From: Krzysztof Jackiewicz Date: Thu, 28 May 2015 07:11:22 +0000 (+0200) Subject: Implement encryption/decryption API X-Git-Tag: accepted/tizen/mobile/20150629.000431~9 X-Git-Url: http://review.tizen.org/git/?p=platform%2Fcore%2Fsecurity%2Fkey-manager.git;a=commitdiff_plain;h=7289ddcc83cdef17134c918dd1d22c2dc5ce759c Implement encryption/decryption API [Feature] Implementation of encryption/decryption service. [Solution] API implemented [Verification] Run ckm-tests --group=CKM_ENCRYPTION_DECRYPTION (TED_0040_encrypt_no_output_buffer passes, all other tests fail with CKMC_ERROR_SOCKET) Change-Id: Ib0ce85f031e92660713ae4f320a4fd3981a43ffc --- diff --git a/src/include/ckm/ckm-manager.h b/src/include/ckm/ckm-manager.h index a4ad4e1..6cb7ec3 100644 --- a/src/include/ckm/ckm-manager.h +++ b/src/include/ckm/ckm-manager.h @@ -132,6 +132,17 @@ public: virtual int setPermission(const Alias &alias, const Label &accessor, PermissionMask permissionMask) = 0; + virtual int encrypt(const CryptoAlgorithm &algo, + const Alias &keyAlias, + const Password &password, + const RawBuffer& plain, + RawBuffer& encrypted) = 0; + + virtual int decrypt(const CryptoAlgorithm &algo, + const Alias &keyAlias, + const Password &password, + const RawBuffer& encrypted, + RawBuffer& decrypted) = 0; static ManagerShPtr create(); // static ManagerShPtr getManager(int uid); // TODO diff --git a/src/manager/client-capi/ckmc-manager.cpp b/src/manager/client-capi/ckmc-manager.cpp index 7a4c8f1..d9ab8d1 100644 --- a/src/manager/client-capi/ckmc-manager.cpp +++ b/src/manager/client-capi/ckmc-manager.cpp @@ -117,6 +117,43 @@ ckmc_cert_list_s *_toNewCkmCertList(const CKM::CertificateShPtrVector &certVecto return start; } +typedef int (CKM::Manager::*cryptoFn)(const CKM::CryptoAlgorithm &algo, + const CKM::Alias &keyAlias, + const CKM::Password &password, + const CKM::RawBuffer& plain, + CKM::RawBuffer& encrypted); + +int _cryptoOperation(cryptoFn operation, + const ckmc_param_list_s *params, + const char *key_alias, + const char *password, + const ckmc_raw_buffer_s in, + ckmc_raw_buffer_s **ppout) +{ + if(!params || !key_alias || !ppout) + return CKMC_ERROR_INVALID_PARAMETER; + + // params + const CKM::CryptoAlgorithm* ca = reinterpret_cast(params); + + // password + CKM::Password pass; + if (password) + pass = password; + + // buffers + CKM::RawBuffer inBuffer(in.data, in.data + in.size); + CKM::RawBuffer outBuffer; + + // operation + CKM::ManagerShPtr mgr = CKM::Manager::create(); + int ret = ((*mgr).*operation)(*ca, key_alias, pass, inBuffer, outBuffer); + if (ret != CKM_API_SUCCESS) + return to_ckmc_error(ret); + + return ckmc_buffer_new(outBuffer.data(), outBuffer.size(), ppout); +} + } @@ -818,23 +855,31 @@ int ckmc_remove_alias(const char *alias) } KEY_MANAGER_CAPI -int ckmc_encrypt_data(const ckmc_param_list_s */*params*/, - const char */*key_alias*/, - const char */*password*/, - const ckmc_raw_buffer_s /*decrypted*/, - ckmc_raw_buffer_s **/*ppencrypted*/) +int ckmc_encrypt_data(const ckmc_param_list_s *params, + const char *key_alias, + const char *password, + const ckmc_raw_buffer_s decrypted, + ckmc_raw_buffer_s **ppencrypted) { - // TODO implement it - return CKMC_ERROR_UNKNOWN; + return _cryptoOperation(&CKM::Manager::encrypt, + params, + key_alias, + password, + decrypted, + ppencrypted); } KEY_MANAGER_CAPI -int ckmc_decrypt_data(const ckmc_param_list_s */*params*/, - const char */*key_alias*/, - const char */*password*/, - const ckmc_raw_buffer_s /* encrypted*/, - ckmc_raw_buffer_s **/*ppdecrypted*/) -{ - // TODO implement it - return CKMC_ERROR_UNKNOWN; +int ckmc_decrypt_data(const ckmc_param_list_s *params, + const char *key_alias, + const char *password, + const ckmc_raw_buffer_s encrypted, + ckmc_raw_buffer_s **ppdecrypted) +{ + return _cryptoOperation(&CKM::Manager::decrypt, + params, + key_alias, + password, + encrypted, + ppdecrypted); } diff --git a/src/manager/client/client-manager-impl.cpp b/src/manager/client/client-manager-impl.cpp index b27e180..9316cd8 100644 --- a/src/manager/client/client-manager-impl.cpp +++ b/src/manager/client/client-manager-impl.cpp @@ -86,7 +86,10 @@ int getCertChain( } // namespace anonymous ManagerImpl::ManagerImpl() - : m_counter(0), m_storageConnection(SERVICE_SOCKET_CKM_STORAGE), m_ocspConnection(SERVICE_SOCKET_OCSP) + : m_counter(0), + m_storageConnection(SERVICE_SOCKET_CKM_STORAGE), + m_ocspConnection(SERVICE_SOCKET_OCSP), + m_encryptionConnection(SERVICE_SOCKET_ENCRYPTION) { initCryptoLib(); } @@ -717,6 +720,78 @@ int ManagerImpl::setPermission(const Alias &alias, }); } +int ManagerImpl::encrypt(const CryptoAlgorithm &algo, + const Alias &keyAlias, + const Password &password, + const RawBuffer& plain, + RawBuffer& encrypted) +{ + int my_counter = ++m_counter; + + return try_catch([&] { + MessageBuffer recv; + AliasSupport helper(keyAlias); + CryptoAlgorithmSerializable cas(algo); + auto send = MessageBuffer::Serialize(static_cast(EncryptionCommand::ENCRYPT), + my_counter, + cas, + helper.getName(), + helper.getLabel(), + password, + plain); + + int retCode = m_encryptionConnection.processRequest(send.Pop(), recv); + if (CKM_API_SUCCESS != retCode) + return retCode; + + int command; + int counter; + recv.Deserialize(command, counter, encrypted); + + if (my_counter != counter) { + return CKM_API_ERROR_UNKNOWN; + } + + return retCode; + }); +} + +int ManagerImpl::decrypt(const CryptoAlgorithm &algo, + const Alias &keyAlias, + const Password &password, + const RawBuffer& encrypted, + RawBuffer& decrypted) +{ + int my_counter = ++m_counter; + + return try_catch([&] { + MessageBuffer recv; + AliasSupport helper(keyAlias); + CryptoAlgorithmSerializable cas(algo); + auto send = MessageBuffer::Serialize(static_cast(EncryptionCommand::DECRYPT), + my_counter, + cas, + helper.getName(), + helper.getLabel(), + password, + encrypted); + + int retCode = m_encryptionConnection.processRequest(send.Pop(), recv); + if (CKM_API_SUCCESS != retCode) + return retCode; + + int command; + int counter; + recv.Deserialize(command, counter, decrypted); + + if (my_counter != counter) { + return CKM_API_ERROR_UNKNOWN; + } + + return retCode; + }); +} + ManagerShPtr Manager::create() { try { return std::make_shared(); diff --git a/src/manager/client/client-manager-impl.h b/src/manager/client/client-manager-impl.h index 0fdb21a..e93b89c 100644 --- a/src/manager/client/client-manager-impl.h +++ b/src/manager/client/client-manager-impl.h @@ -110,6 +110,18 @@ public: int setPermission(const Alias &alias, const Label &accessor, PermissionMask permissionMask); + int encrypt(const CryptoAlgorithm &algo, + const Alias &keyAlias, + const Password &password, + const RawBuffer& plain, + RawBuffer& encrypted); + + int decrypt(const CryptoAlgorithm &algo, + const Alias &keyAlias, + const Password &password, + const RawBuffer& encrypted, + RawBuffer& decrypted); + protected: int saveBinaryData( const Alias &alias, @@ -139,6 +151,7 @@ protected: int m_counter; CKM::ServiceConnection m_storageConnection; CKM::ServiceConnection m_ocspConnection; + CKM::ServiceConnection m_encryptionConnection; }; } // namespace CKM diff --git a/src/manager/common/protocols.cpp b/src/manager/common/protocols.cpp index 6355717..2a5e6dd 100644 --- a/src/manager/common/protocols.cpp +++ b/src/manager/common/protocols.cpp @@ -33,6 +33,7 @@ char const * const SERVICE_SOCKET_ECHO = "/tmp/.central-key-manager-echo.sock"; char const * const SERVICE_SOCKET_CKM_CONTROL = "/tmp/.central-key-manager-api-control.sock"; char const * const SERVICE_SOCKET_CKM_STORAGE = "/tmp/.central-key-manager-api-storage.sock"; char const * const SERVICE_SOCKET_OCSP = "/tmp/.central-key-manager-api-ocsp.sock"; +char const * const SERVICE_SOCKET_ENCRYPTION = "/tmp/.central-key-manager-api-encryption.sock"; char const * const LABEL_NAME_SEPARATOR = " "; char const * const LABEL_SYSTEM_DB = "/"; diff --git a/src/manager/common/protocols.h b/src/manager/common/protocols.h index 43f52be..8d7d817 100644 --- a/src/manager/common/protocols.h +++ b/src/manager/common/protocols.h @@ -39,6 +39,7 @@ COMMON_API extern char const * const SERVICE_SOCKET_ECHO; COMMON_API extern char const * const SERVICE_SOCKET_CKM_CONTROL; COMMON_API extern char const * const SERVICE_SOCKET_CKM_STORAGE; COMMON_API extern char const * const SERVICE_SOCKET_OCSP; +COMMON_API extern char const * const SERVICE_SOCKET_ENCRYPTION; enum class ControlCommand : int { UNLOCK_USER_KEY, @@ -70,6 +71,11 @@ enum class LogicCommand : int { // for backward compatibility append new at the end }; +enum class EncryptionCommand : int { + ENCRYPT, + DECRYPT +}; + // (client side) Alias = (service side) Label::Name COMMON_API extern char const * const LABEL_NAME_SEPARATOR; COMMON_API extern char const * const LABEL_SYSTEM_DB;