2 * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 * @file crypto-logic.h
17 * @author Sebastian Grabowski (s.grabowski@samsung.com)
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief Crypto module implementation.
25 #include <ckm/ckm-type.h>
26 #include <db-crypto.h>
33 CryptoLogic(const CryptoLogic &second) = delete;
34 CryptoLogic(CryptoLogic &&second);
35 CryptoLogic& operator=(CryptoLogic &&second);
36 CryptoLogic& operator=(const CryptoLogic &second) = delete;
38 virtual ~CryptoLogic(){}
40 void decryptRow(const Password &password, DB::Row &row);
41 void encryptRow(DB::Row &row);
43 static int getSchemeVersion(int encryptionScheme);
45 bool haveKey(const Label &smackLabel);
46 void pushKey(const Label &smackLabel,
47 const RawBuffer &applicationKey);
48 void removeKey(const Label &smackLabel);
50 static const int ENCRYPTION_V1 = 0;
51 static const int ENCRYPTION_V2 = 1;
54 // Encryption scheme flags (enable/disable specific encryption type, multiple choice)
55 static const int ENCR_BASE64 = 1 << 0;
56 static const int ENCR_APPKEY = 1 << 1;
57 static const int ENCR_PASSWORD = 1 << 2;
59 // Encryption order flags (single choice)
60 static const int ENCR_ORDER_CLEAR = 0x00ffffff;
61 static const int ENCR_ORDER_FILTER = ~ENCR_ORDER_CLEAR;
63 * ENCR_ORDER_V1 - v1 encryption order. Token returned from store is encrypted with app key and
64 * optionally by custom user password. Is such form it is stored in db.
66 static const int ENCR_ORDER_V1 = ENCR_ORDER_CLEAR + 0;
68 * ENCR_ORDER_V2 - v2 encryption order. Stored data is optionally encrypted by store with
69 * user password. Returned token is encrypted with app key and stored in db.
71 static const int ENCR_ORDER_V2 = ENCR_ORDER_CLEAR + 1;
73 std::map<Label, RawBuffer> m_keyMap;
75 RawBuffer generateRandIV() const;
76 RawBuffer passwordToKey(const Password &password,
77 const RawBuffer &salt,
78 size_t keySize) const;
80 void decBase64(RawBuffer &data);
81 void encBase64(RawBuffer &data);
82 bool equalDigests(RawBuffer &dig1, RawBuffer &dig2);