNlcnRpZmljYXRlMIIBIjAN + BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EJRdUtd2th0vTVF7QxvDKzyFCF3w9vC9IDE/Yr1 + 2w+a9jd0s7/eG96qTHIYffS3B7x2MB+d4n+SR3W0qmYh7xk8qfEgH3daeDoV59IZ9r543KM+g8jm + 6KffYGX1bIJVVY5OhBRbO9nY6byYpd5kbCIUB6dCf7/WrQl1aIdLGFIegAzPGFPXDcU6F192686x + 54bxt/itMX4agHJ9ZC/rrTBIZghVsjJo5/AH5WZpasv8sfrGiiohAxtieoYoJkv5MOYP4/2lPlOY + +Cgw1Yoz+HHv31AllgFsBquBb/kJVmCCNsAOcnvQzTZUsW/TXz9G2nwRdqI1nSy2JvVjZGsqGQID + AQABo1AwTjAdBgNVHQ4EFgQUt6pkzFt1PZlfYRL/HGnufF4frdwwHwYDVR0jBBgwFoAUt6pkzFt1 + PZlfYRL/HGnufF4frdwwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAld7Qwq0cdzDQ + 51w1RVLwTR8Oy25PB3rzwEHcSGJmdqlMi3xOdaz80S1R1BBXldvGBG5Tn0vT7xSuhmSgI2/HnBpy + 9ocHVOmhtNB4473NieEpfTYrnGXrFxu46Wus9m/ZnugcQ2G6C54A/NFtvgLmaC8uH8M7gKdS6uYU + wJFQEofkjmd4UpOYSqmcRXhSJzd5FYFWkJhKJYp3nlENSOD8CUFFVGekm05nFN2gRVc/qaqQkEX7 + 7+XYvhodLRsVqMn7nf7taidDKLO2T4bhujztnTYOhhaXKgPy7AtZ28N2wvX96VyAPB/vrchGmyBK + kOg11TpPdNDkhb1J4ZCh2gupDg== + + + + + My secret data + + + + + + MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE + + + + + + + + BflJyNgOcGyJSqTegG+y7MJXI1crgsGY3PjFfMpbmMbwJkVexvxoEPdf2yE5Z7da + 6Vp4Qo2WOCUv/hllNTfm/dH7kOJOjcs/vaV1eRIfzEx3hvgKOyP82Hhkm1POynsF + 0GyMm/VwtJFwFHA5DaJzwLln2/AoD//vC731Qhucw0Zvi2hi74d6igPog9EugIj/ + tStvpgiNE6/Hb2ZRMDswgZ8o+tKCn+QHktR/YoZ19HfX7nDVRkMQxsiA8P4zO9Do + +iuiu/mGPVavlZA3df47TLG0kz+sz72jzPeEbfmvQo3gHWSuJ87TUwIcIoXDvaxY + xE8/On5OTqJy8HZ+jGvEThKI/96LQsFqKlEeGGenvzVJ+BVAF9x65uOkRll9yE6v + FIQcqbgipuBkdC6XLLaWTMgs5iiWvMn/lpNYrfZr52/TKqr09mNdei6yGvy+YuG8 + vu/xN7/3An/zE4FOIJadgI5eADj+Dz7exml3tKTuuDpR9fhxiXd7HmZhCCf11C3r + 54S6X9bZb7335L/5UfLxs4jMMfGhYD+1UF1Qb5zVW9IVMZ+owGeC6QQPUiX6HAxy + Rx7kLzd78uSbLNqeuiUeGiprxnuwMY2BgSqLq4WNCDWxY4hGTdkC7yg6DgY+L9Lz + wqVuJ6STmK9Hj9bL9YUe0KrzmVUfmsaq5PL+gfcv+S5lp2YlKw1cIVP9utw1ZuOo + j25EozWU8J+tuEa3l60Mmmh/sKzH9SH7C9EscwTYWOYjYYPwfCM9UIlNE9lnbl9s + bzkqJvaaXpB/HVY/b4wrldr1rK73+y9LOOzfNpV4L+R4spZXXjZ2HIW/iKQj/c14 + + + + + + H/1CXNoQJ13MLdMESto1BHP5583n7fbwkN4mRVELQepeJNUhX2Kc+6foG3eTOBEH + N/z5xPFlYZLxeRArknVaCE/2Nmrk9STQZpja//B6FEXTUg4PbVEQl1zE5vJV8RUE + W1jetcEoxPZtNirqH03P1izud/vQVCQRy+WYe00Nm/MluGTJ8sytW+k+wCO+GmHf + 5vyCal0xr+o2rIHzPPJId3eg/6IbWCAmOeNU+l03im98zSrqD9bG2cdgdciNUb4B + ANCv/3r+Vx6Xcs3N1p33ewXP+suCqDYBUE9YwsIaZABMB9yk02cuZtpeYytBCkNk + QzESDqzFoIV3JREjxKL69VyJWm+ttL4OnrAinZIndJ/0zk77Dg64vg63HBRGL+qi + w9C5eOXfIWylfUn/CMmHbRjg378G2svAOAynZhHmTLWqfviGKJcS6Mulxs2o/egL + /uuITbEQNKPX5LVvtBPygUPPgV66Q3zjBGX/vbPwpMn/M8Z5gOOrUfoIKTTTh7a+ + VwkujHjC68TJ21AJSauTH7qg291cQZOMeC3LfXXjCXQYg3qOyJnlmDrfZFfnzRk6 + W4z6i868Dk12B8KDXtSPSR9AigSiooTOgvhqVk+diILYBdpwfrEUTIt2Cq5hgcoO + 2e9gIe03vxD3dxOQjvEC7XYbdWeB87mlEgkOKjm9sC/XRJCnF33xVJPxsc+ixoRk + 4udR5UdYVZMc8tkGIgO7v/aOJyaAwSnRc5NVA8L+4w/0MUNtfD911buUzeV/wmwg + q/YqNI7AluNifXEK5CTYBP0CmAVlGUC3k4Q0W+gRIg1peiURl0pvantE26NXsNEr + GuIHCkKrQcUKkcCpCGeAuzjZAfXLdtEm9oLg44BGBNEP6cBvgoryJATv5XPSR7TJ + SvKPQM/hkPwc2NIzJEFP2729+HagOp2ANyMob/5Z4dE6ynDpZ1hTBBRanI6WBerX + SBClj+MnJJhnxUsSXL9r6O9s24ajCqNUib8K8M+P5+7+K+rO07C+ckzNiy9j7uyX + RZm7eWfsZ7zbjwKsFPqBp0v0pDUJZ1LvTwpL/OOHE19LDE0sdpVXJqp7JyMbnFvn + yiT7xfFAOp0kseCee0UVk4V5Og4u+vdSrjt6HBFcueTnE1OtDkMlX0sSL3+mEyF+ + +mkPx8bIkSvvitoPHfipP13kG8qBQ/yKaKjCgQYb7OwFOGOtwkaUaqHRm0GEBxe1 + xr0v1lyJzpaS6ZMU/kSH2QGNrfhiiif9+nlKiUbfPmUMKqrLKAYn8KFEDkU7Wrrm + /cW0Y+cCntKyhszBs8jcKHyoJDCi4imUlZHg4t4MwYrD8GgaeBfUxPP5rUroHMRy + 6K/UKXhraU9CoEtKIyAk0oXH3JlqCz0WRxjA322kAhVxDYIHa6D1pSVFY1K8FXfq + 0hSZOw4yFBYhyEIwBkstpNiRXWtFR1xRlVTdb9ksmAPTfr0TyNWbygz8Pa6gz7qx + j3B+24jAShhq8PHWxpJgfsObLsr4aASNZKSxpzSC140o+BTxqmSIjljdTKF+golD + /XBwmrhqsfI/3mRocIte34Pcfqj0T3zKUZ45zRLQGvA= + + + + + zuBDjp8ptFthrU69Ua5cfg== + + + + + weK/LmGIPHeNA2YipqJa4B7DRMJBaoGSldawgSDQeIIIXgrmypSH42Gbm6m09gp0 + Wn0frkCcALHGxJyDK3rOsWDjJisYweblBgcFGa/eG7DiLgL1mv/fjstjSda1bh8x + sLtmKCrYPPZI6RVEZKdl6oBXK7+uVavY9vdo69DrTZulZMGR2NW3i665kTVhvIUn + 6HYQe7ibU2oQJYr166ZI8WviLFsEVOWOgi+EFulVyn5vUHXjyCIlKi9xOfE7opMh + qeciELIFZCb6gFLmp//P2C8BRnkJ2bIdem+Z+l72W+jLmhdQx70y6toZS6YuK+TD + LGdD8AFH4rFlkFUcp1O/MQinS3w67dBj6/KniYUH5OurOJFTDt446LwctYujshTQ + IgPHT0uREoxQKbf+Sw5FGR2alXLntzeW/r7OG9oOLuXh0jOVM1z+hifxC87y20L+ + 0EHcCL7yB5q1ggs9sucLXKq3WrKz8nLXmeWB5zUi8LPRGM+avcNnlfB+OAXUAeB9 + Z1xeJwmva3eIG0GCu+pVD3O7dSHfCAZpZfvsqxkhOrZKBUJ5prg/0Qy3S326xYCk + z41oKF4KlGVTj46f7CxvC/4KLSLzhHdu1LGIKleaU+5ITSAUu8AUxRg4Jl9NjblW + 3ZOqV0Rd7jkheOg5WlSdyD9Ku2pIg9A8uWylUNMgyFIhep23S3/JVC0fUa3Sj3Gq + 7EqI3EPl5tAjXs23kndfz/9iHstsRpVlH1A9iilBRJlUKHsiN9H3/lGQ5BjU0lVr + v33X1BJhMc4f3F52AQMvCPLvTbpqqJwGKJ2A++ok9mZdxeR4ZapKWhiw+N2bbOWQ + I+Oil9f1KC2XKBB9QDK0bBQsOn39PaZkrIztD4pyhMduoohX1BP1KmLQ7RohLJc+ + aVg/OuYub3D1aw0F3r5TJGGbrxmrYA1p6i+JktwUnBYw8vaPM8Ucf5rw4LI/18PQ + fkdSc6J4z/ExxVvSOFMyZQiK+YDSVKtVw/3lZSzLyNx/pyZbX785rqn7zPfsT81k + mK8fwcrTW3KPf+cdrGzL3y/TIXCGwIX59fXsjhS9R8JT7eO1NcggEwT/jCIei1Lo + FawJolBSguIQxLZjpAQ8qfbghU6HvSJHcKq+ZDZ/sM4EGaPd1y33WBYp6ivEHFhu + TODFB2wa+vCmhQqybAXg5HCVUsimq3zru84/67uP0sbMz6mWMevR2nW+CUP1DV5C + XaPiJe223zD7wBh+M+FxIb1zufh21if0NxyJtt7vfZNRxUC1LQ8SpwCTRTqKoZ/m + KCDPm8EyL+xuVL1IYU3U5DYv6JEzpiyRoMIHQrZ1QPc4G8SwU4cyxqlyGHDMDUGk + 7uIC18lu1qVeVzz1B/E894q7aE00kkmBG5gtyoPeBUM68EYZy/xL9HtCgF8dUgsD + ryx2lZC/V5A/7nbHWiGffqaoNRP8VIQjgtxUQHHqKRP1E6VKpcTqr/D8oRm8nVuU + ZhvUkmNSZmV/pnM+s75/I0Z1hWu0atTa0Xo2B7bvzz0gIcGG+YhCzVZ/Lj/7BfDL + fqqrIoYW4XGrbkSYHiNPmHip5A9FNkZHhxzFKKlRHfrQUO95j7qhAZkpdxSen6Td + Ba1xqpykFJ5tFCl9nXioNEdxPfMaHgrGwPy4TILKh4hW6rlfvMB1ZxRxVDjcRoKf + EPwcFm78nSwtt+7Z5wII0XXG2pkD8PiabFTZGCn/7VtQiEM0mcwYvCJTt9dD2Tms + fbjannZ2L55xYPLquFVBZ/Xn6RxG45qArjJjAT9vOPg84XRtYbwVPvcMzzUpEHFU + TctcNVnus+1eXqPdJ/tpJLeoHl7KQY1AoQAfhGXwnnvyKOuX0niYcFMJMdSzwA11 + IDlb05CAunySC87Jy7I7dZ5riCYh3cWJ3t+rkARXzjKYkXqwfvkbjiGNMU5cds/w + IaCIgNiOi9FqvUYMWfiG9CdiVm6fcHvfZur2Vq3lCBlq6LhYi1rcXR+0Ghc0NFcT + HNuk8qdmBEUrjd3T4qLp0b7pniaF+7rqup0FU3eAW+X4gGkYA1YT8DY5XW0N702b + A2OJkwLi08GiemQjJgtyaA5VQblWEPlkTHpEBqsqb1JpcFWD+Sp1Yabzxr8bXp1h + GxizqXPyMOxJby5YscGm2UwepFW9BPxsrFSU1k7wTCq1Yu9tEFM1Qv9lMo1+Qhhs + BXK6uP/+TMJhREENxtBsq0faGC1f8qNJGc/W3SbUrbVmwaE3jMU+5hYRV7MpYAFD + +T6ka2BbNqMp/WlNjeX8Z4smtpKuwhLdcyVzCU0hm7E+3RBhSlVtacrqGt3i6Wo/ + 8wfNo7IsEYEDd2U6JP9AOZ1Gu5LMCiKpM5NBNCUiBNuUUkgVK8w2YxmF1WBYiXOk + KF4W0+iwUnl7iyDTv2StXT4CqGPApz5Zs1MUTsakH+T9dl/95hjy86TSStV6Hn9p + 788QZ3P7++ML5F1J9hj1Yo8NyZbecOr0EKTSigIWdcnJQ1t9stUQOsnsUqrKdvkd + RpQ30LMrtOGRa9qGYZHl5IjfvGJMRBzemI7i10AcKRM7ntfGUOP/lmDUofBfajPe + JyC1aoLhwr3G84eWf5ZlYc3HB+o4EU3EloHY3re3TnFUsbNlp2u9hMcsZttZ4FQY + Bg44RJnoshVCgiUztLNwFddpmY9IT/aX0I9FRd4076S0YiCemdksetKwC662y3kP + iGTIeHys/6RmxSePJw60LcQyfVst11J8o67z4d3C9qi6N91m+Vdwz+1qs7MM6uPw + SAoy1HPeUleshGydRzaKd01lIMPwNZhgi9Uvo6tVqBuOEkxPyX9HAbbaAhvNTnMC + Dcl/eQEqbIdwUAv2iscE62w4sEUngHYHibpo57kJ9pMVioI5yuPXCITojDtSjYwH + O92VlE+C49Df1beIyN8wTF5yllIBnEPwUZmN1pYFWUL4x3BI7HRbW6+e50dXx946 + k4iKFRknFCXtDnOzWBw4wUfZENilbEOxI2mVvnJtuj2lDgVLYnrnpoLmfjFUZ7l/ + d6ett+7qJuZ+dHSIPlj+BhfnRFhu4w9bt+J55qh/8qs93SWvFd3xQ3eRUlmKERwu + 3GYIdv4S4X4VHVxiS55AnclWBivpoHl+pEDRpDuOCy+siQ2Gz+rYHbC7Dy5By6uF + m/8WiVT+d5ea05B86fcyWj3hB/t/lkJiHDMdPzSyk6Zf9ghXRb5elvPZv3y9H7Yr + 2/inakeNW7uhzdNwtmIfZUwjo3nppScq5JRkMUnpnBPT3RPDwMPg7pInz/VSosTT + dmpwKFIFdHdQdUJDLqyJpduhR7wvDU+hHcaEo9u1jodMMOE2duBKyaYOoqz027yt + dKztGmYtqlTHuSVirDJ9osqIpA9EWPXgJ4222b1/FfoE+pOON59BRcsW4/E2i68v + tGDji+mdzLGBpKoz1gaWzal5wDcceUzU6Eeaa9nqyYI3zXoTpiKrzZ58hB13l6Xy + QVuY8jfU1av9BV5VdnyBeuJ/mQz2lms1LhFtRRF/0oS7LeeAxX9JUPchdMOiXcfo + KQNTRAxR/+CXh4YFH9aP/JQJM2c5YL7qppalhbavWVHlzOCc0bepiAQlKfq5VMox + ZZBjy/xZ7SVhGEYK+ycwd/gCB04E7H6gMzlP1xJLpi7hfW7iXJgW9AHPeIqJI4no + o1arl4uFQwS9Rw2o6Q6GK3uFf7TMdKOPmx0efHSi7yIC+WhUpS2MrG68/UsQZPkc + LigR1b1QEUmXVIh6szYJSlAuDdy9VKo3W1A6xdFUXmzxG9yOloZh9IsxOdLRfLOE + bJLgabgKes8mWaph3PHgNPFK8rjsX1iINu2/pTvP2YsZEXg8RHY2y2fXGp+SAx6x + XcW1kl+xITjKJOVxmafFKYDTc+yWdJsLdup6rznnQuqTKqcZaKDOoDDXQPlZW6n1 + ZvHHOIRez1UcLw9kmKOmVyiTGow1GWkuYk71dE1a+JylpIlp99uH1+Tt1eqNRQEC + myfG5NajUBNc+GA1FZCB1Lm3S2noMymg11NF6dZ1evLevD6JCKVQuojGIdx28zz6 + MX1Xb08aRm3zEX/oY2IPuFxvNbLmnJMtnFn+6/Kboe5pXAI5CChqyL0zSlx2z/hJ + /KZQkps7G4V/Mno59Qb2F5BE4as2uyhr0dGLAOlVRE9AabU5Ci0QbzDzZhvnOcg8 + HJeOY13+8zfxpDZrw3ZORuVR9/+xv1ItFlu++wb9BHtBxiWAu3hxQk7RE3AleAoB + avTuLW6BLgtjqDmJKF9sKpBBCMkqzYTQdcEw9FNInc0= + + + diff --git a/tests/XML_3_encrypted.xsd b/tests/XML_3_encrypted.xsd new file mode 100644 index 0000000..38b1d17 --- /dev/null +++ b/tests/XML_3_encrypted.xsd @@ -0,0 +1,154 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/tests/XML_4_device_key.xml b/tests/XML_4_device_key.xml new file mode 100644 index 0000000..e90850f --- /dev/null +++ b/tests/XML_4_device_key.xml @@ -0,0 +1,32 @@ + + + + + MIIEowIBAAKCAQEA4Vx4MBKFGalaRh+BzSYnW8am8ajbnyD6AaweHcH+oAAQX7Ll + 1/XrorzOkyQV3+eo4czRCklq6BXMI4Ppa+Hy+/X/pMBa4MHrjzH01gzzV0jyqEOr + S6/MGPsoWUgGl6FRhEnSX62JQoUpsURMbNLgjBkbrmKEMHMk6jT5NUtKhpBXo0/g + OgW48PuADuSjRmKWQssfR/KMsv3SRy9iGFOG1tFxGbeQkmBBxXVIr7u/z9WDG32R + DiG8Mda8dNXJGaBcltUY9HvMogmgCPMrBspFy7ek0x0Lll3t1P7FMgF1V21PFhcl + yX0L0XbBthpYojjglCYT5MnFfhKnI9zbMLlcSQIDAQABAoIBAGnH57pY1xUGgxMr + MthCsnLHuhDwu7Xj2rXyPmilaIldvlHNPUmzaxmGGkjCxWnF6WWjp/N2JrItmRaK + koRLGKzf+VEx4PZiz9j1EAFxLr+nxA7rRHpQWDLZoUTXJBEEbaj0pcS3RhhtPPay + IlVqXnAkUPP31iiPw6ITn24+mwqx0I6AenMsh9vJHKl5y9Yu/aslYbwcxkSXinlO + HHcWopZlJKUQnqlwJ6Xk4e4hjwZn7OQN2jQWKT5oQHO9tEUARqF8waY9yVfUSpjM + mw+gvywAoP1cT7M3q7MsKRNlZsrrC5zYWJ0ev4TIEa+zooqQymZoYeCd8s/77gsv + l7nz/CECgYEA846Xp3wWci8auSUv4SrqcjFZHz3YTqnPZzEf/U4nfFhhwzDHgOHD + u/M4gmEIcvxukhGO66/fqNnDJKQeu5XzgOKKO8/YCkjdIvULKNIOijmucx6oKn+K + 4AIIzTYaI9Ft8+nOpfQV78+xnLGxiUamp8iRJgXei0RcISrEuw7+LQUCgYEA7N/m + Xgb1wkkrFp2fefTD6/5hGWizx3yO+jd+LXBRrPJQOvcf3Wh8jrEpWkeuUF8JYBZP + IOqc+TmbETuRUiokoYCihJKT0VkCqKz8qjUq7IwYf5Cx0gfEVUk3iyt3yTlJe9RJ + hOXV61PPtaebzg7MYmDfAkSU0ScqXV6Gd5Dl9XUCgYBprXE4Bqtml/Gsa+o+dPSM + 38SfvaHhX+TSDYqnygVv+plQrBWkYlEfeAUI7TlRSx5e2qd8tC8DgJkfiOac1g91 + 2NXJ5gEDVWI+DLzu1VXhu+1pnd+xsO19DOTsxZDKAdEHiGdVsnbiOugB6UfzHGir + XGc+bEWHf/3JllkOIQ9AUQKBgCnL6C43NC4wEvZOodE3K0r8+80r+Gz+wYvNNup1 + ozPNHfMJoAnFYhUblZxkgZGU82aNCTFZtJEVZRNJW38QCJ6mwAZ8hrCt8BYrT/oI + n6ZVog0ATyAsVqxl2vMnnF9ZSGodL0vP8ksv4rq+9HMLkWzagv83crrlGkiXYUq/ + upPxAoGBAMrq/dAyhHKaM84C68JDZNuzPt/flAEgIf/iCYwHDKlWu0W2PmN9ZFbG + RkeC5ljD1V2QodLF6BZ+LWbK7aY9OGQR37tdm5whxZo+CqmQZ5Bybnlkfvo3cEPI + tW38eiYAnPQ3zy8WJ6if3Q+y+vaiM15C/MMVKyXAGcyop1qFVYAT + + + diff --git a/tests/XML_4_device_key.xsd b/tests/XML_4_device_key.xsd new file mode 100644 index 0000000..27f3d7e --- /dev/null +++ b/tests/XML_4_device_key.xsd @@ -0,0 +1,41 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/tests/test_xml-parser.cpp b/tests/test_xml-parser.cpp index 8782ae8..b12cbd6 100644 --- a/tests/test_xml-parser.cpp +++ b/tests/test_xml-parser.cpp @@ -34,7 +34,10 @@ const char *XSD_1_okay = "XML_1_okay.xsd"; const char *XML_1_wrong = "XML_1_wrong.xml"; const char *XSD_1_wrong = "XML_1_wrong.xsd"; const char *XML_2_structure = "XML_2_structure.xml"; -const char *XML_3_structure = "XML_3_structure.xml"; +const char *XML_3_encrypted = "XML_3_encrypted.xml"; +const char *XSD_3_encrypted = "XML_3_encrypted.xsd"; +const char *XML_4_device_key = "XML_4_device_key.xml"; +const char *XSD_4_device_key = "XML_4_device_key.xsd"; std::string format_test_path(const char *file) { @@ -117,7 +120,6 @@ BOOST_AUTO_TEST_CASE(XmlParserTest_XML1_correct_parse) BOOST_REQUIRE(endCallbackFlag == true); } - class StructureTest { public: @@ -289,4 +291,29 @@ BOOST_AUTO_TEST_CASE(XmlParserTest_XML2_structure) "got sum: " << parser.getSum() << " while expected: " << parser.getExpectedSum()); } +BOOST_AUTO_TEST_CASE(XmlParserTest_XML3_encrypted_correct_parse) +{ + XML::Parser parser(format_test_path(XML_3_encrypted).c_str()); + BOOST_REQUIRE(0 == parser.Validate(format_test_path(XSD_3_encrypted).c_str())); + + BOOST_REQUIRE(Parser::ErrorCode::PARSE_SUCCESS == parser.RegisterElementCb("Key", dummyStartCallback, NULL)); + BOOST_REQUIRE(Parser::ErrorCode::PARSE_SUCCESS == parser.RegisterElementCb("Cert", NULL, dummyEndCallback)); + startCallbackFlag = false; + endCallbackFlag = false; + BOOST_REQUIRE(Parser::ErrorCode::PARSE_SUCCESS == parser.Parse()); + BOOST_REQUIRE(startCallbackFlag == true); + BOOST_REQUIRE(endCallbackFlag == true); +} + +BOOST_AUTO_TEST_CASE(XmlParserTest_XML4_device_key_correct_parse) +{ + XML::Parser parser(format_test_path(XML_4_device_key).c_str()); + BOOST_REQUIRE(0 == parser.Validate(format_test_path(XSD_4_device_key).c_str())); + + BOOST_REQUIRE(Parser::ErrorCode::PARSE_SUCCESS == parser.RegisterElementCb("RSAPrivateKey", dummyStartCallback, NULL)); + startCallbackFlag = false; + BOOST_REQUIRE(Parser::ErrorCode::PARSE_SUCCESS == parser.Parse()); + BOOST_REQUIRE(startCallbackFlag == true); +} + BOOST_AUTO_TEST_SUITE_END() -- 2.7.4 From d4505025de280c090bb54264da5597e311d94af3 Mon Sep 17 00:00:00 2001 From: "Maciej J. Karpiuk" Date: Mon, 20 Jul 2015 11:31:29 +0200 Subject: [PATCH 02/16] Encrypted Initial Values: parsing key values. Change-Id: Iecebe5cba1ce716e43fff09ddc442a57dcfdf976 --- src/CMakeLists.txt | 1 + src/manager/crypto/sw-backend/store.cpp | 41 ++++++- src/manager/crypto/sw-backend/store.h | 3 + src/manager/initial-values/InitialValuesFile.cpp | 35 +++++- src/manager/initial-values/InitialValuesFile.h | 24 ++++ src/manager/initial-values/SWKeyFile.cpp | 146 +++++++++++++++++++++++ src/manager/initial-values/SWKeyFile.h | 98 +++++++++++++++ src/manager/initial-values/xml-utils.cpp | 54 ++++++--- src/manager/initial-values/xml-utils.h | 2 + tools/ckm_db_tool/CMakeLists.txt | 1 + 10 files changed, 386 insertions(+), 19 deletions(-) create mode 100644 src/manager/initial-values/SWKeyFile.cpp create mode 100644 src/manager/initial-values/SWKeyFile.h diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index fa31106..ceb976e 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -61,6 +61,7 @@ SET(KEY_MANAGER_SOURCES ${KEY_MANAGER_PATH}/initial-values/InitialValueHandler.cpp ${KEY_MANAGER_PATH}/initial-values/InitialValuesFile.cpp ${KEY_MANAGER_PATH}/initial-values/NoCharactersHandler.cpp + ${KEY_MANAGER_PATH}/initial-values/SWKeyFile.cpp ${KEY_MANAGER_PATH}/initial-values/xml-utils.cpp ${KEY_MANAGER_PATH}/initial-values/initial-value-loader.cpp ${KEY_MANAGER_PATH}/dpl/core/src/assert.cpp diff --git a/src/manager/crypto/sw-backend/store.cpp b/src/manager/crypto/sw-backend/store.cpp index e1ca362..d59cea1 100644 --- a/src/manager/crypto/sw-backend/store.cpp +++ b/src/manager/crypto/sw-backend/store.cpp @@ -27,6 +27,8 @@ #include #include #include +#include +#include #include @@ -142,9 +144,31 @@ RawBuffer pack(const RawBuffer& data, const Password& pass) } // namespace anonymous +namespace +{ +const char * const DEVICE_KEY_XSD = "/usr/share/ckm/sw_key.xsd"; +const char * const DEVICE_KEY_SW_FILE = "/opt/data/ckm/device_key.xml"; +} + Store::Store(CryptoBackend backendId) : GStore(backendId) { + // get the device key if present + InitialValues::SWKeyFile keyFile(DEVICE_KEY_SW_FILE); + int rc = keyFile.Validate(DEVICE_KEY_XSD); + if(rc == XML::Parser::PARSE_SUCCESS) + { + rc = keyFile.Parse(); + if(rc == XML::Parser::PARSE_SUCCESS) + m_deviceKey = keyFile.getPrivKey(); + else + { + // do nothing, bypass encrypted elements + LogWarning("invalid SW key file: " << DEVICE_KEY_SW_FILE << ", parsing code: " << rc); + } + } + else + LogWarning("invalid SW key file: " << DEVICE_KEY_SW_FILE << ", validation code: " << rc); } GObjUPtr Store::getObject(const Token &token, const Password &pass) { @@ -194,8 +218,21 @@ Token Store::import(const Data &data, const Password &pass) { return Token(m_backendId, data.type, pack(data.data, pass)); } -Token Store::importEncrypted(const Data &, const Password &, const DataEncryption &) { - ThrowErr(Exc::Crypto::OperationNotSupported, "Importing encrypted data not yet implemented!"); +Token Store::importEncrypted(const Data &data, const Password &pass, const DataEncryption &enc) { + if(!m_deviceKey) + ThrowErr(Exc::Crypto::InternalError, "No device key present"); + + // decrypt the AES key using device key + CryptoAlgorithm algorithmRSAOAEP; + algorithmRSAOAEP.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_OAEP); + Crypto::SW::SKey aesKey(m_deviceKey->decrypt(algorithmRSAOAEP, enc.encryptedKey), DataType::KEY_AES); + + // decrypt the buffer using AES key + CryptoAlgorithm algorithmAESCBC; + algorithmAESCBC.setParam(ParamName::ALGO_TYPE, AlgoType::AES_CBC); + algorithmAESCBC.setParam(ParamName::ED_IV, enc.iv); + RawBuffer rawData = aesKey.decrypt(algorithmAESCBC, data.data); + return Token(m_backendId, data.type, pack(rawData, pass)); } } // namespace SW diff --git a/src/manager/crypto/sw-backend/store.h b/src/manager/crypto/sw-backend/store.h index 03d69ff..860e393 100644 --- a/src/manager/crypto/sw-backend/store.h +++ b/src/manager/crypto/sw-backend/store.h @@ -37,6 +37,9 @@ public: virtual Token import(const Data &data, const Password &); virtual Token importEncrypted(const Data &, const Password &, const DataEncryption &); virtual void destroy(const Token &){} + +private: + Crypto::GObjShPtr m_deviceKey; }; } // namespace SW diff --git a/src/manager/initial-values/InitialValuesFile.cpp b/src/manager/initial-values/InitialValuesFile.cpp index bc5fbec..166f158 100644 --- a/src/manager/initial-values/InitialValuesFile.cpp +++ b/src/manager/initial-values/InitialValuesFile.cpp @@ -29,11 +29,13 @@ #include #include #include +#include #include namespace { const int XML_CURRENT_VERSION = 1; const char * const XML_TAG_INITIAL_VALUES = "InitialValues"; +const char * const XML_TAG_ENCRYPTION_KEY = "EncryptionKey"; const char * const XML_TAG_KEY = "Key"; const char * const XML_TAG_DATA = "Data"; const char * const XML_TAG_CERT = "Cert"; @@ -48,9 +50,11 @@ const char * const XML_ATTR_VERSION = "version"; namespace CKM { namespace InitialValues { -InitialValuesFile::InitialValuesFile(const std::string &XML_filename, CKMLogic & db_logic) +InitialValuesFile::InitialValuesFile(const std::string &XML_filename, + CKMLogic & db_logic) : m_parser(XML_filename), m_db_logic(db_logic), - m_header(std::make_shared(*this)) + m_header(std::make_shared(*this)), + m_encryptionKeyHandler(std::make_shared(*this)) { m_parser.RegisterErrorCb(InitialValuesFile::Error); m_parser.RegisterElementCb(XML_TAG_INITIAL_VALUES, @@ -59,6 +63,15 @@ InitialValuesFile::InitialValuesFile(const std::string &XML_filename, CKMLogic & return m_header; }, [this](const XML::Parser::ElementHandlerPtr &) {}); + m_parser.RegisterElementCb(XML_TAG_ENCRYPTION_KEY, + [this]() -> XML::Parser::ElementHandlerPtr + { + return m_encryptionKeyHandler; + }, + [this](const XML::Parser::ElementHandlerPtr &) + { + m_encryptedAESkey = m_encryptionKeyHandler->getEncryptedKey(); + }); } void InitialValuesFile::registerElementListeners() @@ -226,6 +239,24 @@ void InitialValuesFile::ReleasePermissionHandler() } +InitialValuesFile::EncryptionKeyHandler::EncryptionKeyHandler(InitialValuesFile & parent) : m_parent(parent) {} +void InitialValuesFile::EncryptionKeyHandler::Characters(const std::string &data) { + m_encryptedKey.reserve(m_encryptedKey.size() + data.size()); + m_encryptedKey.insert(m_encryptedKey.end(), data.begin(), data.end()); +}; +void InitialValuesFile::EncryptionKeyHandler::End() { + std::string trimmed = XML::trimEachLine(std::string(m_encryptedKey.begin(), m_encryptedKey.end())); + Base64Decoder base64; + base64.reset(); + base64.append(RawBuffer(trimmed.begin(), trimmed.end())); + base64.finalize(); + m_encryptedKey = base64.get(); +}; + +CKM::RawBuffer InitialValuesFile::EncryptionKeyHandler::getEncryptedKey() const { + return m_encryptedKey; +} + InitialValuesFile::HeaderHandler::HeaderHandler(InitialValuesFile & parent) : m_version(-1), m_parent(parent) {} void InitialValuesFile::HeaderHandler::Start(const XML::Parser::Attributes & attr) diff --git a/src/manager/initial-values/InitialValuesFile.h b/src/manager/initial-values/InitialValuesFile.h index 8226822..1572e2f 100644 --- a/src/manager/initial-values/InitialValuesFile.h +++ b/src/manager/initial-values/InitialValuesFile.h @@ -26,10 +26,16 @@ #include #include #include +#include +#include +#include +#include +#include namespace CKM { namespace InitialValues { + class InitialValuesFile { public: @@ -74,8 +80,26 @@ private: int m_version; InitialValuesFile & m_parent; }; + + class EncryptionKeyHandler : public XML::Parser::ElementHandler + { + public: + explicit EncryptionKeyHandler(InitialValuesFile & parent); + virtual void Start(const XML::Parser::Attributes &) {}; + virtual void Characters(const std::string &data); + virtual void End(); + + CKM::RawBuffer getEncryptedKey() const; + private: + CKM::RawBuffer m_encryptedKey; + InitialValuesFile & m_parent; + }; + typedef std::shared_ptr HeaderHandlerPtr; + typedef std::shared_ptr EncryptionKeyHandlerPtr; HeaderHandlerPtr m_header; + EncryptionKeyHandlerPtr m_encryptionKeyHandler; + CKM::RawBuffer m_encryptedAESkey; void registerElementListeners(); static void Error(const XML::Parser::ErrorType errorType, diff --git a/src/manager/initial-values/SWKeyFile.cpp b/src/manager/initial-values/SWKeyFile.cpp new file mode 100644 index 0000000..f614185 --- /dev/null +++ b/src/manager/initial-values/SWKeyFile.cpp @@ -0,0 +1,146 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + * + * + * @file SWKeyFile.cpp + * @author Maciej Karpiuk (m.karpiuk2@samsung.com) + * @version 1.0 + * @brief SWKeyFile class implementation. + */ + +#include +#include +#include +#include +#include +#include + +namespace { +const int XML_SW_KEY_CURRENT_VERSION = 1; +const char * const XML_TAG_DEVICE_KEY = "DeviceKey"; +const char * const XML_TAG_RSA_KEY = "RSAPrivateKey"; +const char * const XML_TAG_PEM = "PEM"; +const char * const XML_TAG_DER = "DERBase64"; +const char * const XML_TAG_BASE64 = "Base64"; +const char * const XML_ATTR_VERSION = "version"; +} + +namespace CKM { +namespace InitialValues { + +SWKeyFile::SWKeyFile(const std::string &XML_filename) + : m_parser(XML_filename), + m_header(std::make_shared(*this)), + m_RSAKeyHandler(std::make_shared(*this)) +{ + m_parser.RegisterErrorCb(SWKeyFile::Error); + m_parser.RegisterElementCb(XML_TAG_DEVICE_KEY, + [this]() -> XML::Parser::ElementHandlerPtr + { + return m_header; + }, + [this](const XML::Parser::ElementHandlerPtr &) {}); +} + +void SWKeyFile::registerElementListeners() +{ + m_parser.RegisterElementCb(XML_TAG_RSA_KEY, + [this]() -> XML::Parser::ElementHandlerPtr + { + return m_RSAKeyHandler; + }, + [this](const XML::Parser::ElementHandlerPtr &) + { + m_deviceKey = m_RSAKeyHandler->getPrivKey(); + }); +} + +void SWKeyFile::Error(const XML::Parser::ErrorType errorType, + const std::string & log_msg) +{ + switch(errorType) + { + case XML::Parser::VALIDATION_ERROR: + LogWarning("validating error: " << log_msg); + break; + case XML::Parser::PARSE_WARNING: + LogWarning("parsing warning: " << log_msg); + break; + case XML::Parser::PARSE_ERROR: + LogWarning("parsing error: " << log_msg); + break; + } +} + +int SWKeyFile::Validate(const std::string &XSD_file) +{ + return m_parser.Validate(XSD_file); +} + +int SWKeyFile::Parse() +{ + int ec = m_parser.Parse(); + if(!m_header || !m_header->isCorrectVersion()) { + LogError("bypassing XML file: " << m_filename << " - wrong file version!"); + ec = XML::Parser::ERROR_INVALID_VERSION; + } + return ec; +} + + + +SWKeyFile::RSAKeyHandler::RSAKeyHandler(SWKeyFile & parent) + : m_parent(parent) +{} + +void SWKeyFile::RSAKeyHandler::Characters(const std::string &data) { + //m_encryptedKey.reserve(m_encryptedKey.size() + data.size()); + //m_encryptedKey.insert(m_encryptedKey.end(), data.begin(), data.end()); + std::copy(data.begin(), data.end(), std::back_inserter(m_encryptedKey)); +} + +void SWKeyFile::RSAKeyHandler::End() { +// std::string trimmed = XML::trimEachLine(std::string(m_encryptedKey.begin(), m_encryptedKey.end())); + + Base64Decoder base64; + base64.reset(); + base64.append(XML::removeWhiteChars(m_encryptedKey)); + base64.finalize(); + m_encryptedKey = base64.get(); +}; + +Crypto::GObjShPtr SWKeyFile::RSAKeyHandler::getPrivKey() { + return std::make_shared(m_encryptedKey, DataType::KEY_RSA_PRIVATE); +} + +SWKeyFile::HeaderHandler::HeaderHandler(SWKeyFile & parent) + : m_version(-1), m_parent(parent) {} +void SWKeyFile::HeaderHandler::Start(const XML::Parser::Attributes & attr) +{ + // get key type + if(attr.find(XML_ATTR_VERSION) != attr.end()) + { + m_version = atoi(attr.at(XML_ATTR_VERSION).c_str()); + + if(isCorrectVersion()) + m_parent.registerElementListeners(); + } +} +bool SWKeyFile::HeaderHandler::isCorrectVersion() const { + return m_version == XML_SW_KEY_CURRENT_VERSION; +} + +} +} diff --git a/src/manager/initial-values/SWKeyFile.h b/src/manager/initial-values/SWKeyFile.h new file mode 100644 index 0000000..887c0a9 --- /dev/null +++ b/src/manager/initial-values/SWKeyFile.h @@ -0,0 +1,98 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + * + * + * @file SWKeyFile.h + * @author Maciej Karpiuk (m.karpiuk2@samsung.com) + * @version 1.0 + * @brief SWKeyFile class. + */ + +#ifndef SWKEYFILE_H_ +#define SWKEYFILE_H_ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +namespace CKM { +namespace InitialValues { + + +class SWKeyFile +{ +public: + explicit SWKeyFile(const std::string &XML_filename); + + int Validate(const std::string &XSD_file); + int Parse(); + + Crypto::GObjShPtr getPrivKey() { + return m_deviceKey; + } + +private: + class HeaderHandler : public XML::Parser::ElementHandler + { + public: + explicit HeaderHandler(SWKeyFile & parent); + virtual void Start(const XML::Parser::Attributes & attr); + virtual void Characters(const std::string &) {}; + virtual void End() {}; + + bool isCorrectVersion() const; + + private: + int m_version; + SWKeyFile & m_parent; + }; + + class RSAKeyHandler : public XML::Parser::ElementHandler + { + public: + explicit RSAKeyHandler(SWKeyFile & parent); + virtual void Start(const XML::Parser::Attributes &) {}; + virtual void Characters(const std::string &data); + virtual void End(); + + Crypto::GObjShPtr getPrivKey(); + private: + CKM::RawBuffer m_encryptedKey; + SWKeyFile & m_parent; + }; + + std::string m_filename; + XML::Parser m_parser; + typedef std::shared_ptr HeaderHandlerPtr; + typedef std::shared_ptr RSAKeyHandlerPtr; + HeaderHandlerPtr m_header; + RSAKeyHandlerPtr m_RSAKeyHandler; + Crypto::GObjShPtr m_deviceKey; + + void registerElementListeners(); + static void Error(const XML::Parser::ErrorType errorType, + const std::string & logMsg); + +}; + +} +} +#endif /* SWKEYFILE_H_ */ diff --git a/src/manager/initial-values/xml-utils.cpp b/src/manager/initial-values/xml-utils.cpp index 8b1abdb..0553c01 100644 --- a/src/manager/initial-values/xml-utils.cpp +++ b/src/manager/initial-values/xml-utils.cpp @@ -28,7 +28,7 @@ namespace { const char * const WHITESPACE = " \n\r\t\v"; -const char * const LINE_WHITESPACE = " \t"; +const char * const LINE_WHITESPACE = " \r\t\v"; std::string trim_left(const std::string& s, const char *whitespaces) { @@ -46,27 +46,51 @@ std::string trim(const std::string& s, const char *whitespaces) { return trim_right(trim_left(s, whitespaces), whitespaces); } + } namespace CKM { namespace XML { -std::string trim(const std::string& s) + +template +T removeChars(const T& input, const char *what) { - return ::trim(s, WHITESPACE); + T out(input); + auto endit = std::remove_if(out.begin(), out.end(), + [what](char c) + { + for (const char *ptr = what; *ptr; ++ptr) + if (*ptr == c) + return true; + return false; + }); + + out.erase(endit, out.end()); + return out; } -std::string trimEachLine(const std::string& s) -{ - std::istringstream stream(s); - size_t line_cnt = 0; - std::string line, output; - while(std::getline(stream, line)) { - if(line_cnt>0) - output += "\n"; - output += ::trim(line, LINE_WHITESPACE); - line_cnt ++; - } - return output; +RawBuffer removeWhiteChars(const RawBuffer &buffer) { + return removeChars(buffer, WHITESPACE); } + +std::string trimEachLine(const std::string& input) { + std::stringstream ss(input); + std::stringstream output; + std::string line; + + while(std::getline(ss, line, '\n')) { + auto afterTrim = ::trim(line, LINE_WHITESPACE); + if (!afterTrim.empty()) + output << afterTrim << std::endl; + } + + return output.str(); } + +std::string trim(const std::string &s) { + return removeChars(s, WHITESPACE); } + +} // namespace XML +} // namespace CKM + diff --git a/src/manager/initial-values/xml-utils.h b/src/manager/initial-values/xml-utils.h index c385598..8ef94fd 100644 --- a/src/manager/initial-values/xml-utils.h +++ b/src/manager/initial-values/xml-utils.h @@ -24,10 +24,12 @@ #define XML_UTILS_H_ #include +#include namespace CKM { namespace XML { +RawBuffer removeWhiteChars(const RawBuffer &buffer); std::string trim(const std::string& s); std::string trimEachLine(const std::string &s); diff --git a/tools/ckm_db_tool/CMakeLists.txt b/tools/ckm_db_tool/CMakeLists.txt index c040cad..9513b80 100644 --- a/tools/ckm_db_tool/CMakeLists.txt +++ b/tools/ckm_db_tool/CMakeLists.txt @@ -33,6 +33,7 @@ SET(CKM_DB_TOOL_SOURCES ${PROJECT_SOURCE_DIR}/tools/ckm_db_tool/ckm_db_tool.cpp ${PROJECT_SOURCE_DIR}/tools/ckm_db_tool/db-crypto-ext.cpp ${PROJECT_SOURCE_DIR}/tools/ckm_db_tool/ckm-logic-ext.cpp + ${KEY_MANAGER_PATH}/initial-values/SWKeyFile.cpp ${KEY_MANAGER_PATH}/main/cynara.cpp ${KEY_MANAGER_PATH}/main/generic-socket-manager.cpp -- 2.7.4 From 96a0c8de39f676bdd88c23ac7aef6b82a02d7c3f Mon Sep 17 00:00:00 2001 From: "Maciej J. Karpiuk" Date: Tue, 21 Jul 2015 14:53:27 +0200 Subject: [PATCH 03/16] Encrypted Initial Values: decrypting items from XML files. Change-Id: I08d53475401407c76d8aafbefc0b4d2f4fd82204 --- doc/example.xml | 236 +++++++++++++-------- src/manager/crypto/generic-backend/gstore.h | 5 + src/manager/crypto/platform/decider.cpp | 10 +- src/manager/crypto/platform/decider.h | 2 +- src/manager/initial-values/BufferHandler.cpp | 18 +- src/manager/initial-values/BufferHandler.h | 14 +- src/manager/initial-values/CertHandler.h | 3 +- src/manager/initial-values/DataHandler.h | 3 +- src/manager/initial-values/EncodingType.h | 4 +- src/manager/initial-values/InitialValueHandler.cpp | 61 +++--- src/manager/initial-values/InitialValueHandler.h | 5 +- src/manager/initial-values/InitialValuesFile.cpp | 45 +++- src/manager/initial-values/InitialValuesFile.h | 12 +- src/manager/initial-values/KeyHandler.h | 4 +- src/manager/service/ckm-logic.cpp | 32 +++ src/manager/service/ckm-logic.h | 27 ++- tests/XML_3_encrypted.xml | 52 ++--- 17 files changed, 349 insertions(+), 184 deletions(-) diff --git a/doc/example.xml b/doc/example.xml index 9c0917c..2be09cf 100644 --- a/doc/example.xml +++ b/doc/example.xml @@ -79,7 +79,7 @@ - MIIEgDCCA2igAwIBAgIIcjtBYJGQtOAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE + QUJDREVGR0hJSktMTU5PUFJTVFVWV1hZWjAxMjM0NTY= @@ -110,31 +110,24 @@ - H/1CXNoQJ13MLdMESto1BHP5583n7fbwkN4mRVELQepeJNUhX2Kc+6foG3eTOBEH - N/z5xPFlYZLxeRArknVaCE/2Nmrk9STQZpja//B6FEXTUg4PbVEQl1zE5vJV8RUE - W1jetcEoxPZtNirqH03P1izud/vQVCQRy+WYe00Nm/MluGTJ8sytW+k+wCO+GmHf - 5vyCal0xr+o2rIHzPPJId3eg/6IbWCAmOeNU+l03im98zSrqD9bG2cdgdciNUb4B - ANCv/3r+Vx6Xcs3N1p33ewXP+suCqDYBUE9YwsIaZABMB9yk02cuZtpeYytBCkNk - QzESDqzFoIV3JREjxKL69VyJWm+ttL4OnrAinZIndJ/0zk77Dg64vg63HBRGL+qi - w9C5eOXfIWylfUn/CMmHbRjg378G2svAOAynZhHmTLWqfviGKJcS6Mulxs2o/egL - /uuITbEQNKPX5LVvtBPygUPPgV66Q3zjBGX/vbPwpMn/M8Z5gOOrUfoIKTTTh7a+ - VwkujHjC68TJ21AJSauTH7qg291cQZOMeC3LfXXjCXQYg3qOyJnlmDrfZFfnzRk6 - W4z6i868Dk12B8KDXtSPSR9AigSiooTOgvhqVk+diILYBdpwfrEUTIt2Cq5hgcoO - 2e9gIe03vxD3dxOQjvEC7XYbdWeB87mlEgkOKjm9sC/XRJCnF33xVJPxsc+ixoRk - 4udR5UdYVZMc8tkGIgO7v/aOJyaAwSnRc5NVA8L+4w/0MUNtfD911buUzeV/wmwg - q/YqNI7AluNifXEK5CTYBP0CmAVlGUC3k4Q0W+gRIg1peiURl0pvantE26NXsNEr - GuIHCkKrQcUKkcCpCGeAuzjZAfXLdtEm9oLg44BGBNEP6cBvgoryJATv5XPSR7TJ - SvKPQM/hkPwc2NIzJEFP2729+HagOp2ANyMob/5Z4dE6ynDpZ1hTBBRanI6WBerX - SBClj+MnJJhnxUsSXL9r6O9s24ajCqNUib8K8M+P5+7+K+rO07C+ckzNiy9j7uyX - RZm7eWfsZ7zbjwKsFPqBp0v0pDUJZ1LvTwpL/OOHE19LDE0sdpVXJqp7JyMbnFvn - yiT7xfFAOp0kseCee0UVk4V5Og4u+vdSrjt6HBFcueTnE1OtDkMlX0sSL3+mEyF+ - +mkPx8bIkSvvitoPHfipP13kG8qBQ/yKaKjCgQYb7OwFOGOtwkaUaqHRm0GEBxe1 - xr0v1lyJzpaS6ZMU/kSH2QGNrfhiiif9+nlKiUbfPmUMKqrLKAYn8KFEDkU7Wrrm - /cW0Y+cCntKyhszBs8jcKHyoJDCi4imUlZHg4t4MwYrD8GgaeBfUxPP5rUroHMRy - 6K/UKXhraU9CoEtKIyAk0oXH3JlqCz0WRxjA322kAhVxDYIHa6D1pSVFY1K8FXfq - 0hSZOw4yFBYhyEIwBkstpNiRXWtFR1xRlVTdb9ksmAPTfr0TyNWbygz8Pa6gz7qx - j3B+24jAShhq8PHWxpJgfsObLsr4aASNZKSxpzSC140o+BTxqmSIjljdTKF+golD - /XBwmrhqsfI/3mRocIte34Pcfqj0T3zKUZ45zRLQGvA= + pPjY7wULPaBIwPKkgwKyKSZPa6NVJN3312q829KaXcNdQSoNJmsyyPDMqLr1W3Nw + /5DSfstMCh/MiUq4Dc1VCaHbVkRFVZMvitg7nfjDVkI9HGLpSGWzz1dc6kxn/rPv + l1Ox3sVog96Ebss+Givm4cKKYSQihCLTxcQcP6v4RGvTMhXIZmlz8n4Tr3MgyRB7 + XTWdoowosEUWrzPMSD39y18gRJVZ/ZKv68o5mntatSE8FS1L6dgb2TdKEFdydVd2 + /ob9GVwRkMxpBsQeUvPRYXnZS2f1L18IRPrKLKLKsDB+FysyXMAHMaxGWWil29/d + osOwMt34i6Bv21132lGt08t2LebmDJViZRVjzz9edIChBzsoG/E/3hX6v32ruJGU + 2kq5l0bOmpQFs9M0TTNNWnaZKvpFPA8b3ywaDRWeKAPHsNQpnrx0WygCmvbjUChf + TP1E5BVm6YjWxptvFvEINcotCj2+0fvG3zIcq01O/MpSFWbGdu9MLZtFl1rTRt8e + ER8+nOKZNi9JUOfsYJyrZmtwm56LXTPjgNYY+a8yp2EXFtHjO62QKYr8zAi98PxL + oiELHLF2xwFufvBAssSOPwRmDSIhljPbUy4UKUxFCeMJzdxgK0DMZw4FtcyBXGgG + ABP57OQ60HomoZZDwAQ/4B8unuOCp7uERsQH5Z4Ns+PiIM4Tk8j9Qg4YVN43FJtJ + tCsfagBPuQM+Cm5law0Y01asMr0wq/VlILMKX0KXpwgnVmQClRfcYBLHQmDTyCos + kYSWrSYDesvXJnB1j/hn1puCQHfyrmPH5fQTzanD5whyed7DeXBl+F5+f73uj9pC + DrtqG+YEOeJNj0PCAMq9B4Qe6xi06P6D/sG17Phl9wH5DSzfxxlst1xeaPBko9Bo + LM6Sh6echKIh0HddStmaBICXNeVKz958tD0piVYMVipZm5/+cpDxdGSuemUxWXJO + XAuYydZkuLksYjLyXDO5vEaqcVMtu54tjfdFS7vO87a9IF+mI7HHHdnNaDRHaAFi + 4rXdaGQr8zohq91NE3JYgSMbk1DlGfL1m9GN6IEUjqMQlAkGWal1Et9uwO98PpOk + a+r+N4lsYPKJbX2ywUvDHg== @@ -144,73 +137,130 @@ - weK/LmGIPHeNA2YipqJa4B7DRMJBaoGSldawgSDQeIIIXgrmypSH42Gbm6m09gp0 - Wn0frkCcALHGxJyDK3rOsWDjJisYweblBgcFGa/eG7DiLgL1mv/fjstjSda1bh8x - sLtmKCrYPPZI6RVEZKdl6oBXK7+uVavY9vdo69DrTZulZMGR2NW3i665kTVhvIUn - 6HYQe7ibU2oQJYr166ZI8WviLFsEVOWOgi+EFulVyn5vUHXjyCIlKi9xOfE7opMh - qeciELIFZCb6gFLmp//P2C8BRnkJ2bIdem+Z+l72W+jLmhdQx70y6toZS6YuK+TD - LGdD8AFH4rFlkFUcp1O/MQinS3w67dBj6/KniYUH5OurOJFTDt446LwctYujshTQ - IgPHT0uREoxQKbf+Sw5FGR2alXLntzeW/r7OG9oOLuXh0jOVM1z+hifxC87y20L+ - 0EHcCL7yB5q1ggs9sucLXKq3WrKz8nLXmeWB5zUi8LPRGM+avcNnlfB+OAXUAeB9 - Z1xeJwmva3eIG0GCu+pVD3O7dSHfCAZpZfvsqxkhOrZKBUJ5prg/0Qy3S326xYCk - z41oKF4KlGVTj46f7CxvC/4KLSLzhHdu1LGIKleaU+5ITSAUu8AUxRg4Jl9NjblW - 3ZOqV0Rd7jkheOg5WlSdyD9Ku2pIg9A8uWylUNMgyFIhep23S3/JVC0fUa3Sj3Gq - 7EqI3EPl5tAjXs23kndfz/9iHstsRpVlH1A9iilBRJlUKHsiN9H3/lGQ5BjU0lVr - v33X1BJhMc4f3F52AQMvCPLvTbpqqJwGKJ2A++ok9mZdxeR4ZapKWhiw+N2bbOWQ - I+Oil9f1KC2XKBB9QDK0bBQsOn39PaZkrIztD4pyhMduoohX1BP1KmLQ7RohLJc+ - aVg/OuYub3D1aw0F3r5TJGGbrxmrYA1p6i+JktwUnBYw8vaPM8Ucf5rw4LI/18PQ - fkdSc6J4z/ExxVvSOFMyZQiK+YDSVKtVw/3lZSzLyNx/pyZbX785rqn7zPfsT81k - mK8fwcrTW3KPf+cdrGzL3y/TIXCGwIX59fXsjhS9R8JT7eO1NcggEwT/jCIei1Lo - FawJolBSguIQxLZjpAQ8qfbghU6HvSJHcKq+ZDZ/sM4EGaPd1y33WBYp6ivEHFhu - TODFB2wa+vCmhQqybAXg5HCVUsimq3zru84/67uP0sbMz6mWMevR2nW+CUP1DV5C - XaPiJe223zD7wBh+M+FxIb1zufh21if0NxyJtt7vfZNRxUC1LQ8SpwCTRTqKoZ/m - KCDPm8EyL+xuVL1IYU3U5DYv6JEzpiyRoMIHQrZ1QPc4G8SwU4cyxqlyGHDMDUGk - 7uIC18lu1qVeVzz1B/E894q7aE00kkmBG5gtyoPeBUM68EYZy/xL9HtCgF8dUgsD - ryx2lZC/V5A/7nbHWiGffqaoNRP8VIQjgtxUQHHqKRP1E6VKpcTqr/D8oRm8nVuU - ZhvUkmNSZmV/pnM+s75/I0Z1hWu0atTa0Xo2B7bvzz0gIcGG+YhCzVZ/Lj/7BfDL - fqqrIoYW4XGrbkSYHiNPmHip5A9FNkZHhxzFKKlRHfrQUO95j7qhAZkpdxSen6Td - Ba1xqpykFJ5tFCl9nXioNEdxPfMaHgrGwPy4TILKh4hW6rlfvMB1ZxRxVDjcRoKf - EPwcFm78nSwtt+7Z5wII0XXG2pkD8PiabFTZGCn/7VtQiEM0mcwYvCJTt9dD2Tms - fbjannZ2L55xYPLquFVBZ/Xn6RxG45qArjJjAT9vOPg84XRtYbwVPvcMzzUpEHFU - TctcNVnus+1eXqPdJ/tpJLeoHl7KQY1AoQAfhGXwnnvyKOuX0niYcFMJMdSzwA11 - IDlb05CAunySC87Jy7I7dZ5riCYh3cWJ3t+rkARXzjKYkXqwfvkbjiGNMU5cds/w - IaCIgNiOi9FqvUYMWfiG9CdiVm6fcHvfZur2Vq3lCBlq6LhYi1rcXR+0Ghc0NFcT - HNuk8qdmBEUrjd3T4qLp0b7pniaF+7rqup0FU3eAW+X4gGkYA1YT8DY5XW0N702b - A2OJkwLi08GiemQjJgtyaA5VQblWEPlkTHpEBqsqb1JpcFWD+Sp1Yabzxr8bXp1h - GxizqXPyMOxJby5YscGm2UwepFW9BPxsrFSU1k7wTCq1Yu9tEFM1Qv9lMo1+Qhhs - BXK6uP/+TMJhREENxtBsq0faGC1f8qNJGc/W3SbUrbVmwaE3jMU+5hYRV7MpYAFD - +T6ka2BbNqMp/WlNjeX8Z4smtpKuwhLdcyVzCU0hm7E+3RBhSlVtacrqGt3i6Wo/ - 8wfNo7IsEYEDd2U6JP9AOZ1Gu5LMCiKpM5NBNCUiBNuUUkgVK8w2YxmF1WBYiXOk - KF4W0+iwUnl7iyDTv2StXT4CqGPApz5Zs1MUTsakH+T9dl/95hjy86TSStV6Hn9p - 788QZ3P7++ML5F1J9hj1Yo8NyZbecOr0EKTSigIWdcnJQ1t9stUQOsnsUqrKdvkd - RpQ30LMrtOGRa9qGYZHl5IjfvGJMRBzemI7i10AcKRM7ntfGUOP/lmDUofBfajPe - JyC1aoLhwr3G84eWf5ZlYc3HB+o4EU3EloHY3re3TnFUsbNlp2u9hMcsZttZ4FQY - Bg44RJnoshVCgiUztLNwFddpmY9IT/aX0I9FRd4076S0YiCemdksetKwC662y3kP - iGTIeHys/6RmxSePJw60LcQyfVst11J8o67z4d3C9qi6N91m+Vdwz+1qs7MM6uPw - SAoy1HPeUleshGydRzaKd01lIMPwNZhgi9Uvo6tVqBuOEkxPyX9HAbbaAhvNTnMC - Dcl/eQEqbIdwUAv2iscE62w4sEUngHYHibpo57kJ9pMVioI5yuPXCITojDtSjYwH - O92VlE+C49Df1beIyN8wTF5yllIBnEPwUZmN1pYFWUL4x3BI7HRbW6+e50dXx946 - k4iKFRknFCXtDnOzWBw4wUfZENilbEOxI2mVvnJtuj2lDgVLYnrnpoLmfjFUZ7l/ - d6ett+7qJuZ+dHSIPlj+BhfnRFhu4w9bt+J55qh/8qs93SWvFd3xQ3eRUlmKERwu - 3GYIdv4S4X4VHVxiS55AnclWBivpoHl+pEDRpDuOCy+siQ2Gz+rYHbC7Dy5By6uF - m/8WiVT+d5ea05B86fcyWj3hB/t/lkJiHDMdPzSyk6Zf9ghXRb5elvPZv3y9H7Yr - 2/inakeNW7uhzdNwtmIfZUwjo3nppScq5JRkMUnpnBPT3RPDwMPg7pInz/VSosTT - dmpwKFIFdHdQdUJDLqyJpduhR7wvDU+hHcaEo9u1jodMMOE2duBKyaYOoqz027yt - dKztGmYtqlTHuSVirDJ9osqIpA9EWPXgJ4222b1/FfoE+pOON59BRcsW4/E2i68v - tGDji+mdzLGBpKoz1gaWzal5wDcceUzU6Eeaa9nqyYI3zXoTpiKrzZ58hB13l6Xy - QVuY8jfU1av9BV5VdnyBeuJ/mQz2lms1LhFtRRF/0oS7LeeAxX9JUPchdMOiXcfo - KQNTRAxR/+CXh4YFH9aP/JQJM2c5YL7qppalhbavWVHlzOCc0bepiAQlKfq5VMox - ZZBjy/xZ7SVhGEYK+ycwd/gCB04E7H6gMzlP1xJLpi7hfW7iXJgW9AHPeIqJI4no - o1arl4uFQwS9Rw2o6Q6GK3uFf7TMdKOPmx0efHSi7yIC+WhUpS2MrG68/UsQZPkc - LigR1b1QEUmXVIh6szYJSlAuDdy9VKo3W1A6xdFUXmzxG9yOloZh9IsxOdLRfLOE - bJLgabgKes8mWaph3PHgNPFK8rjsX1iINu2/pTvP2YsZEXg8RHY2y2fXGp+SAx6x - XcW1kl+xITjKJOVxmafFKYDTc+yWdJsLdup6rznnQuqTKqcZaKDOoDDXQPlZW6n1 - ZvHHOIRez1UcLw9kmKOmVyiTGow1GWkuYk71dE1a+JylpIlp99uH1+Tt1eqNRQEC - myfG5NajUBNc+GA1FZCB1Lm3S2noMymg11NF6dZ1evLevD6JCKVQuojGIdx28zz6 - MX1Xb08aRm3zEX/oY2IPuFxvNbLmnJMtnFn+6/Kboe5pXAI5CChqyL0zSlx2z/hJ - /KZQkps7G4V/Mno59Qb2F5BE4as2uyhr0dGLAOlVRE9AabU5Ci0QbzDzZhvnOcg8 - HJeOY13+8zfxpDZrw3ZORuVR9/+xv1ItFlu++wb9BHtBxiWAu3hxQk7RE3AleAoB - avTuLW6BLgtjqDmJKF9sKpBBCMkqzYTQdcEw9FNInc0= + weK/LmGIPHeNA2YipqJa4K1+KPkE/Jl5EtfJjzP5x5ZGhf/OOTYe+fj4p2Wx47AC + Nd/heOAi3MkFrwu5x+swFMIeQMCMzQpRbXeCvTEuTXWnmRMoyMbHlPd7Nnk9xooF + oYfbKhVd5DOcHN3pwc+5DQkrRy/XaD1faj3YR3JEYSfOLq4F6hLlj4U7rYJyyFuf + kSBOTAQOXs0q83cc2L7RaK7OzFJPKYJjDkVYIakpIHXUcvNrb2DrJ13se4pcX6Zk + KARviziVu4x9r7hTRErU8SNEWrO6E63oDfyetWvtymT17MEhRsRKS39zhrVLHzGy + iWx2Igh6eH6t4UNkMIHZvJW4j8hxdmbRwhQstXrVq7Uyne0B1Fl2w7Lpn48jYEq8 + gaNlTZDzd8Pjz2ByrRq3/jln/xWnFwEY9oV/H53j6ctoJ2KUMiVYKej8anan8Fju + yO86HVEIYx++LblhqzuaqBhveVfB/feMYWpP8hi4AeWKcAGdM3L9QOYxbQ9OAOuC + Totu55NULkrzb5b+Rr+exTFpdEyic7sSEpBRV0vi6t/Lz72ebBq1oY3kn0dzZ6Ps + ia6ccITSdHW1MmW7cOkiA4XtyfvXtZtEJgmVnAnRrj4Qh0Oa9gxNOZrY/tlyyJod + v8JLYeBi3HRSlm2TME5hCHpBShVCRpkjLMQQ/nTPHvRNqr/BlPoXZg2FbJwreEzW + NZ2BaiKylRds5gnmmSnqnYUl4QtVSGsJPn8Hx0bNWwUeImjrXO9Nm01P8e5Iy+Ti + udxXTwpxZGyK2pbTs6EVxFY+fRF3SB4xcpup5fB6NHVPjiSrWABN848OReny3iS0 + FXwimWaVzmA5Ppnfqx1HGopmhH++oZyKt8W/f8GbhOffON0Gg3bsewhysW5Rz+Rx + IAGqzV5RR1lOb+UKPBI2OPXqYUWZ9ipicSw1LC39olImBZbDmmxLDEjX5r+rg77h + ss0hG/6847KQybmemJ7zUVE2oxmic2fONpgjn3OLecOZpUY/5n/1cvN8utLBJ2nx + asan7zBT+nW5RjAny8pOyyV1Ux2qga/CyV46LajHJiFPokAAl6JnDYRmahtA5BM0 + +jBvvnvSDGSM5qTh0EBLIN50WmN2TeEy/u2ZjuHFwJ41gtB6pARdJ1OT59+g5TcA + Ffc8twDzdbPbmWq8CGXVQHCvfS+2N2ECjwgnfVL1UZF69d5t9b5ysK17pU+ITPyI + Bxxde23I6U7sh2owrZgRAOVoA804flRg6g6rDJyVfu00oDkuui+Z/3RAsu6EiqiK + XISmLg236iumsxXcdAtOYyXn0nPZolsZnxzY2/bI0Df7rNSQ7RF5SSqhkFg1+OYT + gM4wMYYU0ts9jqr3ckJRWMRMdJxRsVVqSBo4fz8M5/dXMsOvGbLfnbwrqZSPCXrg + g+MX3QQdemmOgiEAGE+hxFBQMyQ6nIrDP061F4TVVhu4kGkZGxs/2W+CcQJT0aF8 + DC0EwfEBVP8yq4ytCU7Js72KkA4YsK2udUsQF/90cuzPSgT8FPDEOzszKsLGuct4 + T7Fj2Du1bVeVq4gPfdLgOdVRrZLab6vS5GFbli8UO0oAbM/Srxfh2Ghn4zS7Ol3q + MnwX36r3+KFNJYkBxCDMNEnj/QrSWpOlKo8LfAyGdvP/29CpmzPIGTUc1u8xZpJ0 + CmFOaxjaAFJH3BjW625QbcicOnN02p0Pv00andcDNEO4k3b3MgW6yjkDBKqQ61dz + traH19g0fFa0pjXycMqy2uwq7PhLW0QqYt4Q7cfvWRMnAOwJqhHOGGyzEixB1U5c + q4d8izdqb0JacE6px+WJ44a530L1nhy2O5jpaKVQmNYIKTBM+HYVuHNWTWmnauKP + ag4q8G+9EI/SRp9wKoGy81W5GwonV3D6/4N9hnQfqqRKUrbrhWc9NcUciWKh4b1n + Om499jdDw+7qXipi3ggPCFq0H3b9CPkKMFh4Y/YDy1SvXEDSlwJ4bXXakOpVzW9t + gDxk/fvZ8AHrFAYzW1wiDFZ8H5ZnhgBMyfztLOYBbjr5YSGej++Sq0DYoOkrK4X3 + 7+2nMrrhqmlukI7ufoP+8nsJjHdQK8yoQYGmwEEw9QHLyupqPVIQrO/VDgSN+6mW + YsulTKW9wPhk6dvsSMOscLUdDiOTeK0jGH7Qa6QQwk/u/agHSPWh7qLpEICjKBxx + pOMbZ3mGqTXIj+7tG0yO1/y2UXE6JTIXiMEvMmdCEiRcz1RJ6xx/aBwC2//tfiys + nNMswTCXePtv5P9Zn+ibIiOhpm0napHopQcqmevn/DSkxSuDfwevae3bgEcJ1gN9 + pkTnOm22CQzoGJY/b0wgNvxXdWhAAfeRhzpdh3V1C4dZEF8VXHDDt5gdjb0s1fNI + 2LiSruLVdAWmRNX5mrkUFfBOzWwsN3D34pG2Vaj6GuH8mAoko68oy6fUdjCjZooY + hn+u5bGm1T8Mf/YYloTWg4hlOWIEfOiLP7nCdCgRdsg+y0Gi5MY04fS29SlfffUp + VUdLzQAij+a/wbBLJZMLzJiYeHv+pFY6m1SbMoUsDbAo4PTRaLHmMOFKa6s/hlka + lfN408DHSNs63Gd6s3W+Owe5hMccfKyRvWdNRVrXBe39I101Sci7GwWAvHhhS9EP + 2HxxNyiwF1OCovnRHcm1b8Fcd42gbAveRVuFdI96dbFIeP0Z4I2gj+nk/yzlsG32 + LYYzE9D4WR2zjrTyVnylsJN76lyvjvkYjMt7fPt7lFYz7QLdZX8riGxqeFmim6Sk + UQ4RXxw/ObCw4omILxvgigW+eAhgng63Yb9mRDOrqk/cL5XECiahSs3VWTjV9sy2 + rNSPViWZW/LFOjuC3cT5rWEbc64cl0eKJTivEangOXxirRGW1ltTlzQo5kA933l/ + sRMr2tBSrX/+LqfPWNA8UZWSdMBcc0oDvDGrpTUtLcor5kshYN7PPdaR9TAf8ikY + 631mOef0HkQFsBUCFp9sr6QJD0/cfLlK5iLlyt+qFo2IgX2boddFwMtpYCt1+Uy1 + H2u6FuItIfpRu9lZ7MZf24HGibGx5/fzTXjqGMObPOaoLxI4eh1GGhIfVqmT9ntv + e2xHoNH+tLxOHPRNHEkKRtJoB1HH20+mT6JzEdPNPmsdTcN4R0xjw0ZHTha2iBkt + ocGow+1nYgkoieq1QweEbbCbF71XtUpyMxMSd+BAPIJJReRGvt3mD9RZ54HqlczW + MA0LYe1rUX0Mh2Ic0x1rXZuo33PXcsKsUpfb+EIPhBjpx2vCNMiFPcM+F0NVh/PP + zgbdjlnHr6DXn3rut6Y9fTau6UY8BmeOjG4LcNzcvcHHr9/8jXyW9wWAYYVRUI3J + 89/GR+YxW4WGuRBIV+wMkzBJmP7QDwAedSNBSAKa+08GKfJJRL2zIVgjffeBO+Un + TMTT7Q/a3bm+yekGsM6bchWTpY2ywdYQr936D55THonqCGlvPKyVHQaEa4U2eFDb + aIH84kP4olPCcC+TmWHBeBwMGvbW160hRCr3kSGY7hHcD0aXkdZPh1bYyWsIz/yS + eyUYCR+4Abu9lT1rTwHiSeo4YjNHOwQcfzBN9BwFUs6G1R81oC3qCwTYuJS2Eo09 + +sii/oH/o/7VjvewMmUzDHVJ4iMa8yRXtfOObrM9MfsQ0p9GnP7UTG3VwleIenFZ + 43DhvDl+kolw9phRuyCuCy7fSI8e7ejcQ3gSYWcIcgIIA5y/KdoCJDNdTjj3xDdo + p+hzg0OTjK57Fw286IVdzO5e5zznX0SPqXnZYncHHl2OmGZ+DT8ftkvD4BUJ74aO + fLsVwAZYJT1tSG2ymzu9yJR5p+hPTScpPi8HUDCnL4xL304Lmj3UfDauNJQcM/gT + mAJ/bfEtRqldMtN1EuH1TexvSkwkPrTUkryq2TYcw7vS72tNi+g6aZ7NdrQ8l4KZ + ZmrfwFnKNiVWus+zrffSDooEFZ3mj/vsFvV6fhw/Ni4QD1XAb0fJawUHvt0WHqZA + YnszBOzdmd8coJI17XbcwcP7DEoKIhLbPl1n0KNjL6j4EEoClwxZC+hAhi8kKMB3 + aWj4zpeIExYST8NgtCz44SoBTv5U0iCR19mhdcTnafGyRK82dGiBNguk8//siUiC + jt3Aa7chapoiQNwZGDCmSrZOxOoxMYlBuPRVQqeokPinsw5rkLh8+arz1XRDyuTK + vQ+jttyIVA9OFI5+e/hN0ryn4GPbiCG5wV5SKweRUCcX9m8TK5u6A3rhMvlcls3T + INn9/XjCX6HhVGgZ47LSmcZ5ojtWzOKpad0v8qjD3z2BWzUlbalgYsdWrsRPSeDA + wiGpKbqb9u0S1e6hMmGyNa8UbzhYtJ/AQ0qh003YR7j+nlfJXffNkt2B4DkDdsG3 + Alfhalwn5YUdcgm/6E+gnIg7JR4gXZhBL1R5SV1mzUgzyDEq5w2LBOx+TU33a3qf + ld0dJDJl0cG22n+GzQmm/6nPMnWX1ymK49h0tO9fLBLZsL8T1muo/PshhjhIv5VR + 9ET5UN5I+9d0nHWAv2DjNwetyD3WGZDHnuq0mpti58xzkOr4jfYqy9qKwFk/coAu + Briwv8OJ2U5XEOuU/9fEL+NdYWkHga++oObyxJUU5Qgfs6OWUXERyPwzgXHkbDqm + q6+GP1AxBAP32zD0XyGUht1nl+L5qpnbOpISJjMMrl7wuKezWbFAE8VzQNbbp62O + eI1GEX2c2resPXZ/tS5LtoZ2TrT8TKYRZ0k1qLuQhOTXXNYQhP8i4PGOAL6BMZsZ + USAEHcAZnlByBS8i49IlvJMewPfHmm7ceLu8aYlm3yOAr1QBNRMkxoJBXjAAnCCx + qCGIQtINrVIJNQDSogMPXa4JQzCRSsT0Hz8ejQeQ9xmaK4VjM64VRj11RWsHFexk + p+GdAGVteipz1xEQHBvnUdOVm/5ULHK+8w+5LgEwN0jGXlsQ6KhUX5BLQMWob0jL + 1np3Hml3MDxsPJPJjT4OKxNdWyyyP6PIDZj7DFqEa6+9Eg5Io7TSNk4e+LylfpPS + orsF2xaUzCaKOXjyXwPrW57UH8HtjnaeWh03qqdZCozCDdQ0pNpPk2vJYStZR/rY + BpQHZ6kZyLFdqLs+wMoPphF7q4bhjYk6MXwdHp5Q9q+MWPuM916g6vKaHUX+q6pL + YM8s13NkuUX1hEHaOC8I2dEsgcVPk++kDAR7JL5tn5hfJ06K8u5IHwuLUMtLKPt5 + ZA3LfrnXxqlZD164blhAvb1qPlRTh79+Tj+3zfwaUPma3PmTY12fvJiOn1aD4aYm + HgA0yrl2cApzB3C6M1S2QllsoJ/KrWVeSg16XuC+vjSnsRWgIj3PSvSwh9YVZT0h + TQlD/PoxrMOlPtQnpHzryQ8YKrTBc4SAuO23wKGkfUBkaBDFrUeprO2p0K9Eeus9 + jLkIgwTBwmF9bWMi214VdAI3I2BrJkGnx8Rb11C6rEu/5ZeI7g2dACSO27OhckNQ + ex490kQvqs1OJ6Fb/CyO8BsLBIyOhkEtglJsVibbcZrHnvoRYeRaWZj9TNdN6I3B + Dj0SwxDK9XAwGgWb+E4iwFUUg6yGrbBhUDWv5K7/ncgXz8iESXFKRowuD/J7rriU + V/s+yZ8URntBrZ35unuKu4xRieOEkn/JZg+HP0Grs5q3OQumEvZVjHqeJt40WaZ5 + RJ3NiiHGwWVa6Db/1q0cfETbTn5Qcy2k8ZE+OnRzAmI14nr6lt4eJRnMJ63k4nGc + Xj0WpVm7vhVWAQ9gfiYCcbYrR31dUeOBxsRtF+Lvg3TNEx8/x4LeGfxC9c5Ho1Sc + Z7fz+/ZycHFx+08W5Mb6PlKhI44uY8bed2Xz5gQhZ1hyXk6Y41uxabUryeCvrLrh + PJX25FkOcLhZnWDcyCQ1Rt4JltnZcZzHq12Ipgovos3lPOarySOzSHjs1TjB6Bv1 + zfBrCAGiY3rrG/W5gXs5eb97dWn5P8CD2uuZCBbTo0GVHdSHV9+JFHQO/0udmnEV + e9KRka43HU7AC+3aLeCq1KMoW/anl4DwPXdBCV6hj75TZ0EaA7Q51ETYFCLtyXzt + eiU9PE+bEymV6nk927wg7v38GLmdLTJ0F/G4MV0T4UxAdUrsAW33MGXC9/8YyOAz + zGh36fBdxTpM6hb1FHJl/tdboIAcTBJRobgmvhaDDVhsJiMJMwRhSFqcE7Q04c3c + 6rLNGZQ3/u5/Atj5ApZ60ZMH0N5LYcTm98HOROGiFbrYSiSqUyeoIPvME5FwijLw + eCxbwjP3WvUSw8XTeIoAf5QwzdI6GRX+6ontCvw6m3l1TohH/ACA+MK+qV1cTgMV + HdjywH4SKs3KfwCcTF4gxkHdYlNYDW63Z0lhAtDBXMxUNM/u215Wo+zX0gaSUqeu + by47hfhTHP5mW6ITRFvKcS/qUqo3iELljwSXhdw7PwM0whLnSEMGsYh27YVxEzBT + n9vcM5tqGykKs1wwmpXpEa6Zliu9swprpQCL5TcOVFKVMjSmDH2OwmaDwcFeTM50 + mg7BpiA5xLyQFphs8BPbyzkxNlbSI20S67Gx6yScrjsDxcEcVqmcyVVPwn/SqzVL + PyklAUbvRcRzkhvibBngIaFUfXXdCOrdQc8Ym/5kKeQ+QLiXxfIYmYKa2uyvMeTe + xoag7cmuUnICIYBrmHnVDNxXtC9mNiooUaX2S1lH2ct4s/NwRJm2c5O/igKO/byg + wQjiGqDZHyLlPSRxXbxG+tTf3qx8thYbJAO0r+AXYRj+sjJ+MtRozgY0nUeFEJb0 + ZeYQGlvtoXlGo876JWJ/e7JMatHxGGQ58vJApMTphe/PPh3WTJTE02Bs3Ylft2bp + EK5ODopXJ0UmQTn6T1hUwBRu9RO5rICr34XnFav06WekBT5/QTqHEvZ4k4//hvGr + d7PQS/EVLApiYWySLg56svmjn4RwfPSPHOwGagU311QOx7woYJD/vb4NBxXb99Qb + 7z42exUoZgqX+uKwHCuTzH/OVxhqrSoMX2yj09V6ZDUVHU11GOtDzVv07OU+u2vi + F0wPdrbedpmIr5BMCdCmqlIPYeBiaMVa/2+q3ud4o6/TeWmQpDZJCQ3xtxrNORQ7 + HTlY0MDp7G+sdPWJCN5OJ0Ac7uKW72ZC/5yHBJY7Lmrhi3V3vA+DH7A4GgPAphQM + yWlBP7sQqVWcA1XlgTycRzkfffXEUoS6qef+IgU/3i/kXmeNnf2kSvmtbiO4GRhC + Nhk2s71NUtYXNFJPav5/ZPXI3qOuySow5GYp3njGYmDhO45IzFCcQu40FqiOeyoV + lRYTS/BrybkMCu2S3VmIY9/2e7gguYigmyZRvvqOUED9JRqOfC14n5+wtxzSj/nw + xFFukVHQRNF6jcZLUNs0SoeFS/obPCE+QiDYBKVrTeT54LuwNLpTrgTnTkDE5VIm + LpX9ERh0Yh8HAO7eLHIPAiU/G1Etlc43GcDLN7bbGPQbCvKRzWKSUrLwKmryvTPi + eC36fh/yZEWtT2zEtddwbncRgXT20opzMJxB3qF5ZMQ1qLIsQbGYeUsRl9lxsT7A + CE6vCP235+urdA9IaBRPN1VpWDpV7YDbF/ZIkRDJevSnSSrBTed4WcXcSe7JNGFb + U3eFPi2vsekvb59CHqHPD8QvvqF3N/3Xp1uQZV+eBOCtRpMOZduBJ6QdZlGBaGrB + +RKJEl9ziqGkiqiQzw8MR2kSrRVKIs5cISbl/dOEqfkbp2A1Siy4kWt+2Zk5V+Sw + IPJDrjYIZKSzV6XhhN+fhMNOYJjByxEXXLvHRTydIUQpS5JPe3T1sMJCN8o41uKx + 4g+oPomYfJzKSbdpP84fVC4WQCMj+CiMGz/dWV27LgKPF0X9wel5s5gke4UDYQKe + FDf/4n3+neMgKohFUIcnqGnBTtThXqvK637m37WfQTIqNWkRH4pU/Acl/djkd+TD + yYRBt5UqwGovABM08jYkuA== diff --git a/src/manager/crypto/generic-backend/gstore.h b/src/manager/crypto/generic-backend/gstore.h index 88a99a5..6eee7a3 100644 --- a/src/manager/crypto/generic-backend/gstore.h +++ b/src/manager/crypto/generic-backend/gstore.h @@ -41,6 +41,11 @@ struct Data { // Too generic. The name does not say anything aobut content. struct DataEncryption { + DataEncryption() {}; + DataEncryption(RawBuffer encKey, RawBuffer ivector) + : encryptedKey(std::move(encKey)) + , iv(std::move(ivector)) + {} RawBuffer encryptedKey; RawBuffer iv; }; diff --git a/src/manager/crypto/platform/decider.cpp b/src/manager/crypto/platform/decider.cpp index 6c63c49..2f73b1f 100644 --- a/src/manager/crypto/platform/decider.cpp +++ b/src/manager/crypto/platform/decider.cpp @@ -32,7 +32,11 @@ namespace CKM { namespace Crypto { namespace { -CryptoBackend chooseCryptoBackend(DataType dataType, bool exportable) { +CryptoBackend chooseCryptoBackend(DataType dataType, bool exportable, bool encrypted) { +// Only software backend supports device encyption key + if (encrypted) + return CryptoBackend::OpenSSL; + // The list of items that MUST be support by OpenSSL if (dataType.isCertificate()) return CryptoBackend::OpenSSL; @@ -77,8 +81,8 @@ GStore& Decider::getStore(CryptoBackend cryptoBackend) const { "Backend not available. BackendId: ", (int)cryptoBackend); } -GStore& Decider::getStore(DataType data, bool exportable) const { - return getStore(chooseCryptoBackend(data, exportable)); +GStore& Decider::getStore(DataType data, bool exportable, bool encrypted) const { + return getStore(chooseCryptoBackend(data, exportable, encrypted)); } } // namespace Crypto diff --git a/src/manager/crypto/platform/decider.h b/src/manager/crypto/platform/decider.h index 6be147c..81ad3d0 100644 --- a/src/manager/crypto/platform/decider.h +++ b/src/manager/crypto/platform/decider.h @@ -36,7 +36,7 @@ class Decider { public: Decider(); GStore& getStore(const Token &token) const; - GStore& getStore(DataType data, bool exportable) const; + GStore& getStore(DataType data, bool exportable, bool encrypted = false) const; virtual ~Decider(){} protected: diff --git a/src/manager/initial-values/BufferHandler.cpp b/src/manager/initial-values/BufferHandler.cpp index 1ce108c..0ceff74 100644 --- a/src/manager/initial-values/BufferHandler.cpp +++ b/src/manager/initial-values/BufferHandler.cpp @@ -27,14 +27,28 @@ #include #include +namespace +{ +const char * const XML_ATTR_IV = "IV"; +} + namespace CKM { namespace InitialValues { BufferHandler::BufferHandler(EncodingType type) : m_encoding(type) {} BufferHandler::~BufferHandler() {} -void BufferHandler::Start(const XML::Parser::Attributes &) +void BufferHandler::Start(const XML::Parser::Attributes &attr) { + // get key type + if(attr.find(XML_ATTR_IV) != attr.end()) { + std::string IVstring = attr.at(XML_ATTR_IV); + Base64Decoder base64; + base64.reset(); + base64.append(RawBuffer(IVstring.begin(), IVstring.end())); + base64.finalize(); + m_IV = base64.get(); + } } @@ -46,6 +60,7 @@ void BufferHandler::Characters(const std::string & data) void BufferHandler::End() { + // decoding section switch(m_encoding) { // PEM requires that "----- END" section comes right after "\n" character @@ -59,6 +74,7 @@ void BufferHandler::End() // Base64 decoder also does not accept any whitespaces case DER: case BASE64: + case ENCRYPTED: { std::string trimmed = XML::trimEachLine(std::string(m_data.begin(), m_data.end())); Base64Decoder base64; diff --git a/src/manager/initial-values/BufferHandler.h b/src/manager/initial-values/BufferHandler.h index eaef9d0..ef4d2cf 100644 --- a/src/manager/initial-values/BufferHandler.h +++ b/src/manager/initial-values/BufferHandler.h @@ -26,6 +26,7 @@ #include #include #include +#include namespace CKM { namespace InitialValues { @@ -45,9 +46,18 @@ public: const RawBuffer & getData() const { return m_data; } + bool isEncrypted() const { + if(m_encoding == EncodingType::ENCRYPTED) + return true; + return false; + } + const RawBuffer & getIV() const { + return m_IV; + } private: - EncodingType m_encoding; - RawBuffer m_data; + EncodingType m_encoding; + RawBuffer m_IV; + RawBuffer m_data; }; } diff --git a/src/manager/initial-values/CertHandler.h b/src/manager/initial-values/CertHandler.h index 4050411..e31cbfa 100644 --- a/src/manager/initial-values/CertHandler.h +++ b/src/manager/initial-values/CertHandler.h @@ -32,7 +32,8 @@ namespace InitialValues { class CertHandler : public InitialValueHandler { public: - explicit CertHandler(CKMLogic & db_logic) : InitialValueHandler(db_logic) {} + explicit CertHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey) + : InitialValueHandler(db_logic, encryptedKey) {} virtual ~CertHandler(); virtual DataType getDataType() const; diff --git a/src/manager/initial-values/DataHandler.h b/src/manager/initial-values/DataHandler.h index 1ccc4e8..cb5987b 100644 --- a/src/manager/initial-values/DataHandler.h +++ b/src/manager/initial-values/DataHandler.h @@ -32,7 +32,8 @@ namespace InitialValues { class DataHandler : public InitialValueHandler { public: - explicit DataHandler(CKMLogic & db_logic) : InitialValueHandler(db_logic) {} + explicit DataHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey) + : InitialValueHandler(db_logic, encryptedKey) {} virtual ~DataHandler(); virtual DataType getDataType() const; diff --git a/src/manager/initial-values/EncodingType.h b/src/manager/initial-values/EncodingType.h index b7f513d..d40e2dd 100644 --- a/src/manager/initial-values/EncodingType.h +++ b/src/manager/initial-values/EncodingType.h @@ -30,7 +30,9 @@ enum EncodingType { PEM, DER, ASCII, - BASE64 + BASE64, + // encrypted + ENCRYPTED }; } diff --git a/src/manager/initial-values/InitialValueHandler.cpp b/src/manager/initial-values/InitialValueHandler.cpp index 00ea520..7118624 100644 --- a/src/manager/initial-values/InitialValueHandler.cpp +++ b/src/manager/initial-values/InitialValueHandler.cpp @@ -60,37 +60,48 @@ void InitialValueHandler::Start(const XML::Parser::Attributes &attr) void InitialValueHandler::End() { - if(m_bufferHandler) + if (!m_bufferHandler) { + LogError("Invalid data with name: " << m_name << ", reason: no key data!"); + return; + } + + // save data + Policy policy(m_password, m_exportable); + + Crypto::DataEncryption de; + if(m_bufferHandler->isEncrypted()) { + de.encryptedKey = m_encryptedKey; + de.iv = m_bufferHandler->getIV(); + } + + int ec = m_db_logic.importInitialData(m_name, + Crypto::Data(getDataType(), m_bufferHandler->getData()), + de, + policy); + + if(CKM_API_SUCCESS != ec) { + LogError("Saving type: " << getDataType() << " with params: name(" << + m_name << "), exportable(" << m_exportable<< ") failed, code: " << ec); + return; + } + + // save permissions + for(const auto & permission : m_permissions) { - // save data - Policy policy(m_password, m_exportable); - int ec = m_db_logic.verifyAndSaveDataHelper( + ec = m_db_logic.setPermissionHelper( Credentials(CKMLogic::SYSTEM_DB_UID, OWNER_ID_SYSTEM), m_name, OWNER_ID_SYSTEM, - Crypto::Data(getDataType(), m_bufferHandler->getData()), - PolicySerializable(policy)); - if(CKM_API_SUCCESS == ec) - { - // save permissions - for(const auto & permission : m_permissions) - { - ec = m_db_logic.setPermissionHelper( - Credentials(CKMLogic::SYSTEM_DB_UID, OWNER_ID_SYSTEM), - m_name, - OWNER_ID_SYSTEM, - permission->getAccessor(), - Permission::READ); - if(CKM_API_SUCCESS != ec) - LogError("Saving permission to: " << m_name << " with params: accessor("<getAccessor()<<") failed, code: " << ec); - } + permission->getAccessor(), + Permission::READ); + if (CKM_API_SUCCESS != ec) { + LogError("Saving permission to: " << m_name << + " with params: accessor(" << permission->getAccessor() << + ") failed, code: " << ec); } - else - LogError("Saving type: " << getDataType() << " with params: name("< InitialValueHandlerPtr; - explicit InitialValueHandler(CKMLogic & db_logic) : m_exportable(false), - m_db_logic(db_logic) {} + explicit InitialValueHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey) + : m_exportable(false), m_db_logic(db_logic), m_encryptedKey(encryptedKey) {} virtual ~InitialValueHandler() {}; BufferHandler::BufferHandlerPtr CreateBufferHandler(EncodingType type); @@ -56,6 +56,7 @@ protected: Password m_password; bool m_exportable; CKMLogic & m_db_logic; + const CKM::RawBuffer & m_encryptedKey; BufferHandler::BufferHandlerPtr m_bufferHandler; std::vector m_permissions; diff --git a/src/manager/initial-values/InitialValuesFile.cpp b/src/manager/initial-values/InitialValuesFile.cpp index 166f158..31cebb0 100644 --- a/src/manager/initial-values/InitialValuesFile.cpp +++ b/src/manager/initial-values/InitialValuesFile.cpp @@ -43,6 +43,9 @@ const char * const XML_TAG_PEM = "PEM"; const char * const XML_TAG_DER = "DER"; const char * const XML_TAG_ASCII = "ASCII"; const char * const XML_TAG_BASE64 = "Base64"; +const char * const XML_TAG_ENCRYPTED_DER = "EncryptedDER"; +const char * const XML_TAG_ENCRYPTED_ASCII = "EncryptedASCII"; +const char * const XML_TAG_ENCRYPTED_BINARY = "EncryptedBinary"; const char * const XML_TAG_PERMISSION = "Permission"; const char * const XML_ATTR_VERSION = "version"; } @@ -79,7 +82,7 @@ void InitialValuesFile::registerElementListeners() m_parser.RegisterElementCb(XML_TAG_KEY, [this]() -> XML::Parser::ElementHandlerPtr { - return GetObjectHandler(ObjectType::KEY); + return GetObjectHandler(ObjectType::KEY, m_encryptedAESkey); }, [this](const XML::Parser::ElementHandlerPtr &) { @@ -88,7 +91,7 @@ void InitialValuesFile::registerElementListeners() m_parser.RegisterElementCb(XML_TAG_CERT, [this]() -> XML::Parser::ElementHandlerPtr { - return GetObjectHandler(ObjectType::CERT); + return GetObjectHandler(ObjectType::CERT, m_encryptedAESkey); }, [this](const XML::Parser::ElementHandlerPtr &) { @@ -97,7 +100,7 @@ void InitialValuesFile::registerElementListeners() m_parser.RegisterElementCb(XML_TAG_DATA, [this]() -> XML::Parser::ElementHandlerPtr { - return GetObjectHandler(ObjectType::DATA); + return GetObjectHandler(ObjectType::DATA, m_encryptedAESkey); }, [this](const XML::Parser::ElementHandlerPtr &) { @@ -140,6 +143,33 @@ void InitialValuesFile::registerElementListeners() { ReleaseBufferHandler(EncodingType::BASE64); }); + m_parser.RegisterElementCb(XML_TAG_ENCRYPTED_DER, + [this]() -> XML::Parser::ElementHandlerPtr + { + return GetBufferHandler(EncodingType::ENCRYPTED); + }, + [this](const XML::Parser::ElementHandlerPtr &) + { + ReleaseBufferHandler(EncodingType::ENCRYPTED); + }); + m_parser.RegisterElementCb(XML_TAG_ENCRYPTED_ASCII, + [this]() -> XML::Parser::ElementHandlerPtr + { + return GetBufferHandler(EncodingType::ENCRYPTED); + }, + [this](const XML::Parser::ElementHandlerPtr &) + { + ReleaseBufferHandler(EncodingType::ENCRYPTED); + }); + m_parser.RegisterElementCb(XML_TAG_ENCRYPTED_BINARY, + [this]() -> XML::Parser::ElementHandlerPtr + { + return GetBufferHandler(EncodingType::ENCRYPTED); + }, + [this](const XML::Parser::ElementHandlerPtr &) + { + ReleaseBufferHandler(EncodingType::ENCRYPTED); + }); m_parser.RegisterElementCb(XML_TAG_PERMISSION, [this]() -> XML::Parser::ElementHandlerPtr { @@ -183,20 +213,21 @@ int InitialValuesFile::Parse() return ec; } -XML::Parser::ElementHandlerPtr InitialValuesFile::GetObjectHandler(ObjectType type) +XML::Parser::ElementHandlerPtr InitialValuesFile::GetObjectHandler(ObjectType type, + const CKM::RawBuffer &encryptedKey) { switch(type) { case KEY: - m_currentHandler = std::make_shared(m_db_logic); + m_currentHandler = std::make_shared(m_db_logic, encryptedKey); break; case CERT: - m_currentHandler = std::make_shared(m_db_logic); + m_currentHandler = std::make_shared(m_db_logic, encryptedKey); break; case DATA: - m_currentHandler = std::make_shared(m_db_logic); + m_currentHandler = std::make_shared(m_db_logic, encryptedKey); break; default: diff --git a/src/manager/initial-values/InitialValuesFile.h b/src/manager/initial-values/InitialValuesFile.h index 1572e2f..c3cccbb 100644 --- a/src/manager/initial-values/InitialValuesFile.h +++ b/src/manager/initial-values/InitialValuesFile.h @@ -52,7 +52,7 @@ protected: DATA }; - XML::Parser::ElementHandlerPtr GetObjectHandler(ObjectType type); + XML::Parser::ElementHandlerPtr GetObjectHandler(ObjectType type, const CKM::RawBuffer &encryptedKey); void ReleaseObjectHandler(ObjectType type); XML::Parser::ElementHandlerPtr GetBufferHandler(EncodingType type); @@ -60,12 +60,8 @@ protected: XML::Parser::ElementHandlerPtr GetPermissionHandler(); void ReleasePermissionHandler(); -private: - std::string m_filename; - XML::Parser m_parser; - InitialValueHandler::InitialValueHandlerPtr m_currentHandler; - CKMLogic & m_db_logic; +private: class HeaderHandler : public XML::Parser::ElementHandler { public: @@ -95,6 +91,10 @@ private: InitialValuesFile & m_parent; }; + std::string m_filename; + XML::Parser m_parser; + InitialValueHandler::InitialValueHandlerPtr m_currentHandler; + CKMLogic & m_db_logic; typedef std::shared_ptr HeaderHandlerPtr; typedef std::shared_ptr EncryptionKeyHandlerPtr; HeaderHandlerPtr m_header; diff --git a/src/manager/initial-values/KeyHandler.h b/src/manager/initial-values/KeyHandler.h index c26e429..b921b47 100644 --- a/src/manager/initial-values/KeyHandler.h +++ b/src/manager/initial-values/KeyHandler.h @@ -33,8 +33,8 @@ namespace InitialValues { class KeyHandler : public InitialValueHandler { public: - explicit KeyHandler(CKMLogic & db_logic) : InitialValueHandler(db_logic), - m_keyType(KeyType::KEY_NONE) {} + explicit KeyHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey) + : InitialValueHandler(db_logic, encryptedKey), m_keyType(KeyType::KEY_NONE) {} virtual ~KeyHandler(); virtual void Start(const XML::Parser::Attributes &); diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp index 5b8f1a3..4819857 100644 --- a/src/manager/service/ckm-logic.cpp +++ b/src/manager/service/ckm-logic.cpp @@ -1092,6 +1092,38 @@ RawBuffer CKMLogic::getDataList( return response.Pop(); } +int CKMLogic::importInitialData( + const Name &name, + const Crypto::Data &data, + const Crypto::DataEncryption &enc, + const Policy &policy) +{ + if (CKM_API_SUCCESS != unlockSystemDB() ) + ThrowErr(Exc::DatabaseLocked, "can not unlock system database"); + auto &handler = m_userDataMap[SYSTEM_DB_UID]; + + if (!isNameValid(name)) + return CKM_API_ERROR_INPUT_PARAM; + + Crypto::GStore& store = + m_decider.getStore(data.type, policy.extractable, !enc.encryptedKey.empty()); + + Token token; + if (enc.encryptedKey.empty()) + token = store.import(data, m_accessControl.isCCMode() ? "" : policy.password); + else + token = store.importEncrypted(data, m_accessControl.isCCMode() ? "" : policy.password, enc); + + DB::Row row(std::move(token), name, OWNER_ID_SYSTEM, static_cast(policy.extractable)); + handler.crypto.encryptRow(row); + + DB::Crypto::Transaction transaction(&handler.database); + handler.database.saveRow(row); + transaction.commit(); + + return CKM_API_SUCCESS; +} + int CKMLogic::saveDataHelper( const Credentials &cred, const Name &name, diff --git a/src/manager/service/ckm-logic.h b/src/manager/service/ckm-logic.h index 610fb7f..3c1cb3a 100644 --- a/src/manager/service/ckm-logic.h +++ b/src/manager/service/ckm-logic.h @@ -185,11 +185,11 @@ public: const PermissionMask permissionMask); int setPermissionHelper( - const Credentials &cred, - const Name &name, - const Label &ownerLabel, - const Label &accessorLabel, - const PermissionMask permissionMask); + const Credentials &cred, + const Name &name, + const Label &ownerLabel, + const Label &accessorLabel, + const PermissionMask permissionMask); int verifyAndSaveDataHelper( const Credentials &cred, @@ -198,11 +198,18 @@ public: const Crypto::Data &data, const PolicySerializable &policy); - int getKeyForService(const Credentials &cred, - const Name &name, - const Label &label, - const Password& pass, - Crypto::GObjShPtr& key); + int getKeyForService( + const Credentials &cred, + const Name &name, + const Label &label, + const Password& pass, + Crypto::GObjShPtr& key); + + int importInitialData( + const Name &name, + const Crypto::Data &data, + const Crypto::DataEncryption &enc, + const Policy &policy); protected: int unlockSystemDB(); diff --git a/tests/XML_3_encrypted.xml b/tests/XML_3_encrypted.xml index b82b20d..2e452a8 100644 --- a/tests/XML_3_encrypted.xml +++ b/tests/XML_3_encrypted.xml @@ -115,11 +115,12 @@ - + BflJyNgOcGyJSqTegG+y7MJXI1crgsGY3PjFfMpbmMbwJkVexvxoEPdf2yE5Z7da 6Vp4Qo2WOCUv/hllNTfm/dH7kOJOjcs/vaV1eRIfzEx3hvgKOyP82Hhkm1POynsF 0GyMm/VwtJFwFHA5DaJzwLln2/AoD//vC731Qhucw0Zvi2hi74d6igPog9EugIj/ @@ -137,41 +138,34 @@ - - H/1CXNoQJ13MLdMESto1BHP5583n7fbwkN4mRVELQepeJNUhX2Kc+6foG3eTOBEH - N/z5xPFlYZLxeRArknVaCE/2Nmrk9STQZpja//B6FEXTUg4PbVEQl1zE5vJV8RUE - W1jetcEoxPZtNirqH03P1izud/vQVCQRy+WYe00Nm/MluGTJ8sytW+k+wCO+GmHf - 5vyCal0xr+o2rIHzPPJId3eg/6IbWCAmOeNU+l03im98zSrqD9bG2cdgdciNUb4B - ANCv/3r+Vx6Xcs3N1p33ewXP+suCqDYBUE9YwsIaZABMB9yk02cuZtpeYytBCkNk - QzESDqzFoIV3JREjxKL69VyJWm+ttL4OnrAinZIndJ/0zk77Dg64vg63HBRGL+qi - w9C5eOXfIWylfUn/CMmHbRjg378G2svAOAynZhHmTLWqfviGKJcS6Mulxs2o/egL - /uuITbEQNKPX5LVvtBPygUPPgV66Q3zjBGX/vbPwpMn/M8Z5gOOrUfoIKTTTh7a+ - VwkujHjC68TJ21AJSauTH7qg291cQZOMeC3LfXXjCXQYg3qOyJnlmDrfZFfnzRk6 - W4z6i868Dk12B8KDXtSPSR9AigSiooTOgvhqVk+diILYBdpwfrEUTIt2Cq5hgcoO - 2e9gIe03vxD3dxOQjvEC7XYbdWeB87mlEgkOKjm9sC/XRJCnF33xVJPxsc+ixoRk - 4udR5UdYVZMc8tkGIgO7v/aOJyaAwSnRc5NVA8L+4w/0MUNtfD911buUzeV/wmwg - q/YqNI7AluNifXEK5CTYBP0CmAVlGUC3k4Q0W+gRIg1peiURl0pvantE26NXsNEr - GuIHCkKrQcUKkcCpCGeAuzjZAfXLdtEm9oLg44BGBNEP6cBvgoryJATv5XPSR7TJ - SvKPQM/hkPwc2NIzJEFP2729+HagOp2ANyMob/5Z4dE6ynDpZ1hTBBRanI6WBerX - SBClj+MnJJhnxUsSXL9r6O9s24ajCqNUib8K8M+P5+7+K+rO07C+ckzNiy9j7uyX - RZm7eWfsZ7zbjwKsFPqBp0v0pDUJZ1LvTwpL/OOHE19LDE0sdpVXJqp7JyMbnFvn - yiT7xfFAOp0kseCee0UVk4V5Og4u+vdSrjt6HBFcueTnE1OtDkMlX0sSL3+mEyF+ - +mkPx8bIkSvvitoPHfipP13kG8qBQ/yKaKjCgQYb7OwFOGOtwkaUaqHRm0GEBxe1 - xr0v1lyJzpaS6ZMU/kSH2QGNrfhiiif9+nlKiUbfPmUMKqrLKAYn8KFEDkU7Wrrm - /cW0Y+cCntKyhszBs8jcKHyoJDCi4imUlZHg4t4MwYrD8GgaeBfUxPP5rUroHMRy - 6K/UKXhraU9CoEtKIyAk0oXH3JlqCz0WRxjA322kAhVxDYIHa6D1pSVFY1K8FXfq - 0hSZOw4yFBYhyEIwBkstpNiRXWtFR1xRlVTdb9ksmAPTfr0TyNWbygz8Pa6gz7qx - j3B+24jAShhq8PHWxpJgfsObLsr4aASNZKSxpzSC140o+BTxqmSIjljdTKF+golD - /XBwmrhqsfI/3mRocIte34Pcfqj0T3zKUZ45zRLQGvA= + + pPjY7wULPaBIwPKkgwKyKSZPa6NVJN3312q829KaXcNdQSoNJmsyyPDMqLr1W3Nw + /5DSfstMCh/MiUq4Dc1VCaHbVkRFVZMvitg7nfjDVkI9HGLpSGWzz1dc6kxn/rPv + l1Ox3sVog96Ebss+Givm4cKKYSQihCLTxcQcP6v4RGvTMhXIZmlz8n4Tr3MgyRB7 + XTWdoowosEUWrzPMSD39y18gRJVZ/ZKv68o5mntatSE8FS1L6dgb2TdKEFdydVd2 + /ob9GVwRkMxpBsQeUvPRYXnZS2f1L18IRPrKLKLKsDB+FysyXMAHMaxGWWil29/d + osOwMt34i6Bv21132lGt08t2LebmDJViZRVjzz9edIChBzsoG/E/3hX6v32ruJGU + 2kq5l0bOmpQFs9M0TTNNWnaZKvpFPA8b3ywaDRWeKAPHsNQpnrx0WygCmvbjUChf + TP1E5BVm6YjWxptvFvEINcotCj2+0fvG3zIcq01O/MpSFWbGdu9MLZtFl1rTRt8e + ER8+nOKZNi9JUOfsYJyrZmtwm56LXTPjgNYY+a8yp2EXFtHjO62QKYr8zAi98PxL + oiELHLF2xwFufvBAssSOPwRmDSIhljPbUy4UKUxFCeMJzdxgK0DMZw4FtcyBXGgG + ABP57OQ60HomoZZDwAQ/4B8unuOCp7uERsQH5Z4Ns+PiIM4Tk8j9Qg4YVN43FJtJ + tCsfagBPuQM+Cm5law0Y01asMr0wq/VlILMKX0KXpwgnVmQClRfcYBLHQmDTyCos + kYSWrSYDesvXJnB1j/hn1puCQHfyrmPH5fQTzanD5whyed7DeXBl+F5+f73uj9pC + DrtqG+YEOeJNj0PCAMq9B4Qe6xi06P6D/sG17Phl9wH5DSzfxxlst1xeaPBko9Bo + LM6Sh6echKIh0HddStmaBICXNeVKz958tD0piVYMVipZm5/+cpDxdGSuemUxWXJO + XAuYydZkuLksYjLyXDO5vEaqcVMtu54tjfdFS7vO87a9IF+mI7HHHdnNaDRHaAFi + 4rXdaGQr8zohq91NE3JYgSMbk1DlGfL1m9GN6IEUjqMQlAkGWal1Et9uwO98PpOk + a+r+N4lsYPKJbX2ywUvDHg== - zuBDjp8ptFthrU69Ua5cfg== + zuBDjp8ptFthrU69Ua5cfg== - + weK/LmGIPHeNA2YipqJa4B7DRMJBaoGSldawgSDQeIIIXgrmypSH42Gbm6m09gp0 Wn0frkCcALHGxJyDK3rOsWDjJisYweblBgcFGa/eG7DiLgL1mv/fjstjSda1bh8x sLtmKCrYPPZI6RVEZKdl6oBXK7+uVavY9vdo69DrTZulZMGR2NW3i665kTVhvIUn -- 2.7.4 From d4f99fea8ba5ee3ffe06b04cc0b61e0d9cba327d Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Mon, 16 Nov 2015 15:18:01 +0100 Subject: [PATCH 04/16] Load app key when importing initial values [Problem] Missing app key. [Solution] Fixed. [Verification] Run tests Change-Id: If1a156094bb81a349af41f077443c6503b9cea04 --- src/manager/service/ckm-logic.cpp | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp index 4819857..2a6e9b1 100644 --- a/src/manager/service/ckm-logic.cpp +++ b/src/manager/service/ckm-logic.cpp @@ -1098,12 +1098,16 @@ int CKMLogic::importInitialData( const Crypto::DataEncryption &enc, const Policy &policy) { - if (CKM_API_SUCCESS != unlockSystemDB() ) - ThrowErr(Exc::DatabaseLocked, "can not unlock system database"); - auto &handler = m_userDataMap[SYSTEM_DB_UID]; + // Inital values are always imported with root credentials. Label is not important. + Credentials rootCred(0,""); - if (!isNameValid(name)) - return CKM_API_ERROR_INPUT_PARAM; + auto &handler = selectDatabase(rootCred, OWNER_ID_SYSTEM); + + // check if save is possible + DB::Crypto::Transaction transaction(&handler.database); + int retCode = checkSaveConditions(rootCred, handler, name, OWNER_ID_SYSTEM); + if(retCode != CKM_API_SUCCESS) + return retCode; Crypto::GStore& store = m_decider.getStore(data.type, policy.extractable, !enc.encryptedKey.empty()); @@ -1117,7 +1121,6 @@ int CKMLogic::importInitialData( DB::Row row(std::move(token), name, OWNER_ID_SYSTEM, static_cast(policy.extractable)); handler.crypto.encryptRow(row); - DB::Crypto::Transaction transaction(&handler.database); handler.database.saveRow(row); transaction.commit(); -- 2.7.4 From 106b8c24ffc7eff3e44d7ea60ef9c56e6ac9ca68 Mon Sep 17 00:00:00 2001 From: Bartlomiej Grzelewski Date: Mon, 23 Nov 2015 11:09:34 +0100 Subject: [PATCH 05/16] Conversion PEM -> DER moved to store. Change-Id: Ia748520a828f1dfcb3097dbde0ac28aaf22a8c52 --- src/manager/crypto/sw-backend/internals.cpp | 36 ++++++++++++++++++++++++++--- src/manager/crypto/sw-backend/internals.h | 2 ++ src/manager/crypto/sw-backend/store.cpp | 6 +++-- 3 files changed, 39 insertions(+), 5 deletions(-) diff --git a/src/manager/crypto/sw-backend/internals.cpp b/src/manager/crypto/sw-backend/internals.cpp index 6239c66..861f623 100644 --- a/src/manager/crypto/sw-backend/internals.cpp +++ b/src/manager/crypto/sw-backend/internals.cpp @@ -788,7 +788,7 @@ RawBuffer signMessage(EVP_PKEY *privKey, const int rsa_padding) { EvpPkeyCtxUPtr pctx(EVP_PKEY_CTX_new(privKey, NULL), EVP_PKEY_CTX_free); - + if(!pctx.get()) { ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_new function"); } @@ -836,7 +836,7 @@ RawBuffer digestSignMessage(EVP_PKEY *privKey, const int rsa_padding) { EvpMdCtxUPtr mdctx(EVP_MD_CTX_create(), EVP_MD_CTX_destroy); - + EVP_PKEY_CTX *pctx = NULL; // Create the Message Digest Context @@ -948,7 +948,7 @@ int verifyMessage(EVP_PKEY *pubKey, if(EVP_SUCCESS == EVP_PKEY_verify(pctx.get(), signature.data(), signature.size(), message.data(), message.size())) { return CKM_API_SUCCESS; - } + } LogError("EVP_PKEY_verify Failed"); return CKM_API_ERROR_VERIFICATION_FAILED; @@ -990,7 +990,37 @@ int digestVerifyMessage(EVP_PKEY *pubKey, return CKM_API_ERROR_VERIFICATION_FAILED; } +RawBuffer toBinaryData(DataType dataType, const RawBuffer &buffer) +{ + // verify the data integrity + if (dataType.isKey()) + { + KeyShPtr output_key; + if(dataType.isSKey()) + output_key = CKM::Key::createAES(buffer); + else + output_key = CKM::Key::create(buffer); + if(output_key.get() == NULL) + ThrowErr(Exc::Crypto::InputParam, "Provided data is not valid key data"); + + return output_key->getDER(); + } + else if (dataType.isCertificate() || dataType.isChainCert()) + { + CertificateShPtr cert = CKM::Certificate::create(buffer, DataFormat::FORM_DER); + + if(cert.get() == NULL) + ThrowErr(Exc::Crypto::InputParam, "Provided data is not valid certificate"); + + return cert->getDER(); + } + + // TODO: add here BINARY_DATA verification, i.e: max size etc. + return buffer; +} + } // namespace Internals } // namespace SW } // namespace Crypto } // namespace CKM + diff --git a/src/manager/crypto/sw-backend/internals.h b/src/manager/crypto/sw-backend/internals.h index ecf52d4..eac23ee 100644 --- a/src/manager/crypto/sw-backend/internals.h +++ b/src/manager/crypto/sw-backend/internals.h @@ -122,6 +122,8 @@ int digestVerifyMessage(EVP_PKEY *pubKey, const EVP_MD *md_algo, const int rsa_padding); +RawBuffer toBinaryData(DataType dataType, const RawBuffer &buffer); + } // namespace Internals } // namespace SW } // namespace Crypto diff --git a/src/manager/crypto/sw-backend/store.cpp b/src/manager/crypto/sw-backend/store.cpp index d59cea1..29cf08a 100644 --- a/src/manager/crypto/sw-backend/store.cpp +++ b/src/manager/crypto/sw-backend/store.cpp @@ -215,7 +215,8 @@ Token Store::generateSKey(const CryptoAlgorithm &algorithm, const Password &pass } Token Store::import(const Data &data, const Password &pass) { - return Token(m_backendId, data.type, pack(data.data, pass)); + RawBuffer converted = Internals::toBinaryData(data.type, data.data); + return Token(m_backendId, data.type, pack(converted, pass)); } Token Store::importEncrypted(const Data &data, const Password &pass, const DataEncryption &enc) { @@ -232,7 +233,8 @@ Token Store::importEncrypted(const Data &data, const Password &pass, const DataE algorithmAESCBC.setParam(ParamName::ALGO_TYPE, AlgoType::AES_CBC); algorithmAESCBC.setParam(ParamName::ED_IV, enc.iv); RawBuffer rawData = aesKey.decrypt(algorithmAESCBC, data.data); - return Token(m_backendId, data.type, pack(rawData, pass)); + RawBuffer converted = Internals::toBinaryData(data.type, rawData); + return Token(m_backendId, data.type, pack(converted, pass)); } } // namespace SW -- 2.7.4 From faf87d6274d1c616fcd137124e0d5f54ee8e84cd Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Thu, 19 Nov 2015 13:50:20 +0100 Subject: [PATCH 06/16] License date updated [Problem] Wrong date in LICENSE file [Solution] Date fixed [Verification] Compare with current year Change-Id: Ia9a4d2da70d6f01d5f036c376e220b9637f81870 --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index 247c97d..8534b2c 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd. All rights reserved. +Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd. All rights reserved. Apache License Version 2.0, January 2004 -- 2.7.4 From 984a58ab8ca99964d8be0ba36549d518988c9f34 Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Wed, 25 Nov 2015 10:19:17 +0100 Subject: [PATCH 07/16] Detailed documentation for encryption/decryption API [Problem] The encryption/decryption API documentation in header file wasn't detailed enough. [Solution] Add more more details. [Verification] Rate intelligibility of documentation Change-Id: I2695651928ccf294e94fed2e4c2d0a4019365582 --- src/include/ckmc/ckmc-manager.h | 22 +++++++++++++----- src/include/ckmc/ckmc-type.h | 50 ++++++++++++++++++++++++++++++----------- 2 files changed, 54 insertions(+), 18 deletions(-) diff --git a/src/include/ckmc/ckmc-manager.h b/src/include/ckmc/ckmc-manager.h index d7ccd59..35a3413 100644 --- a/src/include/ckmc/ckmc-manager.h +++ b/src/include/ckmc/ckmc-manager.h @@ -1095,12 +1095,16 @@ int ckmc_remove_alias(const char *alias); * * @remarks Key identified by @a key_alias should exist. * - * @param[in] params Algorithm parameter list handle + * @param[in] params Algorithm parameter list handle. See #ckmc_param_list_h and + * #ckmc_algo_type_e for details * @param[in] key_alias Alias of the key to be used for encryption * @param[in] password The password used in decrypting a key value \n * If password of policy is provided in ckmc_save_key(), the same * password should be provided - * @param[in] decrypted Data to be encrypted + * @param[in] decrypted Data to be encrypted. In case of AES algorithm there are no + * restrictions on the size of data. For RSA the size must be smaller + * or equal to - 42. Example: for 1024 RSA key the + * maximum data size is 1024/8 - 42 = 86. * @param[out] ppencrypted Encrypted data (some algorithms may return additional information * embedded in encrypted data. AES GCM is an example) \n * The caller is responsible for freeing @a encrypted with @@ -1109,7 +1113,9 @@ int ckmc_remove_alias(const char *alias); * @return @c 0 on success, otherwise a negative error value * * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid + * mandatory algorithm parameter, decrypted = NULL, + * ppencrypted = NULL) * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged * in) * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason @@ -1128,6 +1134,7 @@ int ckmc_remove_alias(const char *alias); * @see ckmc_generate_new_params() * @see #ckmc_param_list_h * @see #ckmc_param_name_e + * @see #ckmc_algo_type_e */ int ckmc_encrypt_data(ckmc_param_list_h params, const char *key_alias, @@ -1142,7 +1149,9 @@ int ckmc_encrypt_data(ckmc_param_list_h params, * * @remarks Key identified by @a key_alias should exist. * - * @param[in] params Algorithm parameter list handle + * @param[in] params Algorithm parameter list handle. You should use the same parameters + * that were used for encryption. See #ckmc_param_list_h and + * #ckmc_algo_type_e for details * @param[in] key_alias Alias of the key to be used for encryption * @param[in] password The password used in decrypting a key value \n * If password of policy is provided in ckmc_save_key(), the same @@ -1156,7 +1165,9 @@ int ckmc_encrypt_data(ckmc_param_list_h params, * @return @c 0 on success, otherwise a negative error value * * @retval #CKMC_ERROR_NONE Successful - * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid + * mandatory algorithm parameter, encrypted = NULL, + * ppdecrypted = NULL) * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged * in) * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason @@ -1175,6 +1186,7 @@ int ckmc_encrypt_data(ckmc_param_list_h params, * @see ckmc_generate_new_params() * @see #ckmc_param_list_h * @see #ckmc_param_name_e + * @see #ckmc_algo_type_e */ int ckmc_decrypt_data(ckmc_param_list_h params, const char *key_alias, diff --git a/src/include/ckmc/ckmc-type.h b/src/include/ckmc/ckmc-type.h index 507d223..997ed96 100644 --- a/src/include/ckmc/ckmc-type.h +++ b/src/include/ckmc/ckmc-type.h @@ -264,6 +264,19 @@ typedef enum __ckmc_param_name { /** * @brief Handle for algorithm parameter list. * @since_tizen 3.0 + * + * Each parameter list must have at least one CKMC_PARAM_ALGO_TYPE parameter that identifies the + * algorithm. See #ckmc_algo_type_e for available algorithms and additional parameters they support. + * + * @see ckmc_generate_new_params() + * @see ckmc_param_list_new() + * @see ckmc_param_list_set_integer() + * @see ckmc_param_list_set_buffer() + * @see ckmc_param_list_get_integer() + * @see ckmc_param_list_get_buffer() + * @see ckmc_param_list_free() + * @see #ckmc_algo_type_e + * @see #ckmc_param_name_e */ typedef struct __ckmc_param_list *ckmc_param_list_h; @@ -276,31 +289,35 @@ typedef struct __ckmc_param_list *ckmc_param_list_h; typedef enum __ckmc_algo_type { CKMC_ALGO_AES_CTR = 1, /**< AES-CTR algorithm Supported parameters: - - CKMC_PARAM_ALGO_TYPE, - - CKMC_PARAM_ED_IV - - CKMC_PARAM_ED_CTR_LEN (128 only) */ + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CTR(mandatory), + - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) + - CKMC_PARAM_ED_CTR_LEN = length of counter block in bits + (optional, only 128b is supported at the moment) */ CKMC_ALGO_AES_CBC, /**< AES-CBC algorithm Supported parameters: - - CKMC_PARAM_ALGO_TYPE, - - CKMC_PARAM_ED_IV */ + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CBC(mandatory), + - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) */ CKMC_ALGO_AES_GCM, /**< AES-GCM algorithm Supported parameters: - - CKMC_PARAM_ALGO_TYPE, - - CKMC_PARAM_ED_IV - - CKMC_PARAM_ED_TAG_LEN - - CKMC_PARAM_ED_AAD */ + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_GCM(mandatory), + - CKMC_PARAM_ED_IV = initialization vector(mandatory) + - CKMC_PARAM_ED_TAG_LEN = GCM tag length in bits. One of + {32, 64, 96, 104, 112, 120, 128} (optional, if not present the + length 128 is used) + - CKMC_PARAM_ED_AAD = additional authentication data(optional) */ CKMC_ALGO_AES_CFB, /**< AES-CFB algorithm Supported parameters: - - CKMC_PARAM_ALGO_TYPE, - - CKMC_PARAM_ED_IV */ + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_AES_CFB(mandatory), + - CKMC_PARAM_ED_IV = 16-byte initialization vector(mandatory) */ CKMC_ALGO_RSA_OAEP /**< RSA-OAEP algorithm Supported parameters: - - CKMC_PARAM_ALGO_TYPE, - - CKMC_PARAM_ED_LABEL */ + - CKMC_PARAM_ALGO_TYPE = CKMC_ALGO_RSA_OAEP(required), + - CKMC_PARAM_ED_LABEL = label to be associated with the message + (optional, not supported at the moment) */ } ckmc_algo_type_e; /** @@ -746,6 +763,7 @@ void ckmc_cert_list_all_free(ckmc_cert_list_s *first); * @see ckmc_generate_new_params() * @see #ckmc_param_list_h * @see #ckmc_param_name_e + * @see #ckmc_algo_type_e */ int ckmc_param_list_new(ckmc_param_list_h *pparams); @@ -778,6 +796,7 @@ int ckmc_param_list_new(ckmc_param_list_h *pparams); * @see ckmc_generate_new_params() * @see #ckmc_param_list_h * @see #ckmc_param_name_e + * @see #ckmc_algo_type_e */ int ckmc_param_list_set_integer(ckmc_param_list_h params, ckmc_param_name_e name, @@ -813,6 +832,7 @@ int ckmc_param_list_set_integer(ckmc_param_list_h params, * @see ckmc_generate_new_params() * @see #ckmc_param_list_h * @see #ckmc_param_name_e + * @see #ckmc_algo_type_e */ int ckmc_param_list_set_buffer(ckmc_param_list_h params, ckmc_param_name_e name, @@ -845,6 +865,7 @@ int ckmc_param_list_set_buffer(ckmc_param_list_h params, * @see ckmc_generate_new_params() * @see #ckmc_param_list_h * @see #ckmc_param_name_e + * @see #ckmc_algo_type_e */ int ckmc_param_list_get_integer(ckmc_param_list_h params, @@ -880,6 +901,7 @@ int ckmc_param_list_get_integer(ckmc_param_list_h params, * @see ckmc_buffer_free() * @see #ckmc_param_list_h * @see #ckmc_param_name_e + * @see #ckmc_algo_type_e */ int ckmc_param_list_get_buffer(ckmc_param_list_h params, ckmc_param_name_e name, @@ -900,6 +922,7 @@ int ckmc_param_list_get_buffer(ckmc_param_list_h params, * @see ckmc_generate_new_params() * @see #ckmc_param_list_h * @see #ckmc_param_name_e + * @see #ckmc_algo_type_e */ void ckmc_param_list_free(ckmc_param_list_h params); @@ -931,6 +954,7 @@ void ckmc_param_list_free(ckmc_param_list_h params); * @see ckmc_param_list_free() * @see #ckmc_param_list_h * @see #ckmc_param_name_e + * @see #ckmc_algo_type_e */ int ckmc_generate_new_params(ckmc_algo_type_e type, ckmc_param_list_h *pparams); -- 2.7.4 From 6e4a651d11b88ed3d95093d8c5f2b5bae8938713 Mon Sep 17 00:00:00 2001 From: Bartlomiej Grzelewski Date: Wed, 25 Nov 2015 14:20:37 +0100 Subject: [PATCH 08/16] Fix implementation of sw-backend. sw-backend cound not depend from certificate-impl.h and key-impl.h. Change-Id: I7826f0c94bf18d1ad92ac59820120b6ee45531eb --- src/manager/crypto/sw-backend/internals.cpp | 72 +++++++++++++++++++++-------- src/manager/crypto/sw-backend/internals.h | 4 +- src/manager/crypto/sw-backend/store.cpp | 9 ++-- src/manager/service/ckm-logic.cpp | 53 +++++++++++++-------- 4 files changed, 92 insertions(+), 46 deletions(-) diff --git a/src/manager/crypto/sw-backend/internals.cpp b/src/manager/crypto/sw-backend/internals.cpp index 861f623..15775ec 100644 --- a/src/manager/crypto/sw-backend/internals.cpp +++ b/src/manager/crypto/sw-backend/internals.cpp @@ -990,33 +990,65 @@ int digestVerifyMessage(EVP_PKEY *pubKey, return CKM_API_ERROR_VERIFICATION_FAILED; } -RawBuffer toBinaryData(DataType dataType, const RawBuffer &buffer) +bool verifyBinaryData(DataType dataType, const RawBuffer &buffer) { - // verify the data integrity - if (dataType.isKey()) - { - KeyShPtr output_key; - if(dataType.isSKey()) - output_key = CKM::Key::createAES(buffer); - else - output_key = CKM::Key::create(buffer); - if(output_key.get() == NULL) - ThrowErr(Exc::Crypto::InputParam, "Provided data is not valid key data"); + if (dataType.isSKey()) { + switch (buffer.size()) { + default: + LogError("AES key have wrong size."); + return false; + case 128: + case 192: + case 256: + LogDebug("AES key verified."); + return true; + } + } + + if (dataType.isKeyPublic()) { + BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all); - return output_key->getDER(); + BIO_write(bio.get(), buffer.data(), buffer.size()); + EVP_PKEY *pkey = d2i_PUBKEY_bio(bio.get(), NULL); + if (pkey) { + EVP_PKEY_free(pkey); + LogDebug("Verified with d2i_PUBKEY_bio."); + return true; + } + LogError("Key was not verified. Unsupported format."); + return false; } - else if (dataType.isCertificate() || dataType.isChainCert()) - { - CertificateShPtr cert = CKM::Certificate::create(buffer, DataFormat::FORM_DER); - if(cert.get() == NULL) - ThrowErr(Exc::Crypto::InputParam, "Provided data is not valid certificate"); + if (dataType.isKeyPrivate()) { + BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all); + + BIO_write(bio.get(), buffer.data(), buffer.size()); + EVP_PKEY *pkey = d2i_PrivateKey_bio(bio.get(), NULL); + if (pkey) { + EVP_PKEY_free(pkey); + LogDebug("Key verified with d2i_PrivateKey_bio." << (void*)pkey); + return true; + } + LogError("Key was not verified. Unsupported format."); + return false; + } - return cert->getDER(); + if (dataType.isCertificate() || dataType.isChainCert()) + { + const unsigned char *ptr = reinterpret_cast(buffer.data()); + int size = static_cast(buffer.size()); + X509 *x509 = d2i_X509(NULL, &ptr, size); + if (x509) { + LogDebug("Cerificate verified with d2i_X509"); + X509_free(x509); + return true; + } + LogError("Certificate was not verified. Unsupported format."); + return false; } - // TODO: add here BINARY_DATA verification, i.e: max size etc. - return buffer; + LogDebug("Importing binary data..."); + return true; } } // namespace Internals diff --git a/src/manager/crypto/sw-backend/internals.h b/src/manager/crypto/sw-backend/internals.h index eac23ee..b19dcfb 100644 --- a/src/manager/crypto/sw-backend/internals.h +++ b/src/manager/crypto/sw-backend/internals.h @@ -20,8 +20,6 @@ */ #pragma once -#include -#include #include #include #include @@ -122,7 +120,7 @@ int digestVerifyMessage(EVP_PKEY *pubKey, const EVP_MD *md_algo, const int rsa_padding); -RawBuffer toBinaryData(DataType dataType, const RawBuffer &buffer); +bool verifyBinaryData(DataType dataType, const RawBuffer &buffer); } // namespace Internals } // namespace SW diff --git a/src/manager/crypto/sw-backend/store.cpp b/src/manager/crypto/sw-backend/store.cpp index 29cf08a..2605f4d 100644 --- a/src/manager/crypto/sw-backend/store.cpp +++ b/src/manager/crypto/sw-backend/store.cpp @@ -215,8 +215,7 @@ Token Store::generateSKey(const CryptoAlgorithm &algorithm, const Password &pass } Token Store::import(const Data &data, const Password &pass) { - RawBuffer converted = Internals::toBinaryData(data.type, data.data); - return Token(m_backendId, data.type, pack(converted, pass)); + return Token(m_backendId, data.type, pack(data.data, pass)); } Token Store::importEncrypted(const Data &data, const Password &pass, const DataEncryption &enc) { @@ -233,8 +232,10 @@ Token Store::importEncrypted(const Data &data, const Password &pass, const DataE algorithmAESCBC.setParam(ParamName::ALGO_TYPE, AlgoType::AES_CBC); algorithmAESCBC.setParam(ParamName::ED_IV, enc.iv); RawBuffer rawData = aesKey.decrypt(algorithmAESCBC, data.data); - RawBuffer converted = Internals::toBinaryData(data.type, rawData); - return Token(m_backendId, data.type, pack(converted, pass)); + if (!Internals::verifyBinaryData(data.type, rawData)) + ThrowErr(Exc::Crypto::InputParam, "Verification failed. Data could not be imported!"); + + return Token(m_backendId, data.type, pack(rawData, pass)); } } // namespace SW diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp index 2a6e9b1..2f2ee4b 100644 --- a/src/manager/service/ckm-logic.cpp +++ b/src/manager/service/ckm-logic.cpp @@ -1098,31 +1098,46 @@ int CKMLogic::importInitialData( const Crypto::DataEncryption &enc, const Policy &policy) { - // Inital values are always imported with root credentials. Label is not important. - Credentials rootCred(0,""); + try { + // Inital values are always imported with root credentials. Label is not important. + Credentials rootCred(0,""); - auto &handler = selectDatabase(rootCred, OWNER_ID_SYSTEM); + auto &handler = selectDatabase(rootCred, OWNER_ID_SYSTEM); - // check if save is possible - DB::Crypto::Transaction transaction(&handler.database); - int retCode = checkSaveConditions(rootCred, handler, name, OWNER_ID_SYSTEM); - if(retCode != CKM_API_SUCCESS) - return retCode; + // check if save is possible + DB::Crypto::Transaction transaction(&handler.database); + int retCode = checkSaveConditions(rootCred, handler, name, OWNER_ID_SYSTEM); + if(retCode != CKM_API_SUCCESS) + return retCode; - Crypto::GStore& store = - m_decider.getStore(data.type, policy.extractable, !enc.encryptedKey.empty()); + Crypto::GStore& store = + m_decider.getStore(data.type, policy.extractable, !enc.encryptedKey.empty()); - Token token; - if (enc.encryptedKey.empty()) - token = store.import(data, m_accessControl.isCCMode() ? "" : policy.password); - else - token = store.importEncrypted(data, m_accessControl.isCCMode() ? "" : policy.password, enc); + Token token; - DB::Row row(std::move(token), name, OWNER_ID_SYSTEM, static_cast(policy.extractable)); - handler.crypto.encryptRow(row); + if (enc.encryptedKey.empty()) { + Crypto::Data binaryData; + if (CKM_API_SUCCESS != (retCode = toBinaryData(data, binaryData))) + return retCode; + token = store.import(binaryData, m_accessControl.isCCMode() ? "" : policy.password); + } else { + token = store.importEncrypted(data, m_accessControl.isCCMode() ? "" : policy.password, enc); + } - handler.database.saveRow(row); - transaction.commit(); + DB::Row row(std::move(token), name, OWNER_ID_SYSTEM, static_cast(policy.extractable)); + handler.crypto.encryptRow(row); + + handler.database.saveRow(row); + transaction.commit(); + } catch (const Exc::Exception &e) { + return e.error(); + } catch (const CKM::Exception &e) { + LogError("CKM::Exception: " << e.GetMessage()); + return CKM_API_ERROR_SERVER_ERROR; + } catch (const std::exception &e) { + LogError("Std::exception: " << e.what()); + return CKM_API_ERROR_SERVER_ERROR; + } return CKM_API_SUCCESS; } -- 2.7.4 From 73c46e55107800b651c5dd30cca8e27c3a1c893e Mon Sep 17 00:00:00 2001 From: Bartlomiej Grzelewski Date: Mon, 30 Nov 2015 16:42:53 +0100 Subject: [PATCH 09/16] Remove digest implementation. Change-Id: Ib4c38cae9370e3f39ffb59e9d7602238d178c849 --- src/CMakeLists.txt | 1 - src/manager/service/crypto-logic.cpp | 10 --- src/manager/service/crypto-logic.h | 1 - src/manager/service/digest.cpp | 121 ----------------------------------- src/manager/service/digest.h | 61 ------------------ tools/ckm_db_tool/CMakeLists.txt | 1 - 6 files changed, 195 deletions(-) delete mode 100644 src/manager/service/digest.cpp delete mode 100644 src/manager/service/digest.h diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index ceb976e..99ace29 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -38,7 +38,6 @@ SET(KEY_MANAGER_SOURCES ${KEY_MANAGER_PATH}/main/socket-2-id.cpp ${KEY_MANAGER_PATH}/service/certificate-store.cpp ${KEY_MANAGER_PATH}/service/certificate-config.cpp - ${KEY_MANAGER_PATH}/service/digest.cpp ${KEY_MANAGER_PATH}/service/file-lock.cpp ${KEY_MANAGER_PATH}/service/access-control.cpp ${KEY_MANAGER_PATH}/service/ckm-service.cpp diff --git a/src/manager/service/crypto-logic.cpp b/src/manager/service/crypto-logic.cpp index 6fe6e4e..b5b5959 100644 --- a/src/manager/service/crypto-logic.cpp +++ b/src/manager/service/crypto-logic.cpp @@ -36,7 +36,6 @@ #include #include -#include #include #include @@ -298,14 +297,5 @@ void CryptoLogic::decBase64(RawBuffer &data) data = std::move(decdata); } -bool CryptoLogic::equalDigests(RawBuffer &dig1, RawBuffer &dig2) -{ - unsigned int dlen = Digest().length(); - - if ((dig1.size() != dlen) || (dig2.size() != dlen)) - return false; - return (dig1 == dig2); -} - } // namespace CKM diff --git a/src/manager/service/crypto-logic.h b/src/manager/service/crypto-logic.h index 61c582e..aa4a0e8 100644 --- a/src/manager/service/crypto-logic.h +++ b/src/manager/service/crypto-logic.h @@ -79,7 +79,6 @@ private: void decBase64(RawBuffer &data); void encBase64(RawBuffer &data); - bool equalDigests(RawBuffer &dig1, RawBuffer &dig2); }; } // namespace CKM diff --git a/src/manager/service/digest.cpp b/src/manager/service/digest.cpp deleted file mode 100644 index 0bec6fc..0000000 --- a/src/manager/service/digest.cpp +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include - -#include - -#include - -namespace CKM { - -Digest::Digest() : - m_digest(EVP_MAX_MD_SIZE) -{ - m_ctx = nullptr; - m_md = EVP_sha1(); - m_initialized = false; - m_finalized = false; -} - -Digest::~Digest() -{ - EVP_MD_CTX_destroy(m_ctx); -} - -void Digest::reset() -{ - int ret = -1; - - if (m_initialized) { - EVP_MD_CTX_destroy(m_ctx); - m_ctx = nullptr; - } - - m_initialized = false; - m_finalized = false; - m_ctx = EVP_MD_CTX_create(); - if (m_ctx == nullptr) { - } - - ret = EVP_DigestInit_ex(m_ctx, m_md, NULL); - if (ret != 1) { - ThrowMsg(Exception::InternalError, - "Failed to create digest context."); - } - m_digest.clear(); - m_digest.resize(EVP_MAX_MD_SIZE); - m_initialized = true; -} - -void Digest::append(const RawBuffer &data, std::size_t len) -{ - int ret = -1; - - if (data.size() == 0) { - ThrowMsg(Exception::InternalError, "Empty data."); - } - if (0 == len) - len = data.size(); - if (m_finalized) { - ThrowMsg(Exception::InternalError, "Already finalized."); - } - if (not m_initialized) - reset(); - ret = EVP_DigestUpdate(m_ctx, data.data(), len); - if (ret != 1) { - ThrowMsg(Exception::InternalError, - "Failed to calculate digest in openssl."); - } -} - -RawBuffer Digest::finalize() -{ - int ret = -1; - unsigned int dlen; - - if (m_finalized) { - ThrowMsg(Exception::InternalError, "Already finalized."); - } - m_finalized = true; - ret = EVP_DigestFinal_ex(m_ctx, m_digest.data(), &dlen); - if (ret != 1) { - ThrowMsg(Exception::InternalError, - "Failed in digest final in openssl."); - } - if (dlen != length()) { - ThrowMsg(Exception::InternalError, "Invalid digest length."); - } - if (dlen != EVP_MAX_MD_SIZE) - m_digest.resize(dlen); - return m_digest; -} - -RawBuffer Digest::get() -{ - if (m_finalized) - return m_digest; - else - return RawBuffer(); -} - -unsigned int Digest::length() -{ - return m_md->md_size; -} - -} // namespace CKM - diff --git a/src/manager/service/digest.h b/src/manager/service/digest.h deleted file mode 100644 index 519521f..0000000 --- a/src/manager/service/digest.h +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#pragma once - -#include -#include - -#include -/* - * Taken from openssl/ossl_typ.h - */ -struct env_md_ctx_st; -typedef env_md_ctx_st EVP_MD_CTX; -struct env_md_st; -typedef env_md_st EVP_MD; - -namespace CKM { - -class Digest -{ - public: - NONCOPYABLE(Digest) - - class Exception - { - public: - DECLARE_EXCEPTION_TYPE(CKM::Exception, Base) - DECLARE_EXCEPTION_TYPE(Base, InternalError) - }; - Digest(); - ~Digest(); - void append(const RawBuffer &data, std::size_t len = 0); - RawBuffer finalize(void); - RawBuffer get(void); - void reset(void); - unsigned int length(void); - - private: - EVP_MD_CTX *m_ctx; - const EVP_MD *m_md; - RawBuffer m_digest; - bool m_initialized; - bool m_finalized; -}; - -} // namespace CKM - diff --git a/tools/ckm_db_tool/CMakeLists.txt b/tools/ckm_db_tool/CMakeLists.txt index 9513b80..309703a 100644 --- a/tools/ckm_db_tool/CMakeLists.txt +++ b/tools/ckm_db_tool/CMakeLists.txt @@ -43,7 +43,6 @@ SET(CKM_DB_TOOL_SOURCES ${KEY_MANAGER_PATH}/main/socket-2-id.cpp ${KEY_MANAGER_PATH}/service/certificate-store.cpp ${KEY_MANAGER_PATH}/service/certificate-config.cpp - ${KEY_MANAGER_PATH}/service/digest.cpp ${KEY_MANAGER_PATH}/service/file-lock.cpp ${KEY_MANAGER_PATH}/service/access-control.cpp ${KEY_MANAGER_PATH}/service/ckm-logic.cpp -- 2.7.4 From 017be6e93ec97e6debc95db9f34258f0abbe52e7 Mon Sep 17 00:00:00 2001 From: Dongsun Lee Date: Fri, 4 Dec 2015 16:05:34 +0900 Subject: [PATCH 10/16] change log level to warning in case for the failure of FIPS_mode_set Change-Id: Ia2f99bf55b118d0967c0eeb2af86f39a7b567596 Signed-off-by: Dongsun Lee --- src/manager/common/crypto-init.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/manager/common/crypto-init.cpp b/src/manager/common/crypto-init.cpp index 9b1a7b7..18d6d8c 100644 --- a/src/manager/common/crypto-init.cpp +++ b/src/manager/common/crypto-init.cpp @@ -105,7 +105,7 @@ void initOpenSsl() { // enable FIPS mode by default if(0 == FIPS_mode_set(1)) { - LogError("Failed to set FIPS mode"); + LogWarning("Failed to set FIPS mode. Key-manager will be operated in non FIPS mode."); } /* -- 2.7.4 From a3a8530f487fb3bbd641f5ac8a505778c0db56ad Mon Sep 17 00:00:00 2001 From: Bartlomiej Grzelewski Date: Tue, 24 Nov 2015 15:50:44 +0100 Subject: [PATCH 11/16] Revert "Add PASSWORD_PROTECTION_DISABLE feature" This reverts commit c960d5d61979802933b7cc44b66a118b5861edf7. Change-Id: Ia3225c3a460f48dde93a272e931f6a53d461f48c --- CMakeLists.txt | 5 ----- packaging/key-manager.spec | 5 ----- src/manager/service/key-provider.cpp | 20 +++++--------------- src/manager/service/key-provider.h | 1 - 4 files changed, 5 insertions(+), 26 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index bc0aab1..73720b1 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -62,11 +62,6 @@ IF (DEFINED SYSTEMD_ENV_FILE) ADD_DEFINITIONS(-DSYSTEMD_ENV_FILE="${SYSTEMD_ENV_FILE}") ENDIF (DEFINED SYSTEMD_ENV_FILE) -IF (DEFINED PASSWORD_PROTECTION_DISABLE) - MESSAGE("PASSWORD_PROTECTION_DISABLE ENABLED !") - ADD_DEFINITIONS("-DPASSWORD_PROTECTION_DISABLE") -ENDIF (DEFINED PASSWORD_PROTECTION_DISABLE) - SET(TARGET_KEY_MANAGER "key-manager") SET(TARGET_KEY_MANAGER_CLIENT "key-manager-client") SET(TARGET_KEY_MANAGER_CONTROL_CLIENT "key-manager-control-client") diff --git a/packaging/key-manager.spec b/packaging/key-manager.spec index 405eaa7..eb2503a 100644 --- a/packaging/key-manager.spec +++ b/packaging/key-manager.spec @@ -113,8 +113,6 @@ cp -a %{SOURCE1005} . export FFLAGS="$FFLAGS -DTIZEN_DEBUG_ENABLE" %endif -# password protection enabled -%define ckm_password_protection_disable 1 export LDFLAGS+="-Wl,--rpath=%{_libdir},-Bsymbolic-functions " @@ -123,9 +121,6 @@ export LDFLAGS+="-Wl,--rpath=%{_libdir},-Bsymbolic-functions " -DCMAKE_VERBOSE_MAKEFILE=ON \ -DSYSTEMD_UNIT_DIR=%{_unitdir} \ -DSYSTEMD_ENV_FILE="/etc/sysconfig/central-key-manager" \ -%if 0%{?ckm_password_protection_disable} - -DPASSWORD_PROTECTION_DISABLE=1 \ -%endif -DMOCKUP_SM=%{?mockup_sm:%mockup_sm}%{!?mockup_sm:OFF} make %{?jobs:-j%jobs} diff --git a/src/manager/service/key-provider.cpp b/src/manager/service/key-provider.cpp index ce6e72b..23ca201 100644 --- a/src/manager/service/key-provider.cpp +++ b/src/manager/service/key-provider.cpp @@ -140,7 +140,7 @@ KeyProvider::KeyProvider( concat_user_pass = concat_password_user( wkmcDKEK.getWrappedKeyAndInfo().keyInfo.label, - getConvertedStr(password)); + password.c_str()); if (!PKCS5_PBKDF2_HMAC_SHA1( concat_user_pass, @@ -223,7 +223,7 @@ RawBuffer KeyProvider::getWrappedDomainKEK(const Password &password) concat_user_pass = concat_password_user( m_kmcDKEK->getKeyAndInfo().keyInfo.label, - getConvertedStr(password)); + password.c_str()); if (!PKCS5_PBKDF2_HMAC_SHA1( concat_user_pass, @@ -393,7 +393,7 @@ RawBuffer KeyProvider::reencrypt( concat_user_pass = concat_password_user( wkmcOldDKEK.getWrappedKeyAndInfo().keyInfo.label, - getConvertedStr(oldPass)); + oldPass.c_str()); if (!PKCS5_PBKDF2_HMAC_SHA1( concat_user_pass, @@ -425,7 +425,7 @@ RawBuffer KeyProvider::reencrypt( concat_user_pass = concat_password_user( kmcDKEK.getKeyAndInfo().keyInfo.label, - getConvertedStr(newPass)); + newPass.c_str()); if (!PKCS5_PBKDF2_HMAC_SHA1( concat_user_pass, @@ -477,7 +477,7 @@ RawBuffer KeyProvider::generateDomainKEK( int wrappedKeyLength; char *concat_user_pass = NULL; - concat_user_pass = concat_password_user(user.c_str(), getConvertedStr(userPassword)); + concat_user_pass = concat_password_user(user.c_str(), userPassword.c_str()); if (!PKCS5_PBKDF2_HMAC_SHA1( concat_user_pass, strlen(concat_user_pass), @@ -645,13 +645,3 @@ char * KeyProvider::concat_password_user(const char *user, const char *password) delete[] resized_user; return concat_user_pass; } - -const char* KeyProvider::getConvertedStr(const Password &password) -{ -#ifdef PASSWORD_PROTECTION_DISABLE - (void ) password; - return ""; -#else - return password.c_str(); -#endif -} diff --git a/src/manager/service/key-provider.h b/src/manager/service/key-provider.h index dd22c32..918a622 100644 --- a/src/manager/service/key-provider.h +++ b/src/manager/service/key-provider.h @@ -169,7 +169,6 @@ private: const char *user, const char *password); - static const char* getConvertedStr(const Password &password); }; } // namespace CKM -- 2.7.4 From f7e9bce97c4c70b0dc54914c60731e2a21c40cd2 Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Mon, 7 Dec 2015 15:27:03 +0100 Subject: [PATCH 12/16] Fix file copying in scheme test [Problem] Wrong creation flag was used. Wrong owner used. Files not closed. [Solution] Change files owner and fix the flag. Close descriptors. [Verification] Run ckm-tests-internal -t ENCRYPTION_SCHEME_TEST Change-Id: I9289f231fc27ff863552c65a1f76627189ed5bdb --- tests/encryption-scheme/scheme-test.cpp | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/tests/encryption-scheme/scheme-test.cpp b/tests/encryption-scheme/scheme-test.cpp index 102bb69..35b78c9 100644 --- a/tests/encryption-scheme/scheme-test.cpp +++ b/tests/encryption-scheme/scheme-test.cpp @@ -56,6 +56,8 @@ RawBuffer TEST_DATA(TEST_DATA_STR.begin(), TEST_DATA_STR.end()); const Password TEST_PASS = "custom user password"; const size_t IV_LEN = 16; const size_t CHAIN_LEN = 3; +const uid_t CKM_UID = 0; +const gid_t CKM_GID = 0; enum { NO_PASS = 0, @@ -255,27 +257,40 @@ void restoreFile(const string& filename) { string sourcePath = "/usr/share/ckm-db-test/" + filename; string targetPath = "/opt/data/ckm/" + filename; - int ret; + int err, ret; int sourceFd = TEMP_FAILURE_RETRY(open(sourcePath.c_str(), O_RDONLY)); - BOOST_REQUIRE_MESSAGE(sourceFd > 0, "Opening " << sourcePath << " failed."); + err = errno; + BOOST_REQUIRE_MESSAGE(sourceFd > 0, "Opening " << sourcePath << " failed: " << strerror(err)); FdPtr sourceFdPtr(&sourceFd); - int targetFd = TEMP_FAILURE_RETRY(creat(targetPath.c_str(), 666)); - BOOST_REQUIRE_MESSAGE(targetFd > 0, "Creating " << targetPath << " failed."); + int targetFd = TEMP_FAILURE_RETRY(creat(targetPath.c_str(), 0644)); + err = errno; + BOOST_REQUIRE_MESSAGE(targetFd > 0, "Creating " << targetPath << " failed: " << strerror(err)); + + ret = fchown(targetFd, CKM_UID, CKM_GID); + err = errno; + BOOST_REQUIRE_MESSAGE(ret != -1, "fchown() failed: " << strerror(err)); FdPtr targetFdPtr(&targetFd); struct stat sourceStat; ret = fstat(sourceFd, &sourceStat); - BOOST_REQUIRE_MESSAGE(ret != -1, "fstat() failed: " << ret); + err = errno; + BOOST_REQUIRE_MESSAGE(ret != -1, "fstat() failed: " << strerror(err)); ret = sendfile(targetFd, sourceFd, 0, sourceStat.st_size); - BOOST_REQUIRE_MESSAGE(ret != -1, "sendfile failed: " << ret); + err = errno; + BOOST_REQUIRE_MESSAGE(ret != -1, "sendfile() failed: " << strerror(err)); ret = fsync(targetFd); - BOOST_REQUIRE_MESSAGE(ret != -1, "fsync failed: " << ret); + err = errno; + BOOST_REQUIRE_MESSAGE(ret != -1, "fsync() failed: " << strerror(err)); + + // TODO scoped close + close(targetFd); + close(sourceFd); } void generateRandom(size_t random_bytes, unsigned char *output) -- 2.7.4 From 81649404c83e4f77c72c9cd82fb10a90874e04c7 Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Thu, 10 Dec 2015 12:33:34 +0100 Subject: [PATCH 13/16] Remove duplicated entries in spec [Problem] Duplicated entries in spec. [Solution] Removed. [Verification] Successfull compilation. Run tests. Change-Id: I2c356b854bee089dc3675b84d7ea32930192dbd1 --- packaging/key-manager.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/packaging/key-manager.spec b/packaging/key-manager.spec index eb2503a..5172a8e 100644 --- a/packaging/key-manager.spec +++ b/packaging/key-manager.spec @@ -155,8 +155,6 @@ cp tests/XML_4_device_key.xsd %{buildroot}/usr/share/ckm-db-test/ cp tests/encryption-scheme/db/db-7654 %{buildroot}/usr/share/ckm-db-test/db-7654 cp tests/encryption-scheme/db/db-key-7654 %{buildroot}/usr/share/ckm-db-test/db-key-7654 cp tests/encryption-scheme/db/key-7654 %{buildroot}/usr/share/ckm-db-test/key-7654 -mkdir -p %{buildroot}/etc/gumd/userdel.d/ -cp data/gumd/10_key-manager.post %{buildroot}/etc/gumd/userdel.d/ %make_install %install_service multi-user.target.wants central-key-manager.service -- 2.7.4 From 37c8ad2ece096d99ee2699db4ace43192ef4d721 Mon Sep 17 00:00:00 2001 From: Bartlomiej Grzelewski Date: Wed, 25 Nov 2015 16:52:45 +0100 Subject: [PATCH 14/16] Change exception type in db-crypto.cpp Change-Id: I537d47a4d6cb4d632a46f0527be17108e1353b4a --- src/manager/common/exception.h | 10 +++++ src/manager/service/ckm-logic.cpp | 73 +++++++----------------------------- src/manager/service/db-crypto.cpp | 79 ++++++++++++++++----------------------- src/manager/service/db-crypto.h | 30 ++++----------- 4 files changed, 63 insertions(+), 129 deletions(-) diff --git a/src/manager/common/exception.h b/src/manager/common/exception.h index de4123a..2c9ffe9 100644 --- a/src/manager/common/exception.h +++ b/src/manager/common/exception.h @@ -118,6 +118,16 @@ typedef DefineException FileSystemFailed; typedef DefineException AuthenticationFailed; +typedef DefineException DatabaseFailed; + + +struct TransactionFailed : public DatabaseFailed { + template + TransactionFailed(const char *path, const char *function, int line, const Args&... args) + : DatabaseFailed(path, function, line, args...) + {} +}; } // namespace Exc } // namespace CKM diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp index 2f2ee4b..8c967f3 100644 --- a/src/manager/service/ckm-logic.cpp +++ b/src/manager/service/ckm-logic.cpp @@ -306,12 +306,6 @@ RawBuffer CKMLogic::removeApplicationData(const Label &smackLabel) { } } - } catch (const DB::Crypto::Exception::InternalError &e) { - LogError("DB::Crypto couldn't remove data: " << e.GetMessage()); - retCode = CKM_API_ERROR_DB_ERROR; - } catch (const DB::Crypto::Exception::TransactionError &e) { - LogError("DB::Crypto transaction failed with message " << e.GetMessage()); - retCode = CKM_API_ERROR_DB_ERROR; } catch (const Exc::Exception &e) { retCode = e.error(); } catch (const CKM::Exception &e) { @@ -439,12 +433,6 @@ int CKMLogic::verifyAndSaveDataHelper( { retCode = saveDataHelper(cred, name, label, binaryData, policy); } - } catch (const DB::Crypto::Exception::InternalError &e) { - LogError("DB::Crypto failed with message: " << e.GetMessage()); - retCode = CKM_API_ERROR_DB_ERROR; - } catch (const DB::Crypto::Exception::TransactionError &e) { - LogError("DB::Crypto transaction failed with message " << e.GetMessage()); - retCode = CKM_API_ERROR_DB_ERROR; } catch (const Exc::Exception &e) { retCode = e.error(); } catch (const CKM::Exception &e) { @@ -469,9 +457,6 @@ int CKMLogic::getKeyForService( if (retCode == CKM_API_SUCCESS) key = std::move(obj); return retCode; - } catch (const DB::Crypto::Exception::Base &e) { - LogError("DB::Crypto failed with message: " << e.GetMessage()); - return CKM_API_ERROR_DB_ERROR; } catch (const Exc::Exception &e) { return e.error(); } catch (const CKM::Exception &e) { @@ -553,12 +538,6 @@ RawBuffer CKMLogic::savePKCS12( retCode = saveDataHelper(cred, name, label, pkcs, keyPolicy, certPolicy); } catch (const Exc::Exception &e) { retCode = e.error(); - } catch (const DB::Crypto::Exception::InternalError &e) { - LogError("DB::Crypto failed with message: " << e.GetMessage()); - retCode = CKM_API_ERROR_DB_ERROR; - } catch (const DB::Crypto::Exception::TransactionError &e) { - LogError("DB::Crypto transaction failed with message " << e.GetMessage()); - retCode = CKM_API_ERROR_DB_ERROR; } catch (const CKM::Exception &e) { LogError("CKM::Exception: " << e.GetMessage()); retCode = CKM_API_ERROR_SERVER_ERROR; @@ -644,9 +623,9 @@ RawBuffer CKMLogic::removeData( { retCode = e.error(); } - catch (const CKM::Exception &) + catch (const CKM::Exception &e) { - LogError("Error in deleting row!"); + LogError("Error: " << e.GetMessage()); retCode = CKM_API_ERROR_DB_ERROR; } @@ -904,9 +883,6 @@ RawBuffer CKMLogic::getData( retCode = readDataHelper(true, cred, dataType, name, label, password, obj, objDataType); if(retCode == CKM_API_SUCCESS) row.data = std::move(obj->getBinary()); - } catch (const DB::Crypto::Exception::Base &e) { - LogError("DB::Crypto failed with message: " << e.GetMessage()); - retCode = CKM_API_ERROR_DB_ERROR; } catch (const Exc::Exception &e) { retCode = e.error(); } catch (const CKM::Exception &e) { @@ -989,9 +965,6 @@ RawBuffer CKMLogic::getPKCS12( // prepare response if(retCode == CKM_API_SUCCESS) output = PKCS12Serializable(privKey, cert, caChain); - } catch (const DB::Crypto::Exception::Base &e) { - LogError("DB::Crypto failed with message: " << e.GetMessage()); - retCode = CKM_API_ERROR_DB_ERROR; } catch (const Exc::Exception &e) { retCode = e.error(); } catch (const CKM::Exception &e) { @@ -1015,7 +988,7 @@ int CKMLogic::getDataListHelper(const Credentials &cred, { auto &database = m_userDataMap[cred.clientUid].database; - Try { + try { LabelNameVector tmpVector; if (dataType.isKey()) { // list all key types @@ -1031,10 +1004,11 @@ int CKMLogic::getDataListHelper(const Credentials &cred, } labelNameVector.insert(labelNameVector.end(), tmpVector.begin(), tmpVector.end()); retCode = CKM_API_SUCCESS; - } - Catch (CKM::Exception) { - LogError("Failed to get names"); + } catch (const CKM::Exception &e) { + LogError("Error: " << e.GetMessage()); retCode = CKM_API_ERROR_DB_ERROR; + } catch (const Exc::Exception &e) { + retCode = e.error(); } } return retCode; @@ -1327,12 +1301,6 @@ RawBuffer CKMLogic::createKeyPair( policyPublic); } catch(const Exc::Exception &e) { retCode = e.error(); - } catch (DB::Crypto::Exception::TransactionError &e) { - LogDebug("DB::Crypto error: transaction error: " << e.GetMessage()); - retCode = CKM_API_ERROR_DB_ERROR; - } catch (DB::Crypto::Exception::InternalError &e) { - LogDebug("DB::Crypto internal error: " << e.GetMessage()); - retCode = CKM_API_ERROR_DB_ERROR; } catch (const CKM::Exception &e) { LogError("CKM::Exception: " << e.GetMessage()); retCode = CKM_API_ERROR_SERVER_ERROR; @@ -1359,12 +1327,6 @@ RawBuffer CKMLogic::createKeyAES( } catch (std::invalid_argument &e) { LogDebug("invalid argument error: " << e.what()); retCode = CKM_API_ERROR_INPUT_PARAM; - } catch (DB::Crypto::Exception::TransactionError &e) { - LogDebug("DB::Crypto error: transaction error: " << e.GetMessage()); - retCode = CKM_API_ERROR_DB_ERROR; - } catch (DB::Crypto::Exception::InternalError &e) { - LogDebug("DB::Crypto internal error: " << e.GetMessage()); - retCode = CKM_API_ERROR_DB_ERROR; } catch (const CKM::Exception &e) { LogError("CKM::Exception: " << e.GetMessage()); retCode = CKM_API_ERROR_SERVER_ERROR; @@ -1513,9 +1475,6 @@ RawBuffer CKMLogic::getCertificateChain( chainRawVector); } catch (const Exc::Exception &e) { retCode = e.error(); - } catch (const DB::Crypto::Exception::Base &e) { - LogError("DB::Crypto failed with message: " << e.GetMessage()); - retCode = CKM_API_ERROR_DB_ERROR; } catch (const std::exception& e) { LogError("STD exception " << e.what()); retCode = CKM_API_ERROR_SERVER_ERROR; @@ -1548,9 +1507,6 @@ RawBuffer CKMLogic::getCertificateChain( trustedCertificates, useTrustedSystemCertificates, chainRawVector); - } catch (const DB::Crypto::Exception::Base &e) { - LogError("DB::Crypto failed with message: " << e.GetMessage()); - retCode = CKM_API_ERROR_DB_ERROR; } catch (const Exc::Exception &e) { retCode = e.error(); } catch (const std::exception& e) { @@ -1587,14 +1543,14 @@ RawBuffer CKMLogic::createSignature( if(retCode == CKM_API_SUCCESS) { signature = obj->sign(cryptoAlg, message); } - } catch (const DB::Crypto::Exception::Base &e) { - LogError("DB::Crypto failed with message: " << e.GetMessage()); - retCode = CKM_API_ERROR_DB_ERROR; } catch (const Exc::Exception &e) { retCode = e.error(); } catch (const CKM::Exception &e) { LogError("Unknown CKM::Exception: " << e.GetMessage()); retCode = CKM_API_ERROR_SERVER_ERROR; + } catch (const std::exception &e) { + LogError("STD exception " << e.what()); + retCode = CKM_API_ERROR_SERVER_ERROR; } auto response = MessageBuffer::Serialize(static_cast(LogicCommand::CREATE_SIGNATURE), @@ -1633,9 +1589,6 @@ RawBuffer CKMLogic::verifySignature( } } catch (const Exc::Exception &e) { retCode = e.error(); - } catch (const DB::Crypto::Exception::Base &e) { - LogError("DB::Crypto failed with message: " << e.GetMessage()); - retCode = CKM_API_ERROR_DB_ERROR; } catch (const CKM::Exception &e) { LogError("Unknown CKM::Exception: " << e.GetMessage()); retCode = CKM_API_ERROR_SERVER_ERROR; @@ -1710,12 +1663,12 @@ RawBuffer CKMLogic::setPermission( const PermissionMask permissionMask) { int retCode; - Try { + try { retCode = setPermissionHelper(cred, name, label, accessorLabel, permissionMask); } catch (const Exc::Exception &e) { retCode = e.error(); - } Catch (CKM::Exception) { - LogError("Error in set row!"); + } catch (const CKM::Exception &e) { + LogError("Error: " << e.GetMessage()); retCode = CKM_API_ERROR_DB_ERROR; } diff --git a/src/manager/service/db-crypto.cpp b/src/manager/service/db-crypto.cpp index 99c0155..572b2a0 100644 --- a/src/manager/service/db-crypto.cpp +++ b/src/manager/service/db-crypto.cpp @@ -25,6 +25,7 @@ #include #include #include +#include #pragma GCC diagnostic push #pragma GCC diagnostic warning "-Wdeprecated-declarations" @@ -157,17 +158,13 @@ namespace DB { initDatabase(); m_connection->ExecCommand("VACUUM;"); } Catch(SqlConnection::Exception::ConnectionBroken) { - LogError("Couldn't connect to database: " << path); - ReThrow(Crypto::Exception::InternalError); + ThrowErr(Exc::DatabaseFailed, "Couldn't connect to database: ", path, _rethrown_exception.GetMessage()); } Catch(SqlConnection::Exception::InvalidArguments) { - LogError("Couldn't set the key for database"); - ReThrow(Crypto::Exception::InternalError); + ThrowErr(Exc::DatabaseFailed, "Couldn't set the key for database. ", _rethrown_exception.GetMessage()); } Catch(SqlConnection::Exception::SyntaxError) { - LogError("Couldn't initiate the database"); - ReThrow(Crypto::Exception::InternalError); + ThrowErr(Exc::DatabaseFailed, "Couldn't initiate the database. ", _rethrown_exception.GetMessage()); } Catch(SqlConnection::Exception::InternalError) { - LogError("Couldn't create the database"); - ReThrow(Crypto::Exception::InternalError); + ThrowErr(Exc::DatabaseFailed, "Couldn't create the database. ", _rethrown_exception.GetMessage()); } } @@ -314,9 +311,7 @@ namespace DB { ScriptOptional script = getScript(SCRIPT_CREATE_SCHEMA); if(!script) { - std::string errmsg = "Can not create the database schema: no initialization script"; - LogError(errmsg); - ThrowMsg(Exception::InternalError, errmsg); + ThrowErr(Exc::DatabaseFailed, "Can not create the database schema: no initialization script"); } m_connection->ExecCommand((*script).c_str()); @@ -330,9 +325,7 @@ namespace DB { ScriptOptional script = getScript(SCRIPT_DROP_ALL_ITEMS); if(!script) { - std::string errmsg = "Can not clear the database: no clearing script"; - LogError(errmsg); - ThrowMsg(Exception::InternalError, errmsg); + ThrowErr(Exc::DatabaseFailed, "Can not clear the database: no clearing script"); } m_connection->ExecCommand((*script).c_str()); @@ -349,8 +342,7 @@ namespace DB { } Catch(SqlConnection::Exception::InternalError) { LogError("Couldn't execute insert statement"); } - ThrowMsg(Crypto::Exception::InternalError, - "Couldn't check if name and label pair is present"); + ThrowErr(Exc::DatabaseFailed, "Couldn't check if name and label pair is present"); } void Crypto::saveRows(const Name &name, const Label &owner, const RowVector &rows) @@ -373,8 +365,7 @@ namespace DB { } Catch(SqlConnection::Exception::InternalError) { LogError("Couldn't execute insert statement: " << _rethrown_exception.GetMessage()); } - ThrowMsg(Crypto::Exception::InternalError, - "Couldn't save Row"); + ThrowErr(Exc::DatabaseFailed, "Couldn't save Row"); } void Crypto::saveRow(const Row &row) { @@ -395,8 +386,7 @@ namespace DB { } Catch(SqlConnection::Exception::InternalError) { LogError("Couldn't execute insert statement"); } - ThrowMsg(Crypto::Exception::InternalError, - "Couldn't save Row"); + ThrowErr(Exc::DatabaseFailed, "Couldn't save Row"); } void Crypto::updateRow(const Row &row) { @@ -410,8 +400,7 @@ namespace DB { } Catch(SqlConnection::Exception::InternalError) { LogError("Couldn't execute update statement"); } - ThrowMsg(Crypto::Exception::InternalError, - "Couldn't update Row"); + ThrowErr(Exc::DatabaseFailed, "Couldn't update Row"); } bool Crypto::deleteRow( @@ -432,8 +421,8 @@ namespace DB { } Catch (SqlConnection::Exception::InternalError) { LogError("Couldn't execute delete statement"); } - ThrowMsg(Crypto::Exception::InternalError, - "Couldn't delete Row for name " << name << " using ownerLabel " << ownerLabel); + ThrowErr(Exc::DatabaseFailed, + "Couldn't delete Row for name ", name, " using ownerLabel ", ownerLabel); } Row Crypto::getRow( @@ -512,11 +501,11 @@ namespace DB { } Catch (SqlConnection::Exception::InternalError) { LogError("Couldn't execute select statement"); } - ThrowMsg(Crypto::Exception::InternalError, - "Couldn't get row of type <" << - static_cast(typeRangeStart) << "," << - static_cast(typeRangeStop) << ">" << - " name " << name << " with owner label " << ownerLabel); + ThrowErr(Exc::DatabaseFailed, + "Couldn't get row of type <", + static_cast(typeRangeStart), ",", + static_cast(typeRangeStop), ">", + " name ", name, " with owner label ", ownerLabel); } void Crypto::getRows( @@ -558,11 +547,11 @@ namespace DB { } Catch (SqlConnection::Exception::InternalError) { LogError("Couldn't execute select statement"); } - ThrowMsg(Crypto::Exception::InternalError, - "Couldn't get row of type <" << - static_cast(typeRangeStart) << "," << - static_cast(typeRangeStop) << ">" << - " name " << name << " with owner label " << ownerLabel); + ThrowErr(Exc::DatabaseFailed, + "Couldn't get row of type <", + static_cast(typeRangeStart), ",", + static_cast(typeRangeStop), ">", + " name ", name, " with owner label ", ownerLabel); } void Crypto::listNames( @@ -601,11 +590,11 @@ namespace DB { } Catch (SqlConnection::Exception::InternalError) { LogError("Couldn't execute select statement"); } - ThrowMsg(Crypto::Exception::InternalError, - "Couldn't list names of type <" << - static_cast(typeRangeStart) << "," << - static_cast(typeRangeStop) << ">" << - " accessible to client label " << smackLabel); + ThrowErr(Exc::DatabaseFailed, + "Couldn't list names of type <", + static_cast(typeRangeStart), ",", + static_cast(typeRangeStop), ">", + " accessible to client label ", smackLabel); } @@ -626,8 +615,7 @@ namespace DB { } Catch (SqlConnection::Exception::InternalError) { LogError("Couldn't execute insert statement"); } - ThrowMsg(Crypto::Exception::InternalError, - "Couldn't save key for label " << label); + ThrowErr(Exc::DatabaseFailed, "Couldn't save key for label ", label); } Crypto::RawBufferOptional Crypto::getKey(const Label& label) @@ -651,8 +639,7 @@ namespace DB { } Catch (SqlConnection::Exception::InternalError) { LogError("Couldn't execute insert statement"); } - ThrowMsg(Crypto::Exception::InternalError, - "Couldn't get key for label " << label); + ThrowErr(Exc::DatabaseFailed, "Couldn't get key for label ", label); } void Crypto::deleteKey(const Label& label) { @@ -674,8 +661,7 @@ namespace DB { } Catch (SqlConnection::Exception::InternalError) { LogError("Couldn't execute insert statement"); } - ThrowMsg(Crypto::Exception::InternalError, - "Couldn't delete key for label " << label); + ThrowErr(Exc::DatabaseFailed, "Couldn't delete key for label ", label); } void Crypto::setPermission( @@ -693,8 +679,7 @@ namespace DB { } Catch (SqlConnection::Exception::InternalError) { LogError("Couldn't execute set statement"); } - ThrowMsg(Crypto::Exception::InternalError, - "Couldn't set permissions for name " << name ); + ThrowErr(Exc::DatabaseFailed, "Couldn't set permissions for name ", name); } diff --git a/src/manager/service/db-crypto.h b/src/manager/service/db-crypto.h index dae0031..fff626e 100644 --- a/src/manager/service/db-crypto.h +++ b/src/manager/service/db-crypto.h @@ -29,6 +29,7 @@ #include #include +#include #include #include #include @@ -42,14 +43,6 @@ namespace DB { public: typedef boost::optional RowOptional; typedef boost::optional RawBufferOptional; - class Exception - { - public: - DECLARE_EXCEPTION_TYPE(CKM::Exception, Base) - DECLARE_EXCEPTION_TYPE(Base, InternalError) - DECLARE_EXCEPTION_TYPE(Base, TransactionError) - DECLARE_EXCEPTION_TYPE(Base, InvalidArgs) - }; Crypto() : m_connection(NULL), m_inUserTransaction(false) @@ -153,11 +146,9 @@ namespace DB { m_db->m_inUserTransaction = true; m_inTransaction = true; } Catch (SqlConnection::Exception::InternalError) { - LogError("sqlite got into infinite busy state"); - ReThrow(Crypto::Exception::TransactionError); + ThrowErr(Exc::TransactionFailed, "sqlite got into infinite busy state"); } Catch (SqlConnection::Exception::Base) { - LogError("Couldn't begin transaction"); - ReThrow(Crypto::Exception::TransactionError); + ThrowErr(Exc::TransactionFailed, "Couldn't begin transaction"); } } } @@ -168,11 +159,9 @@ namespace DB { m_db->m_inUserTransaction = false; m_inTransaction = false; } Catch (SqlConnection::Exception::InternalError) { - LogError("sqlite got into infinite busy state"); - ReThrow(Crypto::Exception::TransactionError); + ThrowErr(Exc::TransactionFailed, "sqlite got into infinite busy state"); } Catch (SqlConnection::Exception::Base) { - LogError("Couldn't commit transaction"); - ReThrow(Crypto::Exception::TransactionError); + ThrowErr(Exc::TransactionFailed, "Couldn't commit transaction"); } } } @@ -183,11 +172,9 @@ namespace DB { m_db->m_inUserTransaction = false; m_inTransaction = false; } Catch (SqlConnection::Exception::InternalError) { - LogError("sqlite got into infinite busy state"); - ReThrow(Crypto::Exception::TransactionError); + ThrowErr(Exc::TransactionFailed, "sqlite got into infinite busy state"); } Catch (SqlConnection::Exception::Base) { - LogError("Couldn't rollback transaction"); - ReThrow(Crypto::Exception::TransactionError); + ThrowErr(Exc::TransactionFailed, "Couldn't rollback transaction"); } } } @@ -198,8 +185,7 @@ namespace DB { m_db->m_connection->RollbackTransaction(); } } Catch (SqlConnection::Exception::InternalError) { - LogError("sqlite got into infinite busy state"); - ReThrow(Crypto::Exception::TransactionError); + ThrowErr(Exc::TransactionFailed, "sqlite got into infinite busy state"); } Catch (SqlConnection::Exception::Base) { LogError("Transaction rollback failed!"); } -- 2.7.4 From fa221dbbd5ecc2b439932755c56a9e5ad2d7c23b Mon Sep 17 00:00:00 2001 From: "sangwan.kwon" Date: Thu, 10 Dec 2015 13:49:43 +0900 Subject: [PATCH 15/16] Apply coding rule MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit covered Tizen C++ coding rule list - [R06] : Do not unnecessarily use braces where a single statement will do. - Exception: if one branch of a conditional statement is a single statement, use braces in both branches. - [M08] : Keywords have following space rules - Put a space after (most) keywords - example: if, switch, case, for, do, while - Do not put a space after function like keywords - example: sizeof, typeof, alignof, __attribute__ - [M09] : Operators have following space rules - Put a space around(on each side of) most binary and ternary operators - Example : = + -< > * / % | & ^ <= >= == != ? : - Do not put a space after unary operators - Example: & * + -~ ! - Unary "++" and unary "--" are allowed no space on one side - Do not put a space around the "." and "->" structure member operators. - Do not put a space after cast operator - [M10] : Seperators have following space rules - Put a space after closing brace when it has anything on the line. - Exception : comma after closing brace '},‘ - Put a space after comma - Do not put space inside parenthesis '(', ')‘ - Do not put space before open square bracket '[‘ and inside square bracket '[', ']‘ - [M12] : Functions have the opening brace at the beginning of the next line. - [M13] : The open brace last on the line. The closing brace is empty on a line of its own - Exception : else, whileshould follow close brace '}’ - [M14] : Open braces for enum, union and structgo on the same line Change-Id: I6e59513ba121a25222e6e626792b3e115ebec1d3 Signed-off-by: sangwan.kwon --- src/include/ckm/ckm-certificate.h | 3 +- src/include/ckm/ckm-control.h | 5 +- src/include/ckm/ckm-key.h | 2 +- src/include/ckm/ckm-pkcs12.h | 2 +- src/include/ckm/ckm-raw-buffer.h | 29 +- src/include/ckm/ckm-type.h | 8 +- src/include/ckmc/ckmc-error.h | 46 +- src/include/ckmc/ckmc-type.h | 12 +- src/listener/listener-daemon.cpp | 2 +- src/manager/client-async/async-request.h | 3 +- .../client-async/client-manager-async-impl.cpp | 11 +- .../client-async/client-manager-async-impl.h | 3 +- src/manager/client-async/client-manager-async.cpp | 4 +- src/manager/client-async/connection-thread.cpp | 21 +- src/manager/client-async/descriptor-set.cpp | 34 +- src/manager/client-async/descriptor-set.h | 9 +- src/manager/client-async/service.cpp | 22 +- src/manager/client-async/storage-receiver.cpp | 4 +- src/manager/client-capi/ckmc-control.cpp | 6 +- src/manager/client-capi/ckmc-error.cpp | 5 +- src/manager/client-capi/ckmc-manager.cpp | 209 ++++----- src/manager/client-capi/ckmc-type-converter.cpp | 18 +- src/manager/client-capi/ckmc-type.cpp | 193 ++++---- src/manager/client/client-common.cpp | 71 ++- src/manager/client/client-common.h | 5 +- src/manager/client/client-control.cpp | 47 +- src/manager/client/client-error.cpp | 8 +- src/manager/client/client-manager-impl.cpp | 74 ++- src/manager/client/client-manager-impl.h | 2 +- src/manager/client/client-manager.cpp | 38 +- src/manager/common/algo-param.cpp | 3 +- src/manager/common/base64.cpp | 13 +- src/manager/common/base64.h | 12 +- src/manager/common/certificate-impl.cpp | 82 ++-- src/manager/common/certificate-impl.h | 1 + src/manager/common/connection-info.h | 3 +- src/manager/common/crypto-init.cpp | 36 +- src/manager/common/data-type.cpp | 58 ++- src/manager/common/data-type.h | 2 +- src/manager/common/exception.h | 16 +- src/manager/common/key-aes-impl.cpp | 30 +- src/manager/common/key-impl.cpp | 55 ++- src/manager/common/key-impl.h | 9 +- src/manager/common/log-setup.cpp | 8 +- src/manager/common/message-buffer.cpp | 15 +- src/manager/common/message-buffer.h | 20 +- src/manager/common/openssl_utils.h | 9 +- src/manager/common/pkcs12-impl.cpp | 51 ++- src/manager/common/protocols.cpp | 39 +- src/manager/common/protocols.h | 12 +- src/manager/common/stringify.h | 20 +- .../crypto/generic-backend/algo-validation.h | 44 +- src/manager/crypto/generic-backend/gobj.h | 22 +- src/manager/crypto/generic-backend/gstore.h | 23 +- src/manager/crypto/platform/decider.cpp | 15 +- src/manager/crypto/platform/decider.h | 3 +- src/manager/crypto/sw-backend/crypto.h | 40 +- src/manager/crypto/sw-backend/internals.cpp | 312 ++++++------- src/manager/crypto/sw-backend/internals.h | 42 +- src/manager/crypto/sw-backend/obj.cpp | 29 +- src/manager/crypto/sw-backend/obj.h | 19 +- src/manager/crypto/sw-backend/store.cpp | 47 +- src/manager/crypto/sw-backend/store.h | 2 +- src/manager/crypto/tz-backend/obj.h | 10 +- src/manager/crypto/tz-backend/store.cpp | 19 +- src/manager/dpl/core/include/dpl/binary_queue.h | 27 +- src/manager/dpl/core/include/dpl/exception.h | 38 +- .../dpl/core/include/dpl/fstream_accessors.h | 3 +- src/manager/dpl/core/include/dpl/scoped_ptr.h | 3 +- src/manager/dpl/core/include/dpl/serialization.h | 43 +- src/manager/dpl/core/src/assert.cpp | 9 +- src/manager/dpl/core/src/binary_queue.cpp | 27 +- src/manager/dpl/core/src/errno_string.cpp | 3 +- src/manager/dpl/db/include/dpl/db/sql_connection.h | 22 +- .../dpl/db/src/naive_synchronization_object.cpp | 3 +- src/manager/dpl/db/src/sql_connection.cpp | 120 +++-- .../log/include/dpl/log/abstract_log_provider.h | 3 +- .../dpl/log/include/dpl/log/dlog_log_provider.h | 3 +- .../dpl/log/include/dpl/log/journal_log_provider.h | 3 +- src/manager/dpl/log/include/dpl/log/log.h | 20 +- .../log/include/dpl/log/old_style_log_provider.h | 3 +- src/manager/dpl/log/src/dlog_log_provider.cpp | 21 +- src/manager/dpl/log/src/journal_log_provider.cpp | 6 +- src/manager/dpl/log/src/log.cpp | 6 +- src/manager/dpl/log/src/old_style_log_provider.cpp | 8 +- src/manager/initial-values/BufferHandler.cpp | 50 +- src/manager/initial-values/BufferHandler.h | 15 +- src/manager/initial-values/CertHandler.h | 3 +- src/manager/initial-values/DataHandler.h | 7 +- src/manager/initial-values/InitialValueHandler.cpp | 21 +- src/manager/initial-values/InitialValueHandler.h | 5 +- src/manager/initial-values/InitialValuesFile.cpp | 79 ++-- src/manager/initial-values/InitialValuesFile.h | 17 +- src/manager/initial-values/KeyHandler.cpp | 19 +- src/manager/initial-values/KeyHandler.h | 8 +- src/manager/initial-values/NoCharactersHandler.cpp | 2 +- src/manager/initial-values/NoCharactersHandler.h | 3 +- src/manager/initial-values/PermissionHandler.cpp | 5 +- src/manager/initial-values/PermissionHandler.h | 7 +- src/manager/initial-values/SWKeyFile.cpp | 59 +-- src/manager/initial-values/SWKeyFile.h | 20 +- .../initial-values/initial-value-loader.cpp | 24 +- src/manager/initial-values/parser.cpp | 82 ++-- src/manager/initial-values/parser.h | 29 +- src/manager/initial-values/xml-utils.cpp | 14 +- src/manager/initial-values/xml-utils.h | 3 +- src/manager/main/communication-manager.h | 9 +- src/manager/main/cynara-mockup.cpp | 26 +- src/manager/main/cynara.cpp | 25 +- src/manager/main/generic-socket-manager.h | 10 +- src/manager/main/key-manager-main.cpp | 7 +- src/manager/main/message-service.h | 27 +- src/manager/main/service-messages.h | 17 +- src/manager/main/service-thread.h | 15 +- src/manager/main/socket-2-id-mockup.cpp | 12 +- src/manager/main/socket-2-id-wrapper.cpp | 12 +- src/manager/main/socket-2-id.cpp | 16 +- src/manager/main/socket-2-id.h | 1 + src/manager/main/socket-manager.cpp | 132 +++--- src/manager/main/socket-manager.h | 11 +- src/manager/main/thread-service.cpp | 15 +- src/manager/main/thread-service.h | 6 +- src/manager/service/access-control.cpp | 18 +- src/manager/service/access-control.h | 4 +- src/manager/service/certificate-config.h | 23 +- src/manager/service/certificate-store.cpp | 16 +- src/manager/service/ckm-logic.cpp | 259 +++++------ src/manager/service/ckm-logic.h | 1 - src/manager/service/ckm-service.cpp | 444 +++++++++--------- src/manager/service/ckm-service.h | 9 +- src/manager/service/crypto-logic.cpp | 67 ++- src/manager/service/crypto-logic.h | 2 +- src/manager/service/crypto-request.h | 3 +- src/manager/service/db-crypto.cpp | 191 ++++---- src/manager/service/db-crypto.h | 503 +++++++++++---------- src/manager/service/db-row.h | 3 +- src/manager/service/encryption-logic.cpp | 2 +- src/manager/service/encryption-logic.h | 4 +- src/manager/service/encryption-service.cpp | 21 +- src/manager/service/encryption-service.h | 9 +- src/manager/service/file-lock.cpp | 5 +- src/manager/service/file-lock.h | 3 +- src/manager/service/file-system.cpp | 46 +- src/manager/service/file-system.h | 3 +- src/manager/service/key-provider.cpp | 249 +++++----- src/manager/service/key-provider.h | 8 +- src/manager/service/ocsp-logic.cpp | 5 +- src/manager/service/ocsp-logic.h | 6 +- src/manager/service/ocsp-service.cpp | 16 +- src/manager/service/ocsp-service.h | 3 +- src/manager/service/ocsp.cpp | 90 ++-- src/manager/service/ocsp.h | 1 + src/manager/service/permission.h | 5 +- src/manager/service/token.h | 21 +- src/pam_plugin/pam-key-manager-plugin.cpp | 45 +- 155 files changed, 2630 insertions(+), 2656 deletions(-) mode change 100644 => 100755 src/include/ckm/ckm-certificate.h mode change 100644 => 100755 src/include/ckm/ckm-control.h mode change 100644 => 100755 src/include/ckm/ckm-key.h mode change 100644 => 100755 src/include/ckm/ckm-pkcs12.h mode change 100644 => 100755 src/include/ckm/ckm-raw-buffer.h mode change 100644 => 100755 src/include/ckm/ckm-type.h mode change 100644 => 100755 src/include/ckmc/ckmc-type.h mode change 100644 => 100755 src/manager/client-async/client-manager-async-impl.h mode change 100644 => 100755 src/manager/client-capi/ckmc-control.cpp mode change 100644 => 100755 src/manager/client-capi/ckmc-manager.cpp mode change 100644 => 100755 src/manager/client-capi/ckmc-type-converter.cpp mode change 100644 => 100755 src/manager/client-capi/ckmc-type.cpp mode change 100644 => 100755 src/manager/client/client-manager-impl.h mode change 100644 => 100755 src/manager/common/base64.cpp mode change 100644 => 100755 src/manager/common/certificate-impl.cpp mode change 100644 => 100755 src/manager/common/crypto-init.cpp mode change 100644 => 100755 src/manager/common/data-type.cpp mode change 100644 => 100755 src/manager/common/key-aes-impl.cpp mode change 100644 => 100755 src/manager/common/key-impl.cpp mode change 100644 => 100755 src/manager/common/log-setup.cpp mode change 100644 => 100755 src/manager/common/pkcs12-impl.cpp mode change 100644 => 100755 src/manager/common/protocols.cpp mode change 100644 => 100755 src/manager/crypto/sw-backend/internals.cpp mode change 100644 => 100755 src/manager/crypto/sw-backend/obj.cpp mode change 100644 => 100755 src/manager/crypto/sw-backend/store.cpp mode change 100644 => 100755 src/manager/dpl/db/src/sql_connection.cpp mode change 100644 => 100755 src/manager/dpl/log/src/old_style_log_provider.cpp mode change 100644 => 100755 src/manager/initial-values/BufferHandler.cpp mode change 100644 => 100755 src/manager/initial-values/InitialValueHandler.cpp mode change 100644 => 100755 src/manager/initial-values/InitialValuesFile.cpp mode change 100644 => 100755 src/manager/initial-values/KeyHandler.cpp mode change 100644 => 100755 src/manager/initial-values/NoCharactersHandler.cpp mode change 100644 => 100755 src/manager/initial-values/PermissionHandler.cpp mode change 100644 => 100755 src/manager/initial-values/SWKeyFile.cpp mode change 100644 => 100755 src/manager/initial-values/initial-value-loader.cpp mode change 100644 => 100755 src/manager/initial-values/parser.cpp mode change 100644 => 100755 src/manager/initial-values/xml-utils.cpp mode change 100644 => 100755 src/manager/main/cynara-mockup.cpp mode change 100644 => 100755 src/manager/main/cynara.cpp mode change 100644 => 100755 src/manager/main/socket-manager.cpp mode change 100644 => 100755 src/manager/service/access-control.cpp mode change 100644 => 100755 src/manager/service/certificate-store.cpp mode change 100644 => 100755 src/manager/service/ckm-logic.cpp mode change 100644 => 100755 src/manager/service/ckm-service.cpp mode change 100644 => 100755 src/manager/service/crypto-logic.cpp mode change 100644 => 100755 src/manager/service/db-crypto.cpp mode change 100644 => 100755 src/manager/service/encryption-logic.cpp mode change 100644 => 100755 src/manager/service/encryption-service.cpp mode change 100644 => 100755 src/manager/service/file-lock.cpp mode change 100644 => 100755 src/manager/service/file-system.cpp mode change 100644 => 100755 src/manager/service/key-provider.cpp mode change 100644 => 100755 src/manager/service/ocsp-logic.cpp mode change 100644 => 100755 src/manager/service/ocsp-service.cpp mode change 100644 => 100755 src/manager/service/ocsp.cpp mode change 100644 => 100755 src/pam_plugin/pam-key-manager-plugin.cpp diff --git a/src/include/ckm/ckm-certificate.h b/src/include/ckm/ckm-certificate.h old mode 100644 new mode 100755 index f7ec223..e864b4b --- a/src/include/ckm/ckm-certificate.h +++ b/src/include/ckm/ckm-certificate.h @@ -39,7 +39,6 @@ typedef std::shared_ptr CertificateShPtr; class KEY_MANAGER_API Certificate { public: - virtual bool empty() const = 0; // This function will return openssl struct X509*. @@ -47,7 +46,7 @@ public: // Memory will be freed in ~Certificate. virtual X509 *getX509() const = 0; virtual RawBuffer getDER() const = 0; - virtual ~Certificate(){} + virtual ~Certificate() {} static CertificateShPtr create(const RawBuffer &rawBuffer, DataFormat format); }; diff --git a/src/include/ckm/ckm-control.h b/src/include/ckm/ckm-control.h old mode 100644 new mode 100755 index 67250fe..af0a380 --- a/src/include/ckm/ckm-control.h +++ b/src/include/ckm/ckm-control.h @@ -34,8 +34,7 @@ class Control; typedef std::shared_ptr ControlShPtr; // used by login manager to unlock user data with global password -class KEY_MANAGER_API Control -{ +class KEY_MANAGER_API Control { public: // decrypt user key with password virtual int unlockUserKey(uid_t user, const Password &password) = 0; @@ -68,7 +67,7 @@ public: const Label &accessor, PermissionMask permissionMask) = 0; - virtual ~Control(){} + virtual ~Control() {} static ControlShPtr create(); }; diff --git a/src/include/ckm/ckm-key.h b/src/include/ckm/ckm-key.h old mode 100644 new mode 100755 index 02522cc..9095d49 --- a/src/include/ckm/ckm-key.h +++ b/src/include/ckm/ckm-key.h @@ -34,7 +34,7 @@ public: virtual KeyType getType() const = 0; virtual int getSize() const = 0; virtual RawBuffer getDER() const = 0; - virtual ~Key(){} + virtual ~Key() {} static KeyShPtr create( const RawBuffer &rawBuffer, diff --git a/src/include/ckm/ckm-pkcs12.h b/src/include/ckm/ckm-pkcs12.h old mode 100644 new mode 100755 index c6e043c..f00e5f6 --- a/src/include/ckm/ckm-pkcs12.h +++ b/src/include/ckm/ckm-pkcs12.h @@ -44,7 +44,7 @@ public: virtual bool empty() const = 0; - virtual ~PKCS12(){} + virtual ~PKCS12() {} static PKCS12ShPtr create(const RawBuffer &rawData, const Password &password = Password()); }; diff --git a/src/include/ckm/ckm-raw-buffer.h b/src/include/ckm/ckm-raw-buffer.h old mode 100644 new mode 100755 index 02c9d6b..6ac4ab6 --- a/src/include/ckm/ckm-raw-buffer.h +++ b/src/include/ckm/ckm-raw-buffer.h @@ -29,8 +29,7 @@ namespace CKM { template -struct std_erase_on_dealloc -{ +struct std_erase_on_dealloc { // MJK: if re-factoring, remember not to inherit from the std::allocator ! // MJK: to be replaced with much shorter version once std::allocator_traits // becomes supported in STL containers (i.e. list, vector and string) @@ -47,42 +46,48 @@ struct std_erase_on_dealloc template std_erase_on_dealloc(const std_erase_on_dealloc&) {} - T* allocate(std::size_t n) { + T* allocate(std::size_t n) + { return static_cast(::operator new(n*sizeof(T))); } - void deallocate(T* ptr, std::size_t n) { + void deallocate(T* ptr, std::size_t n) + { // clear the memory before deleting - memset(ptr, 0 ,n * sizeof(T)); + memset(ptr, 0 , n * sizeof(T)); ::operator delete(ptr); } template - struct rebind - { + struct rebind { typedef std_erase_on_dealloc<_Tp1> other; }; - void construct(pointer p, const T& val) { + void construct(pointer p, const T& val) + { new (p) T(val); } - void destroy(pointer p) { + void destroy(pointer p) + { p->~T(); } - size_type max_size() const { + size_type max_size() const + { return size_type(-1); } }; template -inline bool operator == (const std_erase_on_dealloc&, const std_erase_on_dealloc&) { +inline bool operator == (const std_erase_on_dealloc&, const std_erase_on_dealloc&) +{ return true; } template -inline bool operator != (const std_erase_on_dealloc& a, const std_erase_on_dealloc& b) { +inline bool operator != (const std_erase_on_dealloc& a, const std_erase_on_dealloc& b) +{ return !(a == b); } diff --git a/src/include/ckm/ckm-type.h b/src/include/ckm/ckm-type.h old mode 100644 new mode 100755 index 5ce89b6..352dc14 --- a/src/include/ckm/ckm-type.h +++ b/src/include/ckm/ckm-type.h @@ -75,7 +75,7 @@ struct Policy { : password(pass) , extractable(extract) {} - virtual ~Policy(){} + virtual ~Policy() {} Password password; // byte array used to encrypt data inside CKM bool extractable; // if true key may be extracted from storage }; @@ -197,7 +197,8 @@ protected: }; template -bool CryptoAlgorithm::getParam(ParamName name, T& value) const { +bool CryptoAlgorithm::getParam(ParamName name, T& value) const +{ auto param = m_params.find(name); if (param == m_params.end()) return false; @@ -216,7 +217,8 @@ template <> bool CryptoAlgorithm::getParam(ParamName name, RawBuffer& value) const; template -bool CryptoAlgorithm::setParam(ParamName name, const T& value) { +bool CryptoAlgorithm::setParam(ParamName name, const T& value) +{ if (name < ParamName::FIRST || name > ParamName::LAST) return false; m_params[name] = IntParam::create(static_cast(value)); diff --git a/src/include/ckmc/ckmc-error.h b/src/include/ckmc/ckmc-error.h index abbea8d..c7ac7ec 100644 --- a/src/include/ckmc/ckmc-error.h +++ b/src/include/ckmc/ckmc-error.h @@ -36,30 +36,30 @@ extern "C" { * @since_tizen 2.3 */ typedef enum { - CKMC_ERROR_NONE = TIZEN_ERROR_NONE, /**< Successful */ - CKMC_ERROR_INVALID_PARAMETER = TIZEN_ERROR_INVALID_PARAMETER, /**< Invalid function parameter */ - CKMC_ERROR_OUT_OF_MEMORY = TIZEN_ERROR_OUT_OF_MEMORY, /**< Out of memory */ - CKMC_ERROR_PERMISSION_DENIED = TIZEN_ERROR_PERMISSION_DENIED, /**< Permission denied */ - CKMC_ERROR_NOT_SUPPORTED = TIZEN_ERROR_NOT_SUPPORTED, /**< Device needed to run API is not supported*/ + CKMC_ERROR_NONE = TIZEN_ERROR_NONE, /**< Successful */ + CKMC_ERROR_INVALID_PARAMETER = TIZEN_ERROR_INVALID_PARAMETER, /**< Invalid function parameter */ + CKMC_ERROR_OUT_OF_MEMORY = TIZEN_ERROR_OUT_OF_MEMORY, /**< Out of memory */ + CKMC_ERROR_PERMISSION_DENIED = TIZEN_ERROR_PERMISSION_DENIED, /**< Permission denied */ + CKMC_ERROR_NOT_SUPPORTED = TIZEN_ERROR_NOT_SUPPORTED, /**< Device needed to run API is not supported*/ - CKMC_ERROR_SOCKET = TIZEN_ERROR_KEY_MANAGER | 0x01, /**< Socket error between client and Central Key Manager */ - CKMC_ERROR_BAD_REQUEST = TIZEN_ERROR_KEY_MANAGER | 0x02, /**< Invalid request from client */ - CKMC_ERROR_BAD_RESPONSE = TIZEN_ERROR_KEY_MANAGER | 0x03, /**< Invalid response from Central Key Manager */ - CKMC_ERROR_SEND_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x04, /**< Transmitting request failed */ - CKMC_ERROR_RECV_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x05, /**< Receiving response failed */ - CKMC_ERROR_AUTHENTICATION_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x06, /**< Authentication between client and manager failed */ - CKMC_ERROR_BUFFER_TOO_SMALL = TIZEN_ERROR_KEY_MANAGER | 0x07, /**< The output buffer size which is passed as parameter is too small */ - CKMC_ERROR_SERVER_ERROR = TIZEN_ERROR_KEY_MANAGER | 0x08, /**< Central Key Manager has been failed for some reason */ - CKMC_ERROR_DB_LOCKED = TIZEN_ERROR_KEY_MANAGER | 0x09, /**< The database was not unlocked - user did not login */ - CKMC_ERROR_DB_ERROR = TIZEN_ERROR_KEY_MANAGER | 0x0A, /**< An internal error inside the database */ - CKMC_ERROR_DB_ALIAS_EXISTS = TIZEN_ERROR_KEY_MANAGER | 0x0B, /**< Provided alias already exists in the database */ - CKMC_ERROR_DB_ALIAS_UNKNOWN = TIZEN_ERROR_KEY_MANAGER | 0x0C, /**< No data for given alias */ - CKMC_ERROR_VERIFICATION_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x0D, /**< CA certificate(s) were unknown and chain could not be created */ - CKMC_ERROR_INVALID_FORMAT = TIZEN_ERROR_KEY_MANAGER | 0x0E, /**< A provided file or binary has not a valid format */ - CKMC_ERROR_FILE_ACCESS_DENIED = TIZEN_ERROR_KEY_MANAGER | 0x0F, /**< A provided file doesn't exist or cannot be accessed in the file system */ - CKMC_ERROR_NOT_EXPORTABLE = TIZEN_ERROR_KEY_MANAGER | 0x10, /**< Key is not exportable. It could not be returned to client */ - CKMC_ERROR_FILE_SYSTEM = TIZEN_ERROR_KEY_MANAGER | 0x11, /**< Save key/certificate/pkcs12 failed because of file system error */ - CKMC_ERROR_UNKNOWN = TIZEN_ERROR_KEY_MANAGER | 0xFF, /**< The error with unknown reason */ + CKMC_ERROR_SOCKET = TIZEN_ERROR_KEY_MANAGER | 0x01, /**< Socket error between client and Central Key Manager */ + CKMC_ERROR_BAD_REQUEST = TIZEN_ERROR_KEY_MANAGER | 0x02, /**< Invalid request from client */ + CKMC_ERROR_BAD_RESPONSE = TIZEN_ERROR_KEY_MANAGER | 0x03, /**< Invalid response from Central Key Manager */ + CKMC_ERROR_SEND_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x04, /**< Transmitting request failed */ + CKMC_ERROR_RECV_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x05, /**< Receiving response failed */ + CKMC_ERROR_AUTHENTICATION_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x06, /**< Authentication between client and manager failed */ + CKMC_ERROR_BUFFER_TOO_SMALL = TIZEN_ERROR_KEY_MANAGER | 0x07, /**< The output buffer size which is passed as parameter is too small */ + CKMC_ERROR_SERVER_ERROR = TIZEN_ERROR_KEY_MANAGER | 0x08, /**< Central Key Manager has been failed for some reason */ + CKMC_ERROR_DB_LOCKED = TIZEN_ERROR_KEY_MANAGER | 0x09, /**< The database was not unlocked - user did not login */ + CKMC_ERROR_DB_ERROR = TIZEN_ERROR_KEY_MANAGER | 0x0A, /**< An internal error inside the database */ + CKMC_ERROR_DB_ALIAS_EXISTS = TIZEN_ERROR_KEY_MANAGER | 0x0B, /**< Provided alias already exists in the database */ + CKMC_ERROR_DB_ALIAS_UNKNOWN = TIZEN_ERROR_KEY_MANAGER | 0x0C, /**< No data for given alias */ + CKMC_ERROR_VERIFICATION_FAILED = TIZEN_ERROR_KEY_MANAGER | 0x0D, /**< CA certificate(s) were unknown and chain could not be created */ + CKMC_ERROR_INVALID_FORMAT = TIZEN_ERROR_KEY_MANAGER | 0x0E, /**< A provided file or binary has not a valid format */ + CKMC_ERROR_FILE_ACCESS_DENIED = TIZEN_ERROR_KEY_MANAGER | 0x0F, /**< A provided file doesn't exist or cannot be accessed in the file system */ + CKMC_ERROR_NOT_EXPORTABLE = TIZEN_ERROR_KEY_MANAGER | 0x10, /**< Key is not exportable. It could not be returned to client */ + CKMC_ERROR_FILE_SYSTEM = TIZEN_ERROR_KEY_MANAGER | 0x11, /**< Save key/certificate/pkcs12 failed because of file system error */ + CKMC_ERROR_UNKNOWN = TIZEN_ERROR_KEY_MANAGER | 0xFF, /**< The error with unknown reason */ } key_manager_error_e; /** diff --git a/src/include/ckmc/ckmc-type.h b/src/include/ckmc/ckmc-type.h old mode 100644 new mode 100755 index 997ed96..4e02e99 --- a/src/include/ckmc/ckmc-type.h +++ b/src/include/ckmc/ckmc-type.h @@ -111,11 +111,11 @@ typedef enum __ckmc_data_format { * @since_tizen 2.3 */ typedef enum __ckmc_ec_type { - CKMC_EC_PRIME192V1 = 0, /**< Elliptic curve domain "secp192r1" listed in "SEC 2" recommended + CKMC_EC_PRIME192V1 = 0, /**< Elliptic curve domain "secp192r1" listed in "SEC 2" recommended elliptic curve domain */ - CKMC_EC_PRIME256V1, /**< "SEC 2" recommended elliptic curve domain - secp256r1 */ - CKMC_EC_SECP384R1 /**< NIST curve P-384 (covers "secp384r1", the elliptic curve domain - listed in See SEC 2 */ + CKMC_EC_PRIME256V1, /**< "SEC 2" recommended elliptic curve domain - secp256r1 */ + CKMC_EC_SECP384R1 /**< NIST curve P-384(covers "secp384r1", the elliptic curve domain + listed in See SEC 2 */ } ckmc_ec_type_e; /** @@ -145,7 +145,7 @@ typedef enum __ckmc_rsa_padding_algo { * @brief Enumeration for database access rights. * @since_tizen 2.3 */ -typedef enum __ckmc_access_right{ +typedef enum __ckmc_access_right { CKMC_AR_READ = 0, /**< Access right for read*/ CKMC_AR_READ_REMOVE /**< Access right for read and remove*/ } ckmc_access_right_e; @@ -154,7 +154,7 @@ typedef enum __ckmc_access_right{ * @brief Enumeration for permissions to access/modify alias. * @since_tizen 2.4 */ -typedef enum __ckmc_permission{ +typedef enum __ckmc_permission { CKMC_PERMISSION_NONE = 0x00, /**< Clear permissions */ CKMC_PERMISSION_READ = 0x01, /**< Eead allowed */ CKMC_PERMISSION_REMOVE = 0x02 /**< Remove allowed */ diff --git a/src/listener/listener-daemon.cpp b/src/listener/listener-daemon.cpp index 4521bbd..894d428 100644 --- a/src/listener/listener-daemon.cpp +++ b/src/listener/listener-daemon.cpp @@ -68,7 +68,7 @@ void packageUninstalledEventCallback( if (eventType != PACKAGE_MANAGER_EVENT_TYPE_UNINSTALL || eventState != PACKAGE_MANAGER_EVENT_STATE_STARTED || package == NULL) - return; + return; SLOGD("PackageUninstalled Callback. Uninstalation of: %s", package); diff --git a/src/manager/client-async/async-request.h b/src/manager/client-async/async-request.h index 7c5330a..18199fe 100644 --- a/src/manager/client-async/async-request.h +++ b/src/manager/client-async/async-request.h @@ -30,8 +30,7 @@ namespace CKM { -struct AsyncRequest -{ +struct AsyncRequest { typedef std::map Map; typedef std::queue > Queue; diff --git a/src/manager/client-async/client-manager-async-impl.cpp b/src/manager/client-async/client-manager-async-impl.cpp index 269ef13..5024eae 100644 --- a/src/manager/client-async/client-manager-async-impl.cpp +++ b/src/manager/client-async/client-manager-async-impl.cpp @@ -28,7 +28,6 @@ #include namespace CKM { - int ManagerAsync::Impl::m_counter = 0; ManagerAsync::Impl::Impl() @@ -117,7 +116,6 @@ void ManagerAsync::Impl::savePKCS12(const ManagerAsync::ObserverPtr& observer, PKCS12Serializable(*pkcs.get()), PolicySerializable(keyPolicy), PolicySerializable(certPolicy)); - }, [&observer](int error){ observer->ReceivedError(error); } ); } @@ -204,7 +202,7 @@ void ManagerAsync::Impl::createSignature(const ObserverPtr& observer, password, message, CryptoAlgorithmSerializable(cAlg)); - }, [&observer](int error) {observer->ReceivedError(error);}); + }, [&observer](int error) {observer->ReceivedError(error);} ); } void ManagerAsync::Impl::verifySignature(const ObserverPtr& observer, @@ -244,7 +242,7 @@ void ManagerAsync::Impl::ocspCheck(const ObserverPtr& observer, try_catch_async([&] { RawBufferVector rawCertChain; for (auto &e: certificateChainVector) { - if(!e || e->empty()) + if (!e || e->empty()) return observer->ReceivedError(CKM_API_ERROR_INPUT_PARAM); rawCertChain.push_back(e->getDER()); } @@ -308,8 +306,7 @@ void ManagerAsync::Impl::createKeyPair(const ManagerAsync::ObserverPtr& observer } // input type check CryptoAlgorithm keyGenAlgorithm; - switch(key_type) - { + switch (key_type) { case KeyType::KEY_RSA_PUBLIC: case KeyType::KEY_RSA_PRIVATE: keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_GEN); @@ -374,7 +371,7 @@ void ManagerAsync::Impl::createKeyAES(const ManagerAsync::ObserverPtr& observer, void ManagerAsync::Impl::observerCheck(const ManagerAsync::ObserverPtr& observer) { - if(!observer) + if (!observer) throw std::invalid_argument("Empty observer"); } diff --git a/src/manager/client-async/client-manager-async-impl.h b/src/manager/client-async/client-manager-async-impl.h old mode 100644 new mode 100755 index 21013fc..6975c7c --- a/src/manager/client-async/client-manager-async-impl.h +++ b/src/manager/client-async/client-manager-async-impl.h @@ -149,7 +149,7 @@ public: untrusted, trusted, useSystemTrustedCertificates); - }, [&observer](int error){ observer->ReceivedError(error); } ); + }, [&observer](int error){ observer->ReceivedError(error);}); } void crypt( @@ -161,7 +161,6 @@ public: bool encryption); private: - template void sendToStorage(const ManagerAsync::ObserverPtr& observer, const Args&... args) { diff --git a/src/manager/client-async/client-manager-async.cpp b/src/manager/client-async/client-manager-async.cpp index 92eb207..935e9d3 100644 --- a/src/manager/client-async/client-manager-async.cpp +++ b/src/manager/client-async/client-manager-async.cpp @@ -28,9 +28,9 @@ namespace { RawBufferVector toRawBufferVector(const CertificateShPtrVector& certificates) { RawBufferVector rawBufferVector; - for (auto &e: certificates) { + for (auto &e: certificates) rawBufferVector.push_back(e->getDER()); - } + return rawBufferVector; } diff --git a/src/manager/client-async/connection-thread.cpp b/src/manager/client-async/connection-thread.cpp index ffb6d8d..d816530 100644 --- a/src/manager/client-async/connection-thread.cpp +++ b/src/manager/client-async/connection-thread.cpp @@ -44,7 +44,7 @@ ConnectionThread::Pipe::~Pipe() void ConnectionThread::Pipe::notify() { - if (-1 == TEMP_FAILURE_RETRY(write(m_pipe[1],"j",1))) + if (-1 == TEMP_FAILURE_RETRY(write(m_pipe[1], "j", 1))) ThrowMsg(PipeError, "Writing pipe failed " << GetErrnoString(errno)); } @@ -54,17 +54,20 @@ ConnectionThread::ConnectionThread() : { } -ConnectionThread::~ConnectionThread() { +ConnectionThread::~ConnectionThread() +{ m_join = true; m_pipe.notify(); m_thread.join(); } -void ConnectionThread::run() { +void ConnectionThread::run() +{ m_thread = std::thread(&ConnectionThread::threadLoop, this); } -void ConnectionThread::sendMessage(AsyncRequest&& req) { +void ConnectionThread::sendMessage(AsyncRequest&& req) +{ std::unique_lock lock(m_mutex); m_waitingReqs.push(std::move(req)); lock.unlock(); @@ -93,7 +96,7 @@ void ConnectionThread::threadLoop() } // cleanup services - for(auto& it: m_services) + for (auto& it: m_services) it.second.serviceError(CKM_API_ERROR_UNKNOWN); m_services.clear(); @@ -102,7 +105,7 @@ void ConnectionThread::threadLoop() // remove waiting requests and notify about error std::unique_lock lock(m_mutex); - while(!m_waitingReqs.empty()) { + while (!m_waitingReqs.empty()) { m_waitingReqs.front().observer->ReceivedError(CKM_API_ERROR_UNKNOWN); m_waitingReqs.pop(); } @@ -118,7 +121,7 @@ void ConnectionThread::readPipe(int pipe, short revents) if ((revents & POLLIN) == 0) ThrowMsg(PipeError, "Unexpected event: " << revents << "!=" << POLLIN); - if(1 != TEMP_FAILURE_RETRY(read(pipe,buffer, 1))) { + if (1 != TEMP_FAILURE_RETRY(read(pipe, buffer, 1))) { int err = errno; ThrowMsg(PipeError, "Failed to read pipe: " << GetErrnoString(err)); } @@ -132,7 +135,7 @@ Service& ConnectionThread::getService(const std::string& interface) // create new service, insert it and return return m_services.insert( - std::make_pair(interface,Service(m_descriptors, interface))).first->second; + std::make_pair(interface, Service(m_descriptors, interface))).first->second; } void ConnectionThread::newRequest(int pipe, short revents) @@ -142,7 +145,7 @@ void ConnectionThread::newRequest(int pipe, short revents) std::unique_lock lock(m_mutex); // nothing to do? - if(m_waitingReqs.empty()) { + if (m_waitingReqs.empty()) { LogWarning("Empty request queue. Are we exiting?"); return; } diff --git a/src/manager/client-async/descriptor-set.cpp b/src/manager/client-async/descriptor-set.cpp index 8e36bed..8767cee 100644 --- a/src/manager/client-async/descriptor-set.cpp +++ b/src/manager/client-async/descriptor-set.cpp @@ -27,24 +27,28 @@ namespace CKM { -DescriptorSet::DescriptorSet() : m_dirty(true), m_fds(NULL) { +DescriptorSet::DescriptorSet() : m_dirty(true), m_fds(NULL) +{ } -DescriptorSet::~DescriptorSet() { +DescriptorSet::~DescriptorSet() +{ purge(); } -void DescriptorSet::purge() { - for(auto it:m_descriptors) +void DescriptorSet::purge() +{ + for (auto it:m_descriptors) close(it.first); m_descriptors.clear(); } -void DescriptorSet::add(int fd, short events, Callback&& callback) { +void DescriptorSet::add(int fd, short events, Callback&& callback) +{ // map operator[] requires empty DescriptorData constructor auto it = m_descriptors.find(fd); if (it == m_descriptors.end()) { - m_descriptors.insert(std::make_pair(fd,DescriptorData(events, std::move(callback)))); + m_descriptors.insert(std::make_pair(fd, DescriptorData(events, std::move(callback)))); } else { it->second.events = events; it->second.callback = std::move(callback); @@ -52,7 +56,8 @@ void DescriptorSet::add(int fd, short events, Callback&& callback) { m_dirty = true; } -void DescriptorSet::remove(int fd, bool close_fd) { +void DescriptorSet::remove(int fd, bool close_fd) +{ if (0 != m_descriptors.erase(fd)) { if (close_fd) close(fd); @@ -60,8 +65,9 @@ void DescriptorSet::remove(int fd, bool close_fd) { } } -void DescriptorSet::wait(int timeout_ms) { - if(!rebuildPollfd()) +void DescriptorSet::wait(int timeout_ms) +{ + if (!rebuildPollfd()) return; // wait @@ -76,7 +82,8 @@ void DescriptorSet::wait(int timeout_ms) { notify(ret); } -bool DescriptorSet::rebuildPollfd() { +bool DescriptorSet::rebuildPollfd() +{ if (m_dirty) { delete[] m_fds; m_fds = NULL; @@ -87,7 +94,7 @@ bool DescriptorSet::rebuildPollfd() { m_fds = new pollfd[m_descriptors.size()]; size_t idx = 0; - for(const auto& it : m_descriptors) { + for (const auto& it : m_descriptors) { m_fds[idx].fd = it.first; m_fds[idx].events = it.second.events; idx++; @@ -97,9 +104,10 @@ bool DescriptorSet::rebuildPollfd() { return true; } -void DescriptorSet::notify(int descCount) { +void DescriptorSet::notify(int descCount) +{ size_t size = m_descriptors.size(); - for(size_t idx = 0;idx < size;++idx) { + for (size_t idx = 0;idx < size;++idx) { const pollfd& pfd = m_fds[idx]; if (pfd.revents == 0) continue; diff --git a/src/manager/client-async/descriptor-set.h b/src/manager/client-async/descriptor-set.h index 7c70be1..0f8e2c1 100644 --- a/src/manager/client-async/descriptor-set.h +++ b/src/manager/client-async/descriptor-set.h @@ -29,8 +29,7 @@ namespace CKM { -class IDescriptorSet -{ +class IDescriptorSet { public: // int is for descriptor, short is for revents, typedef std::function Callback; @@ -46,8 +45,7 @@ protected: /** * @brief Wrapper for poll() */ -class DescriptorSet : public IDescriptorSet -{ +class DescriptorSet : public IDescriptorSet { public: DescriptorSet(); virtual ~DescriptorSet(); @@ -94,8 +92,7 @@ protected: bool rebuildPollfd(); void notify(int descCount); - struct DescriptorData - { + struct DescriptorData { DescriptorData(short e, Callback&& c) : events(e), callback(std::move(c)) {} short events; diff --git a/src/manager/client-async/service.cpp b/src/manager/client-async/service.cpp index 9725432..40ab9ac 100644 --- a/src/manager/client-async/service.cpp +++ b/src/manager/client-async/service.cpp @@ -45,7 +45,7 @@ Service::Service(IDescriptorSet& descriptors, const std::string& interface) : void Service::addRequest(AsyncRequest&& req) { - if(!m_socket) { + if (!m_socket) { m_socket.reset(new SockRAII()); int ret; if (CKM_API_SUCCESS != (ret = m_socket->connect(m_interface.c_str()))) { @@ -64,8 +64,7 @@ void Service::addRequest(AsyncRequest&& req) void Service::serviceError(int error) { - if (m_socket) - { + if (m_socket) { // stop listening on socket m_descriptors.remove(m_socket->get(), false); // close the socket @@ -73,13 +72,13 @@ void Service::serviceError(int error) } // notify observers waiting for response - for(const auto& it: m_responseMap) { + for (const auto& it: m_responseMap) it.second.observer->ReceivedError(error); - } + m_responseMap.clear(); // notify observers waiting for send - while(!m_sendQueue.empty()) { + while (!m_sendQueue.empty()) { m_sendQueue.front().observer->ReceivedError(error); m_sendQueue.pop(); } @@ -145,15 +144,15 @@ void Service::sendData() req.written += temp; // finished? -> move request to response map - if(req.written == req.buffer.size()) { + if (req.written == req.buffer.size()) { AsyncRequest finished = std::move(m_sendQueue.front()); m_sendQueue.pop(); // update poll flags if necessary - if(m_sendQueue.empty() || m_responseMap.empty()) + if (m_sendQueue.empty() || m_responseMap.empty()) watch((m_sendQueue.empty()? 0 : POLLOUT) | POLLIN); - m_responseMap.insert(std::make_pair(finished.id,finished)); + m_responseMap.insert(std::make_pair(finished.id, finished)); } } } @@ -162,7 +161,7 @@ void Service::receiveData() { char buffer[RECV_BUFFER_SIZE]; - ssize_t temp = TEMP_FAILURE_RETRY(::recv(m_socket->get(), buffer, RECV_BUFFER_SIZE,0)); + ssize_t temp = TEMP_FAILURE_RETRY(::recv(m_socket->get(), buffer, RECV_BUFFER_SIZE, 0)); if (-1 == temp) { int err = errno; LogError("Error in recv: " << GetErrnoString(err)); @@ -183,8 +182,7 @@ void Service::receiveData() m_responseBuffer->Push(raw); // parse while you can - while(m_responseBuffer->Ready()) - { + while (m_responseBuffer->Ready()) { std::unique_ptr receiver; if (m_interface == SERVICE_SOCKET_CKM_STORAGE) receiver.reset(new StorageReceiver(*m_responseBuffer, m_responseMap)); diff --git a/src/manager/client-async/storage-receiver.cpp b/src/manager/client-async/storage-receiver.cpp index 15bee0b..b8b59a1 100644 --- a/src/manager/client-async/storage-receiver.cpp +++ b/src/manager/client-async/storage-receiver.cpp @@ -149,8 +149,8 @@ void StorageReceiver::parseGetListCommand() } AliasVector aliasVector; - for(const auto &it : labelNameVector) - aliasVector.push_back( AliasSupport::merge(it.first, it.second) ); + for (const auto &it : labelNameVector) + aliasVector.push_back(AliasSupport::merge(it.first, it.second)); DataType type(dataType); diff --git a/src/manager/client-capi/ckmc-control.cpp b/src/manager/client-capi/ckmc-control.cpp old mode 100644 new mode 100755 index 8d28e6f..ebc5c92 --- a/src/manager/client-capi/ckmc-control.cpp +++ b/src/manager/client-capi/ckmc-control.cpp @@ -79,12 +79,12 @@ int ckmc_reset_user_password(uid_t user, const char *newPassword) KEY_MANAGER_CAPI int ckmc_allow_access_by_adm(uid_t user, const char* owner, const char *alias, const char *accessor, ckmc_access_right_e granted) { - if(!owner || !alias) + if (!owner || !alias) return CKMC_ERROR_INVALID_PARAMETER; int ec, permissionMask; ec = access_to_permission_mask(granted, permissionMask); - if(ec != CKMC_ERROR_NONE) + if (ec != CKMC_ERROR_NONE) return ec; // if label given twice, service will return an error @@ -104,7 +104,7 @@ int ckmc_set_permission_by_adm(uid_t user, const char *alias, const char *access KEY_MANAGER_CAPI int ckmc_deny_access_by_adm(uid_t user, const char* owner, const char *alias, const char *accessor) { - if(!owner || !alias) + if (!owner || !alias) return CKMC_ERROR_INVALID_PARAMETER; // if label given twice, service will return an error diff --git a/src/manager/client-capi/ckmc-error.cpp b/src/manager/client-capi/ckmc-error.cpp index 8ea2591..d606846 100644 --- a/src/manager/client-capi/ckmc-error.cpp +++ b/src/manager/client-capi/ckmc-error.cpp @@ -26,6 +26,7 @@ #include KEY_MANAGER_CAPI -const char * ckmc_error_to_string(int error) { - return CKM::ErrorToString(to_ckm_error(error)); +const char * ckmc_error_to_string(int error) +{ + return CKM::ErrorToString(to_ckm_error(error)); } diff --git a/src/manager/client-capi/ckmc-manager.cpp b/src/manager/client-capi/ckmc-manager.cpp old mode 100644 new mode 100755 index d668f51..6a62e0b --- a/src/manager/client-capi/ckmc-manager.cpp +++ b/src/manager/client-capi/ckmc-manager.cpp @@ -31,22 +31,20 @@ #include #include -namespace -{ +namespace { const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR; const CKM::AliasVector EMPTY_ALIAS_VECTOR; CKM::Password _tostring(const char *str) { - if(str == NULL) + if (str == NULL) return CKM::Password(); return CKM::Password(str); } CKM::KeyShPtr _toCkmKey(const ckmc_key_s *key) { - if(key) - { + if (key) { CKM::RawBuffer buffer(key->raw_key, key->raw_key + key->key_size); return CKM::Key::create(buffer, _tostring(key->password)); } @@ -55,8 +53,7 @@ CKM::KeyShPtr _toCkmKey(const ckmc_key_s *key) CKM::CertificateShPtr _toCkmCertificate(const ckmc_cert_s *cert) { - if(cert) - { + if (cert) { CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size); CKM::DataFormat dataFormat = static_cast(static_cast(cert->data_format)); return CKM::Certificate::create(buffer, dataFormat); @@ -68,8 +65,7 @@ CKM::CertificateShPtrVector _toCkmCertificateVector(const ckmc_cert_list_s *list { CKM::CertificateShPtrVector certs; ckmc_cert_list_s *current = const_cast(list); - while (current != NULL) - { + while (current != NULL) { if (current->cert != NULL) certs.push_back(_toCkmCertificate(current->cert)); current = current->next; @@ -81,8 +77,7 @@ CKM::AliasVector _toCkmAliasVector(const ckmc_alias_list_s *list) { CKM::AliasVector aliases; ckmc_alias_list_s *current = const_cast(list); - while (current != NULL) - { + while (current != NULL) { if (current->alias != NULL) aliases.push_back(CKM::Alias(current->alias)); current = current->next; @@ -95,21 +90,21 @@ ckmc_cert_list_s *_toNewCkmCertList(const CKM::CertificateShPtrVector &certVecto int ret; ckmc_cert_list_s *start = NULL; ckmc_cert_list_s *plist = NULL; - for(const auto &e : certVector) { + for (const auto &e : certVector) { CKM::RawBuffer rawBuffer = e->getDER(); ckmc_cert_s *pcert = NULL; ret = ckmc_cert_new(rawBuffer.data(), rawBuffer.size(), CKMC_FORM_DER, &pcert); - if(pcert == NULL) { + if (pcert == NULL) { ckmc_cert_list_all_free(start); return NULL; } - if(plist == NULL) { + if (plist == NULL) { ret = ckmc_cert_list_new(pcert, &plist); start = plist; // save the pointer of the first element - }else { + } else { ret = ckmc_cert_list_add(plist, pcert, &plist); } - if(ret != CKMC_ERROR_NONE) { + if (ret != CKMC_ERROR_NONE) { ckmc_cert_list_all_free(start); return NULL; } @@ -130,7 +125,7 @@ int _cryptoOperation(cryptoFn operation, const ckmc_raw_buffer_s in, ckmc_raw_buffer_s **ppout) { - if(!params || !key_alias || !ppout) + if (!params || !key_alias || !ppout) return CKMC_ERROR_INVALID_PARAMETER; // params @@ -178,29 +173,28 @@ int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s p return try_catch_enclosure([&]()->int { CKM::ManagerShPtr mgr = CKM::Manager::create(); - if(alias == NULL) { + if (alias == NULL) return CKMC_ERROR_INVALID_PARAMETER; - } + CKM::Alias ckmAlias(alias); - if(key.raw_key == NULL || key.key_size <= 0) { + if (key.raw_key == NULL || key.key_size <= 0) return CKMC_ERROR_INVALID_PARAMETER; - } + CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size); CKM::KeyShPtr ckmKey; - if(key.key_type == CKMC_KEY_AES) - { - if(key.password) + if (key.key_type == CKMC_KEY_AES) { + if (key.password) return CKMC_ERROR_INVALID_PARAMETER; ckmKey = CKM::Key::createAES(buffer); - } - else + } else { ckmKey = CKM::Key::create(buffer, _tostring(key.password)); - if(ckmKey.get() == NULL) { - return CKMC_ERROR_INVALID_FORMAT; } + if (ckmKey.get() == NULL) + return CKMC_ERROR_INVALID_FORMAT; + CKM::Policy storePolicy(_tostring(policy.password), policy.extractable); int ret = mgr->saveKey(ckmAlias, ckmKey, storePolicy); @@ -222,19 +216,17 @@ int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **key) int ret; CKM::KeyShPtr ckmKey; - if(alias == NULL || key == NULL) { + if (alias == NULL || key == NULL) return CKMC_ERROR_INVALID_PARAMETER; - } CKM::ManagerShPtr mgr = CKM::Manager::create(); - if( (ret = mgr->getKey(alias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) { + if ((ret = mgr->getKey(alias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) return to_ckmc_error(ret); - } CKM::RawBuffer buffer = ckmKey->getDER(); ckmc_key_type_e keyType = static_cast(static_cast(ckmKey->getType())); - ret = ckmc_key_new( buffer.data(), buffer.size(), keyType, NULL, key); + ret = ckmc_key_new(buffer.data(), buffer.size(), keyType, NULL, key); return to_ckmc_error(ret); }); @@ -246,16 +238,14 @@ int ckmc_get_key_alias_list(ckmc_alias_list_s** alias_list) return try_catch_enclosure([&]()->int { int ret; - if (alias_list == NULL) { + if (alias_list == NULL) return CKMC_ERROR_INVALID_PARAMETER; - } CKM::AliasVector aliasVector; CKM::ManagerShPtr mgr = CKM::Manager::create(); - if ((ret = mgr->getKeyAliasVector(aliasVector)) != CKM_API_SUCCESS) { + if ((ret = mgr->getKeyAliasVector(aliasVector)) != CKM_API_SUCCESS) return to_ckmc_error(ret); - } ckmc_alias_list_s *plist = NULL; @@ -276,9 +266,8 @@ int ckmc_get_key_alias_list(ckmc_alias_list_s** alias_list) } } - if(plist == NULL) { // if the alias_list size is zero + if (plist == NULL) // if the alias_list size is zero return CKMC_ERROR_DB_ALIAS_UNKNOWN; - } return CKMC_ERROR_NONE; }); @@ -288,18 +277,17 @@ KEY_MANAGER_CAPI int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy) { return try_catch_enclosure([&]()->int { - if(alias == NULL) { + if (alias == NULL) return CKMC_ERROR_INVALID_PARAMETER; - } + CKM::Alias ckmAlias(alias); - if(cert.raw_cert == NULL || cert.cert_size <= 0) { + if (cert.raw_cert == NULL || cert.cert_size <= 0) return CKMC_ERROR_INVALID_PARAMETER; - } + CKM::CertificateShPtr ckmCert = _toCkmCertificate(&cert); - if(ckmCert.get() == NULL) { + if (ckmCert.get() == NULL) return CKMC_ERROR_INVALID_FORMAT; - } CKM::Policy storePolicy(_tostring(policy.password), policy.extractable); @@ -323,38 +311,35 @@ int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **cert) CKM::CertificateShPtr ckmCert; int ret; - if(alias == NULL || cert == NULL) { + if (alias == NULL || cert == NULL) return CKMC_ERROR_INVALID_PARAMETER; - } CKM::ManagerShPtr mgr = CKM::Manager::create(); - if( (ret = mgr->getCertificate(alias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) { + if ((ret = mgr->getCertificate(alias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) return to_ckmc_error(ret); - } CKM::RawBuffer buffer = ckmCert->getDER(); - ret = ckmc_cert_new( buffer.data(), buffer.size(), CKMC_FORM_DER, cert); + ret = ckmc_cert_new(buffer.data(), buffer.size(), CKMC_FORM_DER, cert); return ret; }); } KEY_MANAGER_CAPI -int ckmc_get_cert_alias_list(ckmc_alias_list_s** alias_list) { +int ckmc_get_cert_alias_list(ckmc_alias_list_s** alias_list) +{ return try_catch_enclosure([&]()->int { int ret; - if (alias_list == NULL) { + if (alias_list == NULL) return CKMC_ERROR_INVALID_PARAMETER; - } *alias_list = NULL; CKM::AliasVector aliasVector; CKM::ManagerShPtr mgr = CKM::Manager::create(); - if ((ret = mgr->getCertificateAliasVector(aliasVector)) != CKM_API_SUCCESS) { + if ((ret = mgr->getCertificateAliasVector(aliasVector)) != CKM_API_SUCCESS) return to_ckmc_error(ret); - } ckmc_alias_list_s *plist = NULL; @@ -375,9 +360,8 @@ int ckmc_get_cert_alias_list(ckmc_alias_list_s** alias_list) { } } - if(plist == NULL) { // if the alias_list size is zero + if (plist == NULL) // if the alias_list size is zero return CKMC_ERROR_DB_ALIAS_UNKNOWN; - } return CKMC_ERROR_NONE; }); @@ -391,9 +375,9 @@ int ckmc_save_pkcs12(const char *alias, const ckmc_pkcs12_s *ppkcs, const ckmc_p CKM::CertificateShPtr cert; CKM::CertificateShPtrVector ca_cert_list; - if(alias==NULL || ppkcs==NULL) { + if (alias == NULL || ppkcs == NULL) return CKMC_ERROR_INVALID_PARAMETER; - } + CKM::Alias ckmAlias(alias); private_key = _toCkmKey(ppkcs->priv_key); cert = _toCkmCertificate(ppkcs->cert); @@ -422,9 +406,8 @@ int ckmc_get_pkcs12(const char *alias, const char *key_password, const char *cer ckmc_cert_s *cert = NULL; ckmc_cert_list_s *ca_cert_list = 0; - if(!alias || !pkcs12) { + if (!alias || !pkcs12) return CKMC_ERROR_INVALID_PARAMETER; - } if (key_password) keyPass = key_password; @@ -434,29 +417,26 @@ int ckmc_get_pkcs12(const char *alias, const char *key_password, const char *cer auto mgr = CKM::Manager::create(); - if((ret = mgr->getPKCS12(alias, keyPass, certPass, pkcs)) != CKM_API_SUCCESS) { + if ((ret = mgr->getPKCS12(alias, keyPass, certPass, pkcs)) != CKM_API_SUCCESS) return to_ckmc_error(ret); - } - if(!pkcs) + if (!pkcs) return CKMC_ERROR_BAD_RESPONSE; auto pkcsKey = pkcs->getKey(); - if(pkcsKey) - { + if (pkcsKey) { CKM::RawBuffer buffer = pkcsKey->getDER(); ckmc_key_type_e keyType = static_cast(pkcsKey->getType()); ret = ckmc_key_new(buffer.data(), buffer.size(), keyType, NULL, &private_key); - if(ret != CKMC_ERROR_NONE) + if (ret != CKMC_ERROR_NONE) return ret; } auto pkcsCert = pkcs->getCertificate(); - if(pkcsCert) - { + if (pkcsCert) { CKM::RawBuffer buffer = pkcsCert->getDER(); ret = ckmc_cert_new(buffer.data(), buffer.size(), CKMC_FORM_DER, &cert); - if(ret != CKMC_ERROR_NONE) { + if (ret != CKMC_ERROR_NONE) { ckmc_key_free(private_key); return ret; } @@ -465,8 +445,7 @@ int ckmc_get_pkcs12(const char *alias, const char *key_password, const char *cer ca_cert_list = _toNewCkmCertList(pkcs->getCaCertificateShPtrVector()); ret = ckmc_pkcs12_new(private_key, cert, ca_cert_list, pkcs12); - if(ret != CKMC_ERROR_NONE) - { + if (ret != CKMC_ERROR_NONE) { ckmc_key_free(private_key); ckmc_cert_free(cert); ckmc_cert_list_free(ca_cert_list); @@ -480,14 +459,14 @@ KEY_MANAGER_CAPI int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy) { return try_catch_enclosure([&]()->int { - if(alias == NULL) { + if (alias == NULL) return CKMC_ERROR_INVALID_PARAMETER; - } + CKM::Alias ckmAlias(alias); - if(data.data == NULL || data.size <= 0) { + if (data.data == NULL || data.size <= 0) return CKMC_ERROR_INVALID_PARAMETER; - } + CKM::RawBuffer buffer(data.data, data.data + data.size); CKM::Policy storePolicy(_tostring(policy.password), policy.extractable); @@ -512,14 +491,12 @@ int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **d CKM::RawBuffer ckmBuff; int ret; - if(alias == NULL || data == NULL) { + if (alias == NULL || data == NULL) return CKMC_ERROR_INVALID_PARAMETER; - } CKM::ManagerShPtr mgr = CKM::Manager::create(); - if( (ret = mgr->getData(alias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) { + if ((ret = mgr->getData(alias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) return to_ckmc_error(ret); - } ret = ckmc_buffer_new(ckmBuff.data(), ckmBuff.size(), data); @@ -528,21 +505,20 @@ int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **d } KEY_MANAGER_CAPI -int ckmc_get_data_alias_list(ckmc_alias_list_s** alias_list){ +int ckmc_get_data_alias_list(ckmc_alias_list_s** alias_list) +{ return try_catch_enclosure([&]()->int { int ret; - if(alias_list == NULL) { + if (alias_list == NULL) return CKMC_ERROR_INVALID_PARAMETER; - } *alias_list = NULL; CKM::AliasVector aliasVector; CKM::ManagerShPtr mgr = CKM::Manager::create(); - if( (ret = mgr->getDataAliasVector(aliasVector)) != CKM_API_SUCCESS) { + if ((ret = mgr->getDataAliasVector(aliasVector)) != CKM_API_SUCCESS) return to_ckmc_error(ret); - } ckmc_alias_list_s *plist = NULL; @@ -563,9 +539,8 @@ int ckmc_get_data_alias_list(ckmc_alias_list_s** alias_list){ } } - if(plist == NULL) { // if the alias_list size is zero + if (plist == NULL) // if the alias_list size is zero return CKMC_ERROR_DB_ALIAS_UNKNOWN; - } return CKMC_ERROR_NONE; }); @@ -582,9 +557,8 @@ int ckmc_create_key_pair_rsa(const size_t size, int ret; CKM::ManagerShPtr mgr = CKM::Manager::create(); - if(private_key_alias == NULL || public_key_alias == NULL) { + if (private_key_alias == NULL || public_key_alias == NULL) return CKMC_ERROR_INVALID_PARAMETER; - } CKM::Alias ckmPrivakeKeyAlias(private_key_alias); CKM::Alias ckmPublicKeyAlias(public_key_alias); @@ -607,9 +581,8 @@ int ckmc_create_key_pair_dsa(const size_t size, int ret; CKM::ManagerShPtr mgr = CKM::Manager::create(); - if(private_key_alias == NULL || public_key_alias == NULL) { + if (private_key_alias == NULL || public_key_alias == NULL) return CKMC_ERROR_INVALID_PARAMETER; - } CKM::Alias ckmPrivakeKeyAlias(private_key_alias); CKM::Alias ckmPublicKeyAlias(public_key_alias); @@ -631,9 +604,8 @@ int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type, return try_catch_enclosure([&]()->int { CKM::ManagerShPtr mgr = CKM::Manager::create(); - if(private_key_alias == NULL || public_key_alias == NULL) { + if (private_key_alias == NULL || public_key_alias == NULL) return CKMC_ERROR_INVALID_PARAMETER; - } CKM::ElipticCurve ckmType = static_cast(static_cast(type)); CKM::Alias ckmPrivakeKeyAlias(private_key_alias); @@ -654,7 +626,7 @@ int ckmc_create_key_aes(size_t size, return try_catch_enclosure([&]()->int { CKM::ManagerShPtr mgr = CKM::Manager::create(); - if(key_alias == NULL) + if (key_alias == NULL) return CKMC_ERROR_INVALID_PARAMETER; CKM::Alias ckmKeyAlias(key_alias); @@ -678,26 +650,24 @@ int ckmc_create_signature(const char *private_key_alias, CKM::ManagerShPtr mgr = CKM::Manager::create(); CKM::RawBuffer ckmSignature; - if(private_key_alias == NULL || signature == NULL) { + if (private_key_alias == NULL || signature == NULL) return CKMC_ERROR_INVALID_PARAMETER; - } CKM::Alias ckmPrivakeKeyAlias(private_key_alias); CKM::RawBuffer ckmMessage(message.data, message.data + message.size); CKM::HashAlgorithm ckmHashAlgo = static_cast(static_cast(hash)); CKM::RSAPaddingAlgorithm ckmPadding = static_cast(static_cast(padding)); - if( (ret = mgr->createSignature( + if ((ret = mgr->createSignature( ckmPrivakeKeyAlias, _tostring(password), ckmMessage, ckmHashAlgo, ckmPadding, - ckmSignature)) != CKM_API_SUCCESS) { + ckmSignature)) != CKM_API_SUCCESS) return to_ckmc_error(ret); - } - ret = ckmc_buffer_new( ckmSignature.data(), ckmSignature.size(), signature); + ret = ckmc_buffer_new(ckmSignature.data(), ckmSignature.size(), signature); return ret; }); @@ -715,9 +685,8 @@ int ckmc_verify_signature(const char *public_key_alias, int ret; CKM::ManagerShPtr mgr = CKM::Manager::create(); - if(public_key_alias == NULL) { + if (public_key_alias == NULL) return CKMC_ERROR_INVALID_PARAMETER; - } CKM::Alias ckmPublicKeyAlias(public_key_alias); CKM::RawBuffer ckmMessage(message.data, message.data + message.size); @@ -725,15 +694,14 @@ int ckmc_verify_signature(const char *public_key_alias, CKM::HashAlgorithm ckmHashAlgo = static_cast(static_cast(hash)); CKM::RSAPaddingAlgorithm ckmPadding = static_cast(static_cast(padding)); - if( (ret = mgr->verifySignature( + if ((ret = mgr->verifySignature( ckmPublicKeyAlias, _tostring(password), ckmMessage, ckmSignature, ckmHashAlgo, - ckmPadding)) != CKM_API_SUCCESS) { + ckmPadding)) != CKM_API_SUCCESS) return to_ckmc_error(ret); - } return CKMC_ERROR_NONE; }); @@ -747,18 +715,16 @@ int ckmc_get_cert_chain(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrust CKM::ManagerShPtr mgr = CKM::Manager::create(); CKM::CertificateShPtrVector ckmCertChain; - if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) { + if (cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) return CKMC_ERROR_INVALID_PARAMETER; - } CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert); CKM::CertificateShPtrVector ckmUntrustedCerts = _toCkmCertificateVector(untrustedcerts); ret = mgr->getCertificateChain(ckmCert, ckmUntrustedCerts, EMPTY_CERT_VECTOR, true, ckmCertChain); - if( ret != CKM_API_SUCCESS) { + if (ret != CKM_API_SUCCESS) return to_ckmc_error(ret); - } *cert_chain_list = _toNewCkmCertList(ckmCertChain); @@ -775,21 +741,18 @@ int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, const ckmc_alias_lis CKM::CertificateShPtrVector ckmCertChain; - if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) { + if (cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) return CKMC_ERROR_INVALID_PARAMETER; - } CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert); - if(ckmCert.get() == NULL) { + if (ckmCert.get() == NULL) return CKMC_ERROR_INVALID_FORMAT; - } CKM::AliasVector ckmUntrustedAliases = _toCkmAliasVector(untrustedcerts); ret = mgr->getCertificateChain(ckmCert, ckmUntrustedAliases, EMPTY_ALIAS_VECTOR, true, ckmCertChain); - if( ret != CKM_API_SUCCESS) { + if (ret != CKM_API_SUCCESS) return to_ckmc_error(ret); - } *cert_chain_list = _toNewCkmCertList(ckmCertChain); @@ -809,22 +772,19 @@ int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s* cert, CKM::ManagerShPtr mgr = CKM::Manager::create(); CKM::CertificateShPtrVector ckm_cert_chain; - if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) { + if (cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) return CKMC_ERROR_INVALID_PARAMETER; - } CKM::CertificateShPtr ckm_cert = _toCkmCertificate(cert); - if(ckm_cert.get() == NULL) { + if (ckm_cert.get() == NULL) return CKMC_ERROR_INVALID_PARAMETER; - } CKM::CertificateShPtrVector ckm_untrusted = _toCkmCertificateVector(untrustedcerts); CKM::CertificateShPtrVector ckm_trusted = _toCkmCertificateVector(trustedcerts); ret = mgr->getCertificateChain(ckm_cert, ckm_untrusted, ckm_trusted, sys_certs, ckm_cert_chain); - if( ret != CKM_API_SUCCESS) { + if (ret != CKM_API_SUCCESS) return to_ckmc_error(ret); - } *ppcert_chain_list = _toNewCkmCertList(ckm_cert_chain); @@ -840,9 +800,8 @@ int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e || pcert_chain_list->cert == NULL || pcert_chain_list->cert->raw_cert == NULL || pcert_chain_list->cert->cert_size <= 0 - || ocsp_status == NULL) { + || ocsp_status == NULL) return CKMC_ERROR_INVALID_PARAMETER; - } int tmpOcspStatus = -1; CKM::ManagerShPtr mgr = CKM::Manager::create(); @@ -860,7 +819,7 @@ int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right return try_catch_enclosure([&]()->int { int ec, permissionMask; ec = access_to_permission_mask(granted, permissionMask); - if(ec != CKMC_ERROR_NONE) + if (ec != CKMC_ERROR_NONE) return ec; return ckmc_set_permission(alias, accessor, permissionMask); @@ -895,7 +854,7 @@ KEY_MANAGER_CAPI int ckmc_remove_alias(const char *alias) { return try_catch_enclosure([&]()->int { - if(!alias) + if (!alias) return CKMC_ERROR_INVALID_PARAMETER; CKM::ManagerShPtr mgr = CKM::Manager::create(); diff --git a/src/manager/client-capi/ckmc-type-converter.cpp b/src/manager/client-capi/ckmc-type-converter.cpp old mode 100644 new mode 100755 index b85c885..8a27cfb --- a/src/manager/client-capi/ckmc-type-converter.cpp +++ b/src/manager/client-capi/ckmc-type-converter.cpp @@ -23,8 +23,9 @@ #include #include -int to_ckm_error(int ckmc_error) { - switch(ckmc_error) { +int to_ckm_error(int ckmc_error) +{ + switch (ckmc_error) { case CKMC_ERROR_NONE: return CKM_API_SUCCESS; case CKMC_ERROR_SOCKET: return CKM_API_ERROR_SOCKET; case CKMC_ERROR_BAD_REQUEST: return CKM_API_ERROR_BAD_REQUEST; @@ -52,8 +53,9 @@ int to_ckm_error(int ckmc_error) { return CKMC_ERROR_UNKNOWN; } -int to_ckmc_error(int ckm_error) { - switch(ckm_error) { +int to_ckmc_error(int ckm_error) +{ + switch (ckm_error) { case CKM_API_SUCCESS: return CKMC_ERROR_NONE; case CKM_API_ERROR_SOCKET: return CKMC_ERROR_SOCKET; case CKM_API_ERROR_BAD_REQUEST: return CKMC_ERROR_BAD_REQUEST; @@ -81,8 +83,9 @@ int to_ckmc_error(int ckm_error) { return CKMC_ERROR_UNKNOWN; } -ckmc_ocsp_status_e to_ckmc_ocsp_status(int ckm_ocsp_status) { - switch(ckm_ocsp_status) { +ckmc_ocsp_status_e to_ckmc_ocsp_status(int ckm_ocsp_status) +{ + switch (ckm_ocsp_status) { case CKM_API_OCSP_STATUS_GOOD: return CKMC_OCSP_STATUS_GOOD; case CKM_API_OCSP_STATUS_UNSUPPORTED: return CKMC_OCSP_ERROR_UNSUPPORTED; case CKM_API_OCSP_STATUS_REVOKED: return CKMC_OCSP_STATUS_REVOKED; @@ -97,8 +100,7 @@ ckmc_ocsp_status_e to_ckmc_ocsp_status(int ckm_ocsp_status) { int access_to_permission_mask(ckmc_access_right_e ar, int & permissionMask) { - switch(ar) - { + switch (ar) { case CKMC_AR_READ: permissionMask = CKMC_PERMISSION_READ; break; diff --git a/src/manager/client-capi/ckmc-type.cpp b/src/manager/client-capi/ckmc-type.cpp old mode 100644 new mode 100755 index a5de9f2..4db37f8 --- a/src/manager/client-capi/ckmc-type.cpp +++ b/src/manager/client-capi/ckmc-type.cpp @@ -44,9 +44,8 @@ const size_t DEFAULT_KEY_LEN_BITS = 4096; int _ckmc_load_cert_from_x509(X509 *xCert, ckmc_cert_s **cert) { - if(xCert == NULL) { + if (xCert == NULL) return CKMC_ERROR_INVALID_FORMAT; - } BIO *bcert = BIO_new(BIO_s_mem()); @@ -55,9 +54,9 @@ int _ckmc_load_cert_from_x509(X509 *xCert, ckmc_cert_s **cert) CKM::RawBuffer output(8196); int size = BIO_read(bcert, output.data(), output.size()); BIO_free_all(bcert); - if (size <= 0) { + if (size <= 0) return CKMC_ERROR_INVALID_FORMAT; - } + output.resize(size); return ckmc_cert_new(output.data(), output.size(), CKMC_FORM_DER, cert); @@ -75,16 +74,15 @@ int ckmc_key_new(unsigned char *raw_key, size_t key_size, ckmc_key_type_e key_ty { ckmc_key_s *pkey; - if(raw_key == NULL || key_size == 0 || ppkey == NULL) { + if (raw_key == NULL || key_size == 0 || ppkey == NULL) return CKMC_ERROR_INVALID_PARAMETER; - } pkey = static_cast(malloc(sizeof(ckmc_key_s))); - if(pkey == NULL) { + if (pkey == NULL) return CKMC_ERROR_OUT_OF_MEMORY; - } + pkey->raw_key = reinterpret_cast(malloc(key_size)); - if(pkey->raw_key == NULL) { + if (pkey->raw_key == NULL) { free(pkey); return CKMC_ERROR_OUT_OF_MEMORY; } @@ -93,16 +91,16 @@ int ckmc_key_new(unsigned char *raw_key, size_t key_size, ckmc_key_type_e key_ty pkey->key_size = key_size; pkey->key_type = key_type; - if(password != NULL) { + if (password != NULL) { pkey->password = reinterpret_cast(malloc(strlen(password) +1)); - if(pkey->password == NULL) { + if (pkey->password == NULL) { free(pkey->raw_key); free(pkey); return CKMC_ERROR_OUT_OF_MEMORY; } memset(pkey->password, 0, strlen(password) +1); strncpy(pkey->password, password, strlen(password)); - }else { + } else { pkey->password = NULL; } @@ -114,12 +112,12 @@ int ckmc_key_new(unsigned char *raw_key, size_t key_size, ckmc_key_type_e key_ty KEY_MANAGER_CAPI void ckmc_key_free(ckmc_key_s *key) { - if(key == NULL) + if (key == NULL) return; - if(key->password != NULL) + if (key->password != NULL) free(key->password); - if(key->raw_key != NULL) { + if (key->raw_key != NULL) { memset(key->raw_key, 0, key->key_size); free(key->raw_key); } @@ -128,20 +126,19 @@ void ckmc_key_free(ckmc_key_s *key) } KEY_MANAGER_CAPI -int ckmc_buffer_new(unsigned char *data, size_t size,ckmc_raw_buffer_s **ppbuffer) +int ckmc_buffer_new(unsigned char *data, size_t size, ckmc_raw_buffer_s **ppbuffer) { ckmc_raw_buffer_s *pbuff; - if(data == NULL || size == 0 || ppbuffer == NULL) { + if (data == NULL || size == 0 || ppbuffer == NULL) return CKMC_ERROR_INVALID_PARAMETER; - } pbuff = static_cast(malloc(sizeof(ckmc_raw_buffer_s))); - if(pbuff == NULL) + if (pbuff == NULL) return CKMC_ERROR_OUT_OF_MEMORY; pbuff->data = reinterpret_cast(malloc(size)); - if(pbuff->data == NULL) { + if (pbuff->data == NULL) { free(pbuff); return CKMC_ERROR_OUT_OF_MEMORY; } @@ -156,10 +153,10 @@ int ckmc_buffer_new(unsigned char *data, size_t size,ckmc_raw_buffer_s **ppbuffe KEY_MANAGER_CAPI void ckmc_buffer_free(ckmc_raw_buffer_s *buffer) { - if(buffer == NULL) + if (buffer == NULL) return; - if(buffer->data != NULL) { + if (buffer->data != NULL) { memset(buffer->data, 0, buffer->size); free(buffer->data); } @@ -171,16 +168,15 @@ int ckmc_cert_new(unsigned char *raw_cert, size_t cert_size, ckmc_data_format_e { ckmc_cert_s *pcert; - if(raw_cert == NULL || cert_size == 0 || ppcert == NULL) { + if (raw_cert == NULL || cert_size == 0 || ppcert == NULL) return CKMC_ERROR_INVALID_PARAMETER; - } pcert = static_cast(malloc(sizeof(ckmc_cert_s))); - if(pcert == NULL) { + if (pcert == NULL) return CKMC_ERROR_OUT_OF_MEMORY; - } + pcert->raw_cert = reinterpret_cast(malloc(cert_size)); - if(pcert->raw_cert == NULL) { + if (pcert->raw_cert == NULL) { free(pcert); return CKMC_ERROR_OUT_OF_MEMORY; } @@ -199,32 +195,31 @@ int ckmc_load_cert_from_file(const char *file_path, ckmc_cert_s **cert) CKM::initOpenSslOnce(); FILE *fp = fopen(file_path, "r"); - if(fp == NULL) + if (fp == NULL) return CKMC_ERROR_FILE_ACCESS_DENIED; X509 *pcert = NULL; - if(!(pcert = d2i_X509_fp(fp, NULL))) { + if (!(pcert = d2i_X509_fp(fp, NULL))) { fseek(fp, 0, SEEK_SET); pcert = PEM_read_X509(fp, NULL, NULL, NULL); } fclose(fp); - if(pcert == NULL) { + if (pcert == NULL) return CKMC_ERROR_INVALID_FORMAT; - } int ret = _ckmc_load_cert_from_x509(pcert, cert); - if(ret != CKMC_ERROR_NONE) { + if (ret != CKMC_ERROR_NONE) X509_free(pcert); - } + return ret; } KEY_MANAGER_CAPI void ckmc_cert_free(ckmc_cert_s *cert) { - if(cert == NULL) + if (cert == NULL) return; - if(cert->raw_cert != NULL) { + if (cert->raw_cert != NULL) { memset(cert->raw_cert, 0, cert->cert_size); free(cert->raw_cert); } @@ -237,15 +232,14 @@ int ckmc_pkcs12_new(ckmc_key_s *private_key, ckmc_cert_s *cert, { ckmc_pkcs12_s *pkcs12; - if(!pkcs12_bundle || - (private_key==NULL && cert==NULL && (ca_cert_list==NULL || ca_cert_list->cert==NULL))) { + if (!pkcs12_bundle || + (private_key == NULL && cert == NULL && (ca_cert_list == NULL || ca_cert_list->cert == NULL))) return CKMC_ERROR_INVALID_PARAMETER; - } pkcs12 = static_cast(malloc(sizeof(ckmc_pkcs12_s))); - if(pkcs12 == NULL) { + if (pkcs12 == NULL) return CKMC_ERROR_OUT_OF_MEMORY; - } + // ownership is transferred into pkcs12 - mentioned in the docs pkcs12->priv_key = private_key; pkcs12->cert = cert; @@ -267,12 +261,14 @@ int ckmc_load_from_pkcs12_file(const char *file_path, const char *passphrase, ck STACK_OF(X509)* ca; int ret; + public: ckmc_key_s *retPrivateKey; ckmc_cert_s *retCkmCert; ckmc_cert_list_s *retCaCertList; - Pkcs12Converter(){ + Pkcs12Converter() + { fp_in = NULL; p12 = NULL; pkey = NULL; @@ -283,59 +279,61 @@ int ckmc_load_from_pkcs12_file(const char *file_path, const char *passphrase, ck retCkmCert = NULL; retCaCertList = NULL; }; - ~Pkcs12Converter(){ - if(fp_in != NULL) + ~Pkcs12Converter() + { + if (fp_in != NULL) fclose(fp_in); - if(p12 != NULL) + if (p12 != NULL) PKCS12_free(p12); - if(x509Cert != NULL) + if (x509Cert != NULL) X509_free(x509Cert); - if(pkey != NULL) + if (pkey != NULL) EVP_PKEY_free(pkey); - if(ca != NULL) + if (ca != NULL) sk_X509_pop_free(ca, X509_free); - if(ret != CKMC_ERROR_NONE) { - if(retPrivateKey != NULL){ + if (ret != CKMC_ERROR_NONE) { + if (retPrivateKey != NULL) { ckmc_key_free(retPrivateKey); retPrivateKey = NULL; } - if(retCkmCert != NULL) { + if (retCkmCert != NULL) { ckmc_cert_free(retCkmCert); retCkmCert = NULL; } - if(retCaCertList != NULL) { + if (retCaCertList != NULL) { ckmc_cert_list_all_free(retCaCertList); retCaCertList = NULL; } } }; - int parsePkcs12(const char *filePath, const char *pass) { + int parsePkcs12(const char *filePath, const char *pass) + { fp_in = NULL; - if(!(fp_in = fopen(filePath, "rb"))) { + if (!(fp_in = fopen(filePath, "rb"))) return CKMC_ERROR_FILE_ACCESS_DENIED; - } - if(!(p12 = d2i_PKCS12_fp(fp_in, NULL))) { + if (!(p12 = d2i_PKCS12_fp(fp_in, NULL))) return CKMC_ERROR_INVALID_FORMAT; - } /* parse PKCS#12 certificate */ - if((ret = PKCS12_parse(p12, pass, &pkey, &x509Cert, &ca)) != 1) { + if ((ret = PKCS12_parse(p12, pass, &pkey, &x509Cert, &ca)) != 1) return CKMC_ERROR_INVALID_FORMAT; - } + return CKMC_ERROR_NONE; } - int toCkmCert() { - if( (ret =_ckmc_load_cert_from_x509(x509Cert,&retCkmCert)) != CKMC_ERROR_NONE) { + int toCkmCert() + { + if ((ret = _ckmc_load_cert_from_x509(x509Cert, &retCkmCert)) != CKMC_ERROR_NONE) return ret; - } + return CKMC_ERROR_NONE; } - int toCkmKey() { + int toCkmKey() + { BIO *bkey = BIO_new(BIO_s_mem()); i2d_PrivateKey_bio(bkey, pkey); @@ -343,14 +341,14 @@ int ckmc_load_from_pkcs12_file(const char *file_path, const char *passphrase, ck CKM::RawBuffer output(8196); int size = BIO_read(bkey, output.data(), output.size()); BIO_free_all(bkey); - if (size <= 0) { + if (size <= 0) return CKMC_ERROR_INVALID_FORMAT; - } + output.resize(size); int type = EVP_PKEY_type(pkey->type); ckmc_key_type_e key_type = CKMC_KEY_NONE; - switch(type) { + switch (type) { case EVP_PKEY_RSA : key_type = CKMC_KEY_RSA_PRIVATE; break; @@ -361,31 +359,31 @@ int ckmc_load_from_pkcs12_file(const char *file_path, const char *passphrase, ck key_type = CKMC_KEY_ECDSA_PRIVATE; break; } - if(key_type == CKMC_KEY_NONE) { + if (key_type == CKMC_KEY_NONE) return CKMC_ERROR_INVALID_FORMAT; - } char *nullPassword = NULL; return ckmc_key_new(output.data(), size, key_type, nullPassword, &retPrivateKey); } - int toCaCkmCertList() { + int toCaCkmCertList() + { int tmpRet; X509* popedCert = NULL; ckmc_cert_s *popedCkmCert = NULL; ckmc_cert_list_s *tmpCertList = NULL; - while((popedCert = sk_X509_pop(ca)) != NULL) { - if( (tmpRet =_ckmc_load_cert_from_x509(popedCert, &popedCkmCert)) != CKMC_ERROR_NONE) { + while ((popedCert = sk_X509_pop(ca)) != NULL) { + if ((tmpRet =_ckmc_load_cert_from_x509(popedCert, &popedCkmCert)) != CKMC_ERROR_NONE) return CKMC_ERROR_OUT_OF_MEMORY; - } - if(tmpCertList == NULL) { // first + + if (tmpCertList == NULL) { // first tmpRet = ckmc_cert_list_new(popedCkmCert, &tmpCertList); retCaCertList = tmpCertList; - }else { + } else { tmpRet = ckmc_cert_list_add(tmpCertList, popedCkmCert, &tmpCertList); } - if(tmpRet != CKMC_ERROR_NONE) { + if (tmpRet != CKMC_ERROR_NONE) { ckmc_cert_list_all_free(retCaCertList); retCaCertList = NULL; return tmpRet; @@ -393,7 +391,6 @@ int ckmc_load_from_pkcs12_file(const char *file_path, const char *passphrase, ck } return CKMC_ERROR_NONE; } - }; CKM::initOpenSslOnce(); @@ -401,18 +398,17 @@ int ckmc_load_from_pkcs12_file(const char *file_path, const char *passphrase, ck int ret = CKMC_ERROR_NONE; Pkcs12Converter converter; - if((ret = converter.parsePkcs12(file_path, passphrase)) != CKMC_ERROR_NONE) { + if ((ret = converter.parsePkcs12(file_path, passphrase)) != CKMC_ERROR_NONE) return ret; - } - if((ret = converter.toCkmCert()) != CKMC_ERROR_NONE) { + + if ((ret = converter.toCkmCert()) != CKMC_ERROR_NONE) return ret; - } - if((ret = converter.toCkmKey()) != CKMC_ERROR_NONE) { + + if ((ret = converter.toCkmKey()) != CKMC_ERROR_NONE) return ret; - } - if((ret = converter.toCaCkmCertList()) != CKMC_ERROR_NONE) { + + if ((ret = converter.toCaCkmCertList()) != CKMC_ERROR_NONE) return ret; - } *private_key = converter.retPrivateKey; *ckmcert = converter.retCkmCert; @@ -429,16 +425,15 @@ int ckmc_pkcs12_load(const char *file_path, const char *passphrase, ckmc_pkcs12_ ckmc_cert_s *cert = 0; ckmc_cert_list_s *ca_cert_list = 0; - if(!file_path || !pkcs12_bundle) + if (!file_path || !pkcs12_bundle) return CKMC_ERROR_INVALID_PARAMETER; ec = ckmc_load_from_pkcs12_file(file_path, passphrase, &private_key, &cert, &ca_cert_list); - if(ec != CKMC_ERROR_NONE) + if (ec != CKMC_ERROR_NONE) return ec; ec = ckmc_pkcs12_new(private_key, cert, ca_cert_list, pkcs12_bundle); - if(ec != CKMC_ERROR_NONE) - { + if (ec != CKMC_ERROR_NONE) { ckmc_key_free(private_key); ckmc_cert_free(cert); ckmc_cert_list_free(ca_cert_list); @@ -451,7 +446,7 @@ int ckmc_pkcs12_load(const char *file_path, const char *passphrase, ckmc_pkcs12_ KEY_MANAGER_CAPI void ckmc_pkcs12_free(ckmc_pkcs12_s *pkcs12) { - if(pkcs12 == NULL) + if (pkcs12 == NULL) return; ckmc_key_free(pkcs12->priv_key); @@ -472,21 +467,19 @@ int ckmc_alias_list_add(ckmc_alias_list_s *previous, char *alias, ckmc_alias_lis { ckmc_alias_list_s *plist; - if(alias == NULL || pplast == NULL) { + if (alias == NULL || pplast == NULL) return CKMC_ERROR_INVALID_PARAMETER; - } plist = static_cast(malloc(sizeof(ckmc_alias_list_s))); - if(plist == NULL) { + if (plist == NULL) return CKMC_ERROR_OUT_OF_MEMORY; - } plist->alias = alias; plist->next = NULL; - if(previous != NULL) { + if (previous != NULL) previous->next = plist; - } + *pplast = plist; return CKMC_ERROR_NONE; @@ -527,20 +520,18 @@ int ckmc_cert_list_add(ckmc_cert_list_s *previous, ckmc_cert_s *cert, ckmc_cert_ { ckmc_cert_list_s *plist; - if(cert == NULL || pplast == NULL) { + if (cert == NULL || pplast == NULL) return CKMC_ERROR_INVALID_PARAMETER; - } plist = static_cast(malloc(sizeof(ckmc_cert_list_s))); - if(plist == NULL) { + if (plist == NULL) return CKMC_ERROR_OUT_OF_MEMORY; - } + plist->cert = cert; plist->next = NULL; - if(previous != NULL) { + if (previous != NULL) previous->next = plist; - } *pplast = plist; @@ -634,7 +625,7 @@ int ckmc_param_list_get_buffer(ckmc_param_list_h params, const CKM::CryptoAlgorithm* algo = reinterpret_cast(params); CKM::RawBuffer value; - if (!algo->getParam(static_cast(name),value)) + if (!algo->getParam(static_cast(name), value)) return CKMC_ERROR_INVALID_PARAMETER; return ckmc_buffer_new(value.data(), value.size(), ppbuffer); diff --git a/src/manager/client/client-common.cpp b/src/manager/client/client-common.cpp index 10d5de1..5aca5c5 100644 --- a/src/manager/client/client-common.cpp +++ b/src/manager/client/client-common.cpp @@ -83,7 +83,8 @@ int SockRAII::connect(const char * interface) return CKM_API_SUCCESS; } -int SockRAII::connectWrapper(int sock, const char *interface) { +int SockRAII::connectWrapper(int sock, const char *interface) +{ int flags; // we need to be sure that socket is in blocking mode @@ -108,8 +109,7 @@ int SockRAII::connectWrapper(int sock, const char *interface) { int retval = TEMP_FAILURE_RETRY(::connect(sock, (struct sockaddr*)&clientAddr, SUN_LEN(&clientAddr))); // we don't need to support EINPROGRESS because the socket is in blocking mode - if(-1 == retval) - { + if (-1 == retval) { if (errno == EACCES) { LogError("Access denied to interface: " << interface); return CKM_API_ERROR_ACCESS_DENIED; @@ -127,11 +127,13 @@ int SockRAII::connectWrapper(int sock, const char *interface) { return CKM_API_SUCCESS; } -bool SockRAII::isConnected() const { +bool SockRAII::isConnected() const +{ return (m_sock > -1); } -void SockRAII::disconnect() { +void SockRAII::disconnect() +{ if (isConnected()) close(m_sock); m_sock = -1; @@ -144,32 +146,28 @@ int SockRAII::waitForSocket(int event, int timeout) desc[0].fd = m_sock; desc[0].events = event; - while((-1 == (retval = poll(desc, 1, timeout))) && (errno == EINTR)) { + while ((-1 == (retval = poll(desc, 1, timeout))) && (errno == EINTR)) { timeout >>= 1; errno = 0; } - if (0 == retval) { + if (0 == retval) LogDebug("Poll timeout"); - } else if(-1 == retval) { + else if (-1 == retval) LogError("Error in poll: " << CKM::GetErrnoString(errno)); - } + return retval; } -int SockRAII::get() const { +int SockRAII::get() const +{ return m_sock; } -} // namespace anonymous - -namespace CKM { - AliasSupport::AliasSupport(const Alias &alias) { std::size_t separator_pos = alias.rfind(CKM::LABEL_NAME_SEPARATOR); - if(separator_pos == Alias::npos) - { + if (separator_pos == Alias::npos) { m_label.clear(); m_name = alias; } else { @@ -180,7 +178,7 @@ AliasSupport::AliasSupport(const Alias &alias) Alias AliasSupport::merge(const Label &label, const Name &name) { - if(label.empty()) + if (label.empty()) return name; std::stringstream output; @@ -188,20 +186,24 @@ Alias AliasSupport::merge(const Label &label, const Name &name) return output.str(); } -const Name & AliasSupport::getName() const { +const Name & AliasSupport::getName() const +{ return m_name; } -const Label & AliasSupport::getLabel() const { +const Label & AliasSupport::getLabel() const +{ return m_label; } -bool AliasSupport::isLabelEmpty() const { +bool AliasSupport::isLabelEmpty() const +{ return m_label.empty(); } -ServiceConnection::ServiceConnection(const char *service_interface) { - if(service_interface) +ServiceConnection::ServiceConnection(const char *service_interface) +{ + if (service_interface) m_serviceInterface = std::string(service_interface); } @@ -210,7 +212,7 @@ int ServiceConnection::processRequest( CKM::MessageBuffer &recv_buf) { int ec; - if(CKM_API_SUCCESS != (ec = send(send_buf))) + if (CKM_API_SUCCESS != (ec = send(send_buf))) return ec; return receive(recv_buf); @@ -262,8 +264,7 @@ int ServiceConnection::send(const CKM::RawBuffer &send_buf) int ServiceConnection::receive(CKM::MessageBuffer &recv_buf) { - if (!m_socket.isConnected()) - { + if (!m_socket.isConnected()) { LogError("Not connected!"); return CKM_API_ERROR_SOCKET; } @@ -271,9 +272,8 @@ int ServiceConnection::receive(CKM::MessageBuffer &recv_buf) int ec = CKM_API_SUCCESS; const size_t c_recv_buf_len = 2048; char buffer[c_recv_buf_len]; - do - { - if( 0 >= m_socket.waitForSocket(POLLIN, POLL_TIMEOUT)) { + do { + if (0 >= m_socket.waitForSocket(POLLIN, POLL_TIMEOUT)) { LogError("Error in WaitForSocket."); ec = CKM_API_ERROR_SOCKET; break; @@ -283,7 +283,7 @@ int ServiceConnection::receive(CKM::MessageBuffer &recv_buf) buffer, sizeof(buffer), 0)); - if(-1 == temp) { + if (-1 == temp) { LogError("Error in read: " << CKM::GetErrnoString(errno)); ec = CKM_API_ERROR_SOCKET; break; @@ -297,10 +297,9 @@ int ServiceConnection::receive(CKM::MessageBuffer &recv_buf) CKM::RawBuffer raw(buffer, buffer+temp); recv_buf.Push(raw); - } - while(!recv_buf.Ready()); + } while (!recv_buf.Ready()); - if(ec != CKM_API_SUCCESS) + if (ec != CKM_API_SUCCESS) m_socket.disconnect(); return ec; @@ -327,7 +326,8 @@ int try_catch(const std::function& func) return retval; } -void try_catch_async(const std::function& func, const std::function& error) +void try_catch_async(const std::function& func, + const std::function& error) { try { func(); @@ -348,15 +348,14 @@ void try_catch_async(const std::function& func, const std::function(ControlCommand::UNLOCK_USER_KEY), @@ -59,11 +59,11 @@ public: }); } - virtual int lockUserKey(uid_t user) { + virtual int lockUserKey(uid_t user) + { return try_catch([&] { - if((int)user < 0) { + if ((int)user < 0) return CKM_API_ERROR_INPUT_PARAM; - } MessageBuffer recv; auto send = MessageBuffer::Serialize(static_cast(ControlCommand::LOCK_USER_KEY), user); @@ -78,11 +78,11 @@ public: }); } - virtual int removeUserData(uid_t user) { + virtual int removeUserData(uid_t user) + { return try_catch([&] { - if((int)user < 0) { + if ((int)user < 0) return CKM_API_ERROR_INPUT_PARAM; - } MessageBuffer recv; auto send = MessageBuffer::Serialize(static_cast(ControlCommand::REMOVE_USER_DATA), user); @@ -97,11 +97,11 @@ public: }); } - virtual int changeUserPassword(uid_t user, const Password &oldPassword, const Password &newPassword) { + virtual int changeUserPassword(uid_t user, const Password &oldPassword, const Password &newPassword) + { return try_catch([&] { - if((int)user < 0) { + if ((int)user < 0) return CKM_API_ERROR_INPUT_PARAM; - } MessageBuffer recv; auto send = MessageBuffer::Serialize( @@ -120,11 +120,11 @@ public: }); } - virtual int resetUserPassword(uid_t user, const Password &newPassword) { + virtual int resetUserPassword(uid_t user, const Password &newPassword) + { return try_catch([&] { - if((int)user < 0) { + if ((int)user < 0) return CKM_API_ERROR_INPUT_PARAM; - } MessageBuffer recv; auto send = MessageBuffer::Serialize( @@ -142,11 +142,11 @@ public: }); } - virtual int removeApplicationData(const Label &smackLabel) { + virtual int removeApplicationData(const Label &smackLabel) + { return try_catch([&] { - if (smackLabel.empty()) { + if (smackLabel.empty()) return CKM_API_ERROR_INPUT_PARAM; - } MessageBuffer recv; auto send = MessageBuffer::Serialize(static_cast(ControlCommand::REMOVE_APP_DATA), smackLabel); @@ -161,7 +161,8 @@ public: }); } - virtual int updateCCMode() { + virtual int updateCCMode() + { return try_catch([&] { MessageBuffer recv; auto send = MessageBuffer::Serialize(static_cast(ControlCommand::UPDATE_CC_MODE)); @@ -203,12 +204,16 @@ public: }); } - virtual ~ControlImpl(){} + virtual ~ControlImpl() + { + } + private: CKM::ServiceConnection m_controlConnection; }; -ControlShPtr Control::create() { +ControlShPtr Control::create() +{ try { return std::make_shared(); } catch (const std::bad_alloc &) { diff --git a/src/manager/client/client-error.cpp b/src/manager/client/client-error.cpp index 94b228d..fc018e3 100644 --- a/src/manager/client/client-error.cpp +++ b/src/manager/client/client-error.cpp @@ -24,9 +24,11 @@ #define ERRORDESCRIBE(name) case name: return #name namespace CKM { -__attribute__ ((visibility ("default"))) -const char * ErrorToString(int error) { - switch(error) { +__attribute__((visibility("default"))) + +const char * ErrorToString(int error) +{ + switch (error) { ERRORDESCRIBE(CKM_API_SUCCESS); ERRORDESCRIBE(CKM_API_ERROR_SOCKET); ERRORDESCRIBE(CKM_API_ERROR_BAD_REQUEST); diff --git a/src/manager/client/client-manager-impl.cpp b/src/manager/client/client-manager-impl.cpp index d6a464e..17b79b7 100644 --- a/src/manager/client/client-manager-impl.cpp +++ b/src/manager/client/client-manager-impl.cpp @@ -47,7 +47,6 @@ int getCertChain( CertificateShPtrVector &certificateChainVector) { return try_catch([&] { - MessageBuffer recv; auto send = MessageBuffer::Serialize(static_cast(command), counter, @@ -65,13 +64,11 @@ int getCertChain( RawBufferVector rawBufferVector; recv.Deserialize(retCommand, retCounter, retCode, rawBufferVector); - if ((counter != retCounter) || (static_cast(command) != retCommand)) { + if ((counter != retCounter) || (static_cast(command) != retCommand)) return CKM_API_ERROR_UNKNOWN; - } - if (retCode != CKM_API_SUCCESS) { + if (retCode != CKM_API_SUCCESS) return retCode; - } for (auto &e: rawBufferVector) { CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER)); @@ -134,12 +131,13 @@ int Manager::Impl::saveBinaryData( }); } -int Manager::Impl::saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) { +int Manager::Impl::saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) +{ if (key.get() == NULL) return CKM_API_ERROR_INPUT_PARAM; Try { return saveBinaryData(alias, DataType(key->getType()), key->getDER(), policy); - } Catch (DataType::Exception::Base) { + } Catch(DataType::Exception::Base) { LogError("Error in key conversion. Could not convert KeyType::NONE to DBDataType!"); } return CKM_API_ERROR_INPUT_PARAM; @@ -155,7 +153,8 @@ int Manager::Impl::saveCertificate( return saveBinaryData(alias, DataType::CERTIFICATE, cert->getDER(), policy); } -int Manager::Impl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy) { +int Manager::Impl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy) +{ if (!policy.extractable) return CKM_API_ERROR_INPUT_PARAM; return saveBinaryData(alias, DataType::BINARY_DATA, rawData, policy); @@ -168,7 +167,7 @@ int Manager::Impl::savePKCS12( const Policy &keyPolicy, const Policy &certPolicy) { - if (alias.empty() || pkcs.get()==NULL) + if (alias.empty() || pkcs.get() == NULL) return CKM_API_ERROR_INPUT_PARAM; int my_counter = ++m_counter; @@ -309,7 +308,8 @@ int Manager::Impl::getBinaryData( }); } -int Manager::Impl::getKey(const Alias &alias, const Password &password, KeyShPtr &key) { +int Manager::Impl::getKey(const Alias &alias, const Password &password, KeyShPtr &key) +{ DataType recvDataType; RawBuffer rawData; @@ -324,7 +324,7 @@ int Manager::Impl::getKey(const Alias &alias, const Password &password, KeyShPtr return retCode; KeyShPtr keyParsed; - if(DataType::KEY_AES == recvDataType) + if (DataType::KEY_AES == recvDataType) keyParsed = KeyShPtr(new KeyAESImpl(rawData)); else keyParsed = KeyShPtr(new KeyImpl(rawData)); @@ -406,28 +406,30 @@ int Manager::Impl::getBinaryDataAliasVector(DataType dataType, AliasVector &alia int tmpDataType; LabelNameVector labelNameVector; recv.Deserialize(command, counter, retCode, tmpDataType, labelNameVector); - if ((command != static_cast(LogicCommand::GET_LIST)) || (counter != my_counter)) { + if ((command != static_cast(LogicCommand::GET_LIST)) || (counter != my_counter)) return CKM_API_ERROR_UNKNOWN; - } - for(const auto &it : labelNameVector) - aliasVector.push_back( AliasSupport::merge(it.first, it.second) ); + for (const auto &it : labelNameVector) + aliasVector.push_back(AliasSupport::merge(it.first, it.second)); return retCode; }); } -int Manager::Impl::getKeyAliasVector(AliasVector &aliasVector) { +int Manager::Impl::getKeyAliasVector(AliasVector &aliasVector) +{ // in fact datatype has no meaning here - if not certificate or binary data // then manager decides to list all between DB_KEY_FIRST and DB_KEY_LAST return getBinaryDataAliasVector(DataType::DB_KEY_LAST, aliasVector); } -int Manager::Impl::getCertificateAliasVector(AliasVector &aliasVector) { +int Manager::Impl::getCertificateAliasVector(AliasVector &aliasVector) +{ return getBinaryDataAliasVector(DataType::CERTIFICATE, aliasVector); } -int Manager::Impl::getDataAliasVector(AliasVector &aliasVector) { +int Manager::Impl::getDataAliasVector(AliasVector &aliasVector) +{ return getBinaryDataAliasVector(DataType::BINARY_DATA, aliasVector); } @@ -470,7 +472,6 @@ int Manager::Impl::createKeyAES( int my_counter = ++m_counter; return try_catch([&] { - MessageBuffer recv; AliasSupport aliasHelper(keyAlias); auto send = MessageBuffer::Serialize(static_cast(LogicCommand::CREATE_KEY_AES), @@ -487,9 +488,8 @@ int Manager::Impl::createKeyAES( int command; int counter; recv.Deserialize(command, counter, retCode); - if (counter != my_counter) { + if (counter != my_counter) return CKM_API_ERROR_UNKNOWN; - } return retCode; }); @@ -506,8 +506,7 @@ int Manager::Impl::createKeyPair( { // input type check CryptoAlgorithm keyGenAlgorithm; - switch(key_type) - { + switch (key_type) { case KeyType::KEY_RSA_PUBLIC: case KeyType::KEY_RSA_PRIVATE: keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_GEN); @@ -534,7 +533,6 @@ int Manager::Impl::createKeyPair( int my_counter = ++m_counter; return try_catch([&] { - MessageBuffer recv; AliasSupport privateHelper(privateKeyAlias); AliasSupport publicHelper(publicKeyAlias); @@ -555,9 +553,8 @@ int Manager::Impl::createKeyPair( int command; int counter; recv.Deserialize(command, counter, retCode); - if (counter != my_counter) { + if (counter != my_counter) return CKM_API_ERROR_UNKNOWN; - } return retCode; }); @@ -573,15 +570,14 @@ int Manager::Impl::getCertificateChain( RawBufferVector untrustedVector; RawBufferVector trustedVector; - if(!certificate || certificate->empty()) + if (!certificate || certificate->empty()) return CKM_API_ERROR_INPUT_PARAM; - for (auto &e: untrustedCertificates) { + for (auto &e: untrustedCertificates) untrustedVector.push_back(e->getDER()); - } - for (auto &e: trustedCertificates) { + + for (auto &e: trustedCertificates) trustedVector.push_back(e->getDER()); - } return getCertChain( m_storageConnection, @@ -604,7 +600,7 @@ int Manager::Impl::getCertificateChain( LabelNameVector untrustedVector; LabelNameVector trustedVector; - if(!certificate || certificate->empty()) + if (!certificate || certificate->empty()) return CKM_API_ERROR_INPUT_PARAM; for (auto &e: untrustedCertificates) { @@ -637,7 +633,6 @@ int Manager::Impl::createSignature( int my_counter = ++m_counter; return try_catch([&] { - MessageBuffer recv; AliasSupport helper(privateKeyAlias); auto send = MessageBuffer::Serialize(static_cast(LogicCommand::CREATE_SIGNATURE), @@ -658,9 +653,7 @@ int Manager::Impl::createSignature( if ((command != static_cast(LogicCommand::CREATE_SIGNATURE)) || (counter != my_counter)) - { return CKM_API_ERROR_UNKNOWN; - } return retCode; }); @@ -697,9 +690,7 @@ int Manager::Impl::verifySignature( if ((command != static_cast(LogicCommand::VERIFY_SIGNATURE)) || (counter != my_counter)) - { return CKM_API_ERROR_UNKNOWN; - } return retCode; }); @@ -729,9 +720,8 @@ int Manager::Impl::ocspCheck(const CertificateShPtrVector &certChain, int &ocspS int counter; recv.Deserialize(counter, retCode, ocspStatus); - if (my_counter != counter) { + if (my_counter != counter) return CKM_API_ERROR_UNKNOWN; - } return retCode; }); @@ -761,9 +751,8 @@ int Manager::Impl::setPermission(const Alias &alias, int counter; recv.Deserialize(command, counter, retCode); - if (my_counter != counter) { + if (my_counter != counter) return CKM_API_ERROR_UNKNOWN; - } return retCode; }); @@ -798,9 +787,8 @@ int Manager::Impl::crypt(EncryptionCommand command, int counter; recv.Deserialize(retCommand, counter, retCode, output); - if (my_counter != counter || retCommand != static_cast(command)) { + if (my_counter != counter || retCommand != static_cast(command)) return CKM_API_ERROR_UNKNOWN; - } return retCode; }); diff --git a/src/manager/client/client-manager-impl.h b/src/manager/client/client-manager-impl.h old mode 100644 new mode 100755 index 29d381d..98010f9 --- a/src/manager/client/client-manager-impl.h +++ b/src/manager/client/client-manager-impl.h @@ -31,7 +31,7 @@ namespace CKM { class Manager::Impl { public: Impl(); - virtual ~Impl(){} + virtual ~Impl() {} int saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy); int getKey(const Alias &alias, const Password &password, KeyShPtr &key); diff --git a/src/manager/client/client-manager.cpp b/src/manager/client/client-manager.cpp index 275b545..1e7c8ef 100644 --- a/src/manager/client/client-manager.cpp +++ b/src/manager/client/client-manager.cpp @@ -30,13 +30,15 @@ Manager::Manager() : m_impl(new Impl()) {} -Manager::~Manager(){} +Manager::~Manager() {} -int Manager::saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) { +int Manager::saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) +{ return m_impl->saveKey(alias, key, policy); } -int Manager::saveCertificate(const Alias &alias, const CertificateShPtr &cert, const Policy &policy) { +int Manager::saveCertificate(const Alias &alias, const CertificateShPtr &cert, const Policy &policy) +{ return m_impl->saveCertificate(alias, cert, policy); } @@ -49,15 +51,18 @@ int Manager::savePKCS12( return m_impl->savePKCS12(alias, pkcs, keyPolicy, certPolicy); } -int Manager::saveData(const Alias &alias, const RawBuffer &data, const Policy &policy) { +int Manager::saveData(const Alias &alias, const RawBuffer &data, const Policy &policy) +{ return m_impl->saveData(alias, data, policy); } -int Manager::removeAlias(const Alias &alias) { +int Manager::removeAlias(const Alias &alias) +{ return m_impl->removeAlias(alias); } -int Manager::getKey(const Alias &alias, const Password &password, KeyShPtr &key) { +int Manager::getKey(const Alias &alias, const Password &password, KeyShPtr &key) +{ return m_impl->getKey(alias, password, key); } @@ -69,11 +74,13 @@ int Manager::getCertificate( return m_impl->getCertificate(alias, password, certificate); } -int Manager::getData(const Alias &alias, const Password &password, RawBuffer &data) { +int Manager::getData(const Alias &alias, const Password &password, RawBuffer &data) +{ return m_impl->getData(alias, password, data); } -int Manager::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs) { +int Manager::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs) +{ return m_impl->getPKCS12(alias, pkcs); } @@ -86,15 +93,18 @@ int Manager::getPKCS12( return m_impl->getPKCS12(alias, keyPass, certPass, pkcs); } -int Manager::getKeyAliasVector(AliasVector &aliasVector) { +int Manager::getKeyAliasVector(AliasVector &aliasVector) +{ return m_impl->getKeyAliasVector(aliasVector); } -int Manager::getCertificateAliasVector(AliasVector &aliasVector) { +int Manager::getCertificateAliasVector(AliasVector &aliasVector) +{ return m_impl->getCertificateAliasVector(aliasVector); } -int Manager::getDataAliasVector(AliasVector &aliasVector) { +int Manager::getDataAliasVector(AliasVector &aliasVector) +{ return m_impl->getDataAliasVector(aliasVector); } @@ -204,7 +214,8 @@ int Manager::verifySignature( cAlg); } -int Manager::ocspCheck(const CertificateShPtrVector &certificateChainVector, int &ocspStatus) { +int Manager::ocspCheck(const CertificateShPtrVector &certificateChainVector, int &ocspStatus) +{ return m_impl->ocspCheck(certificateChainVector, ocspStatus); } @@ -236,7 +247,8 @@ int Manager::decrypt( return m_impl->decrypt(algo, keyAlias, password, encrypted, decrypted); } -ManagerShPtr Manager::create() { +ManagerShPtr Manager::create() +{ try { return std::make_shared(); } catch (...) { diff --git a/src/manager/common/algo-param.cpp b/src/manager/common/algo-param.cpp index 54799e9..9f8f4a6 100644 --- a/src/manager/common/algo-param.cpp +++ b/src/manager/common/algo-param.cpp @@ -22,8 +22,7 @@ #include #include -namespace CKM -{ +namespace CKM { bool CryptoAlgorithm::BufferParam::getBuffer(RawBuffer& buffer) const { diff --git a/src/manager/common/base64.cpp b/src/manager/common/base64.cpp old mode 100644 new mode 100755 index ad94d4b..47ad1e9 --- a/src/manager/common/base64.cpp +++ b/src/manager/common/base64.cpp @@ -41,9 +41,9 @@ void Base64Encoder::append(const RawBuffer &data) ThrowMsg(Exception::AlreadyFinalized, "Already finalized"); } - if (!m_b64) { + if (!m_b64) reset(); - } + BIO_write(m_b64, data.data(), data.size()); } @@ -70,9 +70,9 @@ RawBuffer Base64Encoder::get() ThrowMsg(Exception::InternalError, "Bio internal error"); } - if (bptr->length > 0) { + if (bptr->length > 0) return RawBuffer(bptr->data, bptr->data + bptr->length); - } + return RawBuffer(); } @@ -129,14 +129,13 @@ bool Base64Decoder::finalize() whiteCharacter), m_input.end()); - for (size_t i = 0; i -namespace CKM -{ +namespace CKM { -DataType::DataType() - : m_dataType(BINARY_DATA) -{} +DataType::DataType() : + m_dataType(BINARY_DATA) +{ +} DataType::DataType(Type data) : m_dataType(data) @@ -37,7 +37,7 @@ DataType::DataType(Type data) } DataType::DataType(KeyType key) { - switch(key) { + switch (key) { case KeyType::KEY_RSA_PUBLIC: m_dataType = DataType::KEY_RSA_PUBLIC; break; case KeyType::KEY_RSA_PRIVATE: m_dataType = DataType::KEY_RSA_PRIVATE; break; case KeyType::KEY_DSA_PUBLIC: m_dataType = DataType::KEY_DSA_PUBLIC; break; @@ -51,8 +51,9 @@ DataType::DataType(KeyType key) { } } -DataType::DataType(AlgoType algorithmType) { - switch(algorithmType) { +DataType::DataType(AlgoType algorithmType) +{ + switch (algorithmType) { case AlgoType::AES_CTR: case AlgoType::AES_CBC: case AlgoType::AES_GCM: @@ -72,19 +73,21 @@ DataType::DataType(AlgoType algorithmType) { } } -DataType::DataType(int data) - : m_dataType(static_cast(data)) +DataType::DataType(int data) : + m_dataType(static_cast(data)) { if (!isInRange(data)) ThrowMsg(Exception::OutOfRange, "Invalid conversion from int=" << data << " to DBDataType"); } -DataType::operator int () const { +DataType::operator int () const +{ return static_cast(m_dataType); } -DataType::operator KeyType () const { - switch(m_dataType) { +DataType::operator KeyType () const +{ + switch (m_dataType) { case DataType::KEY_RSA_PUBLIC: return KeyType::KEY_RSA_PUBLIC; case DataType::KEY_RSA_PRIVATE: return KeyType::KEY_RSA_PRIVATE; case DataType::KEY_DSA_PUBLIC: return KeyType::KEY_DSA_PUBLIC; @@ -95,31 +98,36 @@ DataType::operator KeyType () const { default: ThrowMsg(Exception::OutOfRange, "Invalid conversion from DBDataType=" << static_cast(m_dataType) << - " to KeyType" ); + " to KeyType"); } } -bool DataType::operator==(const DataType &second) const { +bool DataType::operator==(const DataType &second) const +{ return m_dataType == second.m_dataType; } -bool DataType::isKey() const { +bool DataType::isKey() const +{ if (DB_KEY_FIRST <= m_dataType && DB_KEY_LAST >= m_dataType) return true; return false; } -bool DataType::isSKey() const { +bool DataType::isSKey() const +{ return (KEY_AES == m_dataType); } -bool DataType::isChainCert() const { +bool DataType::isChainCert() const +{ if (DB_CHAIN_FIRST <= m_dataType && DB_CHAIN_LAST >= m_dataType) return true; return false; } -bool DataType::isKeyPrivate() const { +bool DataType::isKeyPrivate() const +{ switch (m_dataType) { case KEY_RSA_PRIVATE: case KEY_DSA_PRIVATE: @@ -130,7 +138,8 @@ bool DataType::isKeyPrivate() const { } } -bool DataType::isKeyPublic() const { +bool DataType::isKeyPublic() const +{ switch (m_dataType) { case KEY_RSA_PUBLIC: case KEY_DSA_PUBLIC: @@ -141,15 +150,18 @@ bool DataType::isKeyPublic() const { } } -bool DataType::isCertificate() const { +bool DataType::isCertificate() const +{ return m_dataType == CERTIFICATE; } -bool DataType::isBinaryData() const { +bool DataType::isBinaryData() const +{ return m_dataType == BINARY_DATA; } -bool DataType::isInRange(int data) { +bool DataType::isInRange(int data) +{ if (data < static_cast(DB_FIRST)) return false; if (data > static_cast(DB_LAST)) diff --git a/src/manager/common/data-type.h b/src/manager/common/data-type.h index b3026bb..4cb7814 100644 --- a/src/manager/common/data-type.h +++ b/src/manager/common/data-type.h @@ -96,7 +96,7 @@ public: static DataType getChainDatatype(unsigned int index); // it's not virtual for a reason! - ~DataType(){} + ~DataType() {} private: Type m_dataType; diff --git a/src/manager/common/exception.h b/src/manager/common/exception.h index 2c9ffe9..4b950f2 100644 --- a/src/manager/common/exception.h +++ b/src/manager/common/exception.h @@ -44,11 +44,13 @@ public: virtual ~Exception() noexcept {} - virtual const char *what(void) const noexcept { + virtual const char *what(void) const noexcept + { return m_message.c_str(); } - virtual std::string message(void) const { + virtual std::string message(void) const + { std::ostringstream msg; msg << "[" << m_path << ":" << m_line << " " << m_function << "()] " << m_message; return msg.str(); @@ -80,12 +82,14 @@ public: DefineException(const char *path, const char *function, int line, const Args&... args) : Exception(path, function, line, Stringify::Merge(args...)) { - Before(m_path, m_function, m_line, DefineException::error(), m_message); + Before(m_path, m_function, m_line, DefineException::error(), m_message); } - ~DefineException() noexcept { - After(m_path, m_function, m_line, DefineException::error(), m_message); + ~DefineException() noexcept + { + After(m_path, m_function, m_line, DefineException::error(), m_message); } - virtual int error(void) const { + virtual int error(void) const + { return Error; } }; diff --git a/src/manager/common/key-aes-impl.cpp b/src/manager/common/key-aes-impl.cpp old mode 100644 new mode 100755 index 10dba10..b931f8f --- a/src/manager/common/key-aes-impl.cpp +++ b/src/manager/common/key-aes-impl.cpp @@ -27,35 +27,39 @@ namespace CKM { KeyAESImpl::KeyAESImpl(const RawBuffer &buf) : m_key(buf) { // buf stores bytes -> compare the bit sizes - switch(buf.size() * 8) - { - case 128: - case 192: - case 256: - break; + switch (buf.size() * 8) { + case 128: + case 192: + case 256: + break; - default: - throw std::invalid_argument("invalid AES key size"); + default: + throw std::invalid_argument("invalid AES key size"); } } -bool KeyAESImpl::empty() const { +bool KeyAESImpl::empty() const +{ return (getSize() == 0); } -KeyType KeyAESImpl::getType() const { +KeyType KeyAESImpl::getType() const +{ return KeyType::KEY_AES; } -RawBuffer KeyAESImpl::getDER() const { +RawBuffer KeyAESImpl::getDER() const +{ return m_key; } -int KeyAESImpl::getSize() const { +int KeyAESImpl::getSize() const +{ return m_key.size(); } -KeyShPtr Key::createAES(const RawBuffer &raw) { +KeyShPtr Key::createAES(const RawBuffer &raw) +{ try { KeyShPtr output = std::make_shared(raw); if (output->empty()) diff --git a/src/manager/common/key-impl.cpp b/src/manager/common/key-impl.cpp old mode 100644 new mode 100755 index a0349ef..ab593fa --- a/src/manager/common/key-impl.cpp +++ b/src/manager/common/key-impl.cpp @@ -40,7 +40,8 @@ namespace { typedef std::unique_ptr> BioUniquePtr; -int passcb(char *buff, int size, int rwflag, void *userdata) { +int passcb(char *buff, int size, int rwflag, void *userdata) +{ (void) rwflag; Password *ptr = static_cast(userdata); if (ptr == NULL) @@ -55,7 +56,8 @@ int passcb(char *buff, int size, int rwflag, void *userdata) { typedef int(*I2D_CONV)(BIO*, EVP_PKEY*); -CKM::RawBuffer i2d(I2D_CONV fun, EVP_PKEY* pkey) { +CKM::RawBuffer i2d(I2D_CONV fun, EVP_PKEY* pkey) +{ BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all); if (NULL == pkey) { @@ -91,16 +93,18 @@ CKM::RawBuffer i2d(I2D_CONV fun, EVP_PKEY* pkey) { KeyImpl::KeyImpl() : m_pkey(NULL, EVP_PKEY_free) , m_type(KeyType::KEY_NONE) -{} +{ +} -KeyImpl::KeyImpl(const KeyImpl &second) { +KeyImpl::KeyImpl(const KeyImpl &second) +{ m_pkey = second.m_pkey; m_type = second.m_type; } -KeyImpl::KeyImpl(const RawBuffer &buf, const Password &password) - : m_pkey(NULL, EVP_PKEY_free) - , m_type(KeyType::KEY_NONE) +KeyImpl::KeyImpl(const RawBuffer &buf, const Password &password) : + m_pkey(NULL, EVP_PKEY_free), + m_type(KeyType::KEY_NONE) { bool isPrivate = false; EVP_PKEY *pkey = NULL; @@ -147,8 +151,7 @@ KeyImpl::KeyImpl(const RawBuffer &buf, const Password &password) m_pkey.reset(pkey, EVP_PKEY_free); - switch(EVP_PKEY_type(pkey->type)) - { + switch (EVP_PKEY_type(pkey->type)) { case EVP_PKEY_RSA: m_type = isPrivate ? KeyType::KEY_RSA_PRIVATE : KeyType::KEY_RSA_PUBLIC; break; @@ -164,11 +167,12 @@ KeyImpl::KeyImpl(const RawBuffer &buf, const Password &password) LogDebug("KeyType is: " << (int)m_type << " isPrivate: " << isPrivate); } -KeyImpl::KeyImpl(EvpShPtr pkey, KeyType type) : m_pkey(pkey), m_type(type) +KeyImpl::KeyImpl(EvpShPtr pkey, KeyType type) : + m_pkey(pkey), + m_type(type) { int expected_type = EVP_PKEY_NONE; - switch(type) - { + switch (type) { case KeyType::KEY_RSA_PRIVATE: case KeyType::KEY_RSA_PUBLIC: expected_type = EVP_PKEY_RSA; @@ -195,36 +199,40 @@ KeyImpl::KeyImpl(EvpShPtr pkey, KeyType type) : m_pkey(pkey), m_type(type) // verify if actual key type matches the expected tpe int given_key_type = EVP_PKEY_type(pkey->type); - if(given_key_type==EVP_PKEY_NONE || expected_type!=given_key_type) - { + if (given_key_type == EVP_PKEY_NONE || expected_type != given_key_type) { m_pkey.reset(); m_type = KeyType::KEY_NONE; } } -bool KeyImpl::empty() const { +bool KeyImpl::empty() const +{ return m_pkey.get() == NULL; } -KeyImpl::EvpShPtr KeyImpl::getEvpShPtr() const { +KeyImpl::EvpShPtr KeyImpl::getEvpShPtr() const +{ return m_pkey; } -KeyType KeyImpl::getType() const { +KeyType KeyImpl::getType() const +{ return m_type; } -RawBuffer KeyImpl::getDERPRV() const { +RawBuffer KeyImpl::getDERPRV() const +{ return i2d(i2d_PrivateKey_bio, m_pkey.get()); } -RawBuffer KeyImpl::getDERPUB() const { +RawBuffer KeyImpl::getDERPUB() const +{ return i2d(i2d_PUBKEY_bio, m_pkey.get()); } -RawBuffer KeyImpl::getDER() const { - switch(m_type) - { +RawBuffer KeyImpl::getDER() const +{ + switch (m_type) { case KeyType::KEY_RSA_PRIVATE: case KeyType::KEY_DSA_PRIVATE: case KeyType::KEY_ECDSA_PRIVATE: @@ -241,7 +249,8 @@ RawBuffer KeyImpl::getDER() const { return RawBuffer(); } -KeyShPtr Key::create(const RawBuffer &raw, const Password &password) { +KeyShPtr Key::create(const RawBuffer &raw, const Password &password) +{ try { KeyShPtr output = std::make_shared(raw, password); if (output->empty()) diff --git a/src/manager/common/key-impl.h b/src/manager/common/key-impl.h index b40c586..459405d 100644 --- a/src/manager/common/key-impl.h +++ b/src/manager/common/key-impl.h @@ -43,17 +43,20 @@ public: virtual RawBuffer getDERPUB() const; virtual RawBuffer getDERPRV() const; virtual EvpShPtr getEvpShPtr() const; - virtual ElipticCurve getCurve() const { + virtual ElipticCurve getCurve() const + { // TODO return ElipticCurve::prime192v1; } - virtual int getSize() const { + virtual int getSize() const + { // TODO return 0; } virtual bool empty() const; - virtual ~KeyImpl(){} + virtual ~KeyImpl() {} + protected: EvpShPtr m_pkey; KeyType m_type; diff --git a/src/manager/common/log-setup.cpp b/src/manager/common/log-setup.cpp old mode 100644 new mode 100755 index ec99499..70207c0 --- a/src/manager/common/log-setup.cpp +++ b/src/manager/common/log-setup.cpp @@ -38,8 +38,7 @@ bool logSystemReady = false; * Reads central-key-manager service environment file. This configuration may be later applied to * client so that it uses the same logging method. */ -class EnvFileParser -{ +class EnvFileParser { public: EnvFileParser(); virtual ~EnvFileParser() {} @@ -58,7 +57,7 @@ EnvFileParser::EnvFileParser() std::ifstream is(SYSTEMD_ENV_FILE); LogDebug("Reading env file: " SYSTEMD_ENV_FILE); - while(is.good()) { + while (is.good()) { std::string line; std::getline(is, line); @@ -66,8 +65,7 @@ EnvFileParser::EnvFileParser() if (0 == line.compare(0, PROVIDER_MATCH.size(), PROVIDER_MATCH)) { m_provider = line.substr(PROVIDER_MATCH.size()); LogDebug("Log provider: " << m_provider); - } - else if (0 == line.compare(0, LEVEL_MATCH.size(), LEVEL_MATCH)) { + } else if (0 == line.compare(0, LEVEL_MATCH.size(), LEVEL_MATCH)) { m_level = line.substr(LEVEL_MATCH.size()); LogDebug("Log level: " << m_level); } diff --git a/src/manager/common/message-buffer.cpp b/src/manager/common/message-buffer.cpp index bfecf37..166da55 100644 --- a/src/manager/common/message-buffer.cpp +++ b/src/manager/common/message-buffer.cpp @@ -29,11 +29,13 @@ namespace CKM { -void MessageBuffer::Push(const RawBuffer &data) { +void MessageBuffer::Push(const RawBuffer &data) +{ m_buffer.AppendCopy(&data[0], data.size()); } -RawBuffer MessageBuffer::Pop() { +RawBuffer MessageBuffer::Pop() +{ size_t size = m_buffer.Size(); RawBuffer buffer; buffer.resize(size + sizeof(size_t)); @@ -42,7 +44,8 @@ RawBuffer MessageBuffer::Pop() { return buffer; } -bool MessageBuffer::Ready() { +bool MessageBuffer::Ready() +{ CountBytesLeft(); if (m_bytesLeft == 0) return false; @@ -51,7 +54,8 @@ bool MessageBuffer::Ready() { return true; } -void MessageBuffer::Read(size_t num, void *bytes) { +void MessageBuffer::Read(size_t num, void *bytes) +{ CountBytesLeft(); if (num > m_bytesLeft) { LogDebug("Protocol broken. OutOfData. Asked for: " << num << " Ready: " << m_bytesLeft << " Buffer.size(): " << m_buffer.Size()); @@ -62,7 +66,8 @@ void MessageBuffer::Read(size_t num, void *bytes) { m_bytesLeft -= num; } -void MessageBuffer::Write(size_t num, const void *bytes) { +void MessageBuffer::Write(size_t num, const void *bytes) +{ m_buffer.AppendCopy(bytes, num); } diff --git a/src/manager/common/message-buffer.h b/src/manager/common/message-buffer.h index 798056e..f519fc3 100644 --- a/src/manager/common/message-buffer.h +++ b/src/manager/common/message-buffer.h @@ -36,16 +36,16 @@ namespace CKM { class COMMON_API MessageBuffer : public CKM::IStream { public: - class Exception - { + class Exception { public: DECLARE_EXCEPTION_TYPE(CKM::Exception, Base) DECLARE_EXCEPTION_TYPE(Base, OutOfData) }; - MessageBuffer() - : m_bytesLeft(0) - {} + MessageBuffer() : + m_bytesLeft(0) + { + } MessageBuffer(MessageBuffer&&) = default; MessageBuffer& operator=(MessageBuffer&&) = default; @@ -62,7 +62,8 @@ public: // generic serialization template - static MessageBuffer Serialize( const Args&... args) { + static MessageBuffer Serialize(const Args&... args) + { MessageBuffer buffer; Serializer::Serialize(buffer, args...); return buffer; @@ -70,13 +71,14 @@ public: // generic deserialization template - void Deserialize(Args&... args) { + void Deserialize(Args&... args) + { Deserializer::Deserialize(*this, args...); } protected: - - inline void CountBytesLeft() { + inline void CountBytesLeft() + { if (m_bytesLeft > 0) return; // we already counted m_bytesLeft nothing to do diff --git a/src/manager/common/openssl_utils.h b/src/manager/common/openssl_utils.h index 47b966b..83d2525 100644 --- a/src/manager/common/openssl_utils.h +++ b/src/manager/common/openssl_utils.h @@ -31,13 +31,14 @@ namespace CKM typedef std::unique_ptr X509_STORE_CTX_PTR; typedef std::unique_ptr X509_STACK_PTR; -inline X509_STACK_PTR create_x509_stack() { +inline X509_STACK_PTR create_x509_stack() +{ return X509_STACK_PTR(sk_X509_new_null(), [](STACK_OF(X509)* stack) { sk_X509_free(stack); }); } -inline X509_STORE_CTX_PTR create_x509_store_ctx() { - return X509_STORE_CTX_PTR(X509_STORE_CTX_new(),X509_STORE_CTX_free); +inline X509_STORE_CTX_PTR create_x509_store_ctx() +{ + return X509_STORE_CTX_PTR(X509_STORE_CTX_new(), X509_STORE_CTX_free); } } // namespace CKM - diff --git a/src/manager/common/pkcs12-impl.cpp b/src/manager/common/pkcs12-impl.cpp old mode 100644 new mode 100755 index 6914698..5a931d4 --- a/src/manager/common/pkcs12-impl.cpp +++ b/src/manager/common/pkcs12-impl.cpp @@ -83,8 +83,7 @@ PKCS12Impl::PKCS12Impl(const RawBuffer &buffer, const Password &password) if (pkey) { KeyImpl::EvpShPtr ptr(pkey, EVP_PKEY_free); - switch(EVP_PKEY_type(pkey->type)) - { + switch (EVP_PKEY_type(pkey->type)) { case EVP_PKEY_RSA: m_pkey = std::make_shared(ptr, KeyType::KEY_RSA_PRIVATE); break; @@ -104,9 +103,8 @@ PKCS12Impl::PKCS12Impl(const RawBuffer &buffer, const Password &password) } } - if (cert) { + if (cert) m_cert = std::make_shared(cert, false); - } if (ca) { while (sk_X509_num(ca) > 0) { @@ -118,31 +116,30 @@ PKCS12Impl::PKCS12Impl(const RawBuffer &buffer, const Password &password) } } -PKCS12Impl::PKCS12Impl(const PKCS12 &other) - : m_pkey(other.getKey()), - m_cert(other.getCertificate()), - m_ca(other.getCaCertificateShPtrVector()) +PKCS12Impl::PKCS12Impl(const PKCS12 &other) : + m_pkey(other.getKey()), + m_cert(other.getCertificate()), + m_ca(other.getCaCertificateShPtrVector()) { } -PKCS12Impl::PKCS12Impl(PKCS12Impl &&other) - : m_pkey(std::move(other.m_pkey)), - m_cert(std::move(other.m_cert)), - m_ca(std::move(other.m_ca)) +PKCS12Impl::PKCS12Impl(PKCS12Impl &&other) : + m_pkey(std::move(other.m_pkey)), + m_cert(std::move(other.m_cert)), + m_ca(std::move(other.m_ca)) { } -PKCS12Impl::PKCS12Impl(const PKCS12Impl &other) - : m_pkey(other.getKey()), - m_cert(other.getCertificate()), - m_ca(other.getCaCertificateShPtrVector()) +PKCS12Impl::PKCS12Impl(const PKCS12Impl &other) : + m_pkey(other.getKey()), + m_cert(other.getCertificate()), + m_ca(other.getCaCertificateShPtrVector()) { } PKCS12Impl& PKCS12Impl::operator=(const PKCS12Impl &other) { - if(this != &other) - { + if (this != &other) { m_pkey = other.getKey(); m_cert = other.getCertificate(); m_ca = other.getCaCertificateShPtrVector(); @@ -150,26 +147,32 @@ PKCS12Impl& PKCS12Impl::operator=(const PKCS12Impl &other) return *this; } -KeyShPtr PKCS12Impl::getKey() const { +KeyShPtr PKCS12Impl::getKey() const +{ return m_pkey; } -CertificateShPtr PKCS12Impl::getCertificate() const { +CertificateShPtr PKCS12Impl::getCertificate() const +{ return m_cert; } -CertificateShPtrVector PKCS12Impl::getCaCertificateShPtrVector() const { +CertificateShPtrVector PKCS12Impl::getCaCertificateShPtrVector() const +{ return m_ca; } -bool PKCS12Impl::empty() const { +bool PKCS12Impl::empty() const +{ return m_pkey.get() == NULL && m_cert.get() == NULL && m_ca.empty(); } PKCS12Impl::~PKCS12Impl() -{} +{ +} -PKCS12ShPtr PKCS12::create(const RawBuffer &rawBuffer, const Password &password) { +PKCS12ShPtr PKCS12::create(const RawBuffer &rawBuffer, const Password &password) +{ try { auto output = std::make_shared(rawBuffer, password); if (output->empty()) diff --git a/src/manager/common/protocols.cpp b/src/manager/common/protocols.cpp old mode 100644 new mode 100755 index 6f6c6c2..d4d398d --- a/src/manager/common/protocols.cpp +++ b/src/manager/common/protocols.cpp @@ -37,17 +37,21 @@ char const * const SERVICE_SOCKET_ENCRYPTION = "/tmp/.central-key-manager-api-en char const * const LABEL_NAME_SEPARATOR = " "; char const * const OWNER_ID_SYSTEM = "/System"; -PKCS12Serializable::PKCS12Serializable() {} +PKCS12Serializable::PKCS12Serializable() +{ +} + PKCS12Serializable::PKCS12Serializable(const PKCS12 &pkcs) : PKCS12Impl(pkcs) -{} +{ +} PKCS12Serializable::PKCS12Serializable(IStream &stream) { // key size_t numKeys; Deserialization::Deserialize(stream, numKeys); - if(numKeys > 0) { + if (numKeys > 0) { int keyType; RawBuffer keyData; Deserialization::Deserialize(stream, keyType); @@ -58,7 +62,7 @@ PKCS12Serializable::PKCS12Serializable(IStream &stream) // cert size_t numCerts; Deserialization::Deserialize(stream, numCerts); - if(numCerts > 0) { + if (numCerts > 0) { RawBuffer certData; Deserialization::Deserialize(stream, certData); m_cert = CKM::Certificate::create(certData, DataFormat::FORM_DER); @@ -67,13 +71,13 @@ PKCS12Serializable::PKCS12Serializable(IStream &stream) // CA chain size_t num_CA; Deserialization::Deserialize(stream, num_CA); - for(size_t i=0; i(isAnyKeyPresent?1:0)); - if(keyPtr) { + if (keyPtr) { Serialization::Serialize(stream, DataType(keyPtr->getType())); Serialization::Serialize(stream, keyPtr->getDER()); } - bool isAnyCertPresent = (getCertificate().get()!=NULL); + bool isAnyCertPresent = (getCertificate().get() != NULL); Serialization::Serialize(stream, static_cast(isAnyCertPresent?1:0)); - if(isAnyCertPresent) { + if (isAnyCertPresent) Serialization::Serialize(stream, getCertificate().get()->getDER()); - } // CA chain Serialization::Serialize(stream, getCaCertificateShPtrVector().size()); - for(auto it : getCaCertificateShPtrVector()) + for (auto it : getCaCertificateShPtrVector()) Serialization::Serialize(stream, it->getDER()); }; -CryptoAlgorithmSerializable::CryptoAlgorithmSerializable() {} +CryptoAlgorithmSerializable::CryptoAlgorithmSerializable() +{ +} + CryptoAlgorithmSerializable::CryptoAlgorithmSerializable(const CryptoAlgorithm &algo) : - CryptoAlgorithm(algo) + CryptoAlgorithm(algo) { } @@ -120,7 +126,7 @@ CryptoAlgorithmSerializable::CryptoAlgorithmSerializable(IStream &stream) { size_t plen = 0; Deserializer::Deserialize(stream, plen); - while(plen) { + while (plen) { ParamName name; uint64_t integer; RawBuffer buffer; @@ -156,7 +162,7 @@ CryptoAlgorithmSerializable::CryptoAlgorithmSerializable(IStream &stream) void CryptoAlgorithmSerializable::Serialize(IStream &stream) const { Serializer::Serialize(stream, m_params.size()); - for(const auto& it : m_params) { + for (const auto& it : m_params) { Serializer::Serialize(stream, static_cast(it.first)); uint64_t integer; RawBuffer buffer; @@ -167,7 +173,6 @@ void CryptoAlgorithmSerializable::Serialize(IStream &stream) const else ThrowMsg(UnsupportedParam, "Unsupported param type"); } - } } // namespace CKM diff --git a/src/manager/common/protocols.h b/src/manager/common/protocols.h index 63a92bd..d2a9d05 100644 --- a/src/manager/common/protocols.h +++ b/src/manager/common/protocols.h @@ -84,12 +84,18 @@ class IStream; struct COMMON_API PolicySerializable : public Policy, ISerializable { PolicySerializable() {}; - explicit PolicySerializable(const Policy &policy) : Policy(policy) {} - explicit PolicySerializable(IStream &stream) { + explicit PolicySerializable(const Policy &policy) : Policy(policy) + { + } + + explicit PolicySerializable(IStream &stream) + { Deserialization::Deserialize(stream, password); Deserialization::Deserialize(stream, extractable); } - void Serialize(IStream &stream) const { + + void Serialize(IStream &stream) const + { Serialization::Serialize(stream, password); Serialization::Serialize(stream, extractable); } diff --git a/src/manager/common/stringify.h b/src/manager/common/stringify.h index fbe2245..60265c8 100644 --- a/src/manager/common/stringify.h +++ b/src/manager/common/stringify.h @@ -33,12 +33,14 @@ template <> class StringifyBasic { StringifyBasic() = delete; public: - static std::string Merge() { + static std::string Merge() + { return std::string(); } template - static std::string Merge(const Args&...){ + static std::string Merge(const Args&...) + { return std::string(); } }; @@ -47,20 +49,26 @@ template <> class StringifyBasic { StringifyBasic() = delete; - static void Concatenate(std::ostringstream&) {} + static void Concatenate(std::ostringstream&) + { + } template - static void Concatenate(std::ostringstream& stream, const t& arg1, const Args&... args) { + static void Concatenate(std::ostringstream& stream, const t& arg1, const Args&... args) + { stream << arg1; Concatenate(stream, args...); } + public: - static std::string Merge() { + static std::string Merge() + { return std::string(); } template - static std::string Merge(const T& arg1, const Args&... args) { + static std::string Merge(const T& arg1, const Args&... args) + { std::ostringstream stream; Concatenate(stream, arg1, args...); return stream.str(); diff --git a/src/manager/crypto/generic-backend/algo-validation.h b/src/manager/crypto/generic-backend/algo-validation.h index 69dd95d..b51f23d 100644 --- a/src/manager/crypto/generic-backend/algo-validation.h +++ b/src/manager/crypto/generic-backend/algo-validation.h @@ -38,9 +38,9 @@ T unpack( ParamName paramName) { T result; - if (!alg.getParam(paramName, result)) { + if (!alg.getParam(paramName, result)) ThrowErr(Exc::Crypto::InputParam, "Wrong input param"); - } + return result; } @@ -63,10 +63,13 @@ struct Type { template struct Equals { public: - static bool Check(const T& value) { + static bool Check(const T& value) + { return First == value; } - static void Why(std::ostringstream& os) { + + static void Why(std::ostringstream& os) + { os << "doesn't match " << static_cast(First); } }; @@ -74,10 +77,13 @@ struct Type { template struct Equals : public Equals, public Equals { public: - static bool Check(const T& value) { + static bool Check(const T& value) + { return Equals::Check(value) || Equals::Check(value); } - static void Why(std::ostringstream& os) { + + static void Why(std::ostringstream& os) + { Equals::Why(os); os << ", "; Equals::Why(os); @@ -118,7 +124,8 @@ struct BufferSizeGetter { ////////// ErrorHandlers ////////////// struct ThrowingHandler { - static void Handle(std::string message) { + static void Handle(std::string message) + { ThrowErr(Exc::Crypto::InputParam, message); } }; @@ -141,33 +148,39 @@ struct VBuilder; template <> struct VBuilder<> { -static ValidatorVector Build() { + static ValidatorVector Build() + { return ValidatorVector(); } }; template struct VBuilder { -static ValidatorVector Build() { + static ValidatorVector Build() + { ValidatorVector validators; Add(validators); return validators; } protected: - static void Add(ValidatorVector& validators) { + static void Add(ValidatorVector& validators) + { validators.emplace_back(new First); } }; template struct VBuilder : public VBuilder, public VBuilder { - static ValidatorVector Build() { + static ValidatorVector Build() + { ValidatorVector validators; Add(validators); return validators; } + protected: - static void Add(ValidatorVector& validators) { + static void Add(ValidatorVector& validators) + { VBuilder::Add(validators); VBuilder::Add(validators); } @@ -191,12 +204,13 @@ template , typename ErrorHandler = ThrowingHandler> struct ParamCheck : public ParamCheckBase { - void Check(const CryptoAlgorithm& ca) const { + void Check(const CryptoAlgorithm& ca) const + { Type value; std::ostringstream os; // check existence - if(!ca.getParam(Name,value)) { + if (!ca.getParam(Name, value)) { if (Mandatory) { os << "Mandatory parameter " << static_cast(Name) << " doesn't exist"; ErrorHandler::Handle(os.str()); @@ -204,7 +218,7 @@ struct ParamCheck : public ParamCheckBase { return; } // validate - if(!Validator::Check(Getter::Get(value))) { + if (!Validator::Check(Getter::Get(value))) { os << "The "; Getter::What(os); os << " of param '" << static_cast(Name) << "'="; diff --git a/src/manager/crypto/generic-backend/gobj.h b/src/manager/crypto/generic-backend/gobj.h index 1e6598f..fc779fb 100644 --- a/src/manager/crypto/generic-backend/gobj.h +++ b/src/manager/crypto/generic-backend/gobj.h @@ -32,29 +32,37 @@ namespace Crypto { class GObj { protected: - GObj(){} + GObj() {} + public: - virtual RawBuffer getBinary() const { + virtual RawBuffer getBinary() const + { ThrowErr(Exc::Crypto::OperationNotSupported); } - virtual RawBuffer encrypt(const CryptoAlgorithm &, const RawBuffer &) { + virtual RawBuffer encrypt(const CryptoAlgorithm &, const RawBuffer &) + { ThrowErr(Exc::Crypto::OperationNotSupported); } - virtual RawBuffer decrypt(const CryptoAlgorithm &, const RawBuffer &) { + virtual RawBuffer decrypt(const CryptoAlgorithm &, const RawBuffer &) + { ThrowErr(Exc::Crypto::OperationNotSupported); } - virtual RawBuffer sign(const CryptoAlgorithm &, const RawBuffer &) { + virtual RawBuffer sign(const CryptoAlgorithm &, const RawBuffer &) + { ThrowErr(Exc::Crypto::OperationNotSupported); } - virtual int verify(const CryptoAlgorithm &, const RawBuffer &, const RawBuffer &) { + virtual int verify(const CryptoAlgorithm &, const RawBuffer &, const RawBuffer &) + { ThrowErr(Exc::Crypto::OperationNotSupported); } - virtual ~GObj () {} + virtual ~GObj() + { + } }; typedef std::unique_ptr GObjUPtr; diff --git a/src/manager/crypto/generic-backend/gstore.h b/src/manager/crypto/generic-backend/gstore.h index 6eee7a3..5ada166 100644 --- a/src/manager/crypto/generic-backend/gstore.h +++ b/src/manager/crypto/generic-backend/gstore.h @@ -52,28 +52,37 @@ struct DataEncryption { class GStore { public: - virtual GObjUPtr getObject(const Token &, const Password &) { + virtual GObjUPtr getObject(const Token &, const Password &) + { ThrowErr(Exc::Crypto::OperationNotSupported); } - virtual TokenPair generateAKey(const CryptoAlgorithm &, const Password &, const Password &) { + virtual TokenPair generateAKey(const CryptoAlgorithm &, const Password &, const Password &) + { ThrowErr(Exc::Crypto::OperationNotSupported); } - virtual Token generateSKey(const CryptoAlgorithm &, const Password &) { + virtual Token generateSKey(const CryptoAlgorithm &, const Password &) + { ThrowErr(Exc::Crypto::OperationNotSupported); } - virtual Token import(const Data &, const Password &) { + virtual Token import(const Data &, const Password &) + { ThrowErr(Exc::Crypto::OperationNotSupported); } - virtual Token importEncrypted(const Data &, const Password &, const DataEncryption &) { + virtual Token importEncrypted(const Data &, const Password &, const DataEncryption &) + { ThrowErr(Exc::Crypto::OperationNotSupported); } - virtual void destroy(const Token &) { + virtual void destroy(const Token &) + { ThrowErr(Exc::Crypto::OperationNotSupported); } virtual ~GStore() {} protected: - explicit GStore(CryptoBackend backendId) : m_backendId(backendId) {} + explicit GStore(CryptoBackend backendId) : + m_backendId(backendId) + { + } CryptoBackend m_backendId; }; diff --git a/src/manager/crypto/platform/decider.cpp b/src/manager/crypto/platform/decider.cpp index 2f73b1f..6c6dc96 100644 --- a/src/manager/crypto/platform/decider.cpp +++ b/src/manager/crypto/platform/decider.cpp @@ -32,7 +32,8 @@ namespace CKM { namespace Crypto { namespace { -CryptoBackend chooseCryptoBackend(DataType dataType, bool exportable, bool encrypted) { +CryptoBackend chooseCryptoBackend(DataType dataType, bool exportable, bool encrypted) +{ // Only software backend supports device encyption key if (encrypted) return CryptoBackend::OpenSSL; @@ -61,13 +62,16 @@ CryptoBackend chooseCryptoBackend(DataType dataType, bool exportable, bool encry Decider::Decider() : m_swStore(new SW::Store(CryptoBackend::OpenSSL)) , m_tzStore(new TZ::Store(CryptoBackend::TrustZone)) -{} +{ +} -GStore& Decider::getStore(const Token &token) const { +GStore& Decider::getStore(const Token &token) const +{ return getStore(token.backendId); }; -GStore& Decider::getStore(CryptoBackend cryptoBackend) const { +GStore& Decider::getStore(CryptoBackend cryptoBackend) const +{ GStore *gStore = NULL; if (cryptoBackend == CryptoBackend::OpenSSL) gStore = m_swStore.get(); @@ -81,7 +85,8 @@ GStore& Decider::getStore(CryptoBackend cryptoBackend) const { "Backend not available. BackendId: ", (int)cryptoBackend); } -GStore& Decider::getStore(DataType data, bool exportable, bool encrypted) const { +GStore& Decider::getStore(DataType data, bool exportable, bool encrypted) const +{ return getStore(chooseCryptoBackend(data, exportable, encrypted)); } diff --git a/src/manager/crypto/platform/decider.h b/src/manager/crypto/platform/decider.h index 81ad3d0..5e48791 100644 --- a/src/manager/crypto/platform/decider.h +++ b/src/manager/crypto/platform/decider.h @@ -38,7 +38,8 @@ public: GStore& getStore(const Token &token) const; GStore& getStore(DataType data, bool exportable, bool encrypted = false) const; - virtual ~Decider(){} + virtual ~Decider() {} + protected: GStore& getStore(CryptoBackend id) const; diff --git a/src/manager/crypto/sw-backend/crypto.h b/src/manager/crypto/sw-backend/crypto.h index d42d930..ab3b17e 100644 --- a/src/manager/crypto/sw-backend/crypto.h +++ b/src/manager/crypto/sw-backend/crypto.h @@ -48,16 +48,19 @@ struct Base { // Low level api. // Allows various cipher specific parameters to be determined and set. - int Control(int type, int arg, void *ptr) { + int Control(int type, int arg, void *ptr) + { return EVP_CIPHER_CTX_ctrl(m_ctx, type, arg, ptr); } virtual void AppendAAD(const T&) = 0; virtual T Append(const T&) = 0; virtual T Finalize() = 0; - virtual ~Base(){ + virtual ~Base() + { EVP_CIPHER_CTX_free(m_ctx); } + protected: EVP_CIPHER_CTX *m_ctx; }; @@ -69,46 +72,45 @@ public: EvpCipherWrapper(const EVP_CIPHER *type, const T &key, const T &iv, bool encryption) { - if (static_cast(key.size()) != EVP_CIPHER_key_length(type)) { - ThrowErr(Exc::Crypto::InternalError, "Wrong key size! Expected: ", EVP_CIPHER_key_length(type) ," Get: ", key.size()); - } + if (static_cast(key.size()) != EVP_CIPHER_key_length(type)) + ThrowErr(Exc::Crypto::InternalError, "Wrong key size! Expected: ", EVP_CIPHER_key_length(type), " Get: ", key.size()); - if (static_cast(iv.size()) < EVP_CIPHER_iv_length(type)) { - ThrowErr(Exc::Crypto::InternalError, "Wrong iv size! Expected: ", EVP_CIPHER_iv_length(type) , " Get: ", iv.size()); - } + if (static_cast(iv.size()) < EVP_CIPHER_iv_length(type)) + ThrowErr(Exc::Crypto::InternalError, "Wrong iv size! Expected: ", EVP_CIPHER_iv_length(type), " Get: ", iv.size()); - if (1 != EVP_CipherInit_ex(m_ctx, type, NULL, key.data(), iv.data(), encryption ? 1 : 0)) { + if (1 != EVP_CipherInit_ex(m_ctx, type, NULL, key.data(), iv.data(), encryption ? 1 : 0)) ThrowErr(Exc::Crypto::InternalError, "Failed in EVP_CipherInit"); - } EVP_CIPHER_CTX_set_padding(m_ctx, 1); } - void AppendAAD(const T& data) { + void AppendAAD(const T& data) + { static_assert(sizeof(typename T::value_type) == 1, "Unsupported type inside container."); int bytesLen; - if (1 != EVP_CipherUpdate(m_ctx, NULL, &bytesLen, data.data(), data.size())) { + if (1 != EVP_CipherUpdate(m_ctx, NULL, &bytesLen, data.data(), data.size())) ThrowErr(Exc::Crypto::InternalError, "AppendAAD(): Failed in EVP_CipherUpdate"); - } } - T Append(const T& data) { + T Append(const T& data) + { static_assert(sizeof(typename T::value_type) == 1, "Unsupported type inside container."); int bytesLen = static_cast(data.size() + EVP_CIPHER_CTX_block_size(m_ctx)); T output(bytesLen); - if (1 != EVP_CipherUpdate(m_ctx, output.data(), &bytesLen, data.data(), data.size())) { + if (1 != EVP_CipherUpdate(m_ctx, output.data(), &bytesLen, data.data(), data.size())) ThrowErr(Exc::Crypto::InternalError, "Append(): Failed in EVP_CipherUpdate"); - } + output.resize(bytesLen); return output; } - T Finalize() { + T Finalize() + { int bytesLen = EVP_CIPHER_CTX_block_size(m_ctx); T output(bytesLen); - if (1 != EVP_CipherFinal_ex(m_ctx, output.data(), &bytesLen)) { + if (1 != EVP_CipherFinal_ex(m_ctx, output.data(), &bytesLen)) ThrowErr(Exc::Crypto::InternalError, "Failed in EVP_CipherFinal"); - } + output.resize(bytesLen); return output; } diff --git a/src/manager/crypto/sw-backend/internals.cpp b/src/manager/crypto/sw-backend/internals.cpp old mode 100644 new mode 100755 index 15775ec..cabb094 --- a/src/manager/crypto/sw-backend/internals.cpp +++ b/src/manager/crypto/sw-backend/internals.cpp @@ -62,28 +62,25 @@ typedef int(*I2D_CONV)(BIO*, EVP_PKEY*); const size_t DEFAULT_AES_GCM_TAG_LEN = 128; // tag length in bits according to W3C Crypto API const size_t DEFAULT_AES_IV_LEN = 16; // default iv size in bytes for AES -RawBuffer i2d(I2D_CONV fun, EVP_PKEY* pkey) { +RawBuffer i2d(I2D_CONV fun, EVP_PKEY* pkey) +{ BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all); - if (NULL == pkey) { + if (NULL == pkey) ThrowErr(Exc::Crypto::InternalError, "attempt to parse an empty key!"); - } - if (NULL == bio.get()) { + if (NULL == bio.get()) ThrowErr(Exc::Crypto::InternalError, "Error in memory allocation! Function: BIO_new."); - } - if (1 != fun(bio.get(), pkey)) { + if (1 != fun(bio.get(), pkey)) ThrowErr(Exc::Crypto::InternalError, "Error in conversion EVP_PKEY to DER"); - } RawBuffer output(8196); int size = BIO_read(bio.get(), output.data(), output.size()); - if (size <= 0) { + if (size <= 0) ThrowErr(Exc::Crypto::InternalError, "Error in BIO_read: ", size); - } output.resize(size); return output; @@ -189,7 +186,8 @@ typedef ParamCheck> EcdsaEcCheck; typedef std::map ValidatorMap; -ValidatorMap initValidators() { +ValidatorMap initValidators() +{ ValidatorMap validators; validators.emplace(AlgoType::RSA_SV, VBuilder::Build()); validators.emplace(AlgoType::RSA_SV, VBuilder::Build()); @@ -206,6 +204,7 @@ ValidatorMap initValidators() { validators.emplace(AlgoType::RSA_OAEP, VBuilder::Build()); return validators; }; + ValidatorMap g_validators = initValidators(); template @@ -217,9 +216,9 @@ void validateParams(const CryptoAlgorithm& ca) AlgoType at = unpack(ca, ParamName::ALGO_TYPE); try { - for(const auto& validator : g_validators.at(at)) + for (const auto& validator : g_validators.at(at)) validator->Check(ca); - } catch(const std::out_of_range&) { + } catch (const std::out_of_range&) { ThrowErr(Exc::Crypto::InputParam, "Unsupported algorithm ", static_cast(at)); } } @@ -326,9 +325,10 @@ RawBuffer asymmetricHelper(int (*cryptoFn)(int, const unsigned char*, unsigned c } // anonymous namespace -const EVP_MD *getMdAlgo(const HashAlgorithm hashAlgo) { - const EVP_MD *md_algo=NULL; - switch(hashAlgo) { +const EVP_MD *getMdAlgo(const HashAlgorithm hashAlgo) +{ + const EVP_MD *md_algo = NULL; + switch (hashAlgo) { case HashAlgorithm::NONE: md_algo = NULL; break; @@ -350,9 +350,10 @@ const EVP_MD *getMdAlgo(const HashAlgorithm hashAlgo) { return md_algo; } -int getRsaPadding(const RSAPaddingAlgorithm padAlgo) { +int getRsaPadding(const RSAPaddingAlgorithm padAlgo) +{ int rsa_padding = -1; - switch(padAlgo) { + switch (padAlgo) { case RSAPaddingAlgorithm::NONE: rsa_padding = RSA_NO_PADDING; break; @@ -373,27 +374,22 @@ DataPair createKeyPairRSA(const int size) EvpPkeyUPtr pkey; // check the parameters of functions - if(size!=1024 && size!=2048 && size!=4096) { + if (size != 1024 && size != 2048 && size != 4096) ThrowErr(Exc::Crypto::InputParam, "Error in RSA input size"); - } EvpPkeyCtxUPtr ctx(EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL), EVP_PKEY_CTX_free); - if(!ctx) { + if (!ctx) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_new_id function !!"); - } - if(EVP_PKEY_keygen_init(ctx.get()) <= 0) { + if (EVP_PKEY_keygen_init(ctx.get()) <= 0) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_keygen_init function !!"); - } - if(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx.get(), size) <= 0) { + if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx.get(), size) <= 0) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_set_rsa_keygen_bits function !!"); - } EVP_PKEY *pkeyTmp = NULL; - if(!EVP_PKEY_keygen(ctx.get(), &pkeyTmp)) { + if (!EVP_PKEY_keygen(ctx.get(), &pkeyTmp)) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_keygen function !!"); - } pkey = EvpPkeyUPtr(pkeyTmp, EVP_PKEY_free); return std::make_pair( @@ -408,46 +404,40 @@ DataPair createKeyPairDSA(const int size) EvpPkeyUPtr pparam; // check the parameters of functions - if(size!=1024 && size!=2048 && size!=3072 && size!=4096) { + if (size != 1024 && size != 2048 && size != 3072 && size != 4096) ThrowErr(Exc::Crypto::InputParam, "Error in DSA input size"); - } /* Create the context for generating the parameters */ EvpPkeyCtxUPtr pctx(EVP_PKEY_CTX_new_id(EVP_PKEY_DSA, NULL), EVP_PKEY_CTX_free); - if(!pctx) { + if (!pctx) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_new_id function"); - } - if(EVP_SUCCESS != EVP_PKEY_paramgen_init(pctx.get())) { + if (EVP_SUCCESS != EVP_PKEY_paramgen_init(pctx.get())) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_paramgen_init function"); - } - if(EVP_SUCCESS != EVP_PKEY_CTX_set_dsa_paramgen_bits(pctx.get(), size)) { + if (EVP_SUCCESS != EVP_PKEY_CTX_set_dsa_paramgen_bits(pctx.get(), size)) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_set_dsa_paramgen_bits(", size, ") function"); - } /* Generate parameters */ EVP_PKEY *pparamTmp = NULL; - if(EVP_SUCCESS != EVP_PKEY_paramgen(pctx.get(), &pparamTmp)) { + if (EVP_SUCCESS != EVP_PKEY_paramgen(pctx.get(), &pparamTmp)) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_paramgen function"); - } + pparam = EvpPkeyUPtr(pparamTmp, EVP_PKEY_free); // Start to generate key EvpPkeyCtxUPtr kctx(EVP_PKEY_CTX_new(pparam.get(), NULL), EVP_PKEY_CTX_free); - if(!kctx) { + if (!kctx) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_new function"); - } - if(EVP_SUCCESS != EVP_PKEY_keygen_init(kctx.get())) { + if (EVP_SUCCESS != EVP_PKEY_keygen_init(kctx.get())) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_keygen_init function"); - } /* Generate the key */ EVP_PKEY *pkeyTmp = NULL; - if(!EVP_PKEY_keygen(kctx.get(), &pkeyTmp)) { + if (!EVP_PKEY_keygen(kctx.get(), &pkeyTmp)) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_keygen function !!"); - } + pkey = EvpPkeyUPtr(pkeyTmp, EVP_PKEY_free); return std::make_pair( @@ -461,7 +451,7 @@ DataPair createKeyPairECDSA(ElipticCurve type) EvpPkeyUPtr pkey; EvpPkeyUPtr pparam; - switch(type) { + switch (type) { case ElipticCurve::prime192v1: ecCurve = NID_X9_62_prime192v1; break; @@ -477,40 +467,35 @@ DataPair createKeyPairECDSA(ElipticCurve type) /* Create the context for generating the parameters */ EvpPkeyCtxUPtr pctx(EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL), EVP_PKEY_CTX_free); - if(!pctx) { + if (!pctx) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_new_id function"); - } - if(EVP_SUCCESS != EVP_PKEY_paramgen_init(pctx.get())) { + if (EVP_SUCCESS != EVP_PKEY_paramgen_init(pctx.get())) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_paramgen_init function"); - } - if(EVP_SUCCESS != EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx.get(), ecCurve)) { + if (EVP_SUCCESS != EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx.get(), ecCurve)) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_set_ec_paramgen_curve_nid function"); - } /* Generate parameters */ EVP_PKEY *pparamTmp = NULL; - if(EVP_SUCCESS != EVP_PKEY_paramgen(pctx.get(), &pparamTmp)) { + if (EVP_SUCCESS != EVP_PKEY_paramgen(pctx.get(), &pparamTmp)) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_paramgen function"); - } + pparam = EvpPkeyUPtr(pparamTmp, EVP_PKEY_free); // Start to generate key EvpPkeyCtxUPtr kctx(EVP_PKEY_CTX_new(pparam.get(), NULL), EVP_PKEY_CTX_free); - if(!kctx) { + if (!kctx) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_new function"); - } - if(EVP_SUCCESS != EVP_PKEY_keygen_init(kctx.get())) { + if (EVP_SUCCESS != EVP_PKEY_keygen_init(kctx.get())) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_keygen_init function"); - } /* Generate the key */ EVP_PKEY *pkeyTmp = NULL; - if(!EVP_PKEY_keygen(kctx.get(), &pkeyTmp)) { + if (!EVP_PKEY_keygen(kctx.get(), &pkeyTmp)) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_keygen function !!"); - } + pkey = EvpPkeyUPtr(pkeyTmp, EVP_PKEY_free); return std::make_pair( @@ -521,7 +506,7 @@ DataPair createKeyPairECDSA(ElipticCurve type) Data createKeyAES(const int sizeBits) { // check the parameters of functions - if(sizeBits!=128 && sizeBits!=192 && sizeBits!=256) { + if (sizeBits != 128 && sizeBits != 192 && sizeBits != 256) { LogError("Error in AES input size"); ThrowMsg(Exc::Crypto::InputParam, "Error in AES input size"); } @@ -541,16 +526,13 @@ DataPair generateAKey(const CryptoAlgorithm &algorithm) validateParams(algorithm); AlgoType keyType = unpack(algorithm, ParamName::ALGO_TYPE); - if(keyType == AlgoType::RSA_GEN || keyType == AlgoType::DSA_GEN) - { + if (keyType == AlgoType::RSA_GEN || keyType == AlgoType::DSA_GEN) { int keyLength = unpack(algorithm, ParamName::GEN_KEY_LEN); - if(keyType == AlgoType::RSA_GEN) + if (keyType == AlgoType::RSA_GEN) return createKeyPairRSA(keyLength); else return createKeyPairDSA(keyLength); - } - else // AlgoType::ECDSA_GEN - { + } else { // AlgoType::ECDSA_GEN ElipticCurve ecType = unpack(algorithm, ParamName::GEN_EC); return createKeyPairECDSA(ecType); } @@ -595,9 +577,9 @@ std::pair encryptDataAesGcm( RawBuffer result = enc->Append(data); RawBuffer tmp = enc->Finalize(); std::copy(tmp.begin(), tmp.end(), std::back_inserter(result)); - if (0 == enc->Control(EVP_CTRL_GCM_GET_TAG, tagSize, tag.data())) { + if (0 == enc->Control(EVP_CTRL_GCM_GET_TAG, tagSize, tag.data())) ThrowErr(Exc::Crypto::InternalError, "Error in AES control function. Get tag failed."); - } + return std::make_pair(result, tag); } @@ -637,10 +619,9 @@ RawBuffer decryptDataAesGcm( EvpCipherPtr dec; selectCipher(AlgoType::AES_GCM, key.size(), false)(dec, key, iv); void *ptr = (void*)tag.data(); - if (0 == dec->Control(EVP_CTRL_GCM_SET_TAG, tag.size(), ptr)) { - ThrowErr(Exc::Crypto::InternalError, - "Error in AES control function. Set tag failed."); - } + if (0 == dec->Control(EVP_CTRL_GCM_SET_TAG, tag.size(), ptr)) + ThrowErr(Exc::Crypto::InternalError, "Error in AES control function. Set tag failed."); + if (!aad.empty()) dec->AppendAAD(aad); @@ -676,26 +657,25 @@ RawBuffer symmetricEncrypt(const RawBuffer &key, validateParams(alg); AlgoType keyType = unpack(alg, ParamName::ALGO_TYPE); - switch(keyType) + switch (keyType) { + case AlgoType::AES_CBC: + case AlgoType::AES_CTR: + case AlgoType::AES_CFB: + return encryptDataAes(keyType, key, data, unpack(alg, ParamName::ED_IV)); + case AlgoType::AES_GCM: { - case AlgoType::AES_CBC: - case AlgoType::AES_CTR: - case AlgoType::AES_CFB: - return encryptDataAes(keyType, key, data, unpack(alg, ParamName::ED_IV)); - case AlgoType::AES_GCM: - { - int tagLenBits = DEFAULT_AES_GCM_TAG_LEN; - alg.getParam(ParamName::ED_TAG_LEN, tagLenBits); - RawBuffer aad; - alg.getParam(ParamName::ED_AAD, aad); - return encryptDataAesGcmPacked(key, - data, - unpack(alg, ParamName::ED_IV), - tagLenBits/8, - aad); - } - default: - break; + int tagLenBits = DEFAULT_AES_GCM_TAG_LEN; + alg.getParam(ParamName::ED_TAG_LEN, tagLenBits); + RawBuffer aad; + alg.getParam(ParamName::ED_AAD, aad); + return encryptDataAesGcmPacked(key, + data, + unpack(alg, ParamName::ED_IV), + tagLenBits/8, + aad); + } + default: + break; } ThrowErr(Exc::Crypto::OperationNotSupported, "symmetric enc: algorithm not recognized"); } @@ -707,26 +687,25 @@ RawBuffer symmetricDecrypt(const RawBuffer &key, validateParams(alg); AlgoType keyType = unpack(alg, ParamName::ALGO_TYPE); - switch(keyType) + switch (keyType) { + case AlgoType::AES_CBC: + case AlgoType::AES_CTR: + case AlgoType::AES_CFB: + return decryptDataAes(keyType, key, data, unpack(alg, ParamName::ED_IV)); + case AlgoType::AES_GCM: { - case AlgoType::AES_CBC: - case AlgoType::AES_CTR: - case AlgoType::AES_CFB: - return decryptDataAes(keyType, key, data, unpack(alg, ParamName::ED_IV)); - case AlgoType::AES_GCM: - { - int tagLenBits = DEFAULT_AES_GCM_TAG_LEN; - alg.getParam(ParamName::ED_TAG_LEN, tagLenBits); - RawBuffer aad; - alg.getParam(ParamName::ED_AAD, aad); - return decryptDataAesGcmPacked(key, - data, - unpack(alg, ParamName::ED_IV), - tagLenBits/8, - aad); - } - default: - break; + int tagLenBits = DEFAULT_AES_GCM_TAG_LEN; + alg.getParam(ParamName::ED_TAG_LEN, tagLenBits); + RawBuffer aad; + alg.getParam(ParamName::ED_AAD, aad); + return decryptDataAesGcmPacked(key, + data, + unpack(alg, ParamName::ED_IV), + tagLenBits/8, + aad); + } + default: + break; } ThrowErr(Exc::Crypto::InputParam, "symmetric dec: algorithm not recognized"); } @@ -760,7 +739,7 @@ RawBuffer sign(EVP_PKEY *pkey, int rsa_padding = getRsaPadding(rsaPad); // -// if((privateKey.getType() != KeyType::KEY_RSA_PRIVATE) && +// if ((privateKey.getType() != KeyType::KEY_RSA_PRIVATE) && // (privateKey.getType() != KeyType::KEY_DSA_PRIVATE) && // (privateKey.getType() != KeyType::KEY_ECDSA_PRIVATE)) // { @@ -768,19 +747,17 @@ RawBuffer sign(EVP_PKEY *pkey, // ThrowErr(CryptoService::Exception::Crypto_internal, "Error in private key type"); // } // -// if(privateKey.getType()==KeyType::KEY_RSA_PRIVATE) { +// if (privateKey.getType()==KeyType::KEY_RSA_PRIVATE) { // rsa_padding = getRsaPadding(padAlgo); // } - if (NULL == pkey) { + if (NULL == pkey) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_keygen function"); - } - if(md_algo == NULL) { + if (md_algo == NULL) return signMessage(pkey, message, rsa_padding); - } - return digestSignMessage(pkey,message, md_algo, rsa_padding); + return digestSignMessage(pkey, message, md_algo, rsa_padding); } RawBuffer signMessage(EVP_PKEY *privKey, @@ -789,39 +766,33 @@ RawBuffer signMessage(EVP_PKEY *privKey, { EvpPkeyCtxUPtr pctx(EVP_PKEY_CTX_new(privKey, NULL), EVP_PKEY_CTX_free); - if(!pctx.get()) { + if (!pctx.get()) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_new function"); - } - if(EVP_PKEY_sign_init(pctx.get()) != EVP_SUCCESS) { + if (EVP_PKEY_sign_init(pctx.get()) != EVP_SUCCESS) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_sign_init function"); - } /* Set padding algorithm */ - if(EVP_PKEY_type(privKey->type) == EVP_PKEY_RSA) { - if(EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx.get(), rsa_padding)) { + if (EVP_PKEY_type(privKey->type) == EVP_PKEY_RSA) + if (EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx.get(), rsa_padding)) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_set_rsa_padding function"); - } - } /* Finalize the Sign operation */ /* First call EVP_PKEY_sign with a NULL sig parameter to obtain the length of the * signature. Length is returned in slen */ size_t slen; - if(EVP_SUCCESS != EVP_PKEY_sign(pctx.get(), NULL, &slen, message.data(), message.size())) { + if (EVP_SUCCESS != EVP_PKEY_sign(pctx.get(), NULL, &slen, message.data(), message.size())) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_sign function"); - } /* Allocate memory for the signature based on size in slen */ RawBuffer sig(slen); - if(EVP_SUCCESS == EVP_PKEY_sign(pctx.get(), + if (EVP_SUCCESS == EVP_PKEY_sign(pctx.get(), sig.data(), &slen, message.data(), - message.size())) - { + message.size())) { // Set value to return RawData sig.resize(slen); return sig; @@ -840,41 +811,34 @@ RawBuffer digestSignMessage(EVP_PKEY *privKey, EVP_PKEY_CTX *pctx = NULL; // Create the Message Digest Context - if(!mdctx.get()) { + if (!mdctx.get()) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_MD_CTX_create function"); - } - if(EVP_SUCCESS != EVP_DigestSignInit(mdctx.get(), &pctx, md_algo, NULL, privKey)) { + if (EVP_SUCCESS != EVP_DigestSignInit(mdctx.get(), &pctx, md_algo, NULL, privKey)) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_DigestSignInit function"); - } /* Set padding algorithm */ - if(EVP_PKEY_type(privKey->type) == EVP_PKEY_RSA) { - if(EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding)) { + if (EVP_PKEY_type(privKey->type) == EVP_PKEY_RSA) + if (EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding)) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_set_rsa_padding function"); - } - } /* Call update with the message */ - if(EVP_SUCCESS != EVP_DigestSignUpdate(mdctx.get(), message.data(), message.size())) { + if (EVP_SUCCESS != EVP_DigestSignUpdate(mdctx.get(), message.data(), message.size())) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_DigestSignUpdate function"); - } /* Finalize the DigestSign operation */ /* First call EVP_DigestSignFinal with a NULL sig parameter to obtain the length of the * signature. Length is returned in slen */ size_t slen; - if(EVP_SUCCESS != EVP_DigestSignFinal(mdctx.get(), NULL, &slen)) { + if (EVP_SUCCESS != EVP_DigestSignFinal(mdctx.get(), NULL, &slen)) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_DigestSignFinal function"); - } /* Allocate memory for the signature based on size in slen */ RawBuffer sig(slen); /* Obtain the signature */ - if(EVP_SUCCESS != EVP_DigestSignFinal(mdctx.get(), sig.data(), &slen)) { + if (EVP_SUCCESS != EVP_DigestSignFinal(mdctx.get(), sig.data(), &slen)) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_DigestSignFinal function"); - } // Set value to return RawData sig.resize(slen); @@ -900,7 +864,7 @@ int verify(EVP_PKEY *pkey, rsa_padding = getRsaPadding(rsaPad); // -// if((publicKey.getType() != KeyType::KEY_RSA_PUBLIC) && +// if ((publicKey.getType() != KeyType::KEY_RSA_PUBLIC) && // (publicKey.getType() != KeyType::KEY_DSA_PUBLIC) && // (publicKey.getType() != KeyType::KEY_ECDSA_PUBLIC)) // { @@ -908,18 +872,16 @@ int verify(EVP_PKEY *pkey, // ThrowErr(CryptoService::Exception::Crypto_internal, "Error in private key type"); // } // -// if(publicKey.getType()==KeyType::KEY_RSA_PUBLIC) { +// if (publicKey.getType()==KeyType::KEY_RSA_PUBLIC) { // rsa_padding = getRsaPadding(padAlgo); // } // auto shrPKey = publicKey.getEvpShPtr(); - if (NULL == pkey) { + if (NULL == pkey) ThrowErr(Exc::Crypto::InternalError, "Error in getEvpShPtr function"); - } - if (md_algo == NULL) { + if (md_algo == NULL) return verifyMessage(pkey, message, signature, rsa_padding); - } return digestVerifyMessage(pkey, message, signature, md_algo, rsa_padding); } @@ -931,24 +893,19 @@ int verifyMessage(EVP_PKEY *pubKey, { EvpPkeyCtxUPtr pctx(EVP_PKEY_CTX_new(pubKey, NULL), EVP_PKEY_CTX_free); - if(!pctx.get()) { + if (!pctx.get()) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_new function"); - } - if(EVP_PKEY_verify_init(pctx.get()) != EVP_SUCCESS) { + if (EVP_PKEY_verify_init(pctx.get()) != EVP_SUCCESS) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_verify_init function"); - } /* Set padding algorithm */ - if(EVP_PKEY_type(pubKey->type) == EVP_PKEY_RSA) { - if(EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx.get(), rsa_padding)) { + if (EVP_PKEY_type(pubKey->type) == EVP_PKEY_RSA) + if (EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx.get(), rsa_padding)) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_set_rsa_padding function"); - } - } - if(EVP_SUCCESS == EVP_PKEY_verify(pctx.get(), signature.data(), signature.size(), message.data(), message.size())) { + if (EVP_SUCCESS == EVP_PKEY_verify(pctx.get(), signature.data(), signature.size(), message.data(), message.size())) return CKM_API_SUCCESS; - } LogError("EVP_PKEY_verify Failed"); return CKM_API_ERROR_VERIFICATION_FAILED; @@ -964,27 +921,21 @@ int digestVerifyMessage(EVP_PKEY *pubKey, EVP_PKEY_CTX *pctx = NULL; /* Create the Message Digest Context */ - if(!mdctx.get()) { + if (!mdctx.get()) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_MD_CTX_create function"); - } - if(EVP_SUCCESS != EVP_DigestVerifyInit(mdctx.get(), &pctx, md_algo, NULL, pubKey)) { + if (EVP_SUCCESS != EVP_DigestVerifyInit(mdctx.get(), &pctx, md_algo, NULL, pubKey)) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_DigestVerifyInit function"); - } - if(EVP_PKEY_type(pubKey->type) == EVP_PKEY_RSA) { - if(EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding)) { + if (EVP_PKEY_type(pubKey->type) == EVP_PKEY_RSA) + if (EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding)) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_PKEY_CTX_set_rsa_padding function"); - } - } - if(EVP_SUCCESS != EVP_DigestVerifyUpdate(mdctx.get(), message.data(), message.size()) ) { + if (EVP_SUCCESS != EVP_DigestVerifyUpdate(mdctx.get(), message.data(), message.size())) ThrowErr(Exc::Crypto::InternalError, "Error in EVP_DigestVerifyUpdate function"); - } - if(EVP_SUCCESS == EVP_DigestVerifyFinal(mdctx.get(), const_cast(signature.data()), signature.size()) ) { + if (EVP_SUCCESS == EVP_DigestVerifyFinal(mdctx.get(), const_cast(signature.data()), signature.size())) return CKM_API_SUCCESS; - } LogError("EVP_PKEY_verify Failed"); return CKM_API_ERROR_VERIFICATION_FAILED; @@ -994,14 +945,14 @@ bool verifyBinaryData(DataType dataType, const RawBuffer &buffer) { if (dataType.isSKey()) { switch (buffer.size()) { - default: - LogError("AES key have wrong size."); - return false; - case 128: - case 192: - case 256: - LogDebug("AES key verified."); - return true; + case 128: + case 192: + case 256: + LogDebug("AES key verified."); + return true; + default: + LogError("AES key have wrong size."); + return false; } } @@ -1033,8 +984,7 @@ bool verifyBinaryData(DataType dataType, const RawBuffer &buffer) return false; } - if (dataType.isCertificate() || dataType.isChainCert()) - { + if (dataType.isCertificate() || dataType.isChainCert()) { const unsigned char *ptr = reinterpret_cast(buffer.data()); int size = static_cast(buffer.size()); X509 *x509 = d2i_X509(NULL, &ptr, size); diff --git a/src/manager/crypto/sw-backend/internals.h b/src/manager/crypto/sw-backend/internals.h index b19dcfb..275500e 100644 --- a/src/manager/crypto/sw-backend/internals.h +++ b/src/manager/crypto/sw-backend/internals.h @@ -24,8 +24,8 @@ #include #include -#define EVP_SUCCESS 1 // DO NOTCHANGE THIS VALUE -#define EVP_FAIL 0 // DO NOTCHANGE THIS VALUE +#define EVP_SUCCESS 1 // DO NOTCHANGE THIS VALUE +#define EVP_FAIL 0 // DO NOTCHANGE THIS VALUE #define CKM_CRYPTO_INIT_SUCCESS 1 #define CKM_CRYPTO_CREATEKEY_SUCCESS 2 @@ -43,7 +43,7 @@ struct Data { RawBuffer buffer; }; -typedef std::pair DataPair; +typedef std::pair DataPair; DataPair createKeyPairRSA(const int size); DataPair createKeyPairDSA(const int size); @@ -53,26 +53,32 @@ Data createKeyAES(const int sizeBits); DataPair generateAKey(const CryptoAlgorithm &algorithm); Data generateSKey(const CryptoAlgorithm &algorithm); -RawBuffer symmetricEncrypt(const RawBuffer &key, - const CryptoAlgorithm &alg, - const RawBuffer &data); -RawBuffer symmetricDecrypt(const RawBuffer &key, - const CryptoAlgorithm &alg, - const RawBuffer &cipher); -RawBuffer asymmetricEncrypt(const EvpShPtr &key, - const CryptoAlgorithm &alg, - const RawBuffer &data); -RawBuffer asymmetricDecrypt(const EvpShPtr &key, - const CryptoAlgorithm &alg, - const RawBuffer &data); - -std::pair encryptDataAesGcm(const RawBuffer &key, +RawBuffer symmetricEncrypt( + const RawBuffer &key, + const CryptoAlgorithm &alg, + const RawBuffer &data); +RawBuffer symmetricDecrypt( + const RawBuffer &key, + const CryptoAlgorithm &alg, + const RawBuffer &cipher); +RawBuffer asymmetricEncrypt( + const EvpShPtr &key, + const CryptoAlgorithm &alg, + const RawBuffer &data); +RawBuffer asymmetricDecrypt( + const EvpShPtr &key, + const CryptoAlgorithm &alg, + const RawBuffer &data); + +std::pair encryptDataAesGcm( + const RawBuffer &key, const RawBuffer &data, const RawBuffer &iv, int tagSize, const RawBuffer &aad = RawBuffer()); -RawBuffer decryptDataAesGcm(const RawBuffer &key, +RawBuffer decryptDataAesGcm( + const RawBuffer &key, const RawBuffer &data, const RawBuffer &iv, const RawBuffer &tag, diff --git a/src/manager/crypto/sw-backend/obj.cpp b/src/manager/crypto/sw-backend/obj.cpp old mode 100644 new mode 100755 index 2a70736..7364fa8 --- a/src/manager/crypto/sw-backend/obj.cpp +++ b/src/manager/crypto/sw-backend/obj.cpp @@ -30,8 +30,8 @@ #include #include -#define EVP_SUCCESS 1 // DO NOTCHANGE THIS VALUE -#define EVP_FAIL 0 // DO NOTCHANGE THIS VALUE +#define EVP_SUCCESS 1 // DO NOTCHANGE THIS VALUE +#define EVP_FAIL 0 // DO NOTCHANGE THIS VALUE namespace CKM { namespace Crypto { @@ -39,8 +39,9 @@ namespace SW { namespace { -AlgoType key2algo(DataType type) { - switch(static_cast(type)) { +AlgoType key2algo(DataType type) +{ + switch (static_cast(type)) { case DataType::Type::KEY_RSA_PRIVATE: case DataType::Type::KEY_RSA_PUBLIC: return AlgoType::RSA_SV; @@ -77,15 +78,16 @@ RawBuffer AKey::sign( return Internals::sign(getEvpShPtr().get(), algWithType, message); } -int AKey::verify(const CryptoAlgorithm &alg, const RawBuffer &message, const RawBuffer &sign) { +int AKey::verify(const CryptoAlgorithm &alg, const RawBuffer &message, const RawBuffer &sign) +{ CryptoAlgorithm algWithType(alg); EVP_PKEY* evp = getEvpShPtr().get(); AlgoType type; // setup algorithm type basing on evp key type if it doesn't exist - if(!algWithType.getParam(ParamName::ALGO_TYPE, type)) { + if (!algWithType.getParam(ParamName::ALGO_TYPE, type)) { int subType = EVP_PKEY_type(evp->type); - switch(subType) { + switch (subType) { case EVP_PKEY_RSA: type = AlgoType::RSA_SV; break; case EVP_PKEY_DSA: @@ -110,7 +112,8 @@ RawBuffer AKey::decrypt(const CryptoAlgorithm &alg, const RawBuffer &data) return Internals::asymmetricDecrypt(getEvpShPtr(), alg, data); } -EvpShPtr AKey::getEvpShPtr() { +EvpShPtr AKey::getEvpShPtr() +{ if (m_evp) return m_evp; @@ -133,15 +136,15 @@ EvpShPtr AKey::getEvpShPtr() { LogDebug("Trying d2i_PUBKEY_bio Status: " << (void*)pkey); } - if (!pkey) { + if (!pkey) ThrowErr(Exc::Crypto::InternalError, "Failed to parse key"); - } m_evp.reset(pkey, EVP_PKEY_free); return m_evp; } -EvpShPtr Cert::getEvpShPtr() { +EvpShPtr Cert::getEvpShPtr() +{ if (m_evp) return m_evp; @@ -150,9 +153,8 @@ EvpShPtr Cert::getEvpShPtr() { X509 *x509 = d2i_X509(NULL, &ptr, size); - if (!x509) { + if (!x509) ThrowErr(Exc::Crypto::InternalError, "Failed to parse certificate."); - } m_evp.reset(X509_get_pubkey(x509), EVP_PKEY_free); X509_free(x509); @@ -162,4 +164,3 @@ EvpShPtr Cert::getEvpShPtr() { } // namespace SW } // namespace Crypto } // namespace CKM - diff --git a/src/manager/crypto/sw-backend/obj.h b/src/manager/crypto/sw-backend/obj.h index f8c3cfe..082664a 100644 --- a/src/manager/crypto/sw-backend/obj.h +++ b/src/manager/crypto/sw-backend/obj.h @@ -30,7 +30,7 @@ namespace CKM { namespace Crypto { namespace SW { -typedef std::unique_ptr> ContextUPtr; +typedef std::unique_ptr> ContextUPtr; typedef std::shared_ptr EvpShPtr; class BData : public GObj { @@ -38,7 +38,8 @@ public: BData(RawBuffer buffer, DataType keyType) : m_raw(std::move(buffer)) , m_type(keyType) - {} + { + } virtual RawBuffer getBinary() const { return m_raw; } protected: @@ -49,7 +50,8 @@ protected: class SKey : public BData { public: SKey(RawBuffer buffer, DataType keyType) : BData(std::move(buffer), keyType) - {} + { + } virtual RawBuffer encrypt(const CryptoAlgorithm &, const RawBuffer &); virtual RawBuffer decrypt(const CryptoAlgorithm &, const RawBuffer &); @@ -58,12 +60,14 @@ public: class AKey : public BData { public: AKey(RawBuffer buffer, DataType dataType) : BData(std::move(buffer), dataType) - {} + { + } virtual RawBuffer sign(const CryptoAlgorithm &alg, const RawBuffer &message); virtual int verify(const CryptoAlgorithm &alg, const RawBuffer &message, const RawBuffer &sign); virtual RawBuffer encrypt(const CryptoAlgorithm &, const RawBuffer &); virtual RawBuffer decrypt(const CryptoAlgorithm &, const RawBuffer &); - virtual ~AKey(){} + virtual ~AKey() {} + protected: virtual EvpShPtr getEvpShPtr(); @@ -74,8 +78,9 @@ class Cert : public AKey { public: Cert(RawBuffer buffer, DataType dataType) : AKey(std::move(buffer), dataType) - {} - virtual ~Cert(){} + { + } + virtual ~Cert() {} protected: virtual EvpShPtr getEvpShPtr(); }; diff --git a/src/manager/crypto/sw-backend/store.cpp b/src/manager/crypto/sw-backend/store.cpp old mode 100644 new mode 100755 index 2605f4d..b0fdb61 --- a/src/manager/crypto/sw-backend/store.cpp +++ b/src/manager/crypto/sw-backend/store.cpp @@ -49,11 +49,13 @@ enum EncryptionScheme { }; template -std::unique_ptr make_unique(Args&& ...args) { +std::unique_ptr make_unique(Args&& ...args) +{ return std::unique_ptr(new T(std::forward(args)...)); } -RawBuffer generateRandIV() { +RawBuffer generateRandIV() +{ RawBuffer civ(EVP_MAX_IV_LENGTH); if (1 != RAND_bytes(civ.data(), civ.size())) @@ -73,9 +75,7 @@ RawBuffer passwordToKey(const Password &password, const RawBuffer &salt, size_t ITERATIONS, result.size(), result.data())) - { ThrowErr(Exc::InternalError, "PCKS5_PKKDF2_HMAC_SHA1 failed."); - } return result; } @@ -156,43 +156,36 @@ Store::Store(CryptoBackend backendId) // get the device key if present InitialValues::SWKeyFile keyFile(DEVICE_KEY_SW_FILE); int rc = keyFile.Validate(DEVICE_KEY_XSD); - if(rc == XML::Parser::PARSE_SUCCESS) - { + if (rc == XML::Parser::PARSE_SUCCESS) { rc = keyFile.Parse(); - if(rc == XML::Parser::PARSE_SUCCESS) + if (rc == XML::Parser::PARSE_SUCCESS) m_deviceKey = keyFile.getPrivKey(); else - { // do nothing, bypass encrypted elements LogWarning("invalid SW key file: " << DEVICE_KEY_SW_FILE << ", parsing code: " << rc); - } - } - else + } else { LogWarning("invalid SW key file: " << DEVICE_KEY_SW_FILE << ", validation code: " << rc); + } } -GObjUPtr Store::getObject(const Token &token, const Password &pass) { - if (token.backendId != m_backendId) { +GObjUPtr Store::getObject(const Token &token, const Password &pass) +{ + if (token.backendId != m_backendId) ThrowErr(Exc::Crypto::WrongBackend, "Decider choose wrong backend!"); - } RawBuffer data = unpack(token.data, pass); - if (token.dataType.isKeyPrivate() || token.dataType.isKeyPublic()) { + if (token.dataType.isKeyPrivate() || token.dataType.isKeyPublic()) return make_unique(data, token.dataType); - } - if (token.dataType == DataType(DataType::KEY_AES)) { + if (token.dataType == DataType(DataType::KEY_AES)) return make_unique(data, token.dataType); - } - if (token.dataType.isCertificate() || token.dataType.isChainCert()) { + if (token.dataType.isCertificate() || token.dataType.isChainCert()) return make_unique(data, token.dataType); - } - if (token.dataType.isBinaryData()) { + if (token.dataType.isBinaryData()) return make_unique(data, token.dataType); - } ThrowErr(Exc::Crypto::DataTypeNotSupported, "This type of data is not supported by openssl backend: ", (int)token.dataType); @@ -203,7 +196,7 @@ TokenPair Store::generateAKey(const CryptoAlgorithm &algorithm, const Password &pubPass) { Internals::DataPair ret = Internals::generateAKey(algorithm); - return std::make_pair( + return std::make_pair( Token(m_backendId, ret.first.type, pack(ret.first.buffer, prvPass)), Token(m_backendId, ret.second.type, pack(ret.second.buffer, pubPass))); } @@ -214,12 +207,14 @@ Token Store::generateSKey(const CryptoAlgorithm &algorithm, const Password &pass return Token(m_backendId, ret.type, pack(ret.buffer, pass)); } -Token Store::import(const Data &data, const Password &pass) { +Token Store::import(const Data &data, const Password &pass) +{ return Token(m_backendId, data.type, pack(data.data, pass)); } -Token Store::importEncrypted(const Data &data, const Password &pass, const DataEncryption &enc) { - if(!m_deviceKey) +Token Store::importEncrypted(const Data &data, const Password &pass, const DataEncryption &enc) +{ + if (!m_deviceKey) ThrowErr(Exc::Crypto::InternalError, "No device key present"); // decrypt the AES key using device key diff --git a/src/manager/crypto/sw-backend/store.h b/src/manager/crypto/sw-backend/store.h index 860e393..a29f30c 100644 --- a/src/manager/crypto/sw-backend/store.h +++ b/src/manager/crypto/sw-backend/store.h @@ -36,7 +36,7 @@ public: virtual Token generateSKey(const CryptoAlgorithm &, const Password &); virtual Token import(const Data &data, const Password &); virtual Token importEncrypted(const Data &, const Password &, const DataEncryption &); - virtual void destroy(const Token &){} + virtual void destroy(const Token &) {} private: Crypto::GObjShPtr m_deviceKey; diff --git a/src/manager/crypto/tz-backend/obj.h b/src/manager/crypto/tz-backend/obj.h index 60e3a61..d8ca54a 100644 --- a/src/manager/crypto/tz-backend/obj.h +++ b/src/manager/crypto/tz-backend/obj.h @@ -28,15 +28,17 @@ namespace TZ { class SKey : public GObj { public: - SKey(){} - virtual ~SKey(){} + SKey() {} + virtual ~SKey() {} + protected: }; class AKey : public GObj { public: - AKey(){} - virtual ~AKey(){} + AKey() {} + virtual ~AKey() {} + protected: }; diff --git a/src/manager/crypto/tz-backend/store.cpp b/src/manager/crypto/tz-backend/store.cpp index 4dd2b21..8fd12f1 100644 --- a/src/manager/crypto/tz-backend/store.cpp +++ b/src/manager/crypto/tz-backend/store.cpp @@ -26,23 +26,28 @@ namespace CKM { namespace Crypto { namespace TZ { -Store::Store(CryptoBackend backendId) - : GStore(backendId) -{} +Store::Store(CryptoBackend backendId) : + GStore(backendId) +{ +} -GObjUPtr Store::getObject(const Token &, const Password &) { +GObjUPtr Store::getObject(const Token &, const Password &) +{ ThrowErr(Exc::Crypto::OperationNotSupported, "Trust zone backend is not implemented!"); } -TokenPair Store::generateAKey(const CryptoAlgorithm &, const Password &, const Password &) { +TokenPair Store::generateAKey(const CryptoAlgorithm &, const Password &, const Password &) +{ ThrowErr(Exc::Crypto::OperationNotSupported, "Trust zone backend is not implemented!"); } -Token Store::import(const Data &, const Password &) { +Token Store::import(const Data &, const Password &) +{ ThrowErr(Exc::Crypto::OperationNotSupported, "Trust zone backend is not implemented!"); } -Token Store::importEncrypted(const Data &, const Password &, const DataEncryption &) { +Token Store::importEncrypted(const Data &, const Password &, const DataEncryption &) +{ ThrowErr(Exc::Crypto::OperationNotSupported, "Trust zone backend is not implemented!"); } diff --git a/src/manager/dpl/core/include/dpl/binary_queue.h b/src/manager/dpl/core/include/dpl/binary_queue.h index 1bb43e3..e8f1a33 100644 --- a/src/manager/dpl/core/include/dpl/binary_queue.h +++ b/src/manager/dpl/core/include/dpl/binary_queue.h @@ -41,13 +41,11 @@ typedef std::auto_ptr BinaryQueueAutoPtr; * * @todo Add optimized implementation for FlattenConsume */ -class COMMON_API BinaryQueue +class COMMON_API BinaryQueue { // : public AbstractInputOutput -{ - public: - class Exception - { - public: +public: + class Exception { + public: DECLARE_EXCEPTION_TYPE(CKM::Exception, Base) DECLARE_EXCEPTION_TYPE(Base, OutOfData) }; @@ -58,9 +56,8 @@ class COMMON_API BinaryQueue size_t bufferSize, void *userParam); - class BucketVisitor - { - public: + class BucketVisitor { + public: /** * Destructor */ @@ -76,9 +73,8 @@ class COMMON_API BinaryQueue virtual void OnVisitBucket(const void *buffer, size_t bufferSize) = 0; }; - private: - struct Bucket - { +private: + struct Bucket { NONCOPYABLE(Bucket); const void *buffer; @@ -102,12 +98,11 @@ class COMMON_API BinaryQueue static void DeleteBucket(Bucket *bucket); - class BucketVisitorCall - { - private: + class BucketVisitorCall { + private: BucketVisitor *m_visitor; - public: + public: BucketVisitorCall(BucketVisitor *visitor); virtual ~BucketVisitorCall(); diff --git a/src/manager/dpl/core/include/dpl/exception.h b/src/manager/dpl/core/include/dpl/exception.h index 9aab85b..7bc7ad3 100644 --- a/src/manager/dpl/core/include/dpl/exception.h +++ b/src/manager/dpl/core/include/dpl/exception.h @@ -48,9 +48,8 @@ class COMMON_API Exception static void AddRef(Exception* exception) { - if (!m_exceptionCount) { + if (!m_exceptionCount) m_terminateHandler = std::set_terminate(&TerminateHandler); - } ++m_exceptionCount; m_lastException = exception; @@ -58,9 +57,8 @@ class COMMON_API Exception static void UnRef(Exception* e) { - if (m_lastException == e) { + if (m_lastException == e) m_lastException = NULL; - } --m_exceptionCount; @@ -126,11 +124,10 @@ class COMMON_API Exception Exception(const Exception &other) { // Deep copy - if (other.m_reason != NULL) { + if (other.m_reason != NULL) m_reason = new Exception(*other.m_reason); - } else { + else m_reason = NULL; - } m_message = other.m_message; m_path = other.m_path; @@ -144,16 +141,14 @@ class COMMON_API Exception const Exception &operator =(const Exception &other) { - if (this == &other) { + if (this == &other) return *this; - } // Deep copy - if (other.m_reason != NULL) { + if (other.m_reason != NULL) m_reason = new Exception(*other.m_reason); - } else { + else m_reason = NULL; - } m_message = other.m_message; m_path = other.m_path; @@ -207,18 +202,16 @@ class COMMON_API Exception void Dump() const { // Show reason first - if (m_reason != NULL) { + if (m_reason != NULL) m_reason->Dump(); - } // Afterward, dump exception const char *file = strchr(m_path.c_str(), '/'); - if (file == NULL) { + if (file == NULL) file = m_path.c_str(); - } else { + else ++file; - } printf("\033[0;36m[%s:%i]\033[m %s() \033[4;35m%s\033[m: %s\033[m\n", file, m_line, @@ -230,17 +223,15 @@ class COMMON_API Exception std::string DumpToString() const { std::string ret; - if (m_reason != NULL) { + if (m_reason != NULL) ret = m_reason->DumpToString(); - } const char *file = strchr(m_path.c_str(), '/'); - if (file == NULL) { + if (file == NULL) file = m_path.c_str(); - } else { + else ++file; - } char buf[1024]; snprintf(buf, @@ -296,8 +287,7 @@ class COMMON_API Exception throw ClassName(__FILE__, __FUNCTION__, __LINE__) #define ThrowMsg(ClassName, Message) \ - do \ - { \ + do { \ std::ostringstream dplLoggingStream; \ dplLoggingStream << Message; \ throw ClassName(__FILE__, __FUNCTION__, __LINE__, dplLoggingStream.str()); \ diff --git a/src/manager/dpl/core/include/dpl/fstream_accessors.h b/src/manager/dpl/core/include/dpl/fstream_accessors.h index b1aa17c..e585035 100644 --- a/src/manager/dpl/core/include/dpl/fstream_accessors.h +++ b/src/manager/dpl/core/include/dpl/fstream_accessors.h @@ -38,7 +38,8 @@ template class FstreamAccessors : T::__filebuf_type { typedef FstreamAccessors MyType; public: - static int GetFd(T &strm) { + static int GetFd(T &strm) + { return static_cast(strm.rdbuf())->_M_file.fd(); } }; diff --git a/src/manager/dpl/core/include/dpl/scoped_ptr.h b/src/manager/dpl/core/include/dpl/scoped_ptr.h index 37e5f90..d39b032 100644 --- a/src/manager/dpl/core/include/dpl/scoped_ptr.h +++ b/src/manager/dpl/core/include/dpl/scoped_ptr.h @@ -27,7 +27,8 @@ namespace CKM { struct free_deleter{ - void operator()(char *p) { + void operator()(char *p) + { free(p); } }; diff --git a/src/manager/dpl/core/include/dpl/serialization.h b/src/manager/dpl/core/include/dpl/serialization.h index 581fedd..9f61680 100644 --- a/src/manager/dpl/core/include/dpl/serialization.h +++ b/src/manager/dpl/core/include/dpl/serialization.h @@ -32,8 +32,7 @@ namespace CKM { // Abstract data stream buffer -class IStream -{ +class IStream { public: virtual void Read(size_t num, void * bytes) = 0; virtual void Write(size_t num, const void * bytes) = 0; @@ -41,8 +40,7 @@ class IStream }; // Serializable interface -class ISerializable -{ +class ISerializable { public: /* ISerializable(){}; * ISerializable(IStream&){}; */ @@ -137,7 +135,7 @@ struct Serialization { // std::string template - static void Serialize(IStream& stream, const std::basic_string& str) + static void Serialize(IStream& stream, const std::basic_string& str) { int length = str.size(); stream.Write(sizeof(length), &length); @@ -145,7 +143,7 @@ struct Serialization { } template - static void Serialize(IStream& stream, const std::basic_string* const str) + static void Serialize(IStream& stream, const std::basic_string* const str) { int length = str->size(); stream.Write(sizeof(length), &length); @@ -162,9 +160,7 @@ struct Serialization { stream.Write(sizeof(length), &length); for (typename std::list::const_iterator list_iter = list.begin(); list_iter != list.end(); list_iter++) - { Serialize(stream, *list_iter); - } } template static void Serialize(IStream& stream, const std::list* const list) @@ -194,9 +190,7 @@ struct Serialization { int length = vec.size(); stream.Write(sizeof(length), &length); for (const auto &i : vec) - { Serialize(stream, i); - } } template static void Serialize(IStream& stream, const std::vector* const vec) @@ -241,7 +235,6 @@ struct Serialization { { Serialize(stream, *p); } - }; // struct Serialization struct Deserialization { @@ -339,23 +332,23 @@ struct Deserialization { } template - static void Deserialize(IStream& stream, std::basic_string& str) + static void Deserialize(IStream& stream, std::basic_string& str) { int length; stream.Read(sizeof(length), &length); std::vector buf(length); stream.Read(length*sizeof(T), buf.data()); - str = std::basic_string(buf.data(), buf.data()+length); + str = std::basic_string(buf.data(), buf.data() + length); } template - static void Deserialize(IStream& stream, std::basic_string*& str) + static void Deserialize(IStream& stream, std::basic_string*& str) { int length; stream.Read(sizeof(length), &length); std::vector buf(length); stream.Read(length*sizeof(T), buf.data()); - str = new std::basic_string(buf.data(), buf.data()+length); + str = new std::basic_string(buf.data(), buf.data() + length); } // STL templates @@ -392,13 +385,13 @@ struct Deserialization { template static void Deserialize(IStream& stream, std::vector*& vec) { - vec = new std::vector; + vec = new std::vector; Deserialize(stream, *vec); } // std::vector template - static void Deserialize(IStream& stream, std::vector& vec) + static void Deserialize(IStream& stream, std::vector& vec) { int length; stream.Read(sizeof(length), &length); @@ -409,9 +402,9 @@ struct Deserialization { } } template - static void Deserialize(IStream& stream, std::vector*& vec) + static void Deserialize(IStream& stream, std::vector*& vec) { - vec = new std::vector; + vec = new std::vector; Deserialize(stream, *vec); } @@ -457,7 +450,8 @@ struct Serializer; template struct Serializer : public Serializer { - static void Serialize(IStream& stream, const First& f, const Args&... args) { + static void Serialize(IStream& stream, const First& f, const Args&... args) + { Serialization::Serialize(stream, f); Serializer::Serialize(stream, args...); } @@ -466,7 +460,8 @@ struct Serializer : public Serializer { // end of recursion template <> struct Serializer<> { - static void Serialize(IStream&) { + static void Serialize(IStream&) + { return; } }; @@ -477,7 +472,8 @@ struct Deserializer; template struct Deserializer : public Deserializer { - static void Deserialize(IStream& stream, First& f, Args&... args) { + static void Deserialize(IStream& stream, First& f, Args&... args) + { Deserialization::Deserialize(stream, f); Deserializer::Deserialize(stream, args...); } @@ -486,7 +482,8 @@ struct Deserializer : public Deserializer { // end of recursion template <> struct Deserializer<> { - static void Deserialize(IStream&) { + static void Deserialize(IStream&) + { return; } }; diff --git a/src/manager/dpl/core/src/assert.cpp b/src/manager/dpl/core/src/assert.cpp index 43898bd..38ed526 100644 --- a/src/manager/dpl/core/src/assert.cpp +++ b/src/manager/dpl/core/src/assert.cpp @@ -33,20 +33,17 @@ void AssertProc(const char *condition, const char *function) { #define INTERNAL_LOG(message) \ - do \ - { \ + do { \ std::ostringstream platformLog; \ platformLog << message; \ CKM::Log::LogSystemSingleton::Instance().Log( \ CKM::Log::AbstractLogProvider::LogLevel::Pedantic, \ platformLog.str().c_str(), \ __FILE__, __LINE__, __FUNCTION__); \ - } \ - while (0) + } while (0) // Try to log failed assertion to log system - Try - { + Try { INTERNAL_LOG( "################################################################################"); INTERNAL_LOG( diff --git a/src/manager/dpl/core/src/binary_queue.cpp b/src/manager/dpl/core/src/binary_queue.cpp index 5a3c42e..8d3a232 100644 --- a/src/manager/dpl/core/src/binary_queue.cpp +++ b/src/manager/dpl/core/src/binary_queue.cpp @@ -59,9 +59,8 @@ void BinaryQueue::AppendCopyFrom(const BinaryQueue &other) // To speed things up, always copy as one bucket void *bufferCopy = malloc(other.m_size); - if (bufferCopy == NULL) { + if (bufferCopy == NULL) throw std::bad_alloc(); - } try { other.Flatten(bufferCopy, other.m_size); @@ -108,9 +107,8 @@ void BinaryQueue::AppendCopy(const void* buffer, size_t bufferSize) void *bufferCopy = malloc(bufferSize); // Check if allocation succeded - if (bufferCopy == NULL) { + if (bufferCopy == NULL) throw std::bad_alloc(); - } // Copy user data memcpy(bufferCopy, buffer, bufferSize); @@ -162,9 +160,8 @@ bool BinaryQueue::Empty() const void BinaryQueue::Consume(size_t size) { // Check parameters - if (size > m_size) { + if (size > m_size) Throw(Exception::OutOfData); - } size_t bytesLeft = size; @@ -189,13 +186,11 @@ void BinaryQueue::Consume(size_t size) void BinaryQueue::Flatten(void *buffer, size_t bufferSize) const { // Check parameters - if (bufferSize == 0) { + if (bufferSize == 0) return; - } - if (bufferSize > m_size) { + if (bufferSize > m_size) Throw(Exception::OutOfData); - } size_t bytesLeft = bufferSize; void *ptr = buffer; @@ -264,14 +259,17 @@ BinaryQueue::Bucket::~Bucket() } BinaryQueue::BucketVisitor::~BucketVisitor() -{} +{ +} BinaryQueue::BucketVisitorCall::BucketVisitorCall(BucketVisitor *visitor) : m_visitor(visitor) -{} +{ +} BinaryQueue::BucketVisitorCall::~BucketVisitorCall() -{} +{ +} void BinaryQueue::BucketVisitorCall::operator()(Bucket *bucket) const { @@ -294,9 +292,8 @@ BinaryQueueAutoPtr BinaryQueue::Read(size_t size) std::unique_ptr> bufferCopy(malloc(available), free); - if (!bufferCopy.get()) { + if (!bufferCopy.get()) throw std::bad_alloc(); - } BinaryQueueAutoPtr result(new BinaryQueue()); diff --git a/src/manager/dpl/core/src/errno_string.cpp b/src/manager/dpl/core/src/errno_string.cpp index fb1e2ac..b918529 100644 --- a/src/manager/dpl/core/src/errno_string.cpp +++ b/src/manager/dpl/core/src/errno_string.cpp @@ -34,8 +34,7 @@ #include namespace CKM { -namespace // anonymous -{ +namespace { // anonymous const size_t DEFAULT_ERRNO_STRING_SIZE = 32; } // namespace anonymous diff --git a/src/manager/dpl/db/include/dpl/db/sql_connection.h b/src/manager/dpl/db/include/dpl/db/sql_connection.h index 7c6e756..6a05fdf 100644 --- a/src/manager/dpl/db/include/dpl/db/sql_connection.h +++ b/src/manager/dpl/db/include/dpl/db/sql_connection.h @@ -38,14 +38,12 @@ namespace DB { /** * SQL connection class */ -class SqlConnection -{ +class SqlConnection { public: /** * SQL Exception classes */ - class Exception - { + class Exception { public: DECLARE_EXCEPTION_TYPE(CKM::Exception, Base) DECLARE_EXCEPTION_TYPE(Base, SyntaxError) @@ -63,7 +61,7 @@ class SqlConnection typedef std::vector Row; typedef std::vector Rows; - static int Callback(void*,int,char**,char**); + static int Callback(void*, int, char**, char**); const Row& GetNames() const { return m_names; } const Rows& GetValues() const { return m_values; } private: @@ -79,8 +77,7 @@ class SqlConnection /* * SQL processed data command */ - class DataCommand - { + class DataCommand { private: SqlConnection *m_masterConnection; sqlcipher3_stmt *m_stmt; @@ -392,13 +389,11 @@ class SqlConnection typedef std::unique_ptr DataCommandUniquePtr; // Open flags - class Flag - { + class Flag { public: - enum Option - { + enum Option { RO = SQLCIPHER_OPEN_NOMUTEX | SQLCIPHER_OPEN_READONLY, - RW = SQLCIPHER_OPEN_NOMUTEX | SQLCIPHER_OPEN_READWRITE, + RW = SQLCIPHER_OPEN_NOMUTEX | SQLCIPHER_OPEN_READWRITE, CRW = RW | SQLCIPHER_OPEN_CREATE }; }; @@ -410,8 +405,7 @@ class SqlConnection * Synchronization object used to synchronize SQL connection * to the same database across different threads and processes */ - class SynchronizationObject - { + class SynchronizationObject { public: virtual ~SynchronizationObject() {} diff --git a/src/manager/dpl/db/src/naive_synchronization_object.cpp b/src/manager/dpl/db/src/naive_synchronization_object.cpp index c31e742..ece4f26 100644 --- a/src/manager/dpl/db/src/naive_synchronization_object.cpp +++ b/src/manager/dpl/db/src/naive_synchronization_object.cpp @@ -52,9 +52,8 @@ void NanoSleep(uint64_t nanoseconds) timespec remainingTime; for (;;) { - if (nanosleep(&requestedTime, &remainingTime) == 0) { + if (nanosleep(&requestedTime, &remainingTime) == 0) break; - } int error = errno; Assert(error == EINTR); diff --git a/src/manager/dpl/db/src/sql_connection.cpp b/src/manager/dpl/db/src/sql_connection.cpp old mode 100644 new mode 100755 index 20a01f2..9b053a0 --- a/src/manager/dpl/db/src/sql_connection.cpp +++ b/src/manager/dpl/db/src/sql_connection.cpp @@ -47,8 +47,7 @@ struct ScopedVaList { namespace CKM { namespace DB { -namespace // anonymous -{ +namespace { // anonymous class ScopedNotifyAll { private: @@ -60,13 +59,13 @@ class ScopedNotifyAll explicit ScopedNotifyAll( SqlConnection::SynchronizationObject *synchronizationObject) : m_synchronizationObject(synchronizationObject) - {} + { + } ~ScopedNotifyAll() { - if (!m_synchronizationObject) { + if (!m_synchronizationObject) return; - } LogPedantic("Notifying after successful synchronize"); m_synchronizationObject->NotifyAll(); @@ -126,9 +125,8 @@ SqlConnection::DataCommand::~DataCommand() { LogPedantic("SQL data command finalizing"); - if (sqlcipher3_finalize(m_stmt) != SQLCIPHER_OK) { + if (sqlcipher3_finalize(m_stmt) != SQLCIPHER_OK) LogError("Failed to finalize data command"); - } // Decrement stored data command count --m_masterConnection->m_dataCommandsCount; @@ -262,88 +260,80 @@ void SqlConnection::DataCommand::BindInteger( SqlConnection::ArgumentIndex position, const boost::optional &value) { - if (!value) { + if (!value) BindNull(position); - } else { + else BindInteger(position, *value); - } } void SqlConnection::DataCommand::BindInt8( SqlConnection::ArgumentIndex position, const boost::optional &value) { - if (!value) { + if (!value) BindNull(position); - } else { + else BindInt8(position, *value); - } } void SqlConnection::DataCommand::BindInt16( SqlConnection::ArgumentIndex position, const boost::optional &value) { - if (!value) { + if (!value) BindNull(position); - } else { + else BindInt16(position, *value); - } } void SqlConnection::DataCommand::BindInt32( SqlConnection::ArgumentIndex position, const boost::optional &value) { - if (!value) { + if (!value) BindNull(position); - } else { + else BindInt32(position, *value); - } } void SqlConnection::DataCommand::BindInt64( SqlConnection::ArgumentIndex position, const boost::optional &value) { - if (!value) { + if (!value) BindNull(position); - } else { + else BindInt64(position, *value); - } } void SqlConnection::DataCommand::BindFloat( SqlConnection::ArgumentIndex position, const boost::optional &value) { - if (!value) { + if (!value) BindNull(position); - } else { + else BindFloat(position, *value); - } } void SqlConnection::DataCommand::BindDouble( SqlConnection::ArgumentIndex position, const boost::optional &value) { - if (!value) { + if (!value) BindNull(position); - } else { + else BindDouble(position, *value); - } } void SqlConnection::DataCommand::BindBlob( SqlConnection::ArgumentIndex position, const boost::optional &value) { - if (!!value) { + if (!!value) BindBlob(position, *value); - } else { + else BindNull(position); - } } bool SqlConnection::DataCommand::Step() @@ -407,9 +397,8 @@ void SqlConnection::DataCommand::Reset() void SqlConnection::DataCommand::CheckColumnIndex( SqlConnection::ColumnIndex column) { - if (column < 0 || column >= sqlcipher3_column_count(m_stmt)) { + if (column < 0 || column >= sqlcipher3_column_count(m_stmt)) ThrowMsg(Exception::InvalidColumn, "Column index is out of bounds"); - } } bool SqlConnection::DataCommand::IsColumnNull( @@ -501,9 +490,8 @@ std::string SqlConnection::DataCommand::GetColumnString( LogPedantic("Value: " << (value ? value : "NULL")); - if (value == NULL) { + if (value == NULL) return std::string(); - } return std::string(value); } @@ -517,9 +505,8 @@ RawBuffer SqlConnection::DataCommand::GetColumnBlob( const unsigned char *value = reinterpret_cast( sqlcipher3_column_blob(m_stmt, column)); - if (value == NULL) { + if (value == NULL) return RawBuffer(); - } int length = sqlcipher3_column_bytes(m_stmt, column); LogPedantic("Got blob of length: " << length); @@ -533,9 +520,9 @@ boost::optional SqlConnection::DataCommand::GetColumnOptionalInteger( LogPedantic("SQL data command get column optional integer: [" << column << "]"); CheckColumnIndex(column); - if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL) { + if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL) return boost::optional(); - } + int value = sqlcipher3_column_int(m_stmt, column); LogPedantic(" Value: " << value); return boost::optional(value); @@ -547,9 +534,9 @@ boost::optional SqlConnection::DataCommand::GetColumnOptionalInt8( LogPedantic("SQL data command get column optional int8: [" << column << "]"); CheckColumnIndex(column); - if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL) { + if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL) return boost::optional(); - } + int8_t value = static_cast(sqlcipher3_column_int(m_stmt, column)); LogPedantic(" Value: " << value); return boost::optional(value); @@ -561,9 +548,9 @@ boost::optional SqlConnection::DataCommand::GetColumnOptionalInt16( LogPedantic("SQL data command get column optional int16: [" << column << "]"); CheckColumnIndex(column); - if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL) { + if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL) return boost::optional(); - } + int16_t value = static_cast(sqlcipher3_column_int(m_stmt, column)); LogPedantic(" Value: " << value); return boost::optional(value); @@ -575,9 +562,9 @@ boost::optional SqlConnection::DataCommand::GetColumnOptionalInt32( LogPedantic("SQL data command get column optional int32: [" << column << "]"); CheckColumnIndex(column); - if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL) { + if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL) return boost::optional(); - } + int32_t value = static_cast(sqlcipher3_column_int(m_stmt, column)); LogPedantic(" Value: " << value); return boost::optional(value); @@ -589,9 +576,9 @@ boost::optional SqlConnection::DataCommand::GetColumnOptionalInt64( LogPedantic("SQL data command get column optional int64: [" << column << "]"); CheckColumnIndex(column); - if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL) { + if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL) return boost::optional(); - } + int64_t value = static_cast(sqlcipher3_column_int64(m_stmt, column)); LogPedantic(" Value: " << value); return boost::optional(value); @@ -603,9 +590,9 @@ boost::optional SqlConnection::DataCommand::GetColumnOptionalFloat( LogPedantic("SQL data command get column optional float: [" << column << "]"); CheckColumnIndex(column); - if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL) { + if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL) return boost::optional(); - } + float value = static_cast(sqlcipher3_column_double(m_stmt, column)); LogPedantic(" Value: " << value); return boost::optional(value); @@ -617,9 +604,9 @@ boost::optional SqlConnection::DataCommand::GetColumnOptionalDouble( LogPedantic("SQL data command get column optional double: [" << column << "]"); CheckColumnIndex(column); - if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL) { + if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL) return boost::optional(); - } + double value = sqlcipher3_column_double(m_stmt, column); LogPedantic(" Value: " << value); return boost::optional(value); @@ -631,9 +618,9 @@ boost::optional SqlConnection::DataCommand::GetColumnOptionalBlob( LogPedantic("SQL data command get column blog: [" << column << "]"); CheckColumnIndex(column); - if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL) { + if (sqlcipher3_column_type(m_stmt, column) == SQLCIPHER_NULL) return boost::optional(); - } + const unsigned char *value = reinterpret_cast( sqlcipher3_column_blob(m_stmt, column)); @@ -672,14 +659,14 @@ void SqlConnection::Connect(const std::string &address, TurnOnForeignKeys(); } -const std::string SQLCIPHER_RAW_PREFIX="x'"; -const std::string SQLCIPHER_RAW_SUFIX="'"; +const std::string SQLCIPHER_RAW_PREFIX = "x'"; +const std::string SQLCIPHER_RAW_SUFIX = "'"; const std::size_t SQLCIPHER_RAW_DATA_SIZE = 32; RawBuffer rawToHexString(const RawBuffer &raw) { RawBuffer output; - for(auto &e: raw) { + for (auto &e: raw) { char result[3]; snprintf(result, sizeof(result), "%02X", static_cast(e)); output.push_back(static_cast(result[0])); @@ -688,7 +675,8 @@ RawBuffer rawToHexString(const RawBuffer &raw) return output; } -RawBuffer createHexPass(const RawBuffer &rawPass){ +RawBuffer createHexPass(const RawBuffer &rawPass) +{ // We are required to pass 64byte long hex password made out of 32byte raw // binary data RawBuffer output; @@ -736,8 +724,7 @@ void SqlConnection::ResetKey(const RawBuffer &rawPassOld, } AssertMsg(rawPassOld.size() == SQLCIPHER_RAW_DATA_SIZE && rawPassNew.size() == SQLCIPHER_RAW_DATA_SIZE, - "Binary data for raw password should be 32 bytes long." - ); + "Binary data for raw password should be 32 bytes long."); // sqlcipher3_rekey requires for key to be already set if (!m_isKeySet) SetKey(rawPassOld); @@ -817,9 +804,8 @@ SqlConnection::SqlConnection(const std::string &address, // Connect to DB SqlConnection::Connect(address, option); - if (!m_synchronizationObject) { + if (!m_synchronizationObject) LogPedantic("No synchronization object defined"); - } } SqlConnection::~SqlConnection() @@ -839,7 +825,7 @@ SqlConnection::~SqlConnection() int SqlConnection::Output::Callback(void* param, int columns, char** values, char** names) { - if(param) + if (param) static_cast(param)->SetResults(columns, values, names); return 0; } @@ -847,11 +833,11 @@ int SqlConnection::Output::Callback(void* param, int columns, char** values, cha void SqlConnection::Output::SetResults(int columns, char** values, char** names) { if (m_names.empty()) { - for (int i=0;i LogSystemSingleton; } while (0) #define DPL_MACRO_FOR_LOGGING(message, level) \ -do \ -{ \ +do { \ if (level > CKM::Log::AbstractLogProvider::LogLevel::None && \ - CKM::Log::LogSystemSingleton::Instance().GetLogLevel() >= level) \ - { \ + CKM::Log::LogSystemSingleton::Instance().GetLogLevel() >= level) { \ std::ostringstream platformLog; \ platformLog << message; \ CKM::Log::LogSystemSingleton::Instance().Log(level, \ @@ -149,11 +145,9 @@ do } while (0) #define DPL_MACRO_FOR_LOGGING_POSITION(message, level, file, line, function) \ -do \ -{ \ +do { \ if (level > CKM::Log::AbstractLogProvider::LogLevel::None && \ - CKM::Log::LogSystemSingleton::Instance().GetLogLevel() >= level) \ - { \ + CKM::Log::LogSystemSingleton::Instance().GetLogLevel() >= level) { \ std::ostringstream platformLog; \ platformLog << message; \ CKM::Log::LogSystemSingleton::Instance().Log(level, \ @@ -194,7 +188,7 @@ do do { \ (void) file; (void) line; (void) function; \ DPL_MACRO_DUMMY_LOGGING(message, CKM::Log::AbstractLogProvider::LogLevel::Debug); \ - } while(0) + } while (0) #endif // BUILD_TYPE_DEBUG #endif // CENT_KEY_LOG_H diff --git a/src/manager/dpl/log/include/dpl/log/old_style_log_provider.h b/src/manager/dpl/log/include/dpl/log/old_style_log_provider.h index 57f7ebe..bb5b197 100644 --- a/src/manager/dpl/log/include/dpl/log/old_style_log_provider.h +++ b/src/manager/dpl/log/include/dpl/log/old_style_log_provider.h @@ -26,8 +26,7 @@ namespace CKM { namespace Log { -class OldStyleLogProvider : public AbstractLogProvider -{ +class OldStyleLogProvider : public AbstractLogProvider { public: OldStyleLogProvider(); virtual ~OldStyleLogProvider() {} diff --git a/src/manager/dpl/log/src/dlog_log_provider.cpp b/src/manager/dpl/log/src/dlog_log_provider.cpp index 1b4449e..1536965 100644 --- a/src/manager/dpl/log/src/dlog_log_provider.cpp +++ b/src/manager/dpl/log/src/dlog_log_provider.cpp @@ -34,19 +34,24 @@ namespace { typedef void (*dlogMacro)(const char*, const char*); // I can't map LOG_ values because SLOG uses token concatenation -void error(const char* tag, const char* msg) { +void error(const char* tag, const char* msg) +{ SLOG(LOG_ERROR, tag, "%s", msg); } -void warning(const char* tag, const char* msg) { +void warning(const char* tag, const char* msg) +{ SLOG(LOG_WARN, tag, "%s", msg); } -void info(const char* tag, const char* msg) { +void info(const char* tag, const char* msg) +{ SLOG(LOG_INFO, tag, "%s", msg); } -void debug(const char* tag, const char* msg) { +void debug(const char* tag, const char* msg) +{ SLOG(LOG_DEBUG, tag, "%s", msg); } -void pedantic(const char* tag, const char* msg) { +void pedantic(const char* tag, const char* msg) +{ SLOG(LOG_VERBOSE, tag, "%s", msg); } std::map dlogMacros = { @@ -62,10 +67,12 @@ std::map dlogMacros = { DLOGLogProvider::DLOGLogProvider() -{} +{ +} DLOGLogProvider::~DLOGLogProvider() -{} +{ +} void DLOGLogProvider::SetTag(const char *tag) { diff --git a/src/manager/dpl/log/src/journal_log_provider.cpp b/src/manager/dpl/log/src/journal_log_provider.cpp index 8f7af57..2453cdc 100644 --- a/src/manager/dpl/log/src/journal_log_provider.cpp +++ b/src/manager/dpl/log/src/journal_log_provider.cpp @@ -39,10 +39,12 @@ std::map journalLevel = { } // namespace anonymous JournalLogProvider::JournalLogProvider() -{} +{ +} JournalLogProvider::~JournalLogProvider() -{} +{ +} void JournalLogProvider::Log(AbstractLogProvider::LogLevel level, const char *message, diff --git a/src/manager/dpl/log/src/log.cpp b/src/manager/dpl/log/src/log.cpp index 7e61769..9d24675 100644 --- a/src/manager/dpl/log/src/log.cpp +++ b/src/manager/dpl/log/src/log.cpp @@ -36,8 +36,7 @@ IMPLEMENT_SAFE_SINGLETON(CKM::Log::LogSystem); namespace CKM { namespace Log { -namespace // anonymous -{ +namespace { // anonymous /* * Set these variables to desired values in /etc/sysconfig/central-key-manager and restart * central-key-manager service to use them. @@ -54,7 +53,8 @@ const char * const DLOG = "DLOG"; const char * const JOURNALD = "JOURNALD"; } // namespace anonymous -LogSystem::LogSystem() : m_providerCtor({ +LogSystem::LogSystem() : + m_providerCtor({ #ifdef BUILD_TYPE_DEBUG { CONSOLE, []{ return static_cast(new OldStyleLogProvider()); } }, #endif // BUILD_TYPE_DEBUG diff --git a/src/manager/dpl/log/src/old_style_log_provider.cpp b/src/manager/dpl/log/src/old_style_log_provider.cpp old mode 100644 new mode 100755 index 66b18f1..c62dac4 --- a/src/manager/dpl/log/src/old_style_log_provider.cpp +++ b/src/manager/dpl/log/src/old_style_log_provider.cpp @@ -33,8 +33,8 @@ namespace CKM { namespace Log { -namespace // anonymous -{ +namespace { // anonymous + using namespace CKM::Colors::Text; const char *DEBUG_BEGIN = GREEN_BEGIN; const char *DEBUG_END = GREEN_END; @@ -82,7 +82,8 @@ std::map consoleLevel = { } // namespace anonymous OldStyleLogProvider::OldStyleLogProvider() -{} +{ +} void OldStyleLogProvider::Log(AbstractLogProvider::LogLevel level, const char *message, @@ -102,7 +103,6 @@ void OldStyleLogProvider::Log(AbstractLogProvider::LogLevel level, } catch (const std::out_of_range&) { fprintf(stdout, "Unsupported log level: %d\n", level); } - } } diff --git a/src/manager/initial-values/BufferHandler.cpp b/src/manager/initial-values/BufferHandler.cpp old mode 100644 new mode 100755 index 0ceff74..38a7be3 --- a/src/manager/initial-values/BufferHandler.cpp +++ b/src/manager/initial-values/BufferHandler.cpp @@ -27,8 +27,7 @@ #include #include -namespace -{ +namespace { const char * const XML_ATTR_IV = "IV"; } @@ -41,7 +40,7 @@ BufferHandler::~BufferHandler() {} void BufferHandler::Start(const XML::Parser::Attributes &attr) { // get key type - if(attr.find(XML_ATTR_IV) != attr.end()) { + if (attr.find(XML_ATTR_IV) != attr.end()) { std::string IVstring = attr.at(XML_ATTR_IV); Base64Decoder base64; base64.reset(); @@ -61,32 +60,31 @@ void BufferHandler::Characters(const std::string & data) void BufferHandler::End() { // decoding section - switch(m_encoding) + switch (m_encoding) { + // PEM requires that "----- END" section comes right after "\n" character + case PEM: { - // PEM requires that "----- END" section comes right after "\n" character - case PEM: - { - std::string trimmed = XML::trimEachLine(std::string(m_data.begin(), m_data.end())); - m_data = RawBuffer(trimmed.begin(), trimmed.end()); - break; - } + std::string trimmed = XML::trimEachLine(std::string(m_data.begin(), m_data.end())); + m_data = RawBuffer(trimmed.begin(), trimmed.end()); + break; + } - // Base64 decoder also does not accept any whitespaces - case DER: - case BASE64: - case ENCRYPTED: - { - std::string trimmed = XML::trimEachLine(std::string(m_data.begin(), m_data.end())); - Base64Decoder base64; - base64.reset(); - base64.append(RawBuffer(trimmed.begin(), trimmed.end())); - base64.finalize(); - m_data = base64.get(); - break; - } + // Base64 decoder also does not accept any whitespaces + case DER: + case BASE64: + case ENCRYPTED: + { + std::string trimmed = XML::trimEachLine(std::string(m_data.begin(), m_data.end())); + Base64Decoder base64; + base64.reset(); + base64.append(RawBuffer(trimmed.begin(), trimmed.end())); + base64.finalize(); + m_data = base64.get(); + break; + } - default: - break; + default: + break; } } diff --git a/src/manager/initial-values/BufferHandler.h b/src/manager/initial-values/BufferHandler.h index ef4d2cf..2a44f45 100644 --- a/src/manager/initial-values/BufferHandler.h +++ b/src/manager/initial-values/BufferHandler.h @@ -31,8 +31,7 @@ namespace CKM { namespace InitialValues { -class BufferHandler : public XML::Parser::ElementHandler -{ +class BufferHandler : public XML::Parser::ElementHandler { public: typedef std::shared_ptr BufferHandlerPtr; @@ -43,17 +42,21 @@ public: virtual void Characters(const std::string & data); virtual void End(); - const RawBuffer & getData() const { + const RawBuffer & getData() const + { return m_data; } - bool isEncrypted() const { - if(m_encoding == EncodingType::ENCRYPTED) + bool isEncrypted() const + { + if (m_encoding == EncodingType::ENCRYPTED) return true; return false; } - const RawBuffer & getIV() const { + const RawBuffer & getIV() const + { return m_IV; } + private: EncodingType m_encoding; RawBuffer m_IV; diff --git a/src/manager/initial-values/CertHandler.h b/src/manager/initial-values/CertHandler.h index e31cbfa..8e246d2 100644 --- a/src/manager/initial-values/CertHandler.h +++ b/src/manager/initial-values/CertHandler.h @@ -29,8 +29,7 @@ namespace CKM { namespace InitialValues { -class CertHandler : public InitialValueHandler -{ +class CertHandler : public InitialValueHandler { public: explicit CertHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey) : InitialValueHandler(db_logic, encryptedKey) {} diff --git a/src/manager/initial-values/DataHandler.h b/src/manager/initial-values/DataHandler.h index cb5987b..bab8316 100644 --- a/src/manager/initial-values/DataHandler.h +++ b/src/manager/initial-values/DataHandler.h @@ -29,11 +29,10 @@ namespace CKM { namespace InitialValues { -class DataHandler : public InitialValueHandler -{ +class DataHandler : public InitialValueHandler { public: - explicit DataHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey) - : InitialValueHandler(db_logic, encryptedKey) {} + explicit DataHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey) : + InitialValueHandler(db_logic, encryptedKey) {} virtual ~DataHandler(); virtual DataType getDataType() const; diff --git a/src/manager/initial-values/InitialValueHandler.cpp b/src/manager/initial-values/InitialValueHandler.cpp old mode 100644 new mode 100755 index 7118624..d4d01bd --- a/src/manager/initial-values/InitialValueHandler.cpp +++ b/src/manager/initial-values/InitialValueHandler.cpp @@ -28,8 +28,7 @@ #include #include -namespace -{ +namespace { const char * const XML_ATTR_NAME = "name"; const char * const XML_ATTR_PASSWORD = "password"; const char * const XML_ATTR_EXPORTABLE = "exportable"; @@ -41,16 +40,15 @@ namespace InitialValues { void InitialValueHandler::Start(const XML::Parser::Attributes &attr) { // get name - if(attr.find(XML_ATTR_NAME) != attr.end()) + if (attr.find(XML_ATTR_NAME) != attr.end()) m_name = Alias(attr.at(XML_ATTR_NAME)); // get password - if(attr.find(XML_ATTR_PASSWORD) != attr.end()) + if (attr.find(XML_ATTR_PASSWORD) != attr.end()) m_password = Password(attr.at(XML_ATTR_PASSWORD).c_str()); // get exportable - if(attr.find(XML_ATTR_EXPORTABLE) != attr.end()) - { + if (attr.find(XML_ATTR_EXPORTABLE) != attr.end()) { std::string flagVal = attr.at(XML_ATTR_EXPORTABLE); std::transform(flagVal.begin(), flagVal.end(), flagVal.begin(), ::tolower); std::istringstream is(flagVal); @@ -64,12 +62,11 @@ void InitialValueHandler::End() LogError("Invalid data with name: " << m_name << ", reason: no key data!"); return; } - // save data Policy policy(m_password, m_exportable); Crypto::DataEncryption de; - if(m_bufferHandler->isEncrypted()) { + if (m_bufferHandler->isEncrypted()) { de.encryptedKey = m_encryptedKey; de.iv = m_bufferHandler->getIV(); } @@ -79,15 +76,14 @@ void InitialValueHandler::End() de, policy); - if(CKM_API_SUCCESS != ec) { + if (CKM_API_SUCCESS != ec) { LogError("Saving type: " << getDataType() << " with params: name(" << m_name << "), exportable(" << m_exportable<< ") failed, code: " << ec); return; } // save permissions - for(const auto & permission : m_permissions) - { + for (const auto & permission : m_permissions) { ec = m_db_logic.setPermissionHelper( Credentials(CKMLogic::SYSTEM_DB_UID, OWNER_ID_SYSTEM), m_name, @@ -100,8 +96,7 @@ void InitialValueHandler::End() ") failed, code: " << ec); } } -} - +} BufferHandler::BufferHandlerPtr InitialValueHandler::CreateBufferHandler(EncodingType type) { diff --git a/src/manager/initial-values/InitialValueHandler.h b/src/manager/initial-values/InitialValueHandler.h index 0e9dcc5..29043d4 100644 --- a/src/manager/initial-values/InitialValueHandler.h +++ b/src/manager/initial-values/InitialValueHandler.h @@ -35,14 +35,13 @@ namespace CKM { namespace InitialValues { -class InitialValueHandler : public NoCharactersHandler -{ +class InitialValueHandler : public NoCharactersHandler { public: typedef std::shared_ptr InitialValueHandlerPtr; explicit InitialValueHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey) : m_exportable(false), m_db_logic(db_logic), m_encryptedKey(encryptedKey) {} - virtual ~InitialValueHandler() {}; + virtual ~InitialValueHandler() {} BufferHandler::BufferHandlerPtr CreateBufferHandler(EncodingType type); PermissionHandler::PermissionHandlerPtr CreatePermissionHandler(); diff --git a/src/manager/initial-values/InitialValuesFile.cpp b/src/manager/initial-values/InitialValuesFile.cpp old mode 100644 new mode 100755 index 31cebb0..d13e821 --- a/src/manager/initial-values/InitialValuesFile.cpp +++ b/src/manager/initial-values/InitialValuesFile.cpp @@ -184,17 +184,16 @@ void InitialValuesFile::registerElementListeners() void InitialValuesFile::Error(const XML::Parser::ErrorType errorType, const std::string & log_msg) { - switch(errorType) - { - case XML::Parser::VALIDATION_ERROR: - LogWarning("validating error: " << log_msg); - break; - case XML::Parser::PARSE_WARNING: - LogWarning("parsing warning: " << log_msg); - break; - case XML::Parser::PARSE_ERROR: - LogWarning("parsing error: " << log_msg); - break; + switch (errorType) { + case XML::Parser::VALIDATION_ERROR: + LogWarning("validating error: " << log_msg); + break; + case XML::Parser::PARSE_WARNING: + LogWarning("parsing warning: " << log_msg); + break; + case XML::Parser::PARSE_ERROR: + LogWarning("parsing error: " << log_msg); + break; } } @@ -206,7 +205,7 @@ int InitialValuesFile::Validate(const std::string &XSD_file) int InitialValuesFile::Parse() { int ec = m_parser.Parse(); - if(!m_header || !m_header->isCorrectVersion()) { + if (!m_header || !m_header->isCorrectVersion()) { LogError("bypassing XML file: " << m_filename << " - wrong file version!"); ec = XML::Parser::ERROR_INVALID_VERSION; } @@ -216,23 +215,22 @@ int InitialValuesFile::Parse() XML::Parser::ElementHandlerPtr InitialValuesFile::GetObjectHandler(ObjectType type, const CKM::RawBuffer &encryptedKey) { - switch(type) - { - case KEY: - m_currentHandler = std::make_shared(m_db_logic, encryptedKey); - break; + switch (type) { + case KEY: + m_currentHandler = std::make_shared(m_db_logic, encryptedKey); + break; - case CERT: - m_currentHandler = std::make_shared(m_db_logic, encryptedKey); - break; + case CERT: + m_currentHandler = std::make_shared(m_db_logic, encryptedKey); + break; - case DATA: - m_currentHandler = std::make_shared(m_db_logic, encryptedKey); - break; + case DATA: + m_currentHandler = std::make_shared(m_db_logic, encryptedKey); + break; - default: - m_currentHandler.reset(); - break; + default: + m_currentHandler.reset(); + break; } return m_currentHandler; @@ -248,7 +246,7 @@ void InitialValuesFile::ReleaseObjectHandler(ObjectType /*type*/) XML::Parser::ElementHandlerPtr InitialValuesFile::GetBufferHandler(EncodingType type) { - if( !m_currentHandler ) + if ( !m_currentHandler ) return XML::Parser::ElementHandlerPtr(); return m_currentHandler->CreateBufferHandler(type); @@ -260,7 +258,7 @@ void InitialValuesFile::ReleaseBufferHandler(EncodingType /*type*/) XML::Parser::ElementHandlerPtr InitialValuesFile::GetPermissionHandler() { - if( !m_currentHandler ) + if ( !m_currentHandler ) return XML::Parser::ElementHandlerPtr(); return m_currentHandler->CreatePermissionHandler(); @@ -271,11 +269,14 @@ void InitialValuesFile::ReleasePermissionHandler() InitialValuesFile::EncryptionKeyHandler::EncryptionKeyHandler(InitialValuesFile & parent) : m_parent(parent) {} -void InitialValuesFile::EncryptionKeyHandler::Characters(const std::string &data) { +void InitialValuesFile::EncryptionKeyHandler::Characters(const std::string &data) +{ m_encryptedKey.reserve(m_encryptedKey.size() + data.size()); m_encryptedKey.insert(m_encryptedKey.end(), data.begin(), data.end()); }; -void InitialValuesFile::EncryptionKeyHandler::End() { + +void InitialValuesFile::EncryptionKeyHandler::End() +{ std::string trimmed = XML::trimEachLine(std::string(m_encryptedKey.begin(), m_encryptedKey.end())); Base64Decoder base64; base64.reset(); @@ -284,24 +285,28 @@ void InitialValuesFile::EncryptionKeyHandler::End() { m_encryptedKey = base64.get(); }; -CKM::RawBuffer InitialValuesFile::EncryptionKeyHandler::getEncryptedKey() const { +CKM::RawBuffer InitialValuesFile::EncryptionKeyHandler::getEncryptedKey() const +{ return m_encryptedKey; } -InitialValuesFile::HeaderHandler::HeaderHandler(InitialValuesFile & parent) - : m_version(-1), m_parent(parent) {} +InitialValuesFile::HeaderHandler::HeaderHandler(InitialValuesFile & parent) : + m_version(-1), m_parent(parent) +{ +} + void InitialValuesFile::HeaderHandler::Start(const XML::Parser::Attributes & attr) { // get key type - if(attr.find(XML_ATTR_VERSION) != attr.end()) - { + if (attr.find(XML_ATTR_VERSION) != attr.end()) { m_version = atoi(attr.at(XML_ATTR_VERSION).c_str()); - if(isCorrectVersion()) + if (isCorrectVersion()) m_parent.registerElementListeners(); } } -bool InitialValuesFile::HeaderHandler::isCorrectVersion() const { +bool InitialValuesFile::HeaderHandler::isCorrectVersion() const +{ return m_version == XML_CURRENT_VERSION; } diff --git a/src/manager/initial-values/InitialValuesFile.h b/src/manager/initial-values/InitialValuesFile.h index c3cccbb..bd45091 100644 --- a/src/manager/initial-values/InitialValuesFile.h +++ b/src/manager/initial-values/InitialValuesFile.h @@ -36,8 +36,7 @@ namespace CKM { namespace InitialValues { -class InitialValuesFile -{ +class InitialValuesFile { public: InitialValuesFile(const std::string &XML_filename, CKMLogic & db_logic); @@ -62,13 +61,12 @@ protected: void ReleasePermissionHandler(); private: - class HeaderHandler : public XML::Parser::ElementHandler - { + class HeaderHandler : public XML::Parser::ElementHandler { public: explicit HeaderHandler(InitialValuesFile & parent); virtual void Start(const XML::Parser::Attributes & attr); - virtual void Characters(const std::string &) {}; - virtual void End() {}; + virtual void Characters(const std::string &) {} + virtual void End() {} bool isCorrectVersion() const; @@ -77,15 +75,15 @@ private: InitialValuesFile & m_parent; }; - class EncryptionKeyHandler : public XML::Parser::ElementHandler - { + class EncryptionKeyHandler : public XML::Parser::ElementHandler { public: explicit EncryptionKeyHandler(InitialValuesFile & parent); - virtual void Start(const XML::Parser::Attributes &) {}; + virtual void Start(const XML::Parser::Attributes &) {} virtual void Characters(const std::string &data); virtual void End(); CKM::RawBuffer getEncryptedKey() const; + private: CKM::RawBuffer m_encryptedKey; InitialValuesFile & m_parent; @@ -104,7 +102,6 @@ private: void registerElementListeners(); static void Error(const XML::Parser::ErrorType errorType, const std::string & logMsg); - }; } diff --git a/src/manager/initial-values/KeyHandler.cpp b/src/manager/initial-values/KeyHandler.cpp old mode 100644 new mode 100755 index 5b2bb46..ef358e8 --- a/src/manager/initial-values/KeyHandler.cpp +++ b/src/manager/initial-values/KeyHandler.cpp @@ -27,8 +27,7 @@ #include #include -namespace -{ +namespace { const char * const XML_ATTR_TYPE = "type"; const char * const XML_ATTR_TYPE_VAL_RSA_PRV = "RSA_PRV"; const char * const XML_ATTR_TYPE_VAL_RSA_PUB = "RSA_PUB"; @@ -49,19 +48,19 @@ void KeyHandler::Start(const XML::Parser::Attributes &attr) InitialValueHandler::Start(attr); // get key type - if(attr.find(XML_ATTR_TYPE) != attr.end()) + if (attr.find(XML_ATTR_TYPE) != attr.end()) m_keyType = KeyHandler::parseType(attr.at(XML_ATTR_TYPE)); } KeyType KeyHandler::parseType(const std::string & typeStr) { - if (typeStr == XML_ATTR_TYPE_VAL_RSA_PRV) return KeyType::KEY_RSA_PRIVATE; - else if(typeStr == XML_ATTR_TYPE_VAL_RSA_PUB) return KeyType::KEY_RSA_PUBLIC; - else if(typeStr == XML_ATTR_TYPE_VAL_DSA_PRV) return KeyType::KEY_DSA_PRIVATE; - else if(typeStr == XML_ATTR_TYPE_VAL_DSA_PUB) return KeyType::KEY_DSA_PUBLIC; - else if(typeStr == XML_ATTR_TYPE_VAL_ECDSA_PRV) return KeyType::KEY_ECDSA_PRIVATE; - else if(typeStr == XML_ATTR_TYPE_VAL_ECDSA_PUB) return KeyType::KEY_ECDSA_PUBLIC; - else if(typeStr == XML_ATTR_TYPE_VAL_AES) return KeyType::KEY_AES; + if (typeStr == XML_ATTR_TYPE_VAL_RSA_PRV) return KeyType::KEY_RSA_PRIVATE; + else if (typeStr == XML_ATTR_TYPE_VAL_RSA_PUB) return KeyType::KEY_RSA_PUBLIC; + else if (typeStr == XML_ATTR_TYPE_VAL_DSA_PRV) return KeyType::KEY_DSA_PRIVATE; + else if (typeStr == XML_ATTR_TYPE_VAL_DSA_PUB) return KeyType::KEY_DSA_PUBLIC; + else if (typeStr == XML_ATTR_TYPE_VAL_ECDSA_PRV) return KeyType::KEY_ECDSA_PRIVATE; + else if (typeStr == XML_ATTR_TYPE_VAL_ECDSA_PUB) return KeyType::KEY_ECDSA_PUBLIC; + else if (typeStr == XML_ATTR_TYPE_VAL_AES) return KeyType::KEY_AES; else // should not happen throw std::runtime_error("error: invalid value discovered as key type"); } diff --git a/src/manager/initial-values/KeyHandler.h b/src/manager/initial-values/KeyHandler.h index b921b47..9f37413 100644 --- a/src/manager/initial-values/KeyHandler.h +++ b/src/manager/initial-values/KeyHandler.h @@ -30,16 +30,16 @@ namespace CKM { namespace InitialValues { -class KeyHandler : public InitialValueHandler -{ +class KeyHandler : public InitialValueHandler { public: - explicit KeyHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey) - : InitialValueHandler(db_logic, encryptedKey), m_keyType(KeyType::KEY_NONE) {} + explicit KeyHandler(CKMLogic & db_logic, const CKM::RawBuffer &encryptedKey) : + InitialValueHandler(db_logic, encryptedKey), m_keyType(KeyType::KEY_NONE) {} virtual ~KeyHandler(); virtual void Start(const XML::Parser::Attributes &); virtual DataType getDataType() const; + protected: static KeyType parseType(const std::string & typeStr); diff --git a/src/manager/initial-values/NoCharactersHandler.cpp b/src/manager/initial-values/NoCharactersHandler.cpp old mode 100644 new mode 100755 index 8c3f969..0ee9ff9 --- a/src/manager/initial-values/NoCharactersHandler.cpp +++ b/src/manager/initial-values/NoCharactersHandler.cpp @@ -31,7 +31,7 @@ namespace InitialValues { void NoCharactersHandler::Characters(const std::string & data) { auto f = find_if(data.begin(), data.end(), [](char c){ return std::isspace(c) == 0;}); - if(f != data.end()) + if (f != data.end()) throw std::runtime_error( "error: value handler detected raw data outside data-specific tag"); } diff --git a/src/manager/initial-values/NoCharactersHandler.h b/src/manager/initial-values/NoCharactersHandler.h index 2a9a418..63f16c8 100644 --- a/src/manager/initial-values/NoCharactersHandler.h +++ b/src/manager/initial-values/NoCharactersHandler.h @@ -27,8 +27,7 @@ namespace CKM { namespace InitialValues { -class NoCharactersHandler : public XML::Parser::ElementHandler -{ +class NoCharactersHandler : public XML::Parser::ElementHandler { public: void Characters(const std::string & data); diff --git a/src/manager/initial-values/PermissionHandler.cpp b/src/manager/initial-values/PermissionHandler.cpp old mode 100644 new mode 100755 index 63e9ee0..80ff031 --- a/src/manager/initial-values/PermissionHandler.cpp +++ b/src/manager/initial-values/PermissionHandler.cpp @@ -23,8 +23,7 @@ #include #include -namespace -{ +namespace { const char * const XML_ATTR_ACCESSOR = "accessor"; } @@ -36,7 +35,7 @@ PermissionHandler::~PermissionHandler() {} void PermissionHandler::Start(const XML::Parser::Attributes & attr) { // get accessor label - if(attr.find(XML_ATTR_ACCESSOR) != attr.end()) + if (attr.find(XML_ATTR_ACCESSOR) != attr.end()) m_accessor = Label(attr.at(XML_ATTR_ACCESSOR)); } diff --git a/src/manager/initial-values/PermissionHandler.h b/src/manager/initial-values/PermissionHandler.h index 9eb3ca4..5d1f44b 100644 --- a/src/manager/initial-values/PermissionHandler.h +++ b/src/manager/initial-values/PermissionHandler.h @@ -30,8 +30,7 @@ namespace CKM { namespace InitialValues { -class PermissionHandler : public NoCharactersHandler -{ +class PermissionHandler : public NoCharactersHandler { public: typedef std::shared_ptr PermissionHandlerPtr; @@ -40,9 +39,11 @@ public: virtual void Start(const XML::Parser::Attributes &); virtual void End(); - const Label & getAccessor() const { + const Label & getAccessor() const + { return m_accessor; } + private: Label m_accessor; }; diff --git a/src/manager/initial-values/SWKeyFile.cpp b/src/manager/initial-values/SWKeyFile.cpp old mode 100644 new mode 100755 index f614185..e860550 --- a/src/manager/initial-values/SWKeyFile.cpp +++ b/src/manager/initial-values/SWKeyFile.cpp @@ -40,10 +40,10 @@ const char * const XML_ATTR_VERSION = "version"; namespace CKM { namespace InitialValues { -SWKeyFile::SWKeyFile(const std::string &XML_filename) - : m_parser(XML_filename), - m_header(std::make_shared(*this)), - m_RSAKeyHandler(std::make_shared(*this)) +SWKeyFile::SWKeyFile(const std::string &XML_filename) : + m_parser(XML_filename), + m_header(std::make_shared(*this)), + m_RSAKeyHandler(std::make_shared(*this)) { m_parser.RegisterErrorCb(SWKeyFile::Error); m_parser.RegisterElementCb(XML_TAG_DEVICE_KEY, @@ -70,17 +70,16 @@ void SWKeyFile::registerElementListeners() void SWKeyFile::Error(const XML::Parser::ErrorType errorType, const std::string & log_msg) { - switch(errorType) - { - case XML::Parser::VALIDATION_ERROR: - LogWarning("validating error: " << log_msg); - break; - case XML::Parser::PARSE_WARNING: - LogWarning("parsing warning: " << log_msg); - break; - case XML::Parser::PARSE_ERROR: - LogWarning("parsing error: " << log_msg); - break; + switch (errorType) { + case XML::Parser::VALIDATION_ERROR: + LogWarning("validating error: " << log_msg); + break; + case XML::Parser::PARSE_WARNING: + LogWarning("parsing warning: " << log_msg); + break; + case XML::Parser::PARSE_ERROR: + LogWarning("parsing error: " << log_msg); + break; } } @@ -92,7 +91,7 @@ int SWKeyFile::Validate(const std::string &XSD_file) int SWKeyFile::Parse() { int ec = m_parser.Parse(); - if(!m_header || !m_header->isCorrectVersion()) { + if (!m_header || !m_header->isCorrectVersion()) { LogError("bypassing XML file: " << m_filename << " - wrong file version!"); ec = XML::Parser::ERROR_INVALID_VERSION; } @@ -103,15 +102,18 @@ int SWKeyFile::Parse() SWKeyFile::RSAKeyHandler::RSAKeyHandler(SWKeyFile & parent) : m_parent(parent) -{} +{ +} -void SWKeyFile::RSAKeyHandler::Characters(const std::string &data) { +void SWKeyFile::RSAKeyHandler::Characters(const std::string &data) +{ //m_encryptedKey.reserve(m_encryptedKey.size() + data.size()); //m_encryptedKey.insert(m_encryptedKey.end(), data.begin(), data.end()); std::copy(data.begin(), data.end(), std::back_inserter(m_encryptedKey)); } -void SWKeyFile::RSAKeyHandler::End() { +void SWKeyFile::RSAKeyHandler::End() +{ // std::string trimmed = XML::trimEachLine(std::string(m_encryptedKey.begin(), m_encryptedKey.end())); Base64Decoder base64; @@ -121,24 +123,29 @@ void SWKeyFile::RSAKeyHandler::End() { m_encryptedKey = base64.get(); }; -Crypto::GObjShPtr SWKeyFile::RSAKeyHandler::getPrivKey() { +Crypto::GObjShPtr SWKeyFile::RSAKeyHandler::getPrivKey() +{ return std::make_shared(m_encryptedKey, DataType::KEY_RSA_PRIVATE); } -SWKeyFile::HeaderHandler::HeaderHandler(SWKeyFile & parent) - : m_version(-1), m_parent(parent) {} +SWKeyFile::HeaderHandler::HeaderHandler(SWKeyFile & parent) : + m_version(-1), m_parent(parent) +{ +} + void SWKeyFile::HeaderHandler::Start(const XML::Parser::Attributes & attr) { // get key type - if(attr.find(XML_ATTR_VERSION) != attr.end()) - { + if (attr.find(XML_ATTR_VERSION) != attr.end()) { m_version = atoi(attr.at(XML_ATTR_VERSION).c_str()); - if(isCorrectVersion()) + if (isCorrectVersion()) m_parent.registerElementListeners(); } } -bool SWKeyFile::HeaderHandler::isCorrectVersion() const { + +bool SWKeyFile::HeaderHandler::isCorrectVersion() const +{ return m_version == XML_SW_KEY_CURRENT_VERSION; } diff --git a/src/manager/initial-values/SWKeyFile.h b/src/manager/initial-values/SWKeyFile.h index 887c0a9..8768ade 100644 --- a/src/manager/initial-values/SWKeyFile.h +++ b/src/manager/initial-values/SWKeyFile.h @@ -37,26 +37,25 @@ namespace CKM { namespace InitialValues { -class SWKeyFile -{ +class SWKeyFile { public: explicit SWKeyFile(const std::string &XML_filename); int Validate(const std::string &XSD_file); int Parse(); - Crypto::GObjShPtr getPrivKey() { + Crypto::GObjShPtr getPrivKey() + { return m_deviceKey; } private: - class HeaderHandler : public XML::Parser::ElementHandler - { + class HeaderHandler : public XML::Parser::ElementHandler { public: explicit HeaderHandler(SWKeyFile & parent); virtual void Start(const XML::Parser::Attributes & attr); - virtual void Characters(const std::string &) {}; - virtual void End() {}; + virtual void Characters(const std::string &) {} + virtual void End() {} bool isCorrectVersion() const; @@ -65,15 +64,15 @@ private: SWKeyFile & m_parent; }; - class RSAKeyHandler : public XML::Parser::ElementHandler - { + class RSAKeyHandler : public XML::Parser::ElementHandler { public: explicit RSAKeyHandler(SWKeyFile & parent); - virtual void Start(const XML::Parser::Attributes &) {}; + virtual void Start(const XML::Parser::Attributes &) {} virtual void Characters(const std::string &data); virtual void End(); Crypto::GObjShPtr getPrivKey(); + private: CKM::RawBuffer m_encryptedKey; SWKeyFile & m_parent; @@ -90,7 +89,6 @@ private: void registerElementListeners(); static void Error(const XML::Parser::ErrorType errorType, const std::string & logMsg); - }; } diff --git a/src/manager/initial-values/initial-value-loader.cpp b/src/manager/initial-values/initial-value-loader.cpp old mode 100644 new mode 100755 index 01bb79c..c0d4b93 --- a/src/manager/initial-values/initial-value-loader.cpp +++ b/src/manager/initial-values/initial-value-loader.cpp @@ -35,21 +35,21 @@ const char * const INIT_VALUES_FILE_SUFFIX = ".xml"; namespace CKM { namespace InitialValues { -void LoadFiles(CKMLogic &logic) { +void LoadFiles(CKMLogic &logic) +{ try { std::vector filesToParse; DIR *dp = opendir(INIT_VALUES_DIR); - if(dp) - { + if (dp) { struct dirent *entry; - while ((entry = readdir(dp))) - { + while ((entry = readdir(dp))) { std::string filename = std::string(entry->d_name); // check if XML file std::string lowercaseFilename = filename; std::transform(lowercaseFilename.begin(), lowercaseFilename.end(), lowercaseFilename.begin(), ::tolower); - if(lowercaseFilename.find(INIT_VALUES_FILE_SUFFIX) == std::string::npos) + + if (lowercaseFilename.find(INIT_VALUES_FILE_SUFFIX) == std::string::npos) continue; filesToParse.push_back(std::string(INIT_VALUES_DIR) + filename); @@ -58,18 +58,16 @@ void LoadFiles(CKMLogic &logic) { } // parse - for(const auto & file : filesToParse) - { + for (const auto & file : filesToParse) { InitialValues::InitialValuesFile xmlFile(file.c_str(), logic); int rc = xmlFile.Validate(INIT_VALUES_XSD); - if(rc == XML::Parser::PARSE_SUCCESS) - { + if (rc == XML::Parser::PARSE_SUCCESS) { rc = xmlFile.Parse(); - if(rc != XML::Parser::PARSE_SUCCESS) + if (rc != XML::Parser::PARSE_SUCCESS) LogError("invalid initial values file: " << file << ", parsing code: " << rc); - } - else + } else { LogError("invalid initial values file: " << file << ", validation code: " << rc); + } unlink(file.c_str()); } } catch (...) { diff --git a/src/manager/initial-values/parser.cpp b/src/manager/initial-values/parser.cpp old mode 100644 new mode 100755 index 6d6cd1e..170e9b5 --- a/src/manager/initial-values/parser.cpp +++ b/src/manager/initial-values/parser.cpp @@ -42,8 +42,8 @@ struct LibXmlCleanup { } // namespace anonymous -Parser::Parser(const std::string &XML_filename) - : m_errorCb(0) +Parser::Parser(const std::string &XML_filename) : + m_errorCb(0) { m_XMLfile = XML_filename; memset(&m_saxHandler, 0, sizeof(m_saxHandler)); @@ -59,7 +59,7 @@ Parser::~Parser() int Parser::Validate(const std::string &XSD_schema) { - if(XSD_schema.empty()) { + if (XSD_schema.empty()) { LogError("no XSD file path given"); return ERROR_INVALID_ARGUMENT; } @@ -68,7 +68,7 @@ int Parser::Validate(const std::string &XSD_schema) std::unique_ptr parserCtxt(xmlSchemaNewParserCtxt(XSD_schema.c_str()), [](xmlSchemaParserCtxtPtr ctx){ xmlSchemaFreeParserCtxt(ctx); }); - if(!parserCtxt) { + if (!parserCtxt) { LogError("XSD file path is invalid"); return ERROR_INVALID_ARGUMENT; } @@ -76,7 +76,7 @@ int Parser::Validate(const std::string &XSD_schema) std::unique_ptr schema(xmlSchemaParse(parserCtxt.get()), [](xmlSchemaPtr schemaPtr){ xmlSchemaFree(schemaPtr); }); - if(!schema) { + if (!schema) { LogError("Parsing XSD file failed"); return ERROR_XSD_PARSE_FAILED; } @@ -85,7 +85,7 @@ int Parser::Validate(const std::string &XSD_schema) std::unique_ptr validCtxt(xmlSchemaNewValidCtxt(schema.get()), [](xmlSchemaValidCtxtPtr validCtxPtr){ xmlSchemaFreeValidCtxt(validCtxPtr); }); - if(!validCtxt) { + if (!validCtxt) { LogError("Internal parser error"); return ERROR_INTERNAL; } @@ -96,29 +96,29 @@ int Parser::Validate(const std::string &XSD_schema) xmlThrDefSetGenericErrorFunc(this, &Parser::ErrorValidate); retCode = xmlSchemaValidateFile(validCtxt.get(), m_XMLfile.c_str(), 0); - if(0 != retCode) { + if (0 != retCode) { LogWarning("Validating XML file failed, ec: " << retCode); retCode = ERROR_XML_VALIDATION_FAILED; - } - else + } else { retCode = PARSE_SUCCESS; + } return retCode; } int Parser::Parse() { - if(m_elementListenerMap.empty()) { + if (m_elementListenerMap.empty()) { LogError("Can not parse XML file: no registered element callbacks."); return ERROR_INVALID_ARGUMENT; } int retCode = xmlSAXUserParseFile(&m_saxHandler, this, m_XMLfile.c_str()); - if(0 != retCode) { + if (0 != retCode) { LogWarning("Parsing XML file failed, ec: " << retCode); return ERROR_XML_PARSE_FAILED; } // if error detected while parsing - if(m_elementListenerMap.empty()) { + if (m_elementListenerMap.empty()) { LogError("Critical error detected while parsing."); return ERROR_INTERNAL; } @@ -127,7 +127,7 @@ int Parser::Parse() int Parser::RegisterErrorCb(const ErrorCb newCb) { - if(m_errorCb) { + if (m_errorCb) { LogError("Callback already registered!"); return ERROR_CALLBACK_PRESENT; } @@ -139,12 +139,12 @@ int Parser::RegisterElementCb(const char * elementName, const StartCb startCb, const EndCb endCb) { - if(!elementName) + if (!elementName) return ERROR_INVALID_ARGUMENT; std::string key(elementName); - if(m_elementListenerMap.find(elementName) != m_elementListenerMap.end()) { + if (m_elementListenerMap.find(elementName) != m_elementListenerMap.end()) { LogError("Callback for element " << elementName << " already registered!"); return ERROR_CALLBACK_PRESENT; } @@ -157,30 +157,28 @@ void Parser::StartElement(const xmlChar *name, const xmlChar **attrs) { std::string key(reinterpret_cast(name)); - if(m_elementListenerMap.find(key) == m_elementListenerMap.end()) + if (m_elementListenerMap.find(key) == m_elementListenerMap.end()) return; ElementHandlerPtr newHandler; const ElementListener & current = m_elementListenerMap[key]; - if(current.startCb) - { + if (current.startCb) { Attributes attribs; { size_t numAttrs = 0; std::string key; - while(attrs && attrs[numAttrs]) - { + while (attrs && attrs[numAttrs]) { const char *attrChr = reinterpret_cast(attrs[numAttrs]); - if((numAttrs%2)==0) + if ((numAttrs%2) == 0) key = std::string(attrChr); else attribs[key] = std::string(attrChr); - numAttrs ++; + numAttrs++; } } newHandler = current.startCb(); - if(newHandler) + if (newHandler) newHandler->Start(attribs); } // always put a handler, even if it's empty. This will not break @@ -191,19 +189,19 @@ void Parser::StartElement(const xmlChar *name, void Parser::EndElement(const xmlChar *name) { std::string key(reinterpret_cast(name)); - if(m_elementListenerMap.find(key) == m_elementListenerMap.end()) + if (m_elementListenerMap.find(key) == m_elementListenerMap.end()) return; // this should never ever happen - if( m_elementHandlerStack.empty() ) + if (m_elementHandlerStack.empty()) throw std::runtime_error("internal error: element queue desynchronized!"); ElementHandlerPtr ¤tHandler = m_elementHandlerStack.top(); - if(currentHandler) + if (currentHandler) currentHandler->End(); const ElementListener & current = m_elementListenerMap[key]; - if(current.endCb) + if (current.endCb) current.endCb(currentHandler); m_elementHandlerStack.pop(); @@ -212,31 +210,28 @@ void Parser::EndElement(const xmlChar *name) void Parser::Characters(const xmlChar *ch, size_t chLen) { std::string chars(reinterpret_cast(ch), chLen); - if(chars.empty()) + if (chars.empty()) return; - if( !m_elementHandlerStack.empty() ) - { + if (!m_elementHandlerStack.empty()) { ElementHandlerPtr ¤tHandler = m_elementHandlerStack.top(); - if(currentHandler) + if (currentHandler) currentHandler->Characters(chars); } } void Parser::Error(const ErrorType errorType, const char *msg, va_list &args) { - if(!m_errorCb) + if (!m_errorCb) return; va_list args2; - try - { + try { va_copy(args2, args); std::vector buf(1 + std::vsnprintf(NULL, 0, msg, args)); std::vsnprintf(buf.data(), buf.size(), msg, args2); m_errorCb(errorType, trim(std::string(buf.begin(), buf.end()))); - } - catch(...) { + } catch (...) { LogError("Error callback throwed an exception."); // if an error handler throwed exception, // do not call further callbacks @@ -248,21 +243,18 @@ void Parser::Error(const ErrorType errorType, const char *msg, va_list &args) // // -------------------------- start of static wrappers -------------------------- // -void Parser::CallbackHelper(std::function func) +void Parser::CallbackHelper(std::function func) { - try - { + try { func(); return; - } - catch(const std::exception &e) { + } catch (const std::exception &e) { LogError("parser error: " << e.what()); - if(m_errorCb) + if (m_errorCb) m_errorCb(PARSE_ERROR, e.what()); - } - catch(...) { + } catch (...) { LogError("unknown parser error"); - if(m_errorCb) + if (m_errorCb) m_errorCb(PARSE_ERROR, "unknown parser error"); } // raise error flag - unregister listeners diff --git a/src/manager/initial-values/parser.h b/src/manager/initial-values/parser.h index 605ba49..ab80f0e 100644 --- a/src/manager/initial-values/parser.h +++ b/src/manager/initial-values/parser.h @@ -35,8 +35,7 @@ namespace CKM { namespace XML { -class Parser -{ +class Parser { public: enum ErrorCode { PARSE_SUCCESS = 0, @@ -66,17 +65,16 @@ public: int RegisterErrorCb(const ErrorCb newCb); typedef std::map Attributes; - class ElementHandler - { - public: - virtual ~ElementHandler() {} - - // methods below may throw std::exception to invalidate the parsing process - // and remove all element listeners. - // In this case, parsing error code returned to the user after std::exception. - virtual void Start(const Attributes &) = 0; - virtual void Characters(const std::string & data) = 0; - virtual void End() = 0; + class ElementHandler { + public: + virtual ~ElementHandler() {} + + // methods below may throw std::exception to invalidate the parsing process + // and remove all element listeners. + // In this case, parsing error code returned to the user after std::exception. + virtual void Start(const Attributes &) = 0; + virtual void Characters(const std::string & data) = 0; + virtual void End() = 0; }; typedef std::shared_ptr ElementHandlerPtr; @@ -117,15 +115,14 @@ private: std::string m_XMLfile; ErrorCb m_errorCb; - struct ElementListener - { + struct ElementListener { StartCb startCb; EndCb endCb; }; std::map m_elementListenerMap; std::stack m_elementHandlerStack; - void CallbackHelper(std::function func); + void CallbackHelper(std::function func); }; } diff --git a/src/manager/initial-values/xml-utils.cpp b/src/manager/initial-values/xml-utils.cpp old mode 100644 new mode 100755 index 0553c01..e7a3a90 --- a/src/manager/initial-values/xml-utils.cpp +++ b/src/manager/initial-values/xml-utils.cpp @@ -25,8 +25,7 @@ #include #include -namespace -{ +namespace { const char * const WHITESPACE = " \n\r\t\v"; const char * const LINE_WHITESPACE = " \r\t\v"; @@ -69,16 +68,18 @@ T removeChars(const T& input, const char *what) return out; } -RawBuffer removeWhiteChars(const RawBuffer &buffer) { +RawBuffer removeWhiteChars(const RawBuffer &buffer) +{ return removeChars(buffer, WHITESPACE); } -std::string trimEachLine(const std::string& input) { +std::string trimEachLine(const std::string& input) +{ std::stringstream ss(input); std::stringstream output; std::string line; - while(std::getline(ss, line, '\n')) { + while (std::getline(ss, line, '\n')) { auto afterTrim = ::trim(line, LINE_WHITESPACE); if (!afterTrim.empty()) output << afterTrim << std::endl; @@ -87,7 +88,8 @@ std::string trimEachLine(const std::string& input) { return output.str(); } -std::string trim(const std::string &s) { +std::string trim(const std::string &s) +{ return removeChars(s, WHITESPACE); } diff --git a/src/manager/initial-values/xml-utils.h b/src/manager/initial-values/xml-utils.h index 8ef94fd..9438595 100644 --- a/src/manager/initial-values/xml-utils.h +++ b/src/manager/initial-values/xml-utils.h @@ -26,8 +26,7 @@ #include #include namespace CKM { -namespace XML -{ +namespace XML { RawBuffer removeWhiteChars(const RawBuffer &buffer); std::string trim(const std::string& s); diff --git a/src/manager/main/communication-manager.h b/src/manager/main/communication-manager.h index 13a8a97..92a0a1b 100644 --- a/src/manager/main/communication-manager.h +++ b/src/manager/main/communication-manager.h @@ -31,8 +31,7 @@ namespace CKM { * class responsible for keeping a list of listeners for given M type of message and notifying them */ template -class MessageManager -{ +class MessageManager { public: NONCOPYABLE(MessageManager); @@ -47,10 +46,11 @@ public: // Returns the number of listeners called size_t SendMessage(const M& msg) const { - for(auto& it : m_listeners) + for (auto& it : m_listeners) it(msg); return m_listeners.size(); } + protected: MessageManager() {} // No one is going to destroy this class directly (only via inherited class). Hence no 'virtual' @@ -70,8 +70,7 @@ struct CommunicationManager; */ template struct CommunicationManager : - public MessageManager, public CommunicationManager -{ + public MessageManager, public CommunicationManager { public: CommunicationManager() {} NONCOPYABLE(CommunicationManager); diff --git a/src/manager/main/cynara-mockup.cpp b/src/manager/main/cynara-mockup.cpp old mode 100644 new mode 100755 index 7ea143a..ecd84ab --- a/src/manager/main/cynara-mockup.cpp +++ b/src/manager/main/cynara-mockup.cpp @@ -25,10 +25,11 @@ namespace CKM { -Cynara::Cynara(GenericSocketManager *socketManager) - : m_socketManager(socketManager) - , m_cynara(nullptr) -{} +Cynara::Cynara(GenericSocketManager *socketManager) : + m_socketManager(socketManager), + m_cynara(nullptr) +{ +} void Cynara::Request( const std::string &, @@ -42,19 +43,21 @@ void Cynara::Request( void Cynara::ProcessSocket() {} -Cynara::~Cynara(){} +Cynara::~Cynara() {} void Cynara::ChangeStatus( int, int, cynara_async_status) -{} +{ +} void Cynara::ProcessResponse( cynara_check_id, cynara_async_call_cause, int) -{} +{ +} void Cynara::SendRequest( const std::string &, @@ -62,21 +65,24 @@ void Cynara::SendRequest( const std::string &, const std::string &, StatusCallback) -{} +{ +} void Cynara::ChangeStatusCallback( int, int, cynara_async_status, void *) -{} +{ +} void Cynara::ProcessResponseCallback( cynara_check_id, cynara_async_call_cause, int, void *) -{} +{ +} bool Cynara::GetUserFromSocket( int, diff --git a/src/manager/main/cynara.cpp b/src/manager/main/cynara.cpp old mode 100644 new mode 100755 index ffdbe0e..a4c30be --- a/src/manager/main/cynara.cpp +++ b/src/manager/main/cynara.cpp @@ -34,8 +34,7 @@ Cynara::Cynara(GenericSocketManager *socketManager) : m_socketManager(socketManager) , m_cynara(nullptr) { - if (CYNARA_API_SUCCESS != cynara_async_initialize(&m_cynara, NULL, ChangeStatusCallback, this)) - { + if (CYNARA_API_SUCCESS != cynara_async_initialize(&m_cynara, NULL, ChangeStatusCallback, this)) { LogError("Cynara initialization failed."); throw std::runtime_error("Cynara initialization failed."); } @@ -55,7 +54,7 @@ void Cynara::Request( user.c_str(), privilege.c_str()); - switch(ret) { + switch (ret) { default: case CYNARA_API_ACCESS_DENIED: callback(false); @@ -73,17 +72,19 @@ void Cynara::Request( } } -void Cynara::ProcessSocket() { - if (CYNARA_API_SUCCESS != cynara_async_process(m_cynara)) { +void Cynara::ProcessSocket() +{ + if (CYNARA_API_SUCCESS != cynara_async_process(m_cynara)) LogError("Function: cynara_async_process failed."); - } } -Cynara::~Cynara(){ +Cynara::~Cynara() +{ cynara_async_finish(m_cynara); } -void Cynara::ChangeStatus(int oldFd, int newFd, cynara_async_status status) { +void Cynara::ChangeStatus(int oldFd, int newFd, cynara_async_status status) +{ m_socketManager->CynaraSocket(oldFd, newFd, status == CYNARA_STATUS_FOR_RW); } @@ -147,7 +148,8 @@ void Cynara::ProcessResponseCallback( static_cast(ptr)->ProcessResponse(checkId, cause, response); } -bool Cynara::GetUserFromSocket(int socket, std::string &user) { +bool Cynara::GetUserFromSocket(int socket, std::string &user) +{ char *ptr; if (CYNARA_API_SUCCESS != cynara_creds_socket_get_user(socket, USER_METHOD_DEFAULT, &ptr)) return false; @@ -156,9 +158,10 @@ bool Cynara::GetUserFromSocket(int socket, std::string &user) { return true; } -bool Cynara::GetClientFromSocket(int socket, std::string &client) { +bool Cynara::GetClientFromSocket(int socket, std::string &client) +{ char *ptr; - if (CYNARA_API_SUCCESS!=cynara_creds_socket_get_client(socket, CLIENT_METHOD_DEFAULT, &ptr)) + if (CYNARA_API_SUCCESS != cynara_creds_socket_get_client(socket, CLIENT_METHOD_DEFAULT, &ptr)) return false; client = ptr; free(ptr); diff --git a/src/manager/main/generic-socket-manager.h b/src/manager/main/generic-socket-manager.h index f8da495..fab3d8a 100644 --- a/src/manager/main/generic-socket-manager.h +++ b/src/manager/main/generic-socket-manager.h @@ -103,10 +103,13 @@ struct GenericSocketService { bool allowed; }; - virtual void SetSocketManager(GenericSocketManager *manager) { + virtual void SetSocketManager(GenericSocketManager *manager) + { m_serviceManager = manager; } - virtual void SetCommManager(CommMgr *manager) { + + virtual void SetCommManager(CommMgr *manager) + { m_commMgr = manager; } @@ -121,7 +124,8 @@ struct GenericSocketService { virtual void Stop() = 0; GenericSocketService() : m_serviceManager(NULL), m_commMgr(NULL) {} - virtual ~GenericSocketService(){} + virtual ~GenericSocketService() {} + protected: GenericSocketManager *m_serviceManager; CommMgr *m_commMgr; diff --git a/src/manager/main/key-manager-main.cpp b/src/manager/main/key-manager-main.cpp index 67a6631..c3c256f 100644 --- a/src/manager/main/key-manager-main.cpp +++ b/src/manager/main/key-manager-main.cpp @@ -61,7 +61,8 @@ void registerSocketService(CKM::SocketManager &manager, const std::string& servi delete service; } -int main(void) { +int main(void) +{ UNHANDLED_EXCEPTION_HANDLER_BEGIN { CKM::Singleton::Instance().SetTag("CKM"); @@ -103,9 +104,7 @@ int main(void) { CKM::KeyProvider::closeLibrary(); CKM::deinitOpenSsl(); - } - catch (const std::runtime_error& e) - { + } catch (const std::runtime_error& e) { LogError(e.what()); } UNHANDLED_EXCEPTION_HANDLER_END diff --git a/src/manager/main/message-service.h b/src/manager/main/message-service.h index 65512c0..ab046ac 100644 --- a/src/manager/main/message-service.h +++ b/src/manager/main/message-service.h @@ -44,17 +44,19 @@ class MessageService; // aggregating template template -class MessageService : public MessageService, public MessageService -{ +class MessageService : public MessageService, public MessageService { protected: // RECEIVER THREAD template - void Register(Mgr& mgr) { + void Register(Mgr& mgr) + { MessageService::Register(mgr); MessageService::Register(mgr); } + // RECEIVER THREAD - void CheckMessages() { + void CheckMessages() + { MessageService::CheckMessages(); MessageService::CheckMessages(); } @@ -63,8 +65,7 @@ protected: // single Message type (Msg) handler template -class MessageService -{ +class MessageService { public: MessageService() {} virtual ~MessageService() {} @@ -111,7 +112,7 @@ void MessageService::AddMessage(const Msg& msg) template void MessageService::CheckMessages() { - while(true) { + while (true) { m_messagesMutex.lock(); if (m_messages.empty()) { m_messagesMutex.unlock(); @@ -133,8 +134,7 @@ void MessageService::CheckMessages() // thread based service with messages support template -class ThreadMessageService : public ThreadService, public MessageService -{ +class ThreadMessageService : public ThreadService, public MessageService { public: ThreadMessageService() {} virtual ~ThreadMessageService() {} @@ -142,18 +142,21 @@ public: // RECEIVER THREAD: register as a listener of all supported messages template - void Register(Mgr& mgr) { + void Register(Mgr& mgr) + { MessageService::Register(mgr); } private: // SENDER THREAD: adds callback to RECEIVER THREAD event queue and wakes it - virtual void Notify() { + virtual void Notify() + { CreateEvent([this]() { this->CheckMessages(); }); } // RECEIVER THREAD - void CheckMessages() { + void CheckMessages() + { MessageService::CheckMessages(); } }; diff --git a/src/manager/main/service-messages.h b/src/manager/main/service-messages.h index 26989ee..61ebbb4 100644 --- a/src/manager/main/service-messages.h +++ b/src/manager/main/service-messages.h @@ -33,8 +33,7 @@ namespace CKM { // inter-service communication message base class -struct MsgBase -{ +struct MsgBase { explicit MsgBase(int id) : id(id) {} virtual ~MsgBase() {} @@ -42,8 +41,7 @@ struct MsgBase }; // key request -struct MsgKeyRequest : public MsgBase -{ +struct MsgKeyRequest : public MsgBase { MsgKeyRequest(int id, const Credentials& cred, const Name& name, @@ -54,7 +52,9 @@ struct MsgKeyRequest : public MsgBase name(name), label(label), password(password) - {} + { + } + Credentials cred; Name name; Label label; @@ -62,13 +62,14 @@ struct MsgKeyRequest : public MsgBase }; // key response -struct MsgKeyResponse : public MsgBase -{ +struct MsgKeyResponse : public MsgBase { MsgKeyResponse(int id, const Crypto::GObjShPtr& key, int errorCode = CKM_API_SUCCESS) : MsgBase(id), key(key), error(errorCode) - {} + { + } + Crypto::GObjShPtr key; int error; }; diff --git a/src/manager/main/service-thread.h b/src/manager/main/service-thread.h index 32087b7..b459b96 100644 --- a/src/manager/main/service-thread.h +++ b/src/manager/main/service-thread.h @@ -55,15 +55,18 @@ public: ServiceThread() : m_state(State::NoThread) , m_quit(false) - {} + { + } - void Create() { + void Create() + { assert(m_state == State::NoThread); m_thread = std::thread(ThreadLoopStatic, this); m_state = State::Work; } - void Join() { + void Join() + { assert(m_state != State::NoThread); { std::lock_guard lock(m_eventQueueMutex); @@ -95,14 +98,16 @@ protected: m_waitCondition.notify_one(); } - static void ThreadLoopStatic(ServiceThread *ptr) { + static void ThreadLoopStatic(ServiceThread *ptr) + { ptr->ThreadLoop(); // cleanup openssl in every thread deinitOpenSslThread(); } - void ThreadLoop(){ + void ThreadLoop() + { for (;;) { EventDescription description; { diff --git a/src/manager/main/socket-2-id-mockup.cpp b/src/manager/main/socket-2-id-mockup.cpp index 889e8ea..1d103cb 100644 --- a/src/manager/main/socket-2-id-mockup.cpp +++ b/src/manager/main/socket-2-id-mockup.cpp @@ -26,7 +26,8 @@ namespace CKM { -int Socket2Id::getPkgIdFromSmack(const std::string &smack, std::string &pkgId) { +int Socket2Id::getPkgIdFromSmack(const std::string &smack, std::string &pkgId) +{ static const std::string SMACK_PREFIX_APPID = "User::App::"; if (smack.empty()) { @@ -52,17 +53,16 @@ int Socket2Id::getPkgIdFromSmack(const std::string &smack, std::string &pkgId) { return 0; } -int Socket2Id::translate(int sock, std::string &result) { +int Socket2Id::translate(int sock, std::string &result) +{ std::string smack; std::string pkgId; - if (0 > getCredentialsFromSocket(sock, smack)) { + if (0 > getCredentialsFromSocket(sock, smack)) return -1; - } - if (0 > getPkgIdFromSmack(smack, pkgId)) { + if (0 > getPkgIdFromSmack(smack, pkgId)) return -1; - } result = std::move(pkgId); return 0; diff --git a/src/manager/main/socket-2-id-wrapper.cpp b/src/manager/main/socket-2-id-wrapper.cpp index c597953..2c037f8 100644 --- a/src/manager/main/socket-2-id-wrapper.cpp +++ b/src/manager/main/socket-2-id-wrapper.cpp @@ -28,7 +28,8 @@ namespace CKM { -int Socket2Id::getPkgIdFromSmack(const std::string &smack, std::string &pkgId) { +int Socket2Id::getPkgIdFromSmack(const std::string &smack, std::string &pkgId) +{ // TODO // Conversion from smack label to pkgId should be done // by security-manager. Current version of security-manager @@ -67,12 +68,12 @@ int Socket2Id::getPkgIdFromSmack(const std::string &smack, std::string &pkgId) { return 0; } -int Socket2Id::translate(int sock, std::string &result) { +int Socket2Id::translate(int sock, std::string &result) +{ std::string smack; - if (0 > getCredentialsFromSocket(sock, smack)) { + if (0 > getCredentialsFromSocket(sock, smack)) return -1; - } StringMap::iterator it = m_stringMap.find(smack); @@ -82,9 +83,8 @@ int Socket2Id::translate(int sock, std::string &result) { } std::string pkgId; - if (0 > getPkgIdFromSmack(smack, pkgId)) { + if (0 > getPkgIdFromSmack(smack, pkgId)) return -1; - } result = pkgId; m_stringMap.emplace(std::move(smack), std::move(pkgId)); diff --git a/src/manager/main/socket-2-id.cpp b/src/manager/main/socket-2-id.cpp index 40cd714..b71f88b 100644 --- a/src/manager/main/socket-2-id.cpp +++ b/src/manager/main/socket-2-id.cpp @@ -30,14 +30,15 @@ namespace CKM { namespace { -int assignToString(std::vector &vec, socklen_t len, std::string &res) { +int assignToString(std::vector &vec, socklen_t len, std::string &res) +{ if (vec.size() <= len) return -1; vec[len] = 0; // old implementation getsockopt returns cstring without 0 - if (vec[len-1] == 0) { + + if (vec[len-1] == 0) --len; // new implementation of getsockopt returns cstring size+1 - } res.assign(vec.data(), len); return 0; @@ -45,13 +46,13 @@ int assignToString(std::vector &vec, socklen_t len, std::string &res) { } // namespace anonymous -int Socket2Id::getCredentialsFromSocket(int sock, std::string &res) { +int Socket2Id::getCredentialsFromSocket(int sock, std::string &res) +{ std::vector result(SMACK_LABEL_LEN+1); socklen_t length = SMACK_LABEL_LEN; - if (0 == getsockopt(sock, SOL_SOCKET, SO_PEERSEC, result.data(), &length)) { + if (0 == getsockopt(sock, SOL_SOCKET, SO_PEERSEC, result.data(), &length)) return assignToString(result, length, res); - } if (errno != ERANGE) { LogError("getsockopt failed"); @@ -68,7 +69,8 @@ int Socket2Id::getCredentialsFromSocket(int sock, std::string &res) { return assignToString(result, length, res); } -void Socket2Id::resetCache() { +void Socket2Id::resetCache() +{ m_stringMap.clear(); } diff --git a/src/manager/main/socket-2-id.h b/src/manager/main/socket-2-id.h index 046f998..85b0ef1 100644 --- a/src/manager/main/socket-2-id.h +++ b/src/manager/main/socket-2-id.h @@ -33,6 +33,7 @@ public: void resetCache(); virtual ~Socket2Id() {} + private: int getCredentialsFromSocket(int sock, std::string &res); int getPkgIdFromSmack(const std::string &smack, std::string &pkgId); diff --git a/src/manager/main/socket-manager.cpp b/src/manager/main/socket-manager.cpp old mode 100644 new mode 100755 index 6caeaf8..e892f7f --- a/src/manager/main/socket-manager.cpp +++ b/src/manager/main/socket-manager.cpp @@ -52,13 +52,13 @@ namespace { const time_t SOCKET_TIMEOUT = 1000; -int getCredentialsFromSocket(int sock, CKM::Credentials &cred) { +int getCredentialsFromSocket(int sock, CKM::Credentials &cred) +{ static CKM::Socket2Id sock2id; std::string ownerId; - if (0 > sock2id.translate(sock, ownerId)) { + if (0 > sock2id.translate(sock, ownerId)) return -1; - } ucred peerCred; socklen_t length = sizeof(ucred); @@ -77,7 +77,8 @@ int getCredentialsFromSocket(int sock, CKM::Credentials &cred) { namespace CKM { struct DummyService : public GenericSocketService { - ServiceDescriptionVector GetServiceDescription() { + ServiceDescriptionVector GetServiceDescription() + { return ServiceDescriptionVector(); } @@ -92,7 +93,8 @@ struct DummyService : public GenericSocketService { }; struct SignalService : public GenericSocketService { - int GetDescriptor() { + int GetDescriptor() + { LogInfo("set up"); sigset_t mask; sigemptyset(&mask); @@ -102,7 +104,8 @@ struct SignalService : public GenericSocketService { return signalfd(-1, &mask, 0); } - ServiceDescriptionVector GetServiceDescription() { + ServiceDescriptionVector GetServiceDescription() + { return ServiceDescriptionVector(); } @@ -114,10 +117,11 @@ struct SignalService : public GenericSocketService { void Event(const CloseEvent &) {} // not supported void Event(const SecurityEvent &) {} // not supported - void Event(const ReadEvent &event) { + void Event(const ReadEvent &event) + { LogDebug("Get signal information"); - if(sizeof(struct signalfd_siginfo) != event.rawBuffer.size()) { + if (sizeof(struct signalfd_siginfo) != event.rawBuffer.size()) { LogError("Wrong size of signalfd_siginfo struct. Expected: " << sizeof(signalfd_siginfo) << " Get: " << event.rawBuffer.size()); @@ -165,16 +169,18 @@ SocketManager::CreateDefaultReadSocketDescription(int sock, bool timeout) return desc; } -SocketManager::SocketManager() - : m_maxDesc(0) - , m_counter(0) +SocketManager::SocketManager() : + m_maxDesc(0), + m_counter(0) { FD_ZERO(&m_readSet); FD_ZERO(&m_writeSet); + if (-1 == pipe(m_notifyMe)) { int err = errno; ThrowMsg(Exception::InitFailed, "Error in pipe: " << GetErrnoString(err)); } + LogInfo("Pipe: Read desc: " << m_notifyMe[0] << " Write desc: " << m_notifyMe[1]); auto &desc = CreateDefaultReadSocketDescription(m_notifyMe[0], false); @@ -190,6 +196,7 @@ SocketManager::SocketManager() auto *signalService = new SignalService; signalService->SetSocketManager(this); int filefd = signalService->GetDescriptor(); + if (-1 == filefd) { LogError("Error in SignalService.GetDescriptor()"); delete signalService; @@ -203,7 +210,8 @@ SocketManager::SocketManager() m_cynara.reset(new Cynara(this)); } -SocketManager::~SocketManager() { +SocketManager::~SocketManager() +{ m_cynara.reset(nullptr); std::set serviceMap; @@ -229,10 +237,12 @@ SocketManager::~SocketManager() { close(m_notifyMe[1]); } -void SocketManager::ReadyForAccept(int sock) { +void SocketManager::ReadyForAccept(int sock) +{ struct sockaddr_un clientAddr; unsigned int clientLen = sizeof(clientAddr); int client = accept4(sock, (struct sockaddr*) &clientAddr, &clientLen, SOCK_NONBLOCK); + if (-1 == client) { int err = errno; LogDebug("Error in accept: " << GetErrnoString(err)); @@ -245,8 +255,7 @@ void SocketManager::ReadyForAccept(int sock) { if (0 > getCredentialsFromSocket(client, peerCred) || !Cynara::GetUserFromSocket(client, user) - || !Cynara::GetClientFromSocket(client, smack)) - { + || !Cynara::GetClientFromSocket(client, smack)) { LogDebug("Error in getting credentials from socket."); TEMP_FAILURE_RETRY(close(client)); return; @@ -267,7 +276,8 @@ void SocketManager::ReadyForAccept(int sock) { desc.service->Event(event); } -void SocketManager::SecurityStatus(int sock, int counter, bool allowed) { +void SocketManager::SecurityStatus(int sock, int counter, bool allowed) +{ auto &desc = m_socketDescriptionVector[sock]; if (!desc.isOpen()) { LogDebug("Client from socket " << sock << @@ -288,7 +298,8 @@ void SocketManager::SecurityStatus(int sock, int counter, bool allowed) { desc.service->Event(event); } -void SocketManager::ReadyForRead(int sock) { +void SocketManager::ReadyForRead(int sock) +{ if (m_socketDescriptionVector[sock].isListen()) { ReadyForAccept(sock); return; @@ -316,18 +327,19 @@ void SocketManager::ReadyForRead(int sock) { desc.service->Event(event); } else if (size == -1) { int err = errno; - switch(err) { - case EAGAIN: - case EINTR: - break; - default: - LogDebug("Reading sock error: " << GetErrnoString(err)); - CloseSocket(sock); + switch (err) { + case EAGAIN: + case EINTR: + break; + default: + LogDebug("Reading sock error: " << GetErrnoString(err)); + CloseSocket(sock); } } } -void SocketManager::ReadyForWrite(int sock) { +void SocketManager::ReadyForWrite(int sock) +{ if (m_socketDescriptionVector[sock].isCynara()) { m_cynara->ProcessSocket(); return; @@ -336,9 +348,10 @@ void SocketManager::ReadyForWrite(int sock) { auto &desc = m_socketDescriptionVector[sock]; size_t size = desc.rawBuffer.size(); ssize_t result = write(sock, &desc.rawBuffer[0], size); + if (result == -1) { int err = errno; - switch(err) { + switch (err) { case EAGAIN: case EINTR: // select will trigger write once again, nothing to do @@ -368,7 +381,8 @@ void SocketManager::ReadyForWrite(int sock) { desc.service->Event(event); } -void SocketManager::MainLoop() { +void SocketManager::MainLoop() +{ // remove evironment values passed by systemd sd_listen_fds(1); @@ -376,7 +390,7 @@ void SocketManager::MainLoop() { sd_notify(0, "READY=1"); m_working = true; - while(m_working) { + while (m_working) { fd_set readSet = m_readSet; fd_set writeSet = m_writeSet; @@ -386,7 +400,7 @@ void SocketManager::MainLoop() { // I need to extract timeout from priority_queue. // Timeout in priority_queue may be deprecated. // I need to find some actual one. - while(!m_timeoutQueue.empty()) { + while (!m_timeoutQueue.empty()) { auto &top = m_timeoutQueue.top(); auto &desc = m_socketDescriptionVector[top.sock]; @@ -451,7 +465,7 @@ void SocketManager::MainLoop() { } if (-1 == ret) { - switch(errno) { + switch (errno) { case EINTR: LogDebug("EINTR in select"); break; @@ -462,7 +476,7 @@ void SocketManager::MainLoop() { } continue; } - for(int i = 0; i= - sizeof(static_cast(0)->sun_path)) - { + if (desc.serviceHandlerPath.size()*sizeof(decltype(desc.serviceHandlerPath)::value_type) >= + sizeof(static_cast(0)->sun_path)) { LogError("Service handler path too long: " << desc.serviceHandlerPath.size()); ThrowMsg(Exception::InitFailed, "Service handler path too long: " << desc.serviceHandlerPath.size()); @@ -599,16 +611,16 @@ void SocketManager::CreateDomainSocket( " Handler: " << desc.serviceHandlerPath.c_str()); } -void SocketManager::RegisterSocketService(GenericSocketService *service) { +void SocketManager::RegisterSocketService(GenericSocketService *service) +{ service->SetSocketManager(this); service->SetCommManager(&m_commMgr); auto serviceVector = service->GetServiceDescription(); Try { for (auto iter = serviceVector.begin(); iter != serviceVector.end(); ++iter) CreateDomainSocket(service, *iter); - } Catch (Exception::Base) { - for (int i =0; i < (int)m_socketDescriptionVector.size(); ++i) - { + } Catch(Exception::Base) { + for (int i =0; i < (int)m_socketDescriptionVector.size(); ++i) { auto &desc = m_socketDescriptionVector[i]; if (desc.service == service && desc.isOpen()) { close(i); @@ -619,26 +631,30 @@ void SocketManager::RegisterSocketService(GenericSocketService *service) { } } -void SocketManager::Close(ConnectionID connectionID) { +void SocketManager::Close(ConnectionID connectionID) +{ CloseEvent event; event.sock = connectionID.sock; event.counter = connectionID.counter; AddEvent(event); } -void SocketManager::Write(ConnectionID connectionID, const RawBuffer &rawBuffer) { +void SocketManager::Write(ConnectionID connectionID, const RawBuffer &rawBuffer) +{ WriteEvent event{connectionID, rawBuffer}; AddEvent(event); } -void SocketManager::SecurityCheck(ConnectionID connectionID) { +void SocketManager::SecurityCheck(ConnectionID connectionID) +{ SecurityEvent event; event.sock = connectionID.sock; event.counter = connectionID.counter; AddEvent(event); } -void SocketManager::CreateEvent(EventFunction fun) { +void SocketManager::CreateEvent(EventFunction fun) +{ { std::lock_guard ulock(m_eventQueueMutex); m_eventQueue.push(std::move(fun)); @@ -646,12 +662,14 @@ void SocketManager::CreateEvent(EventFunction fun) { NotifyMe(); } -void SocketManager::NotifyMe() { +void SocketManager::NotifyMe() +{ TEMP_FAILURE_RETRY(write(m_notifyMe[1], "You have message ;-)", 1)); } -void SocketManager::ProcessQueue() { - while(1) { +void SocketManager::ProcessQueue() +{ + while (1) { EventFunction fun; { std::lock_guard ulock(m_eventQueueMutex); @@ -664,7 +682,8 @@ void SocketManager::ProcessQueue() { } } -void SocketManager::Handle(const WriteEvent &event) { +void SocketManager::Handle(const WriteEvent &event) +{ auto &desc = m_socketDescriptionVector[event.connectionID.sock]; if (!desc.isOpen()) { @@ -672,8 +691,7 @@ void SocketManager::Handle(const WriteEvent &event) { return; } - if (desc.counter != event.connectionID.counter) - { + if (desc.counter != event.connectionID.counter) { LogDebug("Received packet for write but counter is broken. Packet ignored!"); return; } @@ -686,7 +704,8 @@ void SocketManager::Handle(const WriteEvent &event) { FD_SET(event.connectionID.sock, &m_writeSet); } -void SocketManager::Handle(const CloseEvent &event) { +void SocketManager::Handle(const CloseEvent &event) +{ if (!m_socketDescriptionVector[event.sock].isOpen()) return; @@ -696,7 +715,8 @@ void SocketManager::Handle(const CloseEvent &event) { CloseSocket(event.sock); } -void SocketManager::Handle(const SecurityEvent &event) { +void SocketManager::Handle(const SecurityEvent &event) +{ auto& desc = m_socketDescriptionVector[event.sock]; if (!desc.isOpen()) return; @@ -715,7 +735,8 @@ void SocketManager::Handle(const SecurityEvent &event) { }); } -void SocketManager::CloseSocket(int sock) { +void SocketManager::CloseSocket(int sock) +{ auto &desc = m_socketDescriptionVector[sock]; if (!(desc.isOpen())) { @@ -745,7 +766,8 @@ void SocketManager::CloseSocket(int sock) { FD_CLR(sock, &m_writeSet); } -void SocketManager::CynaraSocket(int oldFd, int newFd, bool isRW) { +void SocketManager::CynaraSocket(int oldFd, int newFd, bool isRW) +{ if (newFd != oldFd) { if (newFd >= 0) { auto &desc = CreateDefaultReadSocketDescription(newFd, false); diff --git a/src/manager/main/socket-manager.h b/src/manager/main/socket-manager.h index 522e79c..933d9b1 100644 --- a/src/manager/main/socket-manager.h +++ b/src/manager/main/socket-manager.h @@ -50,7 +50,6 @@ public: DECLARE_EXCEPTION_TYPE(Base, InitFailed) }; - SocketManager(); virtual ~SocketManager(); virtual void MainLoop(); @@ -103,7 +102,9 @@ protected: : interfaceID(-1) , service(NULL) , m_flags(0) - {} + { + } + private: static const char LISTEN = 1 << 0; static const char OPEN = 1 << 1; @@ -119,7 +120,8 @@ protected: // support for generic event Queue typedef std::function EventFunction; template - void AddEvent(E event) { + void AddEvent(E event) + { CreateEvent([this, event]() {this->Handle(event);}); } void CreateEvent(EventFunction fun); @@ -140,7 +142,8 @@ protected: struct Timeout { time_t time; int sock; - bool operator<(const Timeout &second) const { + bool operator<(const Timeout &second) const + { return time > second.time; // mininum first! } }; diff --git a/src/manager/main/thread-service.cpp b/src/manager/main/thread-service.cpp index 9f744b5..b9c1b40 100644 --- a/src/manager/main/thread-service.cpp +++ b/src/manager/main/thread-service.cpp @@ -32,18 +32,21 @@ ThreadService::~ThreadService() { } -void ThreadService::Handle(const AcceptEvent &event) { +void ThreadService::Handle(const AcceptEvent &event) +{ LogDebug("Accept event"); auto &info = m_connectionInfoMap[event.connectionID.counter]; info.interfaceID = event.interfaceID; info.credentials = event.credentials; } -void ThreadService::Handle(const WriteEvent &event) { +void ThreadService::Handle(const WriteEvent &event) +{ LogDebug("Write event (" << event.size << " bytes )"); } -void ThreadService::Handle(const ReadEvent &event) { +void ThreadService::Handle(const ReadEvent &event) +{ LogDebug("Read event"); auto &info = m_connectionInfoMap[event.connectionID.counter]; info.buffer.Push(event.rawBuffer); @@ -58,12 +61,14 @@ void ThreadService::Handle(const ReadEvent &event) { m_serviceManager->SecurityCheck(event.connectionID); } -void ThreadService::Handle(const CloseEvent &event) { +void ThreadService::Handle(const CloseEvent &event) +{ LogDebug("Close event"); m_connectionInfoMap.erase(event.connectionID.counter); } -void ThreadService::Handle(const SecurityEvent &event) { +void ThreadService::Handle(const SecurityEvent &event) +{ LogDebug("Security event"); auto it = m_connectionInfoMap.find(event.connectionID.counter); diff --git a/src/manager/main/thread-service.h b/src/manager/main/thread-service.h index 219bfc0..209375f 100644 --- a/src/manager/main/thread-service.h +++ b/src/manager/main/thread-service.h @@ -28,8 +28,7 @@ namespace CKM { -class ThreadService: public GenericSocketService, public ServiceThread -{ +class ThreadService: public GenericSocketService, public ServiceThread { public: ThreadService(); virtual ~ThreadService(); @@ -47,7 +46,8 @@ protected: bool allowed) = 0; template - void ThreadEvent(const E& event) { + void ThreadEvent(const E& event) + { CreateEvent([this, event]() { this->Handle(event); }); } diff --git a/src/manager/service/access-control.cpp b/src/manager/service/access-control.cpp old mode 100644 new mode 100755 index e5eba2b..a3cecb4 --- a/src/manager/service/access-control.cpp +++ b/src/manager/service/access-control.cpp @@ -69,9 +69,9 @@ int AccessControl::canSave( const CKM::Credentials &accessorCred, const Label & ownerLabel) const { - if(isSystemService(accessorCred)) + if (isSystemService(accessorCred)) return CKM_API_SUCCESS; - if(ownerLabel != accessorCred.smackLabel) + if (ownerLabel != accessorCred.smackLabel) return CKM_API_ERROR_ACCESS_DENIED; return CKM_API_SUCCESS; @@ -88,9 +88,9 @@ int AccessControl::canRead( const CKM::Credentials &accessorCred, const PermissionForLabel & permissionLabel) const { - if(isSystemService(accessorCred)) + if (isSystemService(accessorCred)) return CKM_API_SUCCESS; - if(permissionLabel & Permission::READ) + if (permissionLabel & Permission::READ) return CKM_API_SUCCESS; return CKM_API_ERROR_DB_ALIAS_UNKNOWN; @@ -102,11 +102,11 @@ int AccessControl::canExport( const PermissionForLabel & permissionLabel) const { int ec; - if(CKM_API_SUCCESS != (ec = canRead(accessorCred, permissionLabel))) + if (CKM_API_SUCCESS != (ec = canRead(accessorCred, permissionLabel))) return ec; // check if can export - if(row.exportable == 0) + if (row.exportable == 0) return CKM_API_ERROR_NOT_EXPORTABLE; // prevent extracting private keys during cc-mode on @@ -120,11 +120,11 @@ int AccessControl::canDelete( const CKM::Credentials &accessorCred, const PermissionForLabel & permissionLabel) const { - if(isSystemService(accessorCred)) + if (isSystemService(accessorCred)) return CKM_API_SUCCESS; - if(permissionLabel & Permission::REMOVE) + if (permissionLabel & Permission::REMOVE) return CKM_API_SUCCESS; - if(permissionLabel & Permission::READ) + if (permissionLabel & Permission::READ) return CKM_API_ERROR_ACCESS_DENIED; return CKM_API_ERROR_DB_ALIAS_UNKNOWN; diff --git a/src/manager/service/access-control.h b/src/manager/service/access-control.h index 75297c4..0141af4 100644 --- a/src/manager/service/access-control.h +++ b/src/manager/service/access-control.h @@ -30,8 +30,7 @@ namespace CKM { -class AccessControl -{ +class AccessControl { public: /** * return true if client uid is from the system services uid space @@ -77,6 +76,7 @@ public: void updateCCMode(); bool isCCMode() const; + private: bool m_ccMode; }; diff --git a/src/manager/service/certificate-config.h b/src/manager/service/certificate-config.h index b9d053d..22c0caf 100644 --- a/src/manager/service/certificate-config.h +++ b/src/manager/service/certificate-config.h @@ -26,16 +26,27 @@ namespace CKM { -class CertificateConfig -{ +class CertificateConfig { public: - static void addSystemCertificateDir(const std::string& dir) { m_sysCertDirs.insert(dir); } - static void addSystemCertificateFile(const std::string& file) { m_sysCertFiles.insert(file); } + static void addSystemCertificateDir(const std::string& dir) + { + m_sysCertDirs.insert(dir); + } + static void addSystemCertificateFile(const std::string& file) + { + m_sysCertFiles.insert(file); + } typedef std::set PathSet; - static const PathSet& getSystemCertificateDirs() { return m_sysCertDirs; } - static const PathSet& getSystemCertificateFiles() { return m_sysCertFiles; } + static const PathSet& getSystemCertificateDirs() + { + return m_sysCertDirs; + } + static const PathSet& getSystemCertificateFiles() + { + return m_sysCertFiles; + } private: CertificateConfig(); diff --git a/src/manager/service/certificate-store.cpp b/src/manager/service/certificate-store.cpp old mode 100644 new mode 100755 index 565f4fd..66295e7 --- a/src/manager/service/certificate-store.cpp +++ b/src/manager/service/certificate-store.cpp @@ -32,7 +32,8 @@ namespace CKM { -CertificateStore::CertificateStore() : m_store(X509_STORE_new()) +CertificateStore::CertificateStore() : + m_store(X509_STORE_new()) { if (!m_store) { LogError("Failed to create store"); @@ -59,7 +60,7 @@ int CertificateStore::verifyCertificate( trustedVector.size() << "trusted certificates" << " and system certificates set to: " << useTrustedSystemCertificates); - X509_STORE_CTX_PTR csc= create_x509_store_ctx(); + X509_STORE_CTX_PTR csc = create_x509_store_ctx(); if (!csc) { LogError("failed to create csc"); return CKM_API_ERROR_UNKNOWN; @@ -93,9 +94,8 @@ int CertificateStore::verifyCertificate( return CKM_API_ERROR_UNKNOWN; } - if(stateCCMode) { + if (stateCCMode) X509_VERIFY_PARAM_set_flags(csc->param, X509_V_FLAG_X509_STRICT); - } int result = X509_verify_cert(csc.get()); // 1 == ok; 0 == fail; -1 == error @@ -131,12 +131,14 @@ int CertificateStore::addSystemCertificateDirs() LogError("Error in X509_STORE_add_lookup"); return CKM_API_ERROR_UNKNOWN; } - for(const auto& i: dirs) { + + for (const auto& i : dirs) { if (!X509_LOOKUP_add_dir(dir_lookup, i.c_str(), X509_FILETYPE_PEM)) { LogError("Error in X509_LOOKUP_add_dir"); return CKM_API_ERROR_UNKNOWN; } } + return CKM_API_SUCCESS; } @@ -153,7 +155,7 @@ int CertificateStore::addSystemCertificateFiles() return CKM_API_ERROR_UNKNOWN; } - for(const auto& i:files) { + for (const auto& i : files) { if (!X509_LOOKUP_load_file(file_lookup, i.c_str(), X509_FILETYPE_PEM)) { LogError("Error in X509_LOOKUP_load_file"); return CKM_API_ERROR_UNKNOWN; @@ -166,7 +168,7 @@ int CertificateStore::addCustomTrustedCertificates(const CertificateImplVector & { // add trusted certificates to store for (const auto& i:trustedVector) { - if(1 != X509_STORE_add_cert(m_store, i.getX509())) { + if (1 != X509_STORE_add_cert(m_store, i.getX509())) { LogError("failed to add certificate to the store"); return CKM_API_ERROR_UNKNOWN; } diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp old mode 100644 new mode 100755 index 8c967f3..e55bba8 --- a/src/manager/service/ckm-logic.cpp +++ b/src/manager/service/ckm-logic.cpp @@ -38,18 +38,21 @@ namespace { const char * const CERT_SYSTEM_DIR = "/etc/ssl/certs"; const char * const SYSTEM_DB_PASSWD = "cAtRugU7"; -bool isLabelValid(const CKM::Label &label) { +bool isLabelValid(const CKM::Label &label) +{ // TODO: copy code from libprivilege control (for check smack label) if (label.find(CKM::LABEL_NAME_SEPARATOR) != CKM::Label::npos) return false; return true; } -bool isNameValid(const CKM::Name &name) { +bool isNameValid(const CKM::Name &name) +{ if (name.find(CKM::LABEL_NAME_SEPARATOR) != CKM::Name::npos) return false; return true; } + } // anonymous namespace namespace CKM { @@ -63,9 +66,10 @@ CKMLogic::CKMLogic() m_accessControl.updateCCMode(); } -CKMLogic::~CKMLogic(){} +CKMLogic::~CKMLogic() {} -void CKMLogic::loadDKEKFile(uid_t user, const Password &password) { +void CKMLogic::loadDKEKFile(uid_t user, const Password &password) +{ auto &handle = m_userDataMap[user]; FileSystem fs(user); @@ -80,7 +84,8 @@ void CKMLogic::loadDKEKFile(uid_t user, const Password &password) { handle.keyProvider = KeyProvider(wrappedDKEK, password); } -void CKMLogic::saveDKEKFile(uid_t user, const Password &password) { +void CKMLogic::saveDKEKFile(uid_t user, const Password &password) +{ auto &handle = m_userDataMap[user]; FileSystem fs(user); @@ -89,12 +94,11 @@ void CKMLogic::saveDKEKFile(uid_t user, const Password &password) { int CKMLogic::unlockDatabase(uid_t user, const Password & password) { - if (0 switch to system DB - if ( !m_accessControl.isSystemService(cred) ) - { + if (!m_accessControl.isSystemService(cred)) { if (0 == m_userDataMap.count(cred.clientUid)) ThrowErr(Exc::DatabaseLocked, "database with UID: ", cred.clientUid, " locked"); @@ -156,6 +158,7 @@ UserData & CKMLogic::selectDatabase(const Credentials &cred, const Label &incomi // system database selected, modify the label if (CKM_API_SUCCESS != unlockSystemDB() ) ThrowErr(Exc::DatabaseLocked, "can not unlock system database"); + return m_userDataMap[SYSTEM_DB_UID]; } @@ -163,20 +166,16 @@ RawBuffer CKMLogic::unlockUserKey(uid_t user, const Password &password) { int retCode = CKM_API_SUCCESS; - if( !m_accessControl.isSystemService(user) ) - { + if (!m_accessControl.isSystemService(user)) retCode = unlockDatabase(user, password); - } - else - { - // do not allow lock/unlock operations for system users + else // do not allow lock/unlock operations for system users retCode = CKM_API_ERROR_INPUT_PARAM; - } return MessageBuffer::Serialize(retCode).Pop(); } -RawBuffer CKMLogic::updateCCMode() { +RawBuffer CKMLogic::updateCCMode() +{ m_accessControl.updateCCMode(); return MessageBuffer::Serialize(CKM_API_SUCCESS).Pop(); } @@ -184,21 +183,16 @@ RawBuffer CKMLogic::updateCCMode() { RawBuffer CKMLogic::lockUserKey(uid_t user) { int retCode = CKM_API_SUCCESS; - if( !m_accessControl.isSystemService(user) ) - { + if (!m_accessControl.isSystemService(user)) m_userDataMap.erase(user); - } - else - { - // do not allow lock/unlock operations for system users + else // do not allow lock/unlock operations for system users retCode = CKM_API_ERROR_INPUT_PARAM; - } return MessageBuffer::Serialize(retCode).Pop(); - } -RawBuffer CKMLogic::removeUserData(uid_t user) { +RawBuffer CKMLogic::removeUserData(uid_t user) +{ int retCode = CKM_API_SUCCESS; if (m_accessControl.isSystemService(user)) @@ -217,7 +211,7 @@ int CKMLogic::changeUserPasswordHelper(uid_t user, const Password &newPassword) { // do not allow to change system database password - if( m_accessControl.isSystemService(user) ) + if (m_accessControl.isSystemService(user)) return CKM_API_ERROR_INPUT_PARAM; loadDKEKFile(user, oldPassword); @@ -232,8 +226,7 @@ RawBuffer CKMLogic::changeUserPassword( const Password &newPassword) { int retCode = CKM_API_SUCCESS; - try - { + try { retCode = changeUserPasswordHelper(user, oldPassword, newPassword); } catch (const Exc::Exception &e) { retCode = e.error(); @@ -250,12 +243,11 @@ int CKMLogic::resetUserPasswordHelper( const Password &newPassword) { // do not allow to reset system database password - if( m_accessControl.isSystemService(user) ) + if (m_accessControl.isSystemService(user)) return CKM_API_ERROR_INPUT_PARAM; int retCode = CKM_API_SUCCESS; - if (0 == m_userDataMap.count(user)) - { + if (0 == m_userDataMap.count(user)) { // Check if key exists. If exists we must return error FileSystem fs(user); auto wrappedDKEKMain = fs.getDKEK(); @@ -285,11 +277,11 @@ RawBuffer CKMLogic::resetUserPassword( return MessageBuffer::Serialize(retCode).Pop(); } -RawBuffer CKMLogic::removeApplicationData(const Label &smackLabel) { +RawBuffer CKMLogic::removeApplicationData(const Label &smackLabel) +{ int retCode = CKM_API_SUCCESS; try { - if (smackLabel.empty()) { retCode = CKM_API_ERROR_INPUT_PARAM; } else { @@ -305,7 +297,6 @@ RawBuffer CKMLogic::removeApplicationData(const Label &smackLabel) { } } } - } catch (const Exc::Exception &e) { retCode = e.error(); } catch (const CKM::Exception &e) { @@ -330,22 +321,20 @@ int CKMLogic::checkSaveConditions( // check if allowed to save using ownerLabel int access_ec = m_accessControl.canSave(cred, ownerLabel); - if( access_ec != CKM_API_SUCCESS) - { + if (access_ec != CKM_API_SUCCESS) { LogDebug("label " << cred.smackLabel << " can not save rows using label " << ownerLabel); return access_ec; } // check if not a duplicate - if( handler.database.isNameLabelPresent(name, ownerLabel)) + if (handler.database.isNameLabelPresent(name, ownerLabel)) return CKM_API_ERROR_DB_ALIAS_EXISTS; // encryption section - if (!handler.crypto.haveKey(ownerLabel)) - { + if (!handler.crypto.haveKey(ownerLabel)) { RawBuffer got_key; auto key_optional = handler.database.getKey(ownerLabel); - if(!key_optional) { + if (!key_optional) { LogDebug("No Key in database found. Generating new one for label: " << ownerLabel); got_key = handler.keyProvider.generateDEK(ownerLabel); handler.database.saveKey(ownerLabel, got_key); @@ -386,32 +375,28 @@ int CKMLogic::verifyBinaryData(Crypto::Data &input) const int CKMLogic::toBinaryData(const Crypto::Data &input, Crypto::Data &output) const { // verify the data integrity - if (input.type.isKey()) - { + if (input.type.isKey()) { KeyShPtr output_key; - if(input.type.isSKey()) + if (input.type.isSKey()) output_key = CKM::Key::createAES(input.data); else output_key = CKM::Key::create(input.data); - if(output_key.get() == NULL) - { + + if (output_key.get() == NULL) { LogDebug("provided binary data is not valid key data"); return CKM_API_ERROR_INPUT_PARAM; } output = std::move(Crypto::Data(input.type, output_key->getDER())); - } - else if (input.type.isCertificate() || input.type.isChainCert()) - { + } else if (input.type.isCertificate() || input.type.isChainCert()) { CertificateShPtr cert = CKM::Certificate::create(input.data, DataFormat::FORM_DER); - if(cert.get() == NULL) - { + if (cert.get() == NULL) { LogDebug("provided binary data is not valid certificate data"); return CKM_API_ERROR_INPUT_PARAM; } output = std::move(Crypto::Data(input.type, cert->getDER())); - } - else + } else { output = input; + } // TODO: add here BINARY_DATA verification, i.e: max size etc. return CKM_API_SUCCESS; } @@ -429,10 +414,8 @@ int CKMLogic::verifyAndSaveDataHelper( // check if data is correct Crypto::Data binaryData; retCode = toBinaryData(data, binaryData); - if(retCode == CKM_API_SUCCESS) - { + if (retCode == CKM_API_SUCCESS) retCode = saveDataHelper(cred, name, label, binaryData, policy); - } } catch (const Exc::Exception &e) { retCode = e.error(); } catch (const CKM::Exception &e) { @@ -491,31 +474,30 @@ int CKMLogic::extractPKCS12Data( DB::RowVector &output) const { // private key is mandatory - if( !pkcs.getKey() ) + if (!pkcs.getKey()) return CKM_API_ERROR_INVALID_FORMAT; Key* keyPtr = pkcs.getKey().get(); Crypto::Data keyData(DataType(keyPtr->getType()), keyPtr->getDER()); int retCode = verifyBinaryData(keyData); - if(retCode != CKM_API_SUCCESS) + if (retCode != CKM_API_SUCCESS) return retCode; output.push_back(createEncryptedRow(crypto, name, ownerLabel, keyData, keyPolicy)); // certificate is mandatory - if( !pkcs.getCertificate() ) + if (!pkcs.getCertificate()) return CKM_API_ERROR_INVALID_FORMAT; Crypto::Data certData(DataType::CERTIFICATE, pkcs.getCertificate().get()->getDER()); retCode = verifyBinaryData(certData); - if(retCode != CKM_API_SUCCESS) + if (retCode != CKM_API_SUCCESS) return retCode; output.push_back(createEncryptedRow(crypto, name, ownerLabel, certData, certPolicy)); // CA cert chain unsigned int cert_index = 0; - for(const auto & ca : pkcs.getCaCertificateShPtrVector()) - { + for (const auto & ca : pkcs.getCaCertificateShPtrVector()) { Crypto::Data caCertData(DataType::getChainDatatype(cert_index ++), ca->getDER()); int retCode = verifyBinaryData(caCertData); - if(retCode != CKM_API_SUCCESS) + if (retCode != CKM_API_SUCCESS) return retCode; output.push_back(createEncryptedRow(crypto, name, ownerLabel, caCertData, certPolicy)); @@ -571,8 +553,7 @@ int CKMLogic::removeDataHelper( handler.database.getPermissionRow(name, ownerLabel, cred.smackLabel); int retCode = m_accessControl.canDelete(cred, PermissionForLabel(cred.smackLabel, permissionRowOpt)); - if(retCode != CKM_API_SUCCESS) - { + if (retCode != CKM_API_SUCCESS) { LogWarning("access control check result: " << retCode); return retCode; } @@ -587,11 +568,11 @@ int CKMLogic::removeDataHelper( // load app key if needed retCode = loadAppKey(handler, rows.front().ownerLabel); - if(CKM_API_SUCCESS != retCode) + if (CKM_API_SUCCESS != retCode) return retCode; // destroy it in store - for(auto& r : rows) { + for (auto& r : rows) { try { handler.crypto.decryptRow(Password(), r); m_decider.getStore(r).destroy(r); @@ -615,16 +596,11 @@ RawBuffer CKMLogic::removeData( { int retCode = CKM_API_ERROR_UNKNOWN; - try - { + try { retCode = removeDataHelper(cred, name, label); - } - catch (const Exc::Exception &e) - { + } catch (const Exc::Exception &e) { retCode = e.error(); - } - catch (const CKM::Exception &e) - { + } catch (const CKM::Exception &e) { LogError("Error: " << e.GetMessage()); retCode = CKM_API_ERROR_DB_ERROR; } @@ -642,8 +618,7 @@ int CKMLogic::readSingleRow(const Name &name, DB::Row &row) { DB::Crypto::RowOptional row_optional; - if (dataType.isKey()) - { + if (dataType.isKey()) { // read all key types row_optional = database.getRow(name, ownerLabel, @@ -656,7 +631,7 @@ int CKMLogic::readSingleRow(const Name &name, dataType); } - if(!row_optional) { + if (!row_optional) { LogDebug("No row for given name, label and type"); return CKM_API_ERROR_DB_ALIAS_UNKNOWN; } else { @@ -674,33 +649,27 @@ int CKMLogic::readMultiRow(const Name &name, DB::RowVector &output) { if (dataType.isKey()) - { // read all key types database.getRows(name, ownerLabel, DataType::DB_KEY_FIRST, DataType::DB_KEY_LAST, output); - } else if (dataType.isChainCert()) - { // read all key types database.getRows(name, ownerLabel, DataType::DB_CHAIN_FIRST, DataType::DB_CHAIN_LAST, output); - } else - { // read anything else database.getRows(name, ownerLabel, dataType, output); - } - if(!output.size()) { + if (!output.size()) { LogDebug("No row for given name, label and type"); return CKM_API_ERROR_DB_ALIAS_UNKNOWN; } @@ -719,7 +688,7 @@ int CKMLogic::checkDataPermissionsHelper(const Credentials &cred, PermissionMaskOptional permissionRowOpt = database.getPermissionRow(name, ownerLabel, accessorLabel); - if(exportFlag) + if (exportFlag) return m_accessControl.canExport(cred, row, PermissionForLabel(accessorLabel, permissionRowOpt)); return m_accessControl.canRead(cred, PermissionForLabel(accessorLabel, permissionRowOpt)); } @@ -735,7 +704,7 @@ Crypto::GObjUPtr CKMLogic::rowToObject( // decrypt row Crypto::GObjUPtr obj; - if(CryptoLogic::getSchemeVersion(row.encryptionScheme) == CryptoLogic::ENCRYPTION_V2) { + if (CryptoLogic::getSchemeVersion(row.encryptionScheme) == CryptoLogic::ENCRYPTION_V2) { handler.crypto.decryptRow(Password(), row); obj = store.getObject(row, pass); @@ -784,7 +753,7 @@ int CKMLogic::readDataHelper( DB::Crypto::Transaction transaction(&handler.database); DB::RowVector rows; int retCode = readMultiRow(name, ownerLabel, dataType, handler.database, rows); - if(CKM_API_SUCCESS != retCode) + if (CKM_API_SUCCESS != retCode) return retCode; // all read rows belong to the same owner @@ -792,16 +761,16 @@ int CKMLogic::readDataHelper( // check access rights retCode = checkDataPermissionsHelper(cred, name, ownerLabel, cred.smackLabel, firstRow, exportFlag, handler.database); - if(CKM_API_SUCCESS != retCode) + if (CKM_API_SUCCESS != retCode) return retCode; // load app key if needed retCode = loadAppKey(handler, firstRow.ownerLabel); - if(CKM_API_SUCCESS != retCode) + if (CKM_API_SUCCESS != retCode) return retCode; // decrypt row - for(auto &row : rows) + for (auto &row : rows) objs.push_back(rowToObject(handler, std::move(row), password)); // rowToObject may modify db transaction.commit(); @@ -844,19 +813,19 @@ int CKMLogic::readDataHelper( DB::Crypto::Transaction transaction(&handler.database); DB::Row row; int retCode = readSingleRow(name, ownerLabel, dataType, handler.database, row); - if(CKM_API_SUCCESS != retCode) + if (CKM_API_SUCCESS != retCode) return retCode; objDataType = row.dataType; // check access rights retCode = checkDataPermissionsHelper(cred, name, ownerLabel, cred.smackLabel, row, exportFlag, handler.database); - if(CKM_API_SUCCESS != retCode) + if (CKM_API_SUCCESS != retCode) return retCode; // load app key if needed retCode = loadAppKey(handler, row.ownerLabel); - if(CKM_API_SUCCESS != retCode) + if (CKM_API_SUCCESS != retCode) return retCode; obj = rowToObject(handler, std::move(row), password); @@ -881,7 +850,7 @@ RawBuffer CKMLogic::getData( try { Crypto::GObjUPtr obj; retCode = readDataHelper(true, cred, dataType, name, label, password, obj, objDataType); - if(retCode == CKM_API_SUCCESS) + if (retCode == CKM_API_SUCCESS) row.data = std::move(obj->getBinary()); } catch (const Exc::Exception &e) { retCode = e.error(); @@ -918,28 +887,28 @@ int CKMLogic::getPKCS12Helper( // read private key (mandatory) Crypto::GObjUPtr keyObj; retCode = readDataHelper(true, cred, DataType::DB_KEY_FIRST, name, label, keyPassword, keyObj); - if(retCode != CKM_API_SUCCESS) + if (retCode != CKM_API_SUCCESS) return retCode; privKey = CKM::Key::create(keyObj->getBinary()); // read certificate (mandatory) Crypto::GObjUPtr certObj; retCode = readDataHelper(true, cred, DataType::CERTIFICATE, name, label, certPassword, certObj); - if(retCode != CKM_API_SUCCESS) + if (retCode != CKM_API_SUCCESS) return retCode; cert = CKM::Certificate::create(certObj->getBinary(), DataFormat::FORM_DER); // read CA cert chain (optional) Crypto::GObjUPtrVector caChainObjs; retCode = readDataHelper(true, cred, DataType::DB_CHAIN_FIRST, name, label, certPassword, caChainObjs); - if(retCode != CKM_API_SUCCESS && + if (retCode != CKM_API_SUCCESS && retCode != CKM_API_ERROR_DB_ALIAS_UNKNOWN) return retCode; - for(auto &caCertObj : caChainObjs) + for (auto &caCertObj : caChainObjs) caChain.push_back(CKM::Certificate::create(caCertObj->getBinary(), DataFormat::FORM_DER)); // if anything found, return it - if(privKey || cert || caChain.size()>0) + if (privKey || cert || caChain.size() > 0) retCode = CKM_API_SUCCESS; return retCode; @@ -963,7 +932,7 @@ RawBuffer CKMLogic::getPKCS12( retCode = getPKCS12Helper(cred, name, label, keyPassword, certPassword, privKey, cert, caChain); // prepare response - if(retCode == CKM_API_SUCCESS) + if (retCode == CKM_API_SUCCESS) output = PKCS12Serializable(privKey, cert, caChain); } catch (const Exc::Exception &e) { retCode = e.error(); @@ -984,8 +953,7 @@ int CKMLogic::getDataListHelper(const Credentials &cred, LabelNameVector &labelNameVector) { int retCode = CKM_API_ERROR_DB_LOCKED; - if (0 < m_userDataMap.count(cred.clientUid)) - { + if (0 < m_userDataMap.count(cred.clientUid)) { auto &database = m_userDataMap[cred.clientUid].database; try { @@ -1024,19 +992,15 @@ RawBuffer CKMLogic::getDataList( LabelNameVector labelNameVector; int retCode = unlockSystemDB(); - if (CKM_API_SUCCESS == retCode) - { + if (CKM_API_SUCCESS == retCode) { // system database - if (m_accessControl.isSystemService(cred)) - { + if (m_accessControl.isSystemService(cred)) { // lookup system DB retCode = getDataListHelper(Credentials(SYSTEM_DB_UID, OWNER_ID_SYSTEM), dataType, systemVector); - } - else - { + } else { // user - lookup system, then client DB retCode = getDataListHelper(Credentials(SYSTEM_DB_UID, cred.smackLabel), @@ -1044,8 +1008,7 @@ RawBuffer CKMLogic::getDataList( systemVector); // private database - if(retCode == CKM_API_SUCCESS) - { + if (retCode == CKM_API_SUCCESS) { retCode = getDataListHelper(cred, dataType, userVector); @@ -1053,11 +1016,11 @@ RawBuffer CKMLogic::getDataList( } } - if(retCode == CKM_API_SUCCESS) - { + if (retCode == CKM_API_SUCCESS) { labelNameVector.insert(labelNameVector.end(), systemVector.begin(), systemVector.end()); labelNameVector.insert(labelNameVector.end(), userVector.begin(), userVector.end()); } + auto response = MessageBuffer::Serialize(static_cast(LogicCommand::GET_LIST), commandId, retCode, @@ -1074,18 +1037,18 @@ int CKMLogic::importInitialData( { try { // Inital values are always imported with root credentials. Label is not important. - Credentials rootCred(0,""); + Credentials rootCred(0, ""); auto &handler = selectDatabase(rootCred, OWNER_ID_SYSTEM); // check if save is possible DB::Crypto::Transaction transaction(&handler.database); int retCode = checkSaveConditions(rootCred, handler, name, OWNER_ID_SYSTEM); - if(retCode != CKM_API_SUCCESS) + if (retCode != CKM_API_SUCCESS) return retCode; Crypto::GStore& store = - m_decider.getStore(data.type, policy.extractable, !enc.encryptedKey.empty()); + m_decider.getStore(data.type, policy.extractable, !enc.encryptedKey.empty()); Token token; @@ -1127,13 +1090,13 @@ int CKMLogic::saveDataHelper( // use client label if not explicitly provided const Label &ownerLabel = label.empty() ? cred.smackLabel : label; - if( m_accessControl.isSystemService(cred) && ownerLabel.compare(OWNER_ID_SYSTEM)!=0) + if (m_accessControl.isSystemService(cred) && ownerLabel.compare(OWNER_ID_SYSTEM) != 0) return CKM_API_ERROR_INPUT_PARAM; // check if save is possible DB::Crypto::Transaction transaction(&handler.database); int retCode = checkSaveConditions(cred, handler, name, ownerLabel); - if(retCode != CKM_API_SUCCESS) + if (retCode != CKM_API_SUCCESS) return retCode; // save the data @@ -1156,19 +1119,19 @@ int CKMLogic::saveDataHelper( // use client label if not explicitly provided const Label &ownerLabel = label.empty() ? cred.smackLabel : label; - if( m_accessControl.isSystemService(cred) && ownerLabel.compare(OWNER_ID_SYSTEM)!=0) + if (m_accessControl.isSystemService(cred) && ownerLabel.compare(OWNER_ID_SYSTEM) != 0) return CKM_API_ERROR_INPUT_PARAM; // check if save is possible DB::Crypto::Transaction transaction(&handler.database); int retCode = checkSaveConditions(cred, handler, name, ownerLabel); - if(retCode != CKM_API_SUCCESS) + if (retCode != CKM_API_SUCCESS) return retCode; // extract and encrypt the data DB::RowVector encryptedRows; retCode = extractPKCS12Data(handler.crypto, name, ownerLabel, pkcs, keyPolicy, certPolicy, encryptedRows); - if(retCode != CKM_API_SUCCESS) + if (retCode != CKM_API_SUCCESS) return retCode; // save the data @@ -1190,13 +1153,13 @@ int CKMLogic::createKeyAESHelper( // use client label if not explicitly provided const Label &ownerLabel = label.empty() ? cred.smackLabel : label; - if( m_accessControl.isSystemService(cred) && ownerLabel.compare(OWNER_ID_SYSTEM)!=0) + if (m_accessControl.isSystemService(cred) && ownerLabel.compare(OWNER_ID_SYSTEM) != 0) return CKM_API_ERROR_INPUT_PARAM; // check if save is possible DB::Crypto::Transaction transaction(&handler.database); int retCode = checkSaveConditions(cred, handler, name, ownerLabel); - if(retCode != CKM_API_SUCCESS) + if (retCode != CKM_API_SUCCESS) return retCode; // create key in store @@ -1229,18 +1192,20 @@ int CKMLogic::createKeyPairHelper( auto &handlerPub = selectDatabase(cred, labelPublic); AlgoType keyType = AlgoType::RSA_GEN; - if(!keyGenParams.getParam(ParamName::ALGO_TYPE, keyType)) + if (!keyGenParams.getParam(ParamName::ALGO_TYPE, keyType)) ThrowErr(Exc::InputParam, "Error, parameter ALGO_TYPE not found."); + DataType dt(keyType); - if(!dt.isKey()) + if (!dt.isKey()) ThrowErr(Exc::InputParam, "Error, parameter ALGO_TYPE with wrong value."); // use client label if not explicitly provided const Label &ownerLabelPrv = labelPrivate.empty() ? cred.smackLabel : labelPrivate; - if( m_accessControl.isSystemService(cred) && ownerLabelPrv.compare(OWNER_ID_SYSTEM)!=0) + if (m_accessControl.isSystemService(cred) && ownerLabelPrv.compare(OWNER_ID_SYSTEM) != 0) return CKM_API_ERROR_INPUT_PARAM; + const Label &ownerLabelPub = labelPublic.empty() ? cred.smackLabel : labelPublic; - if( m_accessControl.isSystemService(cred) && ownerLabelPub.compare(OWNER_ID_SYSTEM)!=0) + if (m_accessControl.isSystemService(cred) && ownerLabelPub.compare(OWNER_ID_SYSTEM) != 0) return CKM_API_ERROR_INPUT_PARAM; bool exportable = policyPrivate.extractable || policyPublic.extractable; @@ -1367,9 +1332,9 @@ int CKMLogic::readCertificateHelper( i.first, CKM::Password(), caChainObjs); - if(ec != CKM_API_SUCCESS && ec != CKM_API_ERROR_DB_ALIAS_UNKNOWN) + if (ec != CKM_API_SUCCESS && ec != CKM_API_ERROR_DB_ALIAS_UNKNOWN) return ec; - for(auto &caCertObj : caChainObjs) + for (auto &caCertObj : caChainObjs) certVector.emplace_back(caCertObj->getBinary(), DataFormat::FORM_DER); } return CKM_API_SUCCESS; @@ -1391,13 +1356,13 @@ int CKMLogic::getCertificateChainHelper( for (auto &e: untrustedCertificates) { CertificateImpl c(e, DataFormat::FORM_DER); - if(c.empty()) + if (c.empty()) return CKM_API_ERROR_INPUT_PARAM; untrustedCertVector.push_back(std::move(c)); } for (auto &e: trustedCertificates) { CertificateImpl c(e, DataFormat::FORM_DER); - if(c.empty()) + if (c.empty()) return CKM_API_ERROR_INPUT_PARAM; trustedCertVector.push_back(std::move(c)); } @@ -1540,9 +1505,8 @@ RawBuffer CKMLogic::createSignature( try { Crypto::GObjUPtr obj; retCode = readDataHelper(false, cred, DataType::DB_KEY_FIRST, privateKeyName, ownerLabel, password, obj); - if(retCode == CKM_API_SUCCESS) { + if (retCode == CKM_API_SUCCESS) signature = obj->sign(cryptoAlg, message); - } } catch (const Exc::Exception &e) { retCode = e.error(); } catch (const CKM::Exception &e) { @@ -1580,13 +1544,11 @@ RawBuffer CKMLogic::verifySignature( // rather than private key from the same PKCS. Crypto::GObjUPtr obj; retCode = readDataHelper(false, cred, DataType::CERTIFICATE, publicKeyOrCertName, ownerLabel, password, obj); - if (retCode == CKM_API_ERROR_DB_ALIAS_UNKNOWN) { + if (retCode == CKM_API_ERROR_DB_ALIAS_UNKNOWN) retCode = readDataHelper(false, cred, DataType::DB_KEY_FIRST, publicKeyOrCertName, ownerLabel, password, obj); - } - if (retCode == CKM_API_SUCCESS) { + if (retCode == CKM_API_SUCCESS) retCode = obj->verify(params, message, signature); - } } catch (const Exc::Exception &e) { retCode = e.error(); } catch (const CKM::Exception &e) { @@ -1621,7 +1583,7 @@ int CKMLogic::setPermissionHelper( return CKM_API_ERROR_INPUT_PARAM; // currently we don't support modification of owner's permissions to his own rows - if (ownerLabel==accessorLabel) + if (ownerLabel == accessorLabel) return CKM_API_ERROR_INPUT_PARAM; // system database does not support write/remove permissions @@ -1631,18 +1593,17 @@ int CKMLogic::setPermissionHelper( // can the client modify permissions to owner's row? int retCode = m_accessControl.canModify(cred, ownerLabel); - if(retCode != CKM_API_SUCCESS) + if (retCode != CKM_API_SUCCESS) return retCode; DB::Crypto::Transaction transaction(&handler.database); - if( !handler.database.isNameLabelPresent(name, ownerLabel) ) + if (!handler.database.isNameLabelPresent(name, ownerLabel)) return CKM_API_ERROR_DB_ALIAS_UNKNOWN; // removing non-existing permissions: fail - if(permissionMask == Permission::NONE) - { - if(!handler.database.getPermissionRow(name, ownerLabel, accessorLabel)) + if (permissionMask == Permission::NONE) { + if (!handler.database.getPermissionRow(name, ownerLabel, accessorLabel)) return CKM_API_ERROR_INPUT_PARAM; } @@ -1680,7 +1641,7 @@ int CKMLogic::loadAppKey(UserData& handle, const Label& appLabel) if (!handle.crypto.haveKey(appLabel)) { RawBuffer key; auto key_optional = handle.database.getKey(appLabel); - if(!key_optional) { + if (!key_optional) { LogError("No key for given label in database"); return CKM_API_ERROR_DB_ERROR; } diff --git a/src/manager/service/ckm-logic.h b/src/manager/service/ckm-logic.h index 3c1cb3a..dafe530 100644 --- a/src/manager/service/ckm-logic.h +++ b/src/manager/service/ckm-logic.h @@ -215,7 +215,6 @@ protected: int unlockSystemDB(); private: - // select private/system database depending on asking uid and owner label. // output: database handler and effective label UserData & selectDatabase(const Credentials &incoming_cred, diff --git a/src/manager/service/ckm-service.cpp b/src/manager/service/ckm-service.cpp old mode 100644 new mode 100755 index c87a443..6773c47 --- a/src/manager/service/ckm-service.cpp +++ b/src/manager/service/ckm-service.cpp @@ -36,21 +36,24 @@ const CKM::InterfaceID SOCKET_ID_STORAGE = 1; namespace CKM { -CKMService::CKMService() - : m_logic(new CKMLogic) +CKMService::CKMService() : + m_logic(new CKMLogic) { InitialValues::LoadFiles(*m_logic); } -CKMService::~CKMService() { +CKMService::~CKMService() +{ delete m_logic; } -void CKMService::Start() { +void CKMService::Start() +{ Create(); } -void CKMService::Stop() { +void CKMService::Stop() +{ Join(); } @@ -75,7 +78,7 @@ bool CKMService::ProcessOne( ConnectionInfo &info, bool /*allowed*/) { - LogDebug ("process One"); + LogDebug("process One"); RawBuffer response; Try { @@ -90,9 +93,9 @@ bool CKMService::ProcessOne( m_serviceManager->Write(conn, response); return true; - } Catch (MessageBuffer::Exception::Base) { + } Catch(MessageBuffer::Exception::Base) { LogError("Broken protocol. Closing socket."); - } Catch (Exception::BrokenProtocol) { + } Catch(Exception::BrokenProtocol) { LogError("Broken protocol. Closing socket."); } catch (const DataType::Exception::Base &e) { LogError("Closing socket. DBDataType::Exception: " << e.DumpToString()); @@ -108,7 +111,8 @@ bool CKMService::ProcessOne( return false; } -RawBuffer CKMService::ProcessControl(MessageBuffer &buffer) { +RawBuffer CKMService::ProcessControl(MessageBuffer &buffer) +{ int command = 0; uid_t user = 0; ControlCommand cc; @@ -121,7 +125,7 @@ RawBuffer CKMService::ProcessControl(MessageBuffer &buffer) { cc = static_cast(command); - switch(cc) { + switch (cc) { case ControlCommand::UNLOCK_USER_KEY: buffer.Deserialize(user, newPass); return m_logic->unlockUserKey(user, newPass); @@ -187,211 +191,213 @@ RawBuffer CKMService::ProcessStorage(Credentials &cred, MessageBuffer &buffer) LogDebug("Process storage. Command: " << command); - switch(static_cast(command)) { - case LogicCommand::SAVE: - { - RawBuffer rawData; - PolicySerializable policy; - buffer.Deserialize(tmpDataType, name, label, rawData, policy); - return m_logic->saveData( - cred, - msgID, - name, - label, - Crypto::Data(DataType(tmpDataType), std::move(rawData)), - policy); - } - case LogicCommand::SAVE_PKCS12: - { - RawBuffer rawData; - PKCS12Serializable pkcs; - PolicySerializable keyPolicy, certPolicy; - buffer.Deserialize(name, label, pkcs, keyPolicy, certPolicy); - return m_logic->savePKCS12( - cred, - msgID, - name, - label, - pkcs, - keyPolicy, - certPolicy); - } - case LogicCommand::REMOVE: - { - buffer.Deserialize(name, label); - return m_logic->removeData( - cred, - msgID, - name, - label); - } - case LogicCommand::GET: - { - Password password; - buffer.Deserialize(tmpDataType, name, label, password); - return m_logic->getData( - cred, - msgID, - DataType(tmpDataType), - name, - label, - password); - } - case LogicCommand::GET_PKCS12: - { - Password passKey; - Password passCert; - buffer.Deserialize(name, - label, - passKey, - passCert); - return m_logic->getPKCS12( - cred, - msgID, - name, - label, - passKey, - passCert); - } - case LogicCommand::GET_LIST: - { - buffer.Deserialize(tmpDataType); - return m_logic->getDataList( - cred, - msgID, - DataType(tmpDataType)); - } - case LogicCommand::CREATE_KEY_AES: - { - int size = 0; - Name keyName; - Label keyLabel; - PolicySerializable policyKey; - buffer.Deserialize(size, - policyKey, - keyName, - keyLabel); - return m_logic->createKeyAES( - cred, - msgID, - size, - keyName, - keyLabel, - policyKey); - } - case LogicCommand::CREATE_KEY_PAIR: - { - CryptoAlgorithmSerializable keyGenAlgorithm; - Name privateKeyName; - Label privateKeyLabel; - Name publicKeyName; - Label publicKeyLabel; - PolicySerializable policyPrivateKey; - PolicySerializable policyPublicKey; - buffer.Deserialize(keyGenAlgorithm, - policyPrivateKey, - policyPublicKey, - privateKeyName, - privateKeyLabel, - publicKeyName, - publicKeyLabel); - return m_logic->createKeyPair( - cred, - msgID, - keyGenAlgorithm, - privateKeyName, - privateKeyLabel, - publicKeyName, - publicKeyLabel, - policyPrivateKey, - policyPublicKey); - } - case LogicCommand::GET_CHAIN_CERT: - { - RawBuffer certificate; - RawBufferVector untrustedVector; - RawBufferVector trustedVector; - bool systemCerts = false; - buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts); - return m_logic->getCertificateChain( - cred, - msgID, - certificate, - untrustedVector, - trustedVector, - systemCerts); - } - case LogicCommand::GET_CHAIN_ALIAS: - { - RawBuffer certificate; - LabelNameVector untrustedVector; - LabelNameVector trustedVector; - bool systemCerts = false; - buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts); - return m_logic->getCertificateChain( - cred, - msgID, - certificate, - untrustedVector, - trustedVector, - systemCerts); - } - case LogicCommand::CREATE_SIGNATURE: - { - Password password; // password for private_key - RawBuffer message; - - CryptoAlgorithmSerializable cAlgorithm; - buffer.Deserialize(name, label, password, message, cAlgorithm); - - return m_logic->createSignature( - cred, - msgID, - name, - label, - password, // password for private_key - message, - cAlgorithm); - } - case LogicCommand::VERIFY_SIGNATURE: - { - Password password; // password for public_key (optional) - RawBuffer message; - RawBuffer signature; - CryptoAlgorithmSerializable cAlg; - - buffer.Deserialize(name, - label, - password, - message, - signature, - cAlg); - - return m_logic->verifySignature( - cred, - msgID, - name, - label, - password, // password for public_key (optional) - message, - signature, - cAlg); - } - case LogicCommand::SET_PERMISSION: - { - PermissionMask permissionMask = 0; - buffer.Deserialize(name, label, accessorLabel, permissionMask); - return m_logic->setPermission( - cred, - command, - msgID, - name, - label, - accessorLabel, - permissionMask); - } - default: - Throw(Exception::BrokenProtocol); + switch (static_cast(command)) { + case LogicCommand::SAVE: + { + RawBuffer rawData; + PolicySerializable policy; + buffer.Deserialize(tmpDataType, name, label, rawData, policy); + return m_logic->saveData( + cred, + msgID, + name, + label, + Crypto::Data(DataType(tmpDataType), std::move(rawData)), + policy); + } + case LogicCommand::SAVE_PKCS12: + { + RawBuffer rawData; + PKCS12Serializable pkcs; + PolicySerializable keyPolicy, certPolicy; + buffer.Deserialize(name, label, pkcs, keyPolicy, certPolicy); + return m_logic->savePKCS12( + cred, + msgID, + name, + label, + pkcs, + keyPolicy, + certPolicy); + } + case LogicCommand::REMOVE: + { + buffer.Deserialize(name, label); + return m_logic->removeData( + cred, + msgID, + name, + label); + } + case LogicCommand::GET: + { + Password password; + buffer.Deserialize(tmpDataType, name, label, password); + return m_logic->getData( + cred, + msgID, + DataType(tmpDataType), + name, + label, + password); + } + case LogicCommand::GET_PKCS12: + { + Password passKey; + Password passCert; + buffer.Deserialize( + name, + label, + passKey, + passCert); + return m_logic->getPKCS12( + cred, + msgID, + name, + label, + passKey, + passCert); + } + case LogicCommand::GET_LIST: + { + buffer.Deserialize(tmpDataType); + return m_logic->getDataList( + cred, + msgID, + DataType(tmpDataType)); + } + case LogicCommand::CREATE_KEY_AES: + { + int size = 0; + Name keyName; + Label keyLabel; + PolicySerializable policyKey; + buffer.Deserialize( + size, + policyKey, + keyName, + keyLabel); + return m_logic->createKeyAES( + cred, + msgID, + size, + keyName, + keyLabel, + policyKey); + } + case LogicCommand::CREATE_KEY_PAIR: + { + CryptoAlgorithmSerializable keyGenAlgorithm; + Name privateKeyName; + Label privateKeyLabel; + Name publicKeyName; + Label publicKeyLabel; + PolicySerializable policyPrivateKey; + PolicySerializable policyPublicKey; + buffer.Deserialize(keyGenAlgorithm, + policyPrivateKey, + policyPublicKey, + privateKeyName, + privateKeyLabel, + publicKeyName, + publicKeyLabel); + return m_logic->createKeyPair( + cred, + msgID, + keyGenAlgorithm, + privateKeyName, + privateKeyLabel, + publicKeyName, + publicKeyLabel, + policyPrivateKey, + policyPublicKey); + } + case LogicCommand::GET_CHAIN_CERT: + { + RawBuffer certificate; + RawBufferVector untrustedVector; + RawBufferVector trustedVector; + bool systemCerts = false; + buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts); + return m_logic->getCertificateChain( + cred, + msgID, + certificate, + untrustedVector, + trustedVector, + systemCerts); + } + case LogicCommand::GET_CHAIN_ALIAS: + { + RawBuffer certificate; + LabelNameVector untrustedVector; + LabelNameVector trustedVector; + bool systemCerts = false; + buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts); + return m_logic->getCertificateChain( + cred, + msgID, + certificate, + untrustedVector, + trustedVector, + systemCerts); + } + case LogicCommand::CREATE_SIGNATURE: + { + Password password; // password for private_key + RawBuffer message; + + CryptoAlgorithmSerializable cAlgorithm; + buffer.Deserialize(name, label, password, message, cAlgorithm); + + return m_logic->createSignature( + cred, + msgID, + name, + label, + password, // password for private_key + message, + cAlgorithm); + } + case LogicCommand::VERIFY_SIGNATURE: + { + Password password; // password for public_key (optional) + RawBuffer message; + RawBuffer signature; + CryptoAlgorithmSerializable cAlg; + + buffer.Deserialize(name, + label, + password, + message, + signature, + cAlg); + + return m_logic->verifySignature( + cred, + msgID, + name, + label, + password, // password for public_key (optional) + message, + signature, + cAlg); + } + case LogicCommand::SET_PERMISSION: + { + PermissionMask permissionMask = 0; + buffer.Deserialize(name, label, accessorLabel, permissionMask); + return m_logic->setPermission( + cred, + command, + msgID, + name, + label, + accessorLabel, + permissionMask); + } + default: + Throw(Exception::BrokenProtocol); } } @@ -412,14 +418,16 @@ void CKMService::ProcessMessage(MsgKeyRequest msg) } } -void CKMService::CustomHandle(const ReadEvent &event) { +void CKMService::CustomHandle(const ReadEvent &event) +{ LogDebug("Read event"); auto &info = m_connectionInfoMap[event.connectionID.counter]; info.buffer.Push(event.rawBuffer); - while(ProcessOne(event.connectionID, info, true)); + while (ProcessOne(event.connectionID, info, true)); } -void CKMService::CustomHandle(const SecurityEvent & /*event*/) { +void CKMService::CustomHandle(const SecurityEvent & /*event*/) +{ LogError("This should not happend! SecurityEvent was called on CKMService!"); } diff --git a/src/manager/service/ckm-service.h b/src/manager/service/ckm-service.h index 5b6221e..b927f40 100644 --- a/src/manager/service/ckm-service.h +++ b/src/manager/service/ckm-service.h @@ -30,8 +30,7 @@ namespace CKM { class CKMLogic; -class CKMService : public ThreadMessageService -{ +class CKMService : public ThreadMessageService { public: CKMService(); CKMService(const CKMService &) = delete; @@ -41,11 +40,13 @@ public: // Custom add custom support for ReadEvent and SecurityEvent // because we want to bypass security check in CKMService - virtual void Event(const ReadEvent &event) { + virtual void Event(const ReadEvent &event) + { CreateEvent([this, event]() { this->CustomHandle(event); }); } - virtual void Event(const SecurityEvent &event) { + virtual void Event(const SecurityEvent &event) + { CreateEvent([this, event]() { this->CustomHandle(event); }); } diff --git a/src/manager/service/crypto-logic.cpp b/src/manager/service/crypto-logic.cpp old mode 100644 new mode 100755 index b5b5959..2fd9d7d --- a/src/manager/service/crypto-logic.cpp +++ b/src/manager/service/crypto-logic.cpp @@ -72,11 +72,13 @@ const int ENCR_ORDER_V2 = CryptoLogic::ENCRYPTION_V2 << ENCR_ORDER_OFFSET; CryptoLogic::CryptoLogic() {} -CryptoLogic::CryptoLogic(CryptoLogic &&second) { +CryptoLogic::CryptoLogic(CryptoLogic &&second) +{ m_keyMap = std::move(second.m_keyMap); } -CryptoLogic& CryptoLogic::operator=(CryptoLogic &&second) { +CryptoLogic& CryptoLogic::operator=(CryptoLogic &&second) +{ if (this == &second) return *this; m_keyMap = std::move(second.m_keyMap); @@ -91,16 +93,15 @@ bool CryptoLogic::haveKey(const Label &smackLabel) void CryptoLogic::pushKey(const Label &smackLabel, const RawBuffer &applicationKey) { - if (smackLabel.length() == 0) { + if (smackLabel.length() == 0) ThrowErr(Exc::InternalError, "Empty smack label."); - } - if (applicationKey.size() == 0) { + + if (applicationKey.size() == 0) ThrowErr(Exc::InternalError, "Empty application key."); - } - if (haveKey(smackLabel)) { + + if (haveKey(smackLabel)) ThrowErr(Exc::InternalError, "Application key for ", smackLabel, "label already exists."); - } m_keyMap[smackLabel] = applicationKey; } @@ -125,19 +126,17 @@ RawBuffer CryptoLogic::passwordToKey( 1024, result.size(), result.data())) - { ThrowErr(Exc::InternalError, "PCKS5_PKKDF_HMAC_SHA1 failed."); - } return result; } -RawBuffer CryptoLogic::generateRandIV() const { +RawBuffer CryptoLogic::generateRandIV() const +{ RawBuffer civ(EVP_MAX_IV_LENGTH); - if (1 != RAND_bytes(civ.data(), civ.size())) { + if (1 != RAND_bytes(civ.data(), civ.size())) ThrowErr(Exc::InternalError, "RAND_bytes failed to generate IV."); - } return civ; } @@ -153,18 +152,15 @@ void CryptoLogic::encryptRow(DB::Row &row) crow.algorithmType = DBCMAlgType::AES_GCM_256; crow.dataSize = crow.data.size(); - if (crow.dataSize <= 0) { + if (crow.dataSize <= 0) ThrowErr(Exc::InternalError, "Invalid dataSize."); - } - if (!haveKey(row.ownerLabel)) { + if (!haveKey(row.ownerLabel)) ThrowErr(Exc::InternalError, "Missing application key for ", row.ownerLabel, " label."); - } - if (crow.iv.empty()) { + if (crow.iv.empty()) crow.iv = generateRandIV(); - } key = m_keyMap[row.ownerLabel]; crow.encryptionScheme = ENCR_APPKEY; @@ -201,33 +197,28 @@ void CryptoLogic::decryptRow(const Password &password, DB::Row &row) RawBuffer key; RawBuffer digest, dataDigest; - if (row.algorithmType != DBCMAlgType::AES_GCM_256) { + if (row.algorithmType != DBCMAlgType::AES_GCM_256) ThrowErr(Exc::AuthenticationFailed, "Invalid algorithm type."); - } - if ((row.encryptionScheme & ENCR_PASSWORD) && password.empty()) { + if ((row.encryptionScheme & ENCR_PASSWORD) && password.empty()) ThrowErr(Exc::AuthenticationFailed, "DB row is password protected, but given password is empty."); - } - if(!(row.encryptionScheme & ENCR_PASSWORD) && !password.empty()) { + if (!(row.encryptionScheme & ENCR_PASSWORD) && !password.empty()) ThrowErr(Exc::AuthenticationFailed, "DB row is not password protected, but given password is not empty."); - } - if ((row.encryptionScheme & ENCR_APPKEY) && !haveKey(row.ownerLabel)) { + if ((row.encryptionScheme & ENCR_APPKEY) && !haveKey(row.ownerLabel)) ThrowErr(Exc::AuthenticationFailed, "Missing application key for ", row.ownerLabel, " label."); - } decBase64(crow.iv); - if (crow.encryptionScheme & ENCR_BASE64) { + if (crow.encryptionScheme & ENCR_BASE64) decBase64(crow.data); - } - if((crow.encryptionScheme >> ENCR_ORDER_OFFSET) == ENCR_ORDER_V2) { + if ((crow.encryptionScheme >> ENCR_ORDER_OFFSET) == ENCR_ORDER_V2) { if (crow.encryptionScheme & ENCR_APPKEY) { key = m_keyMap[crow.ownerLabel]; crow.data = Crypto::SW::Internals::decryptDataAesGcm(key, crow.data, crow.iv, crow.tag); @@ -243,13 +234,12 @@ void CryptoLogic::decryptRow(const Password &password, DB::Row &row) crow.data = Crypto::SW::Internals::decryptDataAesGcm(key, crow.data, crow.iv, crow.tag); } } - if (static_cast(crow.data.size()) < crow.dataSize) { + + if (static_cast(crow.data.size()) < crow.dataSize) ThrowErr(Exc::AuthenticationFailed, "Decrypted row size mismatch"); - } - if (static_cast(crow.data.size()) > crow.dataSize) { + if (static_cast(crow.data.size()) > crow.dataSize) crow.data.resize(crow.dataSize); - } row = std::move(crow); } catch(const CKM::Base64Encoder::Exception::Base &e) { @@ -270,9 +260,8 @@ void CryptoLogic::encBase64(RawBuffer &data) benc.finalize(); encdata = benc.get(); - if (encdata.size() == 0) { + if (encdata.size() == 0) ThrowErr(Exc::InternalError, "Base64Encoder returned empty data."); - } data = std::move(encdata); } @@ -284,15 +273,13 @@ void CryptoLogic::decBase64(RawBuffer &data) bdec.reset(); bdec.append(data); - if (!bdec.finalize()) { + if (!bdec.finalize()) ThrowErr(Exc::InternalError, "Failed in Base64Decoder.finalize."); - } decdata = bdec.get(); - if (decdata.size() == 0) { + if (decdata.size() == 0) ThrowErr(Exc::InternalError, "Base64Decoder returned empty data."); - } data = std::move(decdata); } diff --git a/src/manager/service/crypto-logic.h b/src/manager/service/crypto-logic.h index aa4a0e8..8bc2554 100644 --- a/src/manager/service/crypto-logic.h +++ b/src/manager/service/crypto-logic.h @@ -35,7 +35,7 @@ public: CryptoLogic& operator=(CryptoLogic &&second); CryptoLogic& operator=(const CryptoLogic &second) = delete; - virtual ~CryptoLogic(){} + virtual ~CryptoLogic() {} void decryptRow(const Password &password, DB::Row &row); void encryptRow(DB::Row &row); diff --git a/src/manager/service/crypto-request.h b/src/manager/service/crypto-request.h index d8acf2b..c8c16bf 100644 --- a/src/manager/service/crypto-request.h +++ b/src/manager/service/crypto-request.h @@ -27,8 +27,7 @@ namespace CKM { -struct CryptoRequest -{ +struct CryptoRequest { ConnectionID conn; Credentials cred; EncryptionCommand command; diff --git a/src/manager/service/db-crypto.cpp b/src/manager/service/db-crypto.cpp old mode 100644 new mode 100755 index 572b2a0..b70c85e --- a/src/manager/service/db-crypto.cpp +++ b/src/manager/service/db-crypto.cpp @@ -176,11 +176,13 @@ namespace DB { other.m_inUserTransaction = false; } - Crypto::~Crypto() { + Crypto::~Crypto() + { delete m_connection; } - Crypto& Crypto::operator=(Crypto&& other) { + Crypto& Crypto::operator=(Crypto&& other) + { if (this == &other) return *this; delete m_connection; @@ -226,22 +228,20 @@ namespace DB { bool Crypto::getDBVersion(int & schemaVersion) { SchemaInfo SchemaInfo(this); - if(SchemaInfo.getVersionInfo(schemaVersion)) { + if (SchemaInfo.getVersionInfo(schemaVersion)) { LogDebug("Current DB version: " << schemaVersion); return true; - } - else - { + } else { LogDebug("No DB version known or DB not present"); // special case: old CKM_TABLE exists - if(m_connection->CheckTableExist("CKM_TABLE")) { + if (m_connection->CheckTableExist("CKM_TABLE")) { schemaVersion = DB_VERSION_1; return true; } // special case: new scheme exists, but no SCHEMA_INFO table present - else if(m_connection->CheckTableExist("NAME_TABLE")) { + else if (m_connection->CheckTableExist("NAME_TABLE")) { schemaVersion = DB_VERSION_2; return true; } @@ -254,22 +254,17 @@ namespace DB { { // run migration if old database is present int schemaVersion; - if( getDBVersion(schemaVersion)==false || // DB empty or corrupted - schemaVersion > DB_VERSION_CURRENT) // or too new scheme - { + if ( getDBVersion(schemaVersion) == false || // DB empty or corrupted + schemaVersion > DB_VERSION_CURRENT) { // or too new scheme LogDebug("no database or database corrupted, initializing the DB"); resetDB(); - } - else - { + } else { // migration needed LogDebug("DB migration from version " << schemaVersion << " to version " << DB_VERSION_CURRENT << " started."); Transaction transaction(this); - for(int vi=schemaVersion; vi begin(is),end; + std::istreambuf_iterator begin(is), end; return ScriptOptional(std::string(begin, end)); } @@ -305,14 +299,14 @@ namespace DB { return getScript(scriptPath); } - void Crypto::createDBSchema() { + void Crypto::createDBSchema() + { Transaction transaction(this); ScriptOptional script = getScript(SCRIPT_CREATE_SCHEMA); - if(!script) - { + + if (!script) ThrowErr(Exc::DatabaseFailed, "Can not create the database schema: no initialization script"); - } m_connection->ExecCommand((*script).c_str()); SchemaInfo SchemaInfo(this); @@ -320,20 +314,20 @@ namespace DB { transaction.commit(); } - void Crypto::resetDB() { + void Crypto::resetDB() + { Transaction transaction(this); ScriptOptional script = getScript(SCRIPT_DROP_ALL_ITEMS); - if(!script) - { + if (!script) ThrowErr(Exc::DatabaseFailed, "Can not clear the database: no clearing script"); - } m_connection->ExecCommand((*script).c_str()); createDBSchema(); transaction.commit(); } - bool Crypto::isNameLabelPresent(const Name &name, const Label &owner) const { + bool Crypto::isNameLabelPresent(const Name &name, const Label &owner) const + { Try { NameTable nameTable(this->m_connection); return nameTable.isPresent(name, owner); @@ -368,7 +362,8 @@ namespace DB { ThrowErr(Exc::DatabaseFailed, "Couldn't save Row"); } - void Crypto::saveRow(const Row &row) { + void Crypto::saveRow(const Row &row) + { Try { // transaction is present in the layer above NameTable nameTable(this->m_connection); @@ -389,7 +384,8 @@ namespace DB { ThrowErr(Exc::DatabaseFailed, "Couldn't save Row"); } - void Crypto::updateRow(const Row &row) { + void Crypto::updateRow(const Row &row) + { Try { // transaction is present in the layer above ObjectTable objectTable(this->m_connection); @@ -410,15 +406,14 @@ namespace DB { Try { // transaction is present in the layer above NameTable nameTable(this->m_connection); - if(nameTable.isPresent(name, ownerLabel)) - { + if (nameTable.isPresent(name, ownerLabel)) { nameTable.deleteRow(name, ownerLabel); return true; } return false; - } Catch (SqlConnection::Exception::SyntaxError) { + } Catch(SqlConnection::Exception::SyntaxError) { LogError("Couldn't prepare delete statement"); - } Catch (SqlConnection::Exception::InternalError) { + } Catch(SqlConnection::Exception::InternalError) { LogError("Couldn't execute delete statement"); } ThrowErr(Exc::DatabaseFailed, @@ -426,7 +421,8 @@ namespace DB { } Row Crypto::getRow( - const SqlConnection::DataCommandUniquePtr &selectCommand) const { + const SqlConnection::DataCommandUniquePtr &selectCommand) const + { Row row; row.name = selectCommand->GetColumnString(0); row.ownerLabel = selectCommand->GetColumnString(1); @@ -450,11 +446,11 @@ namespace DB { Try { PermissionTable permissionTable(this->m_connection); return permissionTable.getPermissionRow(name, ownerLabel, accessorLabel); - } Catch (SqlConnection::Exception::InvalidColumn) { + } Catch(SqlConnection::Exception::InvalidColumn) { LogError("Select statement invalid column error"); - } Catch (SqlConnection::Exception::SyntaxError) { + } Catch(SqlConnection::Exception::SyntaxError) { LogError("Couldn't prepare select statement"); - } Catch (SqlConnection::Exception::InternalError) { + } Catch(SqlConnection::Exception::InternalError) { LogError("Couldn't execute select statement"); } return PermissionMaskOptional(); @@ -481,11 +477,10 @@ namespace DB { selectCommand->BindInteger(2, typeRangeStop); // name table reference - selectCommand->BindString (101, name.c_str()); - selectCommand->BindString (102, ownerLabel.c_str()); + selectCommand->BindString(101, name.c_str()); + selectCommand->BindString(102, ownerLabel.c_str()); - if(selectCommand->Step()) - { + if (selectCommand->Step()) { // extract data Row current_row = getRow(selectCommand); @@ -494,11 +489,11 @@ namespace DB { } else { return RowOptional(); } - } Catch (SqlConnection::Exception::InvalidColumn) { + } Catch(SqlConnection::Exception::InvalidColumn) { LogError("Select statement invalid column error"); - } Catch (SqlConnection::Exception::SyntaxError) { + } Catch(SqlConnection::Exception::SyntaxError) { LogError("Couldn't prepare select statement"); - } Catch (SqlConnection::Exception::InternalError) { + } Catch(SqlConnection::Exception::InternalError) { LogError("Couldn't execute select statement"); } ThrowErr(Exc::DatabaseFailed, @@ -531,20 +526,19 @@ namespace DB { selectCommand->BindInteger(2, typeRangeStop); // name table reference - selectCommand->BindString (101, name.c_str()); - selectCommand->BindString (102, ownerLabel.c_str()); + selectCommand->BindString(101, name.c_str()); + selectCommand->BindString(102, ownerLabel.c_str()); - while(selectCommand->Step()) - { + while (selectCommand->Step()) { // extract data output.push_back(getRow(selectCommand)); } return; - } Catch (SqlConnection::Exception::InvalidColumn) { + } Catch(SqlConnection::Exception::InvalidColumn) { LogError("Select statement invalid column error"); - } Catch (SqlConnection::Exception::SyntaxError) { + } Catch(SqlConnection::Exception::SyntaxError) { LogError("Couldn't prepare select statement"); - } Catch (SqlConnection::Exception::InternalError) { + } Catch(SqlConnection::Exception::InternalError) { LogError("Couldn't execute select statement"); } ThrowErr(Exc::DatabaseFailed, @@ -568,7 +562,7 @@ namespace DB { DataType typeRangeStart, DataType typeRangeStop) { - Try{ + Try { Transaction transaction(this); SqlConnection::DataCommandUniquePtr selectCommand = m_connection->PrepareDataCommand(DB_CMD_NAME_SELECT_BY_TYPE_AND_PERMISSION); @@ -577,17 +571,17 @@ namespace DB { selectCommand->BindString(104, smackLabel.c_str()); selectCommand->BindInteger(4, static_cast(Permission::READ | Permission::REMOVE)); - while(selectCommand->Step()) { + while (selectCommand->Step()) { Label ownerLabel = selectCommand->GetColumnString(0); Name name = selectCommand->GetColumnString(1); labelNameVector.push_back(std::make_pair(ownerLabel, name)); } return; - } Catch (SqlConnection::Exception::InvalidColumn) { + } Catch(SqlConnection::Exception::InvalidColumn) { LogError("Select statement invalid column error"); - } Catch (SqlConnection::Exception::SyntaxError) { + } Catch(SqlConnection::Exception::SyntaxError) { LogError("Couldn't prepare select statement"); - } Catch (SqlConnection::Exception::InternalError) { + } Catch(SqlConnection::Exception::InternalError) { LogError("Couldn't execute select statement"); } ThrowErr(Exc::DatabaseFailed, @@ -597,8 +591,6 @@ namespace DB { " accessible to client label ", smackLabel); } - - void Crypto::saveKey( const Label& label, const RawBuffer &key) @@ -610,9 +602,9 @@ namespace DB { insertCommand->BindBlob(2, key); insertCommand->Step(); return; - } Catch (SqlConnection::Exception::SyntaxError) { + } Catch(SqlConnection::Exception::SyntaxError) { LogError("Couldn't prepare insert key statement"); - } Catch (SqlConnection::Exception::InternalError) { + } Catch(SqlConnection::Exception::InternalError) { LogError("Couldn't execute insert statement"); } ThrowErr(Exc::DatabaseFailed, "Couldn't save key for label ", label); @@ -625,24 +617,23 @@ namespace DB { m_connection->PrepareDataCommand(DB_CMD_KEY_SELECT); selectCommand->BindString(1, label.c_str()); - if (selectCommand->Step()) { + if (selectCommand->Step()) return RawBufferOptional( selectCommand->GetColumnBlob(0)); - } else { + else return RawBufferOptional(); - } - - } Catch (SqlConnection::Exception::InvalidColumn) { + } Catch(SqlConnection::Exception::InvalidColumn) { LogError("Select statement invalid column error"); - } Catch (SqlConnection::Exception::SyntaxError) { + } Catch(SqlConnection::Exception::SyntaxError) { LogError("Couldn't prepare insert key statement"); - } Catch (SqlConnection::Exception::InternalError) { + } Catch(SqlConnection::Exception::InternalError) { LogError("Couldn't execute insert statement"); } ThrowErr(Exc::DatabaseFailed, "Couldn't get key for label ", label); } - void Crypto::deleteKey(const Label& label) { + void Crypto::deleteKey(const Label& label) + { Try { Transaction transaction(this); @@ -656,9 +647,9 @@ namespace DB { transaction.commit(); return; - } Catch (SqlConnection::Exception::SyntaxError) { + } Catch(SqlConnection::Exception::SyntaxError) { LogError("Couldn't prepare insert key statement"); - } Catch (SqlConnection::Exception::InternalError) { + } Catch(SqlConnection::Exception::InternalError) { LogError("Couldn't execute insert statement"); } ThrowErr(Exc::DatabaseFailed, "Couldn't delete key for label ", label); @@ -674,16 +665,16 @@ namespace DB { PermissionTable permissionTable(this->m_connection); permissionTable.setPermission(name, ownerLabel, accessorLabel, permissionMask); return; - } Catch (SqlConnection::Exception::SyntaxError) { + } Catch(SqlConnection::Exception::SyntaxError) { LogError("Couldn't prepare set statement"); - } Catch (SqlConnection::Exception::InternalError) { + } Catch(SqlConnection::Exception::InternalError) { LogError("Couldn't execute set statement"); } ThrowErr(Exc::DatabaseFailed, "Couldn't set permissions for name ", name); } - - void Crypto::SchemaInfo::setVersionInfo() { + void Crypto::SchemaInfo::setVersionInfo() + { SqlConnection::DataCommandUniquePtr insertContextCommand = m_db->m_connection->PrepareDataCommand(DB_CMD_SCHEMA_SET); insertContextCommand->BindString(101, DB_SCHEMA_VERSION_FIELD); @@ -700,15 +691,15 @@ namespace DB { m_db->m_connection->PrepareDataCommand(DB_CMD_SCHEMA_GET); selectCommand->BindString(101, DB_SCHEMA_VERSION_FIELD); - if(selectCommand->Step()) { + if (selectCommand->Step()) { version = static_cast(atoi(selectCommand->GetColumnString(1).c_str())); return true; } - } Catch (SqlConnection::Exception::InvalidColumn) { + } Catch(SqlConnection::Exception::InvalidColumn) { LogError("Select statement invalid column error"); - } Catch (SqlConnection::Exception::SyntaxError) { + } Catch(SqlConnection::Exception::SyntaxError) { LogError("Couldn't prepare select statement"); - } Catch (SqlConnection::Exception::InternalError) { + } Catch(SqlConnection::Exception::InternalError) { LogError("Couldn't execute select statement"); } return false; @@ -720,8 +711,7 @@ namespace DB { const Label& accessorLabel, const PermissionMask permissionMask) { - if(permissionMask == Permission::NONE) - { + if (permissionMask == Permission::NONE) { // clear permissions SqlConnection::DataCommandUniquePtr deletePermissionCommand = m_connection->PrepareDataCommand(DB_CMD_PERMISSION_DELETE); @@ -729,9 +719,7 @@ namespace DB { deletePermissionCommand->BindString(101, name.c_str()); deletePermissionCommand->BindString(102, ownerLabel.c_str()); deletePermissionCommand->Step(); - } - else - { + } else { // add new permissions SqlConnection::DataCommandUniquePtr setPermissionCommand = m_connection->PrepareDataCommand(DB_CMD_PERMISSION_SET); @@ -756,8 +744,7 @@ namespace DB { selectCommand->BindString(101, name.c_str()); selectCommand->BindString(102, ownerLabel.c_str()); - if(selectCommand->Step()) - { + if (selectCommand->Step()) { // there is entry for the pair return PermissionMaskOptional(PermissionMask(selectCommand->GetColumnInteger(0))); } @@ -771,8 +758,8 @@ namespace DB { // insert NAMES item SqlConnection::DataCommandUniquePtr insertNameCommand = m_connection->PrepareDataCommand(DB_CMD_NAME_INSERT); - insertNameCommand->BindString (101, name.c_str()); - insertNameCommand->BindString (102, ownerLabel.c_str()); + insertNameCommand->BindString(101, name.c_str()); + insertNameCommand->BindString(102, ownerLabel.c_str()); insertNameCommand->Step(); } @@ -807,11 +794,11 @@ namespace DB { m_connection->PrepareDataCommand(DB_CMD_NAME_COUNT_ROWS); checkCmd->BindString(101, name.c_str()); checkCmd->BindString(102, ownerLabel.c_str()); - if(checkCmd->Step()) { + if (checkCmd->Step()) { int element_count = checkCmd->GetColumnInteger(0); LogDebug("Item name: " << name << " ownerLabel: " << ownerLabel << " hit count: " << element_count); - if(element_count > 0) + if (element_count > 0) return true; } return false; @@ -825,15 +812,15 @@ namespace DB { insertObjectCommand->BindInteger(2, static_cast(row.dataType)); insertObjectCommand->BindInteger(3, static_cast(row.algorithmType)); insertObjectCommand->BindInteger(4, row.encryptionScheme); - insertObjectCommand->BindBlob (5, row.iv); + insertObjectCommand->BindBlob(5, row.iv); insertObjectCommand->BindInteger(6, row.dataSize); - insertObjectCommand->BindBlob (7, row.data); - insertObjectCommand->BindBlob (8, row.tag); + insertObjectCommand->BindBlob(7, row.data); + insertObjectCommand->BindBlob(8, row.tag); insertObjectCommand->BindInteger(9, static_cast(row.backendId)); // name table reference - insertObjectCommand->BindString (101, row.name.c_str()); - insertObjectCommand->BindString (102, row.ownerLabel.c_str()); + insertObjectCommand->BindString(101, row.name.c_str()); + insertObjectCommand->BindString(102, row.ownerLabel.c_str()); insertObjectCommand->Step(); } @@ -845,14 +832,14 @@ namespace DB { updateObjectCommand->BindInteger(2, static_cast(row.dataType)); updateObjectCommand->BindInteger(3, static_cast(row.algorithmType)); updateObjectCommand->BindInteger(4, row.encryptionScheme); - updateObjectCommand->BindBlob (5, row.iv); + updateObjectCommand->BindBlob(5, row.iv); updateObjectCommand->BindInteger(6, row.dataSize); - updateObjectCommand->BindBlob (7, row.data); - updateObjectCommand->BindBlob (8, row.tag); + updateObjectCommand->BindBlob(7, row.data); + updateObjectCommand->BindBlob(8, row.tag); // name table reference - updateObjectCommand->BindString (101, row.name.c_str()); - updateObjectCommand->BindString (102, row.ownerLabel.c_str()); + updateObjectCommand->BindString(101, row.name.c_str()); + updateObjectCommand->BindString(102, row.ownerLabel.c_str()); updateObjectCommand->Step(); } diff --git a/src/manager/service/db-crypto.h b/src/manager/service/db-crypto.h index fff626e..8b8925b 100644 --- a/src/manager/service/db-crypto.h +++ b/src/manager/service/db-crypto.h @@ -39,259 +39,266 @@ namespace CKM { namespace DB { - class Crypto { - public: - typedef boost::optional RowOptional; - typedef boost::optional RawBufferOptional; - Crypto() : - m_connection(NULL), - m_inUserTransaction(false) - {}; - // user name instead of path? - Crypto(const std::string &path, const RawBuffer &rawPass); - Crypto(const Crypto &other) = delete; - Crypto(Crypto &&other); - - Crypto& operator=(const Crypto& ) = delete; - Crypto& operator=(Crypto&& other); - - virtual ~Crypto(); - - void saveRow( - const Row &row); - - void saveRows( - const Name &name, - const Label &owner, - const RowVector &rows); - - void updateRow( - const Row &row); - - bool isNameLabelPresent( - const Name &name, - const Label &owner) const; - - RowOptional getRow( - const Name &name, - const Label &ownerLabel, - DataType type); - - RowOptional getRow( - const Name &name, - const Label &ownerLabel, - DataType typeRangeStart, - DataType typeRangeStop); - - void getRows( - const Name &name, - const Label &ownerLabel, - DataType type, - RowVector &output); - - void getRows( - const Name &name, - const Label &ownerLabel, - DataType typeRangeStart, - DataType typeRangeStop, - RowVector &output); - - void listNames( - const Label &smackLabel, - LabelNameVector& labelNameVector, - DataType type); - - void listNames( - const Label &smackLabel, - LabelNameVector& labelNameVector, - DataType typeRangeStart, - DataType typeRangeStop); - - bool deleteRow( - const Name &name, - const Label &ownerLabel); - - // keys - void saveKey(const Label& label, const RawBuffer &key); - RawBufferOptional getKey(const Label& label); - void deleteKey(const Label& label); - - - // permissions - void setPermission( - const Name &name, - const Label &ownerLabel, - const Label &accessorLabel, - const PermissionMask permissionMask); - - PermissionMaskOptional getPermissionRow( - const Name &name, - const Label &ownerLabel, - const Label &accessorLabel) const; - - - // transactions - int beginTransaction(); - int commitTransaction(); - int rollbackTransaction(); - - class Transaction { - public: - Transaction(Crypto *db) - : m_db(db), - m_inTransaction(false) { - if(!m_db->m_inUserTransaction) { - Try { - m_db->m_connection->ExecCommand("BEGIN EXCLUSIVE"); - m_db->m_inUserTransaction = true; - m_inTransaction = true; - } Catch (SqlConnection::Exception::InternalError) { - ThrowErr(Exc::TransactionFailed, "sqlite got into infinite busy state"); - } Catch (SqlConnection::Exception::Base) { - ThrowErr(Exc::TransactionFailed, "Couldn't begin transaction"); - } - } +class Crypto { +public: + typedef boost::optional RowOptional; + typedef boost::optional RawBufferOptional; + Crypto() : + m_connection(NULL), + m_inUserTransaction(false) + { + } + // user name instead of path? + Crypto(const std::string &path, const RawBuffer &rawPass); + Crypto(const Crypto &other) = delete; + Crypto(Crypto &&other); + + Crypto& operator=(const Crypto& ) = delete; + Crypto& operator=(Crypto&& other); + + virtual ~Crypto(); + + void saveRow( + const Row &row); + + void saveRows( + const Name &name, + const Label &owner, + const RowVector &rows); + + void updateRow( + const Row &row); + + bool isNameLabelPresent( + const Name &name, + const Label &owner) const; + + RowOptional getRow( + const Name &name, + const Label &ownerLabel, + DataType type); + + RowOptional getRow( + const Name &name, + const Label &ownerLabel, + DataType typeRangeStart, + DataType typeRangeStop); + + void getRows( + const Name &name, + const Label &ownerLabel, + DataType type, + RowVector &output); + + void getRows( + const Name &name, + const Label &ownerLabel, + DataType typeRangeStart, + DataType typeRangeStop, + RowVector &output); + + void listNames( + const Label &smackLabel, + LabelNameVector& labelNameVector, + DataType type); + + void listNames( + const Label &smackLabel, + LabelNameVector& labelNameVector, + DataType typeRangeStart, + DataType typeRangeStop); + + bool deleteRow( + const Name &name, + const Label &ownerLabel); + + // keys + void saveKey(const Label& label, const RawBuffer &key); + RawBufferOptional getKey(const Label& label); + void deleteKey(const Label& label); + + + // permissions + void setPermission( + const Name &name, + const Label &ownerLabel, + const Label &accessorLabel, + const PermissionMask permissionMask); + + PermissionMaskOptional getPermissionRow( + const Name &name, + const Label &ownerLabel, + const Label &accessorLabel) const; + + + // transactions + int beginTransaction(); + int commitTransaction(); + int rollbackTransaction(); + + class Transaction { + public: + Transaction(Crypto *db) : + m_db(db), + m_inTransaction(false) + { + if (!m_db->m_inUserTransaction) { + Try { + m_db->m_connection->ExecCommand("BEGIN EXCLUSIVE"); + m_db->m_inUserTransaction = true; + m_inTransaction = true; + } Catch(SqlConnection::Exception::InternalError) { + ThrowErr(Exc::TransactionFailed, "sqlite got into infinite busy state"); + } Catch(SqlConnection::Exception::Base) { + ThrowErr(Exc::TransactionFailed, "Couldn't begin transaction"); } - void commit() { - if(m_inTransaction) { - Try { - m_db->m_connection->CommitTransaction(); - m_db->m_inUserTransaction = false; - m_inTransaction = false; - } Catch (SqlConnection::Exception::InternalError) { - ThrowErr(Exc::TransactionFailed, "sqlite got into infinite busy state"); - } Catch (SqlConnection::Exception::Base) { - ThrowErr(Exc::TransactionFailed, "Couldn't commit transaction"); - } - } + } + } + void commit() + { + if (m_inTransaction) { + Try { + m_db->m_connection->CommitTransaction(); + m_db->m_inUserTransaction = false; + m_inTransaction = false; + } Catch(SqlConnection::Exception::InternalError) { + ThrowErr(Exc::TransactionFailed, "sqlite got into infinite busy state"); + } Catch(SqlConnection::Exception::Base) { + ThrowErr(Exc::TransactionFailed, "Couldn't commit transaction"); } - void rollback() { - if(m_inTransaction) { - Try { - m_db->m_connection->RollbackTransaction(); - m_db->m_inUserTransaction = false; - m_inTransaction = false; - } Catch (SqlConnection::Exception::InternalError) { - ThrowErr(Exc::TransactionFailed, "sqlite got into infinite busy state"); - } Catch (SqlConnection::Exception::Base) { - ThrowErr(Exc::TransactionFailed, "Couldn't rollback transaction"); - } - } + } + } + void rollback() + { + if (m_inTransaction) { + Try { + m_db->m_connection->RollbackTransaction(); + m_db->m_inUserTransaction = false; + m_inTransaction = false; + } Catch(SqlConnection::Exception::InternalError) { + ThrowErr(Exc::TransactionFailed, "sqlite got into infinite busy state"); + } Catch(SqlConnection::Exception::Base) { + ThrowErr(Exc::TransactionFailed, "Couldn't rollback transaction"); } - ~Transaction() { - Try { - if(m_inTransaction) { - m_db->m_inUserTransaction = false; - m_db->m_connection->RollbackTransaction(); - } - } Catch (SqlConnection::Exception::InternalError) { - ThrowErr(Exc::TransactionFailed, "sqlite got into infinite busy state"); - } Catch (SqlConnection::Exception::Base) { - LogError("Transaction rollback failed!"); - } + } + } + ~Transaction() + { + Try { + if (m_inTransaction) { + m_db->m_inUserTransaction = false; + m_db->m_connection->RollbackTransaction(); } - private: - Crypto *m_db; - bool m_inTransaction; - }; - - protected: - SqlConnection* m_connection; - private: - bool m_inUserTransaction; - - void resetDB(); - void initDatabase(); - void createDBSchema(); - /** - * return current database version - * - * @param[out] schemaVersion if success, will contain DB schema version code - * - * @return false on DB empty or corrupted, true if information read - */ - bool getDBVersion(int & schemaVersion); - typedef boost::optional ScriptOptional; - ScriptOptional getScript(const std::string &scriptName) const; - ScriptOptional getMigrationScript(int db_version) const; - - Row getRow( - const SqlConnection::DataCommandUniquePtr &selectCommand) const; - - void createTable( - const char *create_cmd, - const char *table_name); - - void createView( - const char* create_cmd); - - class SchemaInfo { - public: - explicit SchemaInfo(const Crypto *db) : m_db(db) {} - - void setVersionInfo(); - bool getVersionInfo(int & version) const; - - private: - const Crypto *m_db; - }; - - public: - class NameTable { - public: - explicit NameTable(SqlConnection* connection) : m_connection(connection) {} - - void addRow( - const Name &name, - const Label &ownerLabel); - - void deleteRow( - const Name &name, - const Label &ownerLabel); - - void deleteAllRows( - const Label &ownerLabel); - - bool isPresent( - const Name &name, - const Label &ownerLabel) const; - - private: - SqlConnection* m_connection; - }; - - class ObjectTable { - public: - explicit ObjectTable(SqlConnection* connection) : m_connection(connection) {} - - void addRow( - const Row &row); - void updateRow( - const Row &row); - - private: - SqlConnection* m_connection; - }; - - class PermissionTable { - public: - explicit PermissionTable(SqlConnection* connection) : m_connection(connection) {} - - void setPermission( - const Name &name, - const Label &ownerLabel, - const Label &accessorLabel, - const PermissionMask permissionMask); - - PermissionMaskOptional getPermissionRow( - const Name &name, - const Label &ownerLabel, - const Label &accessorLabel) const; - - private: - SqlConnection* m_connection; - }; + } Catch(SqlConnection::Exception::InternalError) { + ThrowErr(Exc::TransactionFailed, "sqlite got into infinite busy state"); + } Catch(SqlConnection::Exception::Base) { + LogError("Transaction rollback failed!"); + } + } + + private: + Crypto *m_db; + bool m_inTransaction; }; + +protected: + SqlConnection* m_connection; + +private: + bool m_inUserTransaction; + + void resetDB(); + void initDatabase(); + void createDBSchema(); + /** + * return current database version + * + * @param[out] schemaVersion if success, will contain DB schema version code + * + * @return false on DB empty or corrupted, true if information read + */ + bool getDBVersion(int & schemaVersion); + typedef boost::optional ScriptOptional; + ScriptOptional getScript(const std::string &scriptName) const; + ScriptOptional getMigrationScript(int db_version) const; + + Row getRow( + const SqlConnection::DataCommandUniquePtr &selectCommand) const; + + void createTable( + const char *create_cmd, + const char *table_name); + + void createView( + const char* create_cmd); + + class SchemaInfo { + public: + explicit SchemaInfo(const Crypto *db) : m_db(db) {} + + void setVersionInfo(); + bool getVersionInfo(int & version) const; + + private: + const Crypto *m_db; + }; + +public: + class NameTable { + public: + explicit NameTable(SqlConnection* connection) : m_connection(connection) {} + + void addRow( + const Name &name, + const Label &ownerLabel); + + void deleteRow( + const Name &name, + const Label &ownerLabel); + + void deleteAllRows( + const Label &ownerLabel); + + bool isPresent( + const Name &name, + const Label &ownerLabel) const; + + private: + SqlConnection* m_connection; + }; + + class ObjectTable { + public: + explicit ObjectTable(SqlConnection* connection) : m_connection(connection) {} + + void addRow( + const Row &row); + void updateRow( + const Row &row); + + private: + SqlConnection* m_connection; + }; + + class PermissionTable { + public: + explicit PermissionTable(SqlConnection* connection) : m_connection(connection) {} + + void setPermission( + const Name &name, + const Label &ownerLabel, + const Label &accessorLabel, + const PermissionMask permissionMask); + + PermissionMaskOptional getPermissionRow( + const Name &name, + const Label &ownerLabel, + const Label &accessorLabel) const; + + private: + SqlConnection* m_connection; + }; +}; } // namespace DB } // namespace CKM diff --git a/src/manager/service/db-row.h b/src/manager/service/db-row.h index 04907af..82f1273 100644 --- a/src/manager/service/db-row.h +++ b/src/manager/service/db-row.h @@ -43,7 +43,8 @@ struct Row : public Token { , algorithmType(DBCMAlgType::NONE) , encryptionScheme(0) , dataSize(data.size()) - {} + { + } Name name; Label ownerLabel; diff --git a/src/manager/service/encryption-logic.cpp b/src/manager/service/encryption-logic.cpp old mode 100644 new mode 100755 index 36c4e10..cefb086 --- a/src/manager/service/encryption-logic.cpp +++ b/src/manager/service/encryption-logic.cpp @@ -28,7 +28,7 @@ namespace CKM { void EncryptionLogic::Crypt(const CryptoRequest& request) { // check arguments - if(request.input.empty()) { + if (request.input.empty()) { LogError("No input data"); m_service.RespondToClient(request, CKM_API_ERROR_INPUT_PARAM); return; diff --git a/src/manager/service/encryption-logic.h b/src/manager/service/encryption-logic.h index 9dbd7b0..91247ba 100644 --- a/src/manager/service/encryption-logic.h +++ b/src/manager/service/encryption-logic.h @@ -30,14 +30,14 @@ namespace CKM { -class EncryptionLogic -{ +class EncryptionLogic { public: EncryptionLogic(IEncryptionService& service) : m_service(service) {} virtual ~EncryptionLogic() {} void Crypt(const CryptoRequest& request); void KeyRetrieved(MsgKeyResponse response); + private: IEncryptionService& m_service; diff --git a/src/manager/service/encryption-service.cpp b/src/manager/service/encryption-service.cpp old mode 100644 new mode 100755 index f5de271..e2ea7c6 --- a/src/manager/service/encryption-service.cpp +++ b/src/manager/service/encryption-service.cpp @@ -33,7 +33,8 @@ const CKM::InterfaceID SOCKET_ID_ENCRYPTION = 0; namespace CKM { -EncryptionService::EncryptionService() : m_logic(*this) +EncryptionService::EncryptionService() : + m_logic(*this) { } @@ -58,7 +59,7 @@ void EncryptionService::RequestKey(const CryptoRequest& request) { MsgKeyRequest kReq(request.msgId, request.cred, request.name, request.label, request.password); if (!m_commMgr->SendMessage(kReq)) - throw std::runtime_error("No listener found"); // TODO + throw std::runtime_error("No listener found");// TODO } GenericSocketService::ServiceDescriptionVector EncryptionService::GetServiceDescription() @@ -68,11 +69,13 @@ GenericSocketService::ServiceDescriptionVector EncryptionService::GetServiceDesc }; } -void EncryptionService::Start() { +void EncryptionService::Start() +{ Create(); } -void EncryptionService::Stop() { +void EncryptionService::Stop() +{ Join(); } @@ -89,7 +92,7 @@ bool EncryptionService::ProcessOne( ConnectionInfo &info, bool /*allowed*/) { - LogDebug ("process One"); + LogDebug("process One"); try { if (!info.buffer.Ready()) return false; @@ -130,14 +133,16 @@ void EncryptionService::ProcessEncryption(const ConnectionID &conn, m_logic.Crypt(req); } -void EncryptionService::CustomHandle(const ReadEvent &event) { +void EncryptionService::CustomHandle(const ReadEvent &event) +{ LogDebug("Read event"); auto &info = m_connectionInfoMap[event.connectionID.counter]; info.buffer.Push(event.rawBuffer); - while(ProcessOne(event.connectionID, info, true)); + while (ProcessOne(event.connectionID, info, true)); } -void EncryptionService::CustomHandle(const SecurityEvent &/*event*/) { +void EncryptionService::CustomHandle(const SecurityEvent &/*event*/) +{ LogError("This should not happend! SecurityEvent was called on EncryptionService!"); } diff --git a/src/manager/service/encryption-service.h b/src/manager/service/encryption-service.h index e93c87f..4ea81e6 100644 --- a/src/manager/service/encryption-service.h +++ b/src/manager/service/encryption-service.h @@ -29,8 +29,7 @@ namespace CKM { -class EncryptionService : public ThreadMessageService, public IEncryptionService -{ +class EncryptionService : public ThreadMessageService, public IEncryptionService { public: EncryptionService(); virtual ~EncryptionService(); @@ -41,11 +40,13 @@ public: // Custom add custom support for ReadEvent and SecurityEvent // because we want to bypass security check in EncryptionService - virtual void Event(const ReadEvent &event) { + virtual void Event(const ReadEvent &event) + { CreateEvent([this, event]() { this->CustomHandle(event); }); } - virtual void Event(const SecurityEvent &event) { + virtual void Event(const SecurityEvent &event) + { CreateEvent([this, event]() { this->CustomHandle(event); }); } diff --git a/src/manager/service/file-lock.cpp b/src/manager/service/file-lock.cpp old mode 100644 new mode 100755 index 3bc6e38..95def7f --- a/src/manager/service/file-lock.cpp +++ b/src/manager/service/file-lock.cpp @@ -50,9 +50,8 @@ FileLock::FileLock(const char* const file) { // Open lock file m_lockFd = TEMP_FAILURE_RETRY(creat(file, 0644)); - if (m_lockFd == -1) { + if (m_lockFd == -1) throw io_exception("Cannot open lock file. Errno: ", strerror(errno)); - } if (-1 == lockf(m_lockFd, F_TLOCK, 0)) { if (errno == EACCES || errno == EAGAIN) @@ -69,7 +68,7 @@ FileLock::FileLock(const char* const file) int ret = fsync(m_lockFd); if (-1 == ret) - throw io_exception("Fsync failed. Errno: ",strerror(errno)); + throw io_exception("Fsync failed. Errno: ", strerror(errno)); } FileLock::~FileLock() diff --git a/src/manager/service/file-lock.h b/src/manager/service/file-lock.h index b56e29a..ded400a 100644 --- a/src/manager/service/file-lock.h +++ b/src/manager/service/file-lock.h @@ -25,8 +25,7 @@ namespace CKM { -class FileLock -{ +class FileLock { public: explicit FileLock(const char* const file); ~FileLock(); diff --git a/src/manager/service/file-system.cpp b/src/manager/service/file-system.cpp old mode 100644 new mode 100755 index 376d78d..e569d1d --- a/src/manager/service/file-system.cpp +++ b/src/manager/service/file-system.cpp @@ -55,7 +55,8 @@ namespace CKM { FileSystem::FileSystem(uid_t uid) : m_uid(uid) -{} +{ +} std::string FileSystem::getDBPath() const { @@ -64,25 +65,29 @@ std::string FileSystem::getDBPath() const return ss.str(); } -std::string FileSystem::getDKEKPath() const { +std::string FileSystem::getDKEKPath() const +{ std::stringstream ss; ss << CKM_DATA_PATH << CKM_KEY_PREFIX << m_uid; return ss.str(); } -std::string FileSystem::getDBDEKPath() const { +std::string FileSystem::getDBDEKPath() const +{ std::stringstream ss; ss << CKM_DATA_PATH << CKM_DB_KEY_PREFIX << m_uid; return ss.str(); } -std::string FileSystem::getRemovedAppsPath() const { +std::string FileSystem::getRemovedAppsPath() const +{ std::stringstream ss; ss << CKM_DATA_PATH << CKM_REMOVED_APP_PREFIX << m_uid; return ss.str(); } -RawBuffer FileSystem::loadFile(const std::string &path) const { +RawBuffer FileSystem::loadFile(const std::string &path) const +{ std::ifstream is(path); if (is.fail() && ENOENT == errno) @@ -94,8 +99,8 @@ RawBuffer FileSystem::loadFile(const std::string &path) const { "Error opening file: ", path, " Reason: ", description); } - std::istreambuf_iterator begin(is),end; - std::vector buff(begin,end); // This trick does not work with boost vector + std::istreambuf_iterator begin(is), end; + std::vector buff(begin, end); // This trick does not work with boost vector RawBuffer buffer(buff.size()); memcpy(buffer.data(), buff.data(), buff.size()); @@ -112,7 +117,8 @@ RawBuffer FileSystem::getDBDEK() const return loadFile(getDBDEKPath()); } -void FileSystem::saveFile(const std::string &path, const RawBuffer &buffer) const { +void FileSystem::saveFile(const std::string &path, const RawBuffer &buffer) const +{ std::ofstream os(path, std::ios::out | std::ofstream::binary | std::ofstream::trunc); std::copy(buffer.begin(), buffer.end(), std::ostreambuf_iterator(os)); @@ -125,11 +131,13 @@ void FileSystem::saveFile(const std::string &path, const RawBuffer &buffer) cons ThrowErr(Exc::FileSystemFailed, "Failed to save file: ", path); } -void FileSystem::saveDKEK(const RawBuffer &buffer) const { +void FileSystem::saveDKEK(const RawBuffer &buffer) const +{ saveFile(getDKEKPath(), buffer); } -void FileSystem::saveDBDEK(const RawBuffer &buffer) const { +void FileSystem::saveDBDEK(const RawBuffer &buffer) const +{ saveFile(getDBDEKPath(), buffer); } @@ -153,9 +161,9 @@ AppLabelVector FileSystem::clearRemovedsApps() const std::string line; std::ifstream removedAppsFile(getRemovedAppsPath()); if (removedAppsFile.is_open()) { - while (! removedAppsFile.eof() ) { - getline (removedAppsFile,line); - if(line.size() > 0) + while (!removedAppsFile.eof()) { + getline(removedAppsFile, line); + if (line.size() > 0) removedApps.push_back(line); } removedAppsFile.close(); @@ -167,7 +175,8 @@ AppLabelVector FileSystem::clearRemovedsApps() const return removedApps; } -int FileSystem::init() { +int FileSystem::init() +{ errno = 0; if ((mkdir(CKM_DATA_PATH.c_str(), 0700)) && (errno != EEXIST)) { int err = errno; @@ -177,7 +186,8 @@ int FileSystem::init() { return 0; } -UidVector FileSystem::getUIDsFromDBFile() { +UidVector FileSystem::getUIDsFromDBFile() +{ UidVector uids; std::unique_ptr> dirp(::opendir(CKM_DATA_PATH.c_str()), ::closedir); @@ -201,9 +211,8 @@ UidVector FileSystem::getUIDsFromDBFile() { while ( (!readdir_r(dirp.get(), pEntry.get(), &pDirEntry)) && pDirEntry ) { // Ignore files with diffrent prefix - if (strncmp(pDirEntry->d_name, CKM_KEY_PREFIX.c_str(), CKM_KEY_PREFIX.size())) { + if (strncmp(pDirEntry->d_name, CKM_KEY_PREFIX.c_str(), CKM_KEY_PREFIX.size())) continue; - } // We find database. Let's extract user id. try { @@ -220,7 +229,8 @@ UidVector FileSystem::getUIDsFromDBFile() { return uids; } -int FileSystem::removeUserData() const { +int FileSystem::removeUserData() const +{ int err, retCode = 0; if (unlink(getDBPath().c_str())) { diff --git a/src/manager/service/file-system.h b/src/manager/service/file-system.h index 6b396c3..145d77e 100644 --- a/src/manager/service/file-system.h +++ b/src/manager/service/file-system.h @@ -54,7 +54,8 @@ public: static UidVector getUIDsFromDBFile(); static FileLock lock(); - virtual ~FileSystem(){} + virtual ~FileSystem() {} + protected: std::string getDKEKPath() const; std::string getDBDEKPath() const; diff --git a/src/manager/service/key-provider.cpp b/src/manager/service/key-provider.cpp old mode 100644 new mode 100755 index 23ca201..eddc472 --- a/src/manager/service/key-provider.cpp +++ b/src/manager/service/key-provider.cpp @@ -43,7 +43,8 @@ WrappedKeyAndInfo& WrappedKeyAndInfoContainer::getWrappedKeyAndInfo() return *wrappedKeyAndInfo; } -void WrappedKeyAndInfoContainer::setKeyInfoKeyLength(const unsigned int length){ +void WrappedKeyAndInfoContainer::setKeyInfoKeyLength(const unsigned int length) +{ wrappedKeyAndInfo->keyInfo.keyLength = length; } @@ -104,29 +105,28 @@ KeyAndInfoContainer::~KeyAndInfoContainer() memset(ptr, 0, sizeof(KeyAndInfo)); // verification for (size_t size = 0; size < sizeof(KeyAndInfo); ++size) { - if (ptr[size]) { + if (ptr[size]) LogError("Write momory error! Memory used by key was not owerwritten."); - } } delete keyAndInfo; } -KeyProvider::KeyProvider() - : m_kmcDKEK(NULL) - , m_isInitialized(false) +KeyProvider::KeyProvider() : + m_kmcDKEK(NULL), + m_isInitialized(false) { LogDebug("Created empty KeyProvider"); } KeyProvider::KeyProvider( const RawBuffer &domainKEKInWrapForm, - const Password &password) - : m_kmcDKEK(new KeyAndInfoContainer()) - , m_isInitialized(true) + const Password &password) : + m_kmcDKEK(new KeyAndInfoContainer()), + m_isInitialized(true) { - if (!m_isInitialized) { + if (!m_isInitialized) ThrowErr(Exc::InternalError, "Object not initialized!. Should not happened"); - } + if (domainKEKInWrapForm.size() != sizeof(WrappedKeyAndInfo)) { LogError("input size:" << domainKEKInWrapForm.size() << " Expected: " << sizeof(WrappedKeyAndInfo)); @@ -150,7 +150,6 @@ KeyProvider::KeyProvider( PBKDF2_ITERATIONS, MAX_KEY_SIZE, PKEK1)) { - delete[] concat_user_pass; ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR"); } @@ -166,7 +165,6 @@ KeyProvider::KeyProvider( PKEK1, wkmcDKEK.getWrappedKeyAndInfo().keyInfo.iv, m_kmcDKEK->getKeyAndInfo().key))) { - ThrowErr(Exc::AuthenticationFailed, "VerifyDomainKEK failed in KeyProvider Constructor"); } @@ -202,9 +200,8 @@ bool KeyProvider::isInitialized() RawBuffer KeyProvider::getPureDomainKEK() { - if (!m_isInitialized) { + if (!m_isInitialized) ThrowErr(Exc::InternalError, "Object not initialized!"); - } // TODO secure return RawBuffer(m_kmcDKEK->getKeyAndInfo().key, (m_kmcDKEK->getKeyAndInfo().key) + m_kmcDKEK->getKeyAndInfo().keyInfo.keyLength); @@ -212,9 +209,8 @@ RawBuffer KeyProvider::getPureDomainKEK() RawBuffer KeyProvider::getWrappedDomainKEK(const Password &password) { - if (!m_isInitialized) { + if (!m_isInitialized) ThrowErr(Exc::InternalError, "Object not initialized!"); - } WrappedKeyAndInfoContainer wkmcDKEK = WrappedKeyAndInfoContainer(); @@ -233,7 +229,6 @@ RawBuffer KeyProvider::getWrappedDomainKEK(const Password &password) PBKDF2_ITERATIONS, MAX_KEY_SIZE, PKEK1)) { - delete[] concat_user_pass; ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR"); } @@ -245,15 +240,13 @@ RawBuffer KeyProvider::getWrappedDomainKEK(const Password &password) int wrappedKeyLength; if (0 > (wrappedKeyLength = encryptAes256Gcm( - m_kmcDKEK->getKeyAndInfo().key, - m_kmcDKEK->getKeyAndInfo().keyInfo.keyLength, - PKEK1, - m_kmcDKEK->getKeyAndInfo().keyInfo.iv, - wkmcDKEK.getWrappedKeyAndInfo().wrappedKey, - wkmcDKEK.getWrappedKeyAndInfo().keyInfo.tag))) { - + m_kmcDKEK->getKeyAndInfo().key, + m_kmcDKEK->getKeyAndInfo().keyInfo.keyLength, + PKEK1, + m_kmcDKEK->getKeyAndInfo().keyInfo.iv, + wkmcDKEK.getWrappedKeyAndInfo().wrappedKey, + wkmcDKEK.getWrappedKeyAndInfo().keyInfo.tag))) ThrowErr(Exc::InternalError, "WrapDKEK Failed in KeyProvider::getDomainKEK"); - } wkmcDKEK.setKeyInfoKeyLength((unsigned int)wrappedKeyLength); @@ -264,11 +257,10 @@ RawBuffer KeyProvider::getWrappedDomainKEK(const Password &password) RawBuffer KeyProvider::getPureDEK(const RawBuffer &DEKInWrapForm) { - if (!m_isInitialized) { + if (!m_isInitialized) ThrowErr(Exc::InternalError, "Object not initialized!"); - } - if (DEKInWrapForm.size() != sizeof(WrappedKeyAndInfo)){ + if (DEKInWrapForm.size() != sizeof(WrappedKeyAndInfo)) { LogError("input size:" << DEKInWrapForm.size() << " Expected: " << sizeof(WrappedKeyAndInfo)); ThrowErr(Exc::InternalError, @@ -283,28 +275,24 @@ RawBuffer KeyProvider::getPureDEK(const RawBuffer &DEKInWrapForm) int keyLength; if (!PKCS5_PBKDF2_HMAC_SHA1( - wkmcDEK.getWrappedKeyAndInfo().keyInfo.label, - strlen(wkmcDEK.getWrappedKeyAndInfo().keyInfo.label), - m_kmcDKEK->getKeyAndInfo().key, - MAX_SALT_SIZE, - PBKDF2_ITERATIONS, - MAX_KEY_SIZE, - PKEK2)) { - + wkmcDEK.getWrappedKeyAndInfo().keyInfo.label, + strlen(wkmcDEK.getWrappedKeyAndInfo().keyInfo.label), + m_kmcDKEK->getKeyAndInfo().key, + MAX_SALT_SIZE, + PBKDF2_ITERATIONS, + MAX_KEY_SIZE, + PKEK2)) ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR"); - } if (0 > (keyLength = decryptAes256Gcm( - wkmcDEK.getWrappedKeyAndInfo().wrappedKey, - wkmcDEK.getWrappedKeyAndInfo().keyInfo.keyLength, - wkmcDEK.getWrappedKeyAndInfo().keyInfo.tag, - PKEK2, - wkmcDEK.getWrappedKeyAndInfo().keyInfo.iv, - kmcDEK.getKeyAndInfo().key))) { - + wkmcDEK.getWrappedKeyAndInfo().wrappedKey, + wkmcDEK.getWrappedKeyAndInfo().keyInfo.keyLength, + wkmcDEK.getWrappedKeyAndInfo().keyInfo.tag, + PKEK2, + wkmcDEK.getWrappedKeyAndInfo().keyInfo.iv, + kmcDEK.getKeyAndInfo().key))) ThrowErr(Exc::InternalError, "UnwrapDEK Failed in KeyProvider::getPureDEK"); - } kmcDEK.setKeyInfoKeyLength((unsigned int)keyLength); @@ -316,9 +304,8 @@ RawBuffer KeyProvider::getPureDEK(const RawBuffer &DEKInWrapForm) RawBuffer KeyProvider::generateDEK(const std::string &smackLabel) { - if (!m_isInitialized) { + if (!m_isInitialized) ThrowErr(Exc::InternalError, "Object not initialized!"); - } WrappedKeyAndInfoContainer wkmcDEK = WrappedKeyAndInfoContainer(); std::string resized_smackLabel; @@ -331,35 +318,29 @@ RawBuffer KeyProvider::generateDEK(const std::string &smackLabel) uint8_t key[MAX_KEY_SIZE], PKEK2[MAX_KEY_SIZE]; if (!RAND_bytes(key, m_kmcDKEK->getKeyAndInfo().keyInfo.keyLength) || - !RAND_bytes(wkmcDEK.getWrappedKeyAndInfo().keyInfo.iv, MAX_IV_SIZE)) { - + !RAND_bytes(wkmcDEK.getWrappedKeyAndInfo().keyInfo.iv, MAX_IV_SIZE)) ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR"); - } if (!PKCS5_PBKDF2_HMAC_SHA1( - resized_smackLabel.c_str(), - strlen(resized_smackLabel.c_str()), - m_kmcDKEK->getKeyAndInfo().key, - MAX_SALT_SIZE, - PBKDF2_ITERATIONS, - MAX_KEY_SIZE, - PKEK2)) { - + resized_smackLabel.c_str(), + strlen(resized_smackLabel.c_str()), + m_kmcDKEK->getKeyAndInfo().key, + MAX_SALT_SIZE, + PBKDF2_ITERATIONS, + MAX_KEY_SIZE, + PKEK2)) ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR"); - } int wrappedKeyLength; if (0 > (wrappedKeyLength = encryptAes256Gcm( - key, - m_kmcDKEK->getKeyAndInfo().keyInfo.keyLength, - PKEK2, - wkmcDEK.getWrappedKeyAndInfo().keyInfo.iv, - wkmcDEK.getWrappedKeyAndInfo().wrappedKey, - wkmcDEK.getWrappedKeyAndInfo().keyInfo.tag))) { - + key, + m_kmcDKEK->getKeyAndInfo().keyInfo.keyLength, + PKEK2, + wkmcDEK.getWrappedKeyAndInfo().keyInfo.iv, + wkmcDEK.getWrappedKeyAndInfo().wrappedKey, + wkmcDEK.getWrappedKeyAndInfo().keyInfo.tag))) ThrowErr(Exc::InternalError, "GenerateDEK Failed in KeyProvider::generateDEK"); - } wkmcDEK.setKeyInfoKeyLength((unsigned int)wrappedKeyLength); wkmcDEK.setKeyInfoSalt(m_kmcDKEK->getKeyAndInfo().key, MAX_SALT_SIZE); @@ -403,22 +384,19 @@ RawBuffer KeyProvider::reencrypt( PBKDF2_ITERATIONS, MAX_KEY_SIZE, PKEK1)) { - delete[] concat_user_pass; ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR"); } delete[] concat_user_pass; if (0 > (keyLength = decryptAes256Gcm( - wkmcOldDKEK.getWrappedKeyAndInfo().wrappedKey, - wkmcOldDKEK.getWrappedKeyAndInfo().keyInfo.keyLength, - wkmcOldDKEK.getWrappedKeyAndInfo().keyInfo.tag, - PKEK1, - wkmcOldDKEK.getWrappedKeyAndInfo().keyInfo.iv, - kmcDKEK.getKeyAndInfo().key))) { - + wkmcOldDKEK.getWrappedKeyAndInfo().wrappedKey, + wkmcOldDKEK.getWrappedKeyAndInfo().keyInfo.keyLength, + wkmcOldDKEK.getWrappedKeyAndInfo().keyInfo.tag, + PKEK1, + wkmcOldDKEK.getWrappedKeyAndInfo().keyInfo.iv, + kmcDKEK.getKeyAndInfo().key))) ThrowErr(Exc::AuthenticationFailed, "Incorrect Old Password "); - } kmcDKEK.setKeyInfo(&(wkmcOldDKEK.getWrappedKeyAndInfo().keyInfo)); kmcDKEK.setKeyInfoKeyLength((unsigned int)keyLength); @@ -428,14 +406,13 @@ RawBuffer KeyProvider::reencrypt( newPass.c_str()); if (!PKCS5_PBKDF2_HMAC_SHA1( - concat_user_pass, - strlen(concat_user_pass), - kmcDKEK.getKeyAndInfo().keyInfo.salt, - MAX_SALT_SIZE, - PBKDF2_ITERATIONS, - MAX_KEY_SIZE, - PKEK1)) { - + concat_user_pass, + strlen(concat_user_pass), + kmcDKEK.getKeyAndInfo().keyInfo.salt, + MAX_SALT_SIZE, + PBKDF2_ITERATIONS, + MAX_KEY_SIZE, + PKEK1)) { delete[] concat_user_pass; ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR"); } @@ -446,15 +423,13 @@ RawBuffer KeyProvider::reencrypt( wkmcNewDKEK.setKeyInfo(&(kmcDKEK.getKeyAndInfo().keyInfo)); if (0 > (wrappedKeyLength = encryptAes256Gcm( - kmcDKEK.getKeyAndInfo().key, - kmcDKEK.getKeyAndInfo().keyInfo.keyLength, - PKEK1, - kmcDKEK.getKeyAndInfo().keyInfo.iv, - wkmcNewDKEK.getWrappedKeyAndInfo().wrappedKey, - wkmcNewDKEK.getWrappedKeyAndInfo().keyInfo.tag))) { - + kmcDKEK.getKeyAndInfo().key, + kmcDKEK.getKeyAndInfo().keyInfo.keyLength, + PKEK1, + kmcDKEK.getKeyAndInfo().keyInfo.iv, + wkmcNewDKEK.getWrappedKeyAndInfo().wrappedKey, + wkmcNewDKEK.getWrappedKeyAndInfo().keyInfo.tag))) ThrowErr(Exc::InternalError, "UpdateDomainKEK in KeyProvider::reencrypt Failed"); - } wkmcNewDKEK.setKeyInfoKeyLength((unsigned int)wrappedKeyLength); @@ -471,22 +446,21 @@ RawBuffer KeyProvider::generateDomainKEK( uint8_t key[MAX_KEY_SIZE], PKEK1[MAX_KEY_SIZE]; if (!RAND_bytes(wkmcDKEK.getWrappedKeyAndInfo().keyInfo.salt, MAX_SALT_SIZE) || - !RAND_bytes(key, MAX_KEY_SIZE) || - !RAND_bytes(wkmcDKEK.getWrappedKeyAndInfo().keyInfo.iv, MAX_IV_SIZE)) + !RAND_bytes(key, MAX_KEY_SIZE) || + !RAND_bytes(wkmcDKEK.getWrappedKeyAndInfo().keyInfo.iv, MAX_IV_SIZE)) ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR"); int wrappedKeyLength; char *concat_user_pass = NULL; concat_user_pass = concat_password_user(user.c_str(), userPassword.c_str()); if (!PKCS5_PBKDF2_HMAC_SHA1( - concat_user_pass, - strlen(concat_user_pass), - wkmcDKEK.getWrappedKeyAndInfo().keyInfo.salt, - MAX_SALT_SIZE, - PBKDF2_ITERATIONS, - MAX_KEY_SIZE, - PKEK1)) { - + concat_user_pass, + strlen(concat_user_pass), + wkmcDKEK.getWrappedKeyAndInfo().keyInfo.salt, + MAX_SALT_SIZE, + PBKDF2_ITERATIONS, + MAX_KEY_SIZE, + PKEK1)) { delete[] concat_user_pass; ThrowErr(Exc::InternalError, "OPENSSL_ENGINED_ERROR"); } @@ -494,16 +468,14 @@ RawBuffer KeyProvider::generateDomainKEK( delete[] concat_user_pass; if (0 > (wrappedKeyLength = encryptAes256Gcm( - key, - MAX_KEY_SIZE, - PKEK1, - wkmcDKEK.getWrappedKeyAndInfo().keyInfo.iv, - wkmcDKEK.getWrappedKeyAndInfo().wrappedKey, - wkmcDKEK.getWrappedKeyAndInfo().keyInfo.tag))) { - + key, + MAX_KEY_SIZE, + PKEK1, + wkmcDKEK.getWrappedKeyAndInfo().keyInfo.iv, + wkmcDKEK.getWrappedKeyAndInfo().wrappedKey, + wkmcDKEK.getWrappedKeyAndInfo().keyInfo.tag))) ThrowErr(Exc::InternalError, "GenerateDomainKEK Failed in KeyProvider::generateDomainKEK"); - } wkmcDKEK.setKeyInfoKeyLength((unsigned int)wrappedKeyLength); wkmcDKEK.setKeyInfoLabel(user); @@ -531,40 +503,34 @@ KeyProvider::~KeyProvider() int KeyProvider::encryptAes256Gcm(const unsigned char *plaintext, int plaintext_len, const unsigned char *key, const unsigned char *iv, unsigned char *ciphertext, unsigned char *tag) { - EVP_CIPHER_CTX *ctx; int len; int ciphertext_len = 0; - if (!(ctx = EVP_CIPHER_CTX_new())) { + if (!(ctx = EVP_CIPHER_CTX_new())) return OPENSSL_ENGINE_ERROR; - } - if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) { + if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) return OPENSSL_ENGINE_ERROR; - } - if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) { + if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) return OPENSSL_ENGINE_ERROR; - } - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL)) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL)) return OPENSSL_ENGINE_ERROR; - } - if (!EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len)) { + if (!EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len)) return OPENSSL_ENGINE_ERROR; - } + ciphertext_len = len; - if (!EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) { + if (!EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) return OPENSSL_ENGINE_ERROR; - } + ciphertext_len += len; - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, MAX_IV_SIZE, tag)) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, MAX_IV_SIZE, tag)) return OPENSSL_ENGINE_ERROR; - } EVP_CIPHER_CTX_free(ctx); @@ -573,47 +539,40 @@ int KeyProvider::encryptAes256Gcm(const unsigned char *plaintext, int plaintext_ int KeyProvider::decryptAes256Gcm(const unsigned char *ciphertext, int ciphertext_len, unsigned char *tag, const unsigned char *key, const unsigned char *iv, unsigned char *plaintext) { - EVP_CIPHER_CTX *ctx; int len; int plaintext_len; int ret; - if (!(ctx = EVP_CIPHER_CTX_new())) { + if (!(ctx = EVP_CIPHER_CTX_new())) return OPENSSL_ENGINE_ERROR; - } - if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) { + if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) return OPENSSL_ENGINE_ERROR; - } - if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) { + + if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) return OPENSSL_ENGINE_ERROR; - } - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL)) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL)) return OPENSSL_ENGINE_ERROR; - } - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, MAX_IV_SIZE, tag)) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, MAX_IV_SIZE, tag)) return OPENSSL_ENGINE_ERROR; - } - if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len)) { + if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len)) return OPENSSL_ENGINE_ERROR; - } + plaintext_len = len; - if (!(ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len))) { + if (!(ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len))) return OPENSSL_ENGINE_ERROR; - } EVP_CIPHER_CTX_free(ctx); if (ret > 0) { plaintext_len += len; return plaintext_len; - } - else { + } else { return -1; } } @@ -628,12 +587,12 @@ char * KeyProvider::concat_password_user(const char *user, const char *password) resized_user = new char[MAX_LABEL_SIZE]; memcpy(resized_user, user, MAX_LABEL_SIZE-1); resized_user[MAX_LABEL_SIZE-1] = '\0'; - } - else { + } else { resized_user = new char[strlen(user)+1]; memcpy(resized_user, user, strlen(user)); resized_user[strlen(user)] = '\0'; } + concat_user_pass_len = strlen(resized_user) + strlen(password) + 1; concat_user_pass = new char[concat_user_pass_len]; diff --git a/src/manager/service/key-provider.h b/src/manager/service/key-provider.h index 918a622..feaf8c4 100644 --- a/src/manager/service/key-provider.h +++ b/src/manager/service/key-provider.h @@ -65,7 +65,7 @@ typedef struct WrappedKeyAndInfo_ { uint8_t wrappedKey[MAX_WRAPPED_KEY_SIZE]; } WrappedKeyAndInfo; -class WrappedKeyAndInfoContainer{ +class WrappedKeyAndInfoContainer { public: WrappedKeyAndInfoContainer(); WrappedKeyAndInfoContainer(const unsigned char*); @@ -75,11 +75,12 @@ public: void setKeyInfoSalt(const unsigned char*, const int); void setKeyInfo(const KeyComponentsInfo*); ~WrappedKeyAndInfoContainer(); + private: WrappedKeyAndInfo *wrappedKeyAndInfo; }; -class KeyAndInfoContainer{ +class KeyAndInfoContainer { public: KeyAndInfoContainer(); KeyAndInfoContainer(const unsigned char*); @@ -87,6 +88,7 @@ public: void setKeyInfoKeyLength(const unsigned int); void setKeyInfo(const KeyComponentsInfo*); ~KeyAndInfoContainer(); + private: KeyAndInfo *keyAndInfo; }; @@ -144,6 +146,7 @@ public: static int closeLibrary(); virtual ~KeyProvider(); + private: // KeyAndInfoContainer class std::shared_ptr m_kmcDKEK; @@ -168,7 +171,6 @@ private: static char * concat_password_user( const char *user, const char *password); - }; } // namespace CKM diff --git a/src/manager/service/ocsp-logic.cpp b/src/manager/service/ocsp-logic.cpp old mode 100644 new mode 100755 index 5e28d19..5cc512a --- a/src/manager/service/ocsp-logic.cpp +++ b/src/manager/service/ocsp-logic.cpp @@ -76,7 +76,8 @@ void OCSPLogic::setNetAvailable() m_isNetAvailable = false; } -RawBuffer OCSPLogic::ocspCheck(int commandId, const RawBufferVector &rawChain, bool allowed) { +RawBuffer OCSPLogic::ocspCheck(int commandId, const RawBufferVector &rawChain, bool allowed) +{ CertificateImplVector certChain; OCSPModule ocsp; int retCode = CKM_API_SUCCESS; @@ -91,7 +92,7 @@ RawBuffer OCSPLogic::ocspCheck(int commandId, const RawBufferVector &rawChain, b retCode = CKM_API_ERROR_NOT_SUPPORTED; } else if (!allowed) { retCode = CKM_API_ERROR_ACCESS_DENIED; - } else if(rawChain.size() < 2) { + } else if (rawChain.size() < 2) { LogError("Certificate chain should contain at least 2 certificates"); retCode = CKM_API_ERROR_INPUT_PARAM; } else { diff --git a/src/manager/service/ocsp-logic.h b/src/manager/service/ocsp-logic.h index 6a065c1..b700d86 100644 --- a/src/manager/service/ocsp-logic.h +++ b/src/manager/service/ocsp-logic.h @@ -34,13 +34,11 @@ public: OCSPLogic& operator=(OCSPLogic &&) = delete; RawBuffer ocspCheck(int commandId, const RawBufferVector &rawChain, bool allowed); - virtual ~OCSPLogic(){} + virtual ~OCSPLogic() {} + private: void setNetAvailable(); bool m_isNetAvailable; }; - - - } // namespace CKM diff --git a/src/manager/service/ocsp-service.cpp b/src/manager/service/ocsp-service.cpp old mode 100644 new mode 100755 index e65114d..b6449d0 --- a/src/manager/service/ocsp-service.cpp +++ b/src/manager/service/ocsp-service.cpp @@ -36,17 +36,21 @@ namespace CKM { OCSPService::OCSPService() : m_logic(new OCSPLogic()) -{} +{ +} -OCSPService::~OCSPService() { +OCSPService::~OCSPService() +{ delete m_logic; } -void OCSPService::Start() { +void OCSPService::Start() +{ Create(); } -void OCSPService::Stop() { +void OCSPService::Stop() +{ Join(); } @@ -62,7 +66,7 @@ bool OCSPService::ProcessOne( ConnectionInfo &info, bool allowed) { - LogDebug ("process One"); + LogDebug("process One"); Try { if (!info.buffer.Ready()) @@ -78,7 +82,7 @@ bool OCSPService::ProcessOne( m_serviceManager->Write(conn, response); return true; - } Catch (MessageBuffer::Exception::Base) { + } Catch(MessageBuffer::Exception::Base) { LogError("Broken protocol. Closing socket."); } catch (const std::string &e) { LogError("String exception(" << e << "). Closing socket"); diff --git a/src/manager/service/ocsp-service.h b/src/manager/service/ocsp-service.h index a8453ba..725d0e4 100644 --- a/src/manager/service/ocsp-service.h +++ b/src/manager/service/ocsp-service.h @@ -28,8 +28,7 @@ namespace CKM { class OCSPLogic; -class OCSPService : public CKM::ThreadService -{ +class OCSPService : public CKM::ThreadService { public: OCSPService(); OCSPService(const OCSPService &) = delete; diff --git a/src/manager/service/ocsp.cpp b/src/manager/service/ocsp.cpp old mode 100644 new mode 100755 index 4172d0f..aa5fa96 --- a/src/manager/service/ocsp.cpp +++ b/src/manager/service/ocsp.cpp @@ -41,7 +41,8 @@ namespace CKM { namespace { typedef std::unique_ptr> BioUniquePtr; -void BIO_write_and_free(BIO* bio) { +void BIO_write_and_free(BIO* bio) +{ if (!bio) return; @@ -57,23 +58,25 @@ void BIO_write_and_free(BIO* bio) { } // namespace anonymous -OCSPModule::OCSPModule() { +OCSPModule::OCSPModule() +{ // Do nothing. } -OCSPModule::~OCSPModule(){ +OCSPModule::~OCSPModule() +{ // Do nothing. } -int OCSPModule::verify(const CertificateImplVector &certificateChain) { +int OCSPModule::verify(const CertificateImplVector &certificateChain) +{ bool unsupported = false; // ocsp is unsupported in certificate in chain (except root CA) // create trusted store X509_STACK_PTR trustedCerts = create_x509_stack(); // skip first 2 certificates - for (auto it=certificateChain.cbegin()+2; it < certificateChain.cend(); it++) - { + for (auto it = certificateChain.cbegin() + 2; it < certificateChain.cend(); it++) { if (it->empty()) { LogError("Error. Broken certificate chain."); return CKM_API_OCSP_STATUS_INTERNAL_ERROR; @@ -81,7 +84,7 @@ int OCSPModule::verify(const CertificateImplVector &certificateChain) { sk_X509_push(trustedCerts.get(), it->getX509()); } - for (int i=0; i < static_cast(certificateChain.size())-1; i++) {// except root certificate + for (int i = 0; i < static_cast(certificateChain.size()) - 1; i++) {// except root certificate if (certificateChain[i].empty() || certificateChain[i+1].empty()) { LogError("Error. Broken certificate chain."); return CKM_API_OCSP_STATUS_INTERNAL_ERROR; @@ -102,7 +105,7 @@ int OCSPModule::verify(const CertificateImplVector &certificateChain) { // remove first element from trustedCerts store sk_X509_delete(trustedCerts.get(), 0); - if(result != CKM_API_OCSP_STATUS_GOOD) { + if (result != CKM_API_OCSP_STATUS_GOOD) { LogError("Fail to OCSP certification check. Errorcode=[" << result << "], on certChain[" << i << "]"); return result; @@ -115,7 +118,8 @@ int OCSPModule::verify(const CertificateImplVector &certificateChain) { return CKM_API_OCSP_STATUS_GOOD; } -int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, STACK_OF(X509) *trustedCerts, const std::string &constUrl) { +int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, STACK_OF(X509) *trustedCerts, const std::string &constUrl) +{ OCSP_REQUEST *req = NULL; OCSP_RESPONSE *resp = NULL; OCSP_BASICRESP *bs = NULL; @@ -133,16 +137,15 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, STACK_OF(X509) *trustedCer char subj_buf[256]; int reason = 0; // const char *reason_str = NULL;0 - X509_STORE *trustedStore=NULL; + X509_STORE *trustedStore = NULL; BioUniquePtr bioLogger(BIO_new(BIO_s_mem()), BIO_write_and_free); std::vector url(constUrl.begin(), constUrl.end()); url.push_back(0); - if (!OCSP_parse_url(url.data(), &host, &port, &path, &use_ssl)) { + if (!OCSP_parse_url(url.data(), &host, &port, &path, &use_ssl)) /* report error */ return CKM_API_OCSP_STATUS_INVALID_URL; - } LogDebug("Host: " << host); LogDebug("Port: " << port); @@ -156,9 +159,8 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, STACK_OF(X509) *trustedCer return CKM_API_OCSP_STATUS_INTERNAL_ERROR; } - if (port != NULL) { - BIO_set_conn_port(cbio, port); - } + if (port != NULL) + BIO_set_conn_port(cbio, port); if (use_ssl == 1) { BIO *sbio = NULL; @@ -188,73 +190,68 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, STACK_OF(X509) *trustedCer /* report error */ /* free stuff */ - if (host != NULL) { + if (host != NULL) OPENSSL_free(host); - } - if (port != NULL) { + if (port != NULL) OPENSSL_free(port); - } - if (path != NULL) { + if (path != NULL) OPENSSL_free(path); - } + host = port = path = NULL; - if (use_ssl && use_ssl_ctx) { + if (use_ssl && use_ssl_ctx) SSL_CTX_free(use_ssl_ctx); - } + use_ssl_ctx = NULL; - if (cbio != NULL) { + if (cbio != NULL) BIO_free_all(cbio); - } + cbio = NULL; return CKM_API_OCSP_STATUS_NET_ERROR; } req = OCSP_REQUEST_new(); - - if(req == NULL) { + if (req == NULL) { LogDebug("Error in OCPS_REQUEST_new"); return CKM_API_OCSP_STATUS_INTERNAL_ERROR; } + certid = OCSP_cert_to_id(NULL, cert, issuer); - if(certid == NULL) { + if (certid == NULL) { LogDebug("Error in OCSP_cert_to_id"); return CKM_API_OCSP_STATUS_INTERNAL_ERROR; } - if(OCSP_request_add0_id(req, certid) == NULL) { + if (OCSP_request_add0_id(req, certid) == NULL) { LogDebug("Error in OCSP_request_add0_id"); return CKM_API_OCSP_STATUS_INTERNAL_ERROR; } resp = OCSP_sendreq_bio(cbio, path, req); - /* free some stuff we no longer need */ - if (host != NULL) { + if (host != NULL) OPENSSL_free(host); - } - if (port != NULL) { + if (port != NULL) OPENSSL_free(port); - } - if (path != NULL) { + if (path != NULL) OPENSSL_free(path); - } + host = port = path = NULL; - if (use_ssl && use_ssl_ctx) { + if (use_ssl && use_ssl_ctx) SSL_CTX_free(use_ssl_ctx); - } + use_ssl_ctx = NULL; - if (cbio != NULL) { + if (cbio != NULL) BIO_free_all(cbio); - } + cbio = NULL; if (!resp) { @@ -288,11 +285,12 @@ int OCSPModule::ocsp_verify(X509 *cert, X509 *issuer, STACK_OF(X509) *trustedCer return CKM_API_OCSP_STATUS_INVALID_RESPONSE; } - if(trustedCerts != NULL) { + if (trustedCerts != NULL) { trustedStore = X509_STORE_new(); - for(int tmpIdx=0; tmpIdx TokenPair; +typedef std::pair TokenPair; } // namespace CKM diff --git a/src/pam_plugin/pam-key-manager-plugin.cpp b/src/pam_plugin/pam-key-manager-plugin.cpp old mode 100644 new mode 100755 index 0cf0943..792e6ae --- a/src/pam_plugin/pam-key-manager-plugin.cpp +++ b/src/pam_plugin/pam-key-manager-plugin.cpp @@ -36,8 +36,7 @@ #include #include -namespace -{ +namespace { #define PASSWORD_SHADOWED "x" std::string old_password; @@ -50,15 +49,14 @@ bool identify_user_pwd(pam_handle_t *pamh, uid_t & uid, std::string & passwd) struct passwd *pwd; if ((pwd = getpwnam(user)) == NULL) return true; - if(strcmp(pwd->pw_passwd, PASSWORD_SHADOWED)==0) - { + if (strcmp(pwd->pw_passwd, PASSWORD_SHADOWED) == 0) { struct spwd *pwd_sh; if ((pwd_sh = getspnam(user)) == NULL) return true; passwd = std::string(pwd_sh->sp_pwdp); - } - else + } else { passwd = std::string(pwd->pw_passwd); + } uid = pwd->pw_uid; return false; } @@ -70,25 +68,24 @@ pam_sm_open_session(pam_handle_t *pamh, int /*flags*/, int /*argc*/, const char // identify user uid_t uid = -1; std::string passwd; - if(identify_user_pwd(pamh, uid, passwd)) + if (identify_user_pwd(pamh, uid, passwd)) return PAM_SESSION_ERR; auto control = CKM::Control::create(); int ec = control->unlockUserKey(uid, passwd.c_str()); - if(ec == CKM_API_SUCCESS) + if (ec == CKM_API_SUCCESS) return PAM_SUCCESS; - if(ec == CKM_API_ERROR_AUTHENTICATION_FAILED) - { + if (ec == CKM_API_ERROR_AUTHENTICATION_FAILED) { pam_syslog(pamh, LOG_ERR, "key-manager and system password desynchronized," "removing key-manager database for user: %d\n", uid); // key-manager<->system password desync // remove the user content ec = control->removeUserData(uid); - if(ec == CKM_API_SUCCESS) { + if (ec == CKM_API_SUCCESS) { ec = CKM::Control::create()->unlockUserKey(uid, passwd.c_str()); - if(ec == CKM_API_SUCCESS) + if (ec == CKM_API_SUCCESS) return PAM_SUCCESS; pam_syslog(pamh, LOG_ERR, "key-manager and system password desynchronized," "attempt to create new database failed: %d\n", ec); @@ -107,10 +104,10 @@ pam_sm_close_session(pam_handle_t *pamh, int /*flags*/, int /*argc*/, const char // identify user uid_t uid = -1; std::string passwd; - if(identify_user_pwd(pamh, uid, passwd)) + if (identify_user_pwd(pamh, uid, passwd)) return PAM_SESSION_ERR; - if(CKM::Control::create()->lockUserKey(uid) == CKM_API_SUCCESS) + if (CKM::Control::create()->lockUserKey(uid) == CKM_API_SUCCESS) return PAM_SUCCESS; return PAM_SESSION_ERR; @@ -119,7 +116,7 @@ pam_sm_close_session(pam_handle_t *pamh, int /*flags*/, int /*argc*/, const char COMMON_API PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) { - if(argc==0) { + if (argc == 0) { pam_syslog(pamh, LOG_ERR, "key-manager plugin called with inappropriate arguments\n"); return PAM_SERVICE_ERR; } @@ -127,25 +124,21 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) // identify user uid_t uid = -1; std::string passwd; - if(identify_user_pwd(pamh, uid, passwd)) + if (identify_user_pwd(pamh, uid, passwd)) return PAM_USER_UNKNOWN; // attention: argv[0] is the argument, not the binary/so name // args are in arg_name=value format - if(strstr(argv[0], "change_step")) - { - if(strstr(argv[0], "before")) - { - if( ! (flags & PAM_PRELIM_CHECK)) + if (strstr(argv[0], "change_step")) { + if (strstr(argv[0], "before")) { + if (!(flags & PAM_PRELIM_CHECK)) old_password = passwd; return PAM_SUCCESS; - } - else if(strstr(argv[0], "after")) - { - if(flags & PAM_PRELIM_CHECK) + } else if (strstr(argv[0], "after")) { + if (flags & PAM_PRELIM_CHECK) return PAM_SUCCESS; - if(old_password.size() == 0) { + if (old_password.size() == 0) { pam_syslog(pamh, LOG_ERR, "attempt to change key-manager password w/o old password\n"); return PAM_SERVICE_ERR; } -- 2.7.4 From a5576ac8368584441dbbaf98fbaec38dd142fae4 Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Mon, 28 Dec 2015 14:31:32 +0900 Subject: [PATCH 16/16] Add boost license Change-Id: I08f4157f1653afb7afcc17741ca90892831b39fd Signed-off-by: Kyungwook Tak --- LICENSE.BSL-1.0 | 23 +++++++++++++++++++++++ packaging/key-manager.spec | 10 ++++------ 2 files changed, 27 insertions(+), 6 deletions(-) create mode 100644 LICENSE.BSL-1.0 diff --git a/LICENSE.BSL-1.0 b/LICENSE.BSL-1.0 new file mode 100644 index 0000000..36b7cd9 --- /dev/null +++ b/LICENSE.BSL-1.0 @@ -0,0 +1,23 @@ +Boost Software License - Version 1.0 - August 17th, 2003 + +Permission is hereby granted, free of charge, to any person or organization +obtaining a copy of the software and accompanying documentation covered by +this license (the "Software") to use, reproduce, display, distribute, +execute, and transmit the Software, and to prepare derivative works of the +Software, and to permit third-parties to whom the Software is furnished to +do so, all subject to the following: + +The copyright notices in the Software and this entire statement, including +the above license grant, this restriction and the following disclaimer, +must be included in all copies of the Software, in whole or in part, and +all derivative works of the Software, unless such copies or derivative +works are solely in the form of machine-executable object code generated by +a source language processor. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. IN NO EVENT +SHALL THE COPYRIGHT HOLDERS OR ANYONE DISTRIBUTING THE SOFTWARE BE LIABLE +FOR ANY DAMAGES OR OTHER LIABILITY, WHETHER IN CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. diff --git a/packaging/key-manager.spec b/packaging/key-manager.spec index 5172a8e..fe34919 100644 --- a/packaging/key-manager.spec +++ b/packaging/key-manager.spec @@ -3,7 +3,7 @@ Summary: Central Key Manager and utilities Version: 0.1.18 Release: 1 Group: System/Security -License: Apache-2.0 +License: Apache-2.0 and BSL-1.0 Source0: %{name}-%{version}.tar.gz Source1001: key-manager.manifest Source1002: key-manager-pam-plugin.manifest @@ -127,9 +127,6 @@ make %{?jobs:-j%jobs} %install rm -rf %{buildroot} -mkdir -p %{buildroot}/usr/share/license -cp LICENSE %{buildroot}/usr/share/license/%{name} -cp LICENSE %{buildroot}/usr/share/license/libkey-manager-client mkdir -p %{buildroot}/opt/data/ckm/initial_values mkdir -p %{buildroot}/etc/security/ mkdir -p %{buildroot}/usr/share/ckm/scripts @@ -223,6 +220,8 @@ fi %files -n key-manager %manifest key-manager.manifest +%license LICENSE +%license LICENSE.BSL-1.0 %{_bindir}/key-manager %{_unitdir}/multi-user.target.wants/central-key-manager.service %{_unitdir}/central-key-manager.service @@ -235,7 +234,6 @@ fi %{_unitdir}/central-key-manager-api-ocsp.socket %{_unitdir}/sockets.target.wants/central-key-manager-api-encryption.socket %{_unitdir}/central-key-manager-api-encryption.socket -%{_datadir}/license/%{name} %{_datadir}/ckm/initial_values.xsd %{_datadir}/ckm/sw_key.xsd /opt/data/ckm/initial_values/ @@ -260,9 +258,9 @@ fi %files -n libkey-manager-client %manifest libkey-manager-client.manifest +%license LICENSE %{_libdir}/libkey-manager-client.so.* %{_libdir}/libkey-manager-control-client.so.* -%{_datadir}/license/libkey-manager-client %files -n libkey-manager-client-devel %{_libdir}/libkey-manager-client.so -- 2.7.4