From f04aff1fb8e32c1362795ca33940f695c3177769 Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Mon, 14 Sep 2015 15:05:44 +0200 Subject: [PATCH] Add support for binary data to GStore [Problem] Binary data can be imported into store but can't be retrieved from it. [Solution] Introduce another intermediate class in GKey hierarhy to support binary data. [Verification] Run tests Change-Id: I45bf5d0a81188f13b0925e982243fdf37b569529 --- src/CMakeLists.txt | 4 +-- src/manager/crypto/generic-backend/exception.h | 2 +- .../crypto/generic-backend/{gkey.h => gobj.h} | 12 ++++---- src/manager/crypto/generic-backend/gstore.h | 4 +-- src/manager/crypto/sw-backend/internals.h | 2 +- src/manager/crypto/sw-backend/{key.cpp => obj.cpp} | 20 ++++++-------- src/manager/crypto/sw-backend/{key.h => obj.h} | 32 ++++++++++++---------- src/manager/crypto/sw-backend/store.cpp | 10 +++++-- src/manager/crypto/sw-backend/store.h | 4 +-- src/manager/crypto/tz-backend/{key.cpp => obj.cpp} | 2 +- src/manager/crypto/tz-backend/{key.h => obj.h} | 8 +++--- src/manager/crypto/tz-backend/store.cpp | 4 +-- src/manager/crypto/tz-backend/store.h | 4 +-- src/manager/main/service-messages.h | 6 ++-- src/manager/service/ckm-logic.cpp | 8 +++--- src/manager/service/ckm-logic.h | 4 +-- src/manager/service/ckm-service.cpp | 2 +- src/manager/service/iencryption-service.h | 2 +- tools/ckm_db_tool/CMakeLists.txt | 2 +- 19 files changed, 67 insertions(+), 65 deletions(-) rename src/manager/crypto/generic-backend/{gkey.h => gobj.h} (91%) rename src/manager/crypto/sw-backend/{key.cpp => obj.cpp} (92%) rename src/manager/crypto/sw-backend/{key.h => obj.h} (82%) rename src/manager/crypto/tz-backend/{key.cpp => obj.cpp} (97%) rename src/manager/crypto/tz-backend/{key.h => obj.h} (89%) diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index affdc96..131e6d4 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -66,11 +66,11 @@ SET(KEY_MANAGER_SOURCES ${KEY_MANAGER_PATH}/dpl/db/src/sql_connection.cpp ${KEY_MANAGER_PATH}/dpl/db/src/naive_synchronization_object.cpp ${KEY_MANAGER_PATH}/sqlcipher/sqlcipher.c - ${KEY_MANAGER_PATH}/crypto/sw-backend/key.cpp + ${KEY_MANAGER_PATH}/crypto/sw-backend/obj.cpp ${KEY_MANAGER_PATH}/crypto/sw-backend/internals.cpp ${KEY_MANAGER_PATH}/crypto/sw-backend/store.cpp ${KEY_MANAGER_PATH}/crypto/platform/decider.cpp - ${KEY_MANAGER_PATH}/crypto/tz-backend/key.cpp + ${KEY_MANAGER_PATH}/crypto/tz-backend/obj.cpp ${KEY_MANAGER_PATH}/crypto/tz-backend/store.cpp ${SECURITY_MANAGER_WRAPPER_PATH} ${CYNARA_WRAPPER_PATH} diff --git a/src/manager/crypto/generic-backend/exception.h b/src/manager/crypto/generic-backend/exception.h index 18e5b70..cdd4415 100644 --- a/src/manager/crypto/generic-backend/exception.h +++ b/src/manager/crypto/generic-backend/exception.h @@ -28,7 +28,7 @@ namespace Crypto { typedef CKM::Exc::InputParam InputParam; typedef CKM::Exc::InternalError InternalError; -typedef CKM::Exc::InternalError KeyNotSupported; +typedef CKM::Exc::InternalError DataTypeNotSupported; typedef CKM::Exc::InternalError OperationNotSupported; typedef CKM::Exc::InternalError WrongBackend; diff --git a/src/manager/crypto/generic-backend/gkey.h b/src/manager/crypto/generic-backend/gobj.h similarity index 91% rename from src/manager/crypto/generic-backend/gkey.h rename to src/manager/crypto/generic-backend/gobj.h index b06926d..0857a0e 100644 --- a/src/manager/crypto/generic-backend/gkey.h +++ b/src/manager/crypto/generic-backend/gobj.h @@ -14,7 +14,7 @@ * limitations under the License */ /* - * @file gkey.h + * @file gobj.h * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com) * @version 1.0 */ @@ -29,9 +29,9 @@ namespace CKM { namespace Crypto { -class GKey { +class GObj { protected: - GKey(){} + GObj(){} public: virtual RawBuffer getBinary() const { ThrowErr(Exc::Crypto::OperationNotSupported); @@ -53,11 +53,11 @@ public: ThrowErr(Exc::Crypto::OperationNotSupported); } - virtual ~GKey () {} + virtual ~GObj () {} }; -typedef std::unique_ptr GKeyUPtr; -typedef std::shared_ptr GKeyShPtr; +typedef std::unique_ptr GObjUPtr; +typedef std::shared_ptr GObjShPtr; } // namespace Crypto } // namespace CKM diff --git a/src/manager/crypto/generic-backend/gstore.h b/src/manager/crypto/generic-backend/gstore.h index 2c8aca7..30e177d 100644 --- a/src/manager/crypto/generic-backend/gstore.h +++ b/src/manager/crypto/generic-backend/gstore.h @@ -23,7 +23,7 @@ #include #include -#include +#include #include #include #include @@ -33,7 +33,7 @@ namespace Crypto { class GStore { public: - virtual GKeyUPtr getKey(const Token &) { ThrowErr(Exc::Crypto::OperationNotSupported); } + virtual GObjUPtr getObject(const Token &) { ThrowErr(Exc::Crypto::OperationNotSupported); } virtual TokenPair generateAKey(const CryptoAlgorithm &) { ThrowErr(Exc::Crypto::OperationNotSupported); } virtual Token generateSKey(const CryptoAlgorithm &) { ThrowErr(Exc::Crypto::OperationNotSupported); } virtual Token import(DataType, const RawBuffer &) { ThrowErr(Exc::Crypto::OperationNotSupported); } diff --git a/src/manager/crypto/sw-backend/internals.h b/src/manager/crypto/sw-backend/internals.h index c71d106..3b54394 100644 --- a/src/manager/crypto/sw-backend/internals.h +++ b/src/manager/crypto/sw-backend/internals.h @@ -25,7 +25,7 @@ #include #include #include -#include +#include #define EVP_SUCCESS 1 // DO NOTCHANGE THIS VALUE #define EVP_FAIL 0 // DO NOTCHANGE THIS VALUE diff --git a/src/manager/crypto/sw-backend/key.cpp b/src/manager/crypto/sw-backend/obj.cpp similarity index 92% rename from src/manager/crypto/sw-backend/key.cpp rename to src/manager/crypto/sw-backend/obj.cpp index b1e57ff..0b602a3 100644 --- a/src/manager/crypto/sw-backend/key.cpp +++ b/src/manager/crypto/sw-backend/obj.cpp @@ -14,7 +14,7 @@ * limitations under the License */ /* - * @file key.cpp + * @file obj.cpp * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com) * @version 1.0 */ @@ -27,7 +27,7 @@ #include #include -#include +#include #include #define EVP_SUCCESS 1 // DO NOTCHANGE THIS VALUE @@ -59,8 +59,8 @@ AlgoType key2algo(DataType type) { typedef std::unique_ptr> BioUniquePtr; -RawBuffer SKey::getBinary() const { - return m_key; +RawBuffer BData::getBinary() const { + return m_raw; } RawBuffer SKey::encrypt(const CryptoAlgorithm &alg, const RawBuffer &data) @@ -81,10 +81,6 @@ RawBuffer AKey::sign( return Internals::sign(getEvpShPtr().get(), algWithType, message); } -RawBuffer AKey::getBinary() const { - return m_key; -} - int AKey::verify(const CryptoAlgorithm &alg, const RawBuffer &message, const RawBuffer &sign) { CryptoAlgorithm algWithType(alg); EVP_PKEY* evp = getEvpShPtr().get(); @@ -129,14 +125,14 @@ EvpShPtr AKey::getEvpShPtr() { if (!pkey) { (void)BIO_reset(bio.get()); - BIO_write(bio.get(), m_key.data(), m_key.size()); + BIO_write(bio.get(), m_raw.data(), m_raw.size()); pkey = d2i_PrivateKey_bio(bio.get(), NULL); LogDebug("Trying d2i_PrivateKey_bio Status: " << (void*)pkey); } if (!pkey) { (void)BIO_reset(bio.get()); - BIO_write(bio.get(), m_key.data(), m_key.size()); + BIO_write(bio.get(), m_raw.data(), m_raw.size()); pkey = d2i_PUBKEY_bio(bio.get(), NULL); LogDebug("Trying d2i_PUBKEY_bio Status: " << (void*)pkey); } @@ -153,8 +149,8 @@ EvpShPtr Cert::getEvpShPtr() { if (m_evp) return m_evp; - int size = static_cast(m_key.size()); - const unsigned char *ptr = reinterpret_cast(m_key.data()); + int size = static_cast(m_raw.size()); + const unsigned char *ptr = reinterpret_cast(m_raw.data()); X509 *x509 = d2i_X509(NULL, &ptr, size); diff --git a/src/manager/crypto/sw-backend/key.h b/src/manager/crypto/sw-backend/obj.h similarity index 82% rename from src/manager/crypto/sw-backend/key.h rename to src/manager/crypto/sw-backend/obj.h index d5b7bfe..c56354f 100644 --- a/src/manager/crypto/sw-backend/key.h +++ b/src/manager/crypto/sw-backend/obj.h @@ -14,7 +14,7 @@ * limitations under the License */ /* - * @file key.h + * @file obj.h * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com) * @version 1.0 */ @@ -23,7 +23,7 @@ #include -#include +#include #include namespace CKM { @@ -33,39 +33,41 @@ namespace SW { typedef std::unique_ptr> ContextUPtr; typedef std::shared_ptr EvpShPtr; -class SKey : public GKey { +class BData : public GObj { public: - SKey(RawBuffer buffer, DataType keyType) - : m_key(std::move(buffer)) + BData(RawBuffer buffer, DataType keyType) + : m_raw(std::move(buffer)) , m_type(keyType) {} virtual RawBuffer getBinary() const; - virtual RawBuffer encrypt(const CryptoAlgorithm &, const RawBuffer &); - virtual RawBuffer decrypt(const CryptoAlgorithm &, const RawBuffer &); protected: - RawBuffer m_key; + RawBuffer m_raw; DataType m_type; }; -class AKey : public GKey { +class SKey : public BData { public: - AKey(RawBuffer buffer, DataType dataType) - : m_key(std::move(buffer)) - , m_type(dataType) + SKey(RawBuffer buffer, DataType keyType) : BData(std::move(buffer), keyType) + {} + + virtual RawBuffer encrypt(const CryptoAlgorithm &, const RawBuffer &); + virtual RawBuffer decrypt(const CryptoAlgorithm &, const RawBuffer &); +}; + +class AKey : public BData { +public: + AKey(RawBuffer buffer, DataType dataType) : BData(std::move(buffer), dataType) {} virtual RawBuffer sign(const CryptoAlgorithm &alg, const RawBuffer &message); virtual int verify(const CryptoAlgorithm &alg, const RawBuffer &message, const RawBuffer &sign); virtual RawBuffer encrypt(const CryptoAlgorithm &, const RawBuffer &); virtual RawBuffer decrypt(const CryptoAlgorithm &, const RawBuffer &); - virtual RawBuffer getBinary() const; virtual ~AKey(){} protected: virtual EvpShPtr getEvpShPtr(); EvpShPtr m_evp; - RawBuffer m_key; - DataType m_type; }; class Cert : public AKey { diff --git a/src/manager/crypto/sw-backend/store.cpp b/src/manager/crypto/sw-backend/store.cpp index 77bcb7a..0c6669a 100644 --- a/src/manager/crypto/sw-backend/store.cpp +++ b/src/manager/crypto/sw-backend/store.cpp @@ -21,7 +21,7 @@ #include #include -#include +#include #include #include @@ -43,7 +43,7 @@ Store::Store(CryptoBackend backendId) { } -GKeyUPtr Store::getKey(const Token &token) { +GObjUPtr Store::getObject(const Token &token) { if (token.backendId != m_backendId) { ThrowErr(Exc::Crypto::WrongBackend, "Decider choose wrong backend!"); } @@ -60,7 +60,11 @@ GKeyUPtr Store::getKey(const Token &token) { return make_unique(token.data, token.dataType); } - ThrowErr(Exc::Crypto::KeyNotSupported, + if (token.dataType.isBinaryData()) { + return make_unique(token.data, token.dataType); + } + + ThrowErr(Exc::Crypto::DataTypeNotSupported, "This type of data is not supported by openssl backend: ", (int)token.dataType); } diff --git a/src/manager/crypto/sw-backend/store.h b/src/manager/crypto/sw-backend/store.h index cb23155..552f5bc 100644 --- a/src/manager/crypto/sw-backend/store.h +++ b/src/manager/crypto/sw-backend/store.h @@ -20,7 +20,7 @@ */ #pragma once -#include +#include #include namespace CKM { @@ -31,7 +31,7 @@ class Store : public GStore { public: explicit Store(CryptoBackend backendId); - virtual GKeyUPtr getKey(const Token &token); + virtual GObjUPtr getObject(const Token &token); virtual TokenPair generateAKey(const CryptoAlgorithm &); virtual Token generateSKey(const CryptoAlgorithm &); virtual Token import(DataType dataType, const RawBuffer &buffer); diff --git a/src/manager/crypto/tz-backend/key.cpp b/src/manager/crypto/tz-backend/obj.cpp similarity index 97% rename from src/manager/crypto/tz-backend/key.cpp rename to src/manager/crypto/tz-backend/obj.cpp index 1ebeec6..b1109b7 100644 --- a/src/manager/crypto/tz-backend/key.cpp +++ b/src/manager/crypto/tz-backend/obj.cpp @@ -14,7 +14,7 @@ * limitations under the License */ /* - * @file key.cpp + * @file obj.cpp * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com) * @version 1.0 */ diff --git a/src/manager/crypto/tz-backend/key.h b/src/manager/crypto/tz-backend/obj.h similarity index 89% rename from src/manager/crypto/tz-backend/key.h rename to src/manager/crypto/tz-backend/obj.h index c911cf8..60e3a61 100644 --- a/src/manager/crypto/tz-backend/key.h +++ b/src/manager/crypto/tz-backend/obj.h @@ -14,26 +14,26 @@ * limitations under the License */ /* - * @file key.h + * @file obj.h * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com) * @version 1.0 */ #pragma once -#include +#include namespace CKM { namespace Crypto { namespace TZ { -class SKey : public GKey { +class SKey : public GObj { public: SKey(){} virtual ~SKey(){} protected: }; -class AKey : public GKey { +class AKey : public GObj { public: AKey(){} virtual ~AKey(){} diff --git a/src/manager/crypto/tz-backend/store.cpp b/src/manager/crypto/tz-backend/store.cpp index 11ac0b0..fe3fae7 100644 --- a/src/manager/crypto/tz-backend/store.cpp +++ b/src/manager/crypto/tz-backend/store.cpp @@ -19,7 +19,7 @@ * @version 1.0 */ #include -#include +#include #include namespace CKM { @@ -30,7 +30,7 @@ Store::Store(CryptoBackend backendId) : GStore(backendId) {} -GKeyUPtr Store::getKey(const Token &) { +GObjUPtr Store::getObject(const Token &) { ThrowErr(Exc::Crypto::OperationNotSupported, "Trust zone backend is not implemented!"); } diff --git a/src/manager/crypto/tz-backend/store.h b/src/manager/crypto/tz-backend/store.h index ee5d24b..be3595c 100644 --- a/src/manager/crypto/tz-backend/store.h +++ b/src/manager/crypto/tz-backend/store.h @@ -20,7 +20,7 @@ */ #pragma once -#include +#include #include namespace CKM { @@ -31,7 +31,7 @@ class Store : public GStore { public: explicit Store(CryptoBackend backendId); - virtual GKeyUPtr getKey(const Token &token); + virtual GObjUPtr getObject(const Token &token); virtual TokenPair generateAKey(const CryptoAlgorithm &); virtual Token import(DataType dataType, const RawBuffer &buffer); virtual void destroy(const Token &){} diff --git a/src/manager/main/service-messages.h b/src/manager/main/service-messages.h index f23711f..26989ee 100644 --- a/src/manager/main/service-messages.h +++ b/src/manager/main/service-messages.h @@ -28,7 +28,7 @@ #include #include #include -#include +#include namespace CKM { @@ -64,12 +64,12 @@ struct MsgKeyRequest : public MsgBase // key response struct MsgKeyResponse : public MsgBase { - MsgKeyResponse(int id, const Crypto::GKeyShPtr& key, int errorCode = CKM_API_SUCCESS) : + MsgKeyResponse(int id, const Crypto::GObjShPtr& key, int errorCode = CKM_API_SUCCESS) : MsgBase(id), key(key), error(errorCode) {} - Crypto::GKeyShPtr key; + Crypto::GObjShPtr key; int error; }; diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp index 217d0cd..728bfc5 100644 --- a/src/manager/service/ckm-logic.cpp +++ b/src/manager/service/ckm-logic.cpp @@ -510,14 +510,14 @@ int CKMLogic::getKeyForService( const Name &name, const Label &label, const Password &pass, - Crypto::GKeyShPtr &key) + Crypto::GObjShPtr &key) { DB::Row row; try { // Key is for internal service use. It won't be exported to the client int retCode = readDataHelper(false, cred, DataType::DB_KEY_FIRST, name, label, pass, row); if (retCode == CKM_API_SUCCESS) - key = m_decider.getStore(row).getKey(row); + key = m_decider.getStore(row).getObject(row); return retCode; } catch (const DB::Crypto::Exception::Base &e) { LogError("DB::Crypto failed with message: " << e.GetMessage()); @@ -1492,7 +1492,7 @@ RawBuffer CKMLogic::createSignature( try { retCode = readDataHelper(false, cred, DataType::DB_KEY_FIRST, privateKeyName, ownerLabel, password, row); if(retCode == CKM_API_SUCCESS) { - signature = m_decider.getStore(row).getKey(row)->sign(cryptoAlg, message); + signature = m_decider.getStore(row).getObject(row)->sign(cryptoAlg, message); } } catch (const DB::Crypto::Exception::Base &e) { LogError("DB::Crypto failed with message: " << e.GetMessage()); @@ -1540,7 +1540,7 @@ RawBuffer CKMLogic::verifySignature( } if (retCode == CKM_API_SUCCESS) { - retCode = m_decider.getStore(row).getKey(row)->verify(params, message, signature); + retCode = m_decider.getStore(row).getObject(row)->verify(params, message, signature); } } catch (const Exc::Exception &e) { retCode = e.error(); diff --git a/src/manager/service/ckm-logic.h b/src/manager/service/ckm-logic.h index 336b346..c07225b 100644 --- a/src/manager/service/ckm-logic.h +++ b/src/manager/service/ckm-logic.h @@ -35,7 +35,7 @@ #include #include #include -#include +#include #include @@ -206,7 +206,7 @@ public: const Name &name, const Label &label, const Password& pass, - Crypto::GKeyShPtr& key); + Crypto::GObjShPtr& key); protected: int unlockSystemDB(); diff --git a/src/manager/service/ckm-service.cpp b/src/manager/service/ckm-service.cpp index 63095bb..6a744bd 100644 --- a/src/manager/service/ckm-service.cpp +++ b/src/manager/service/ckm-service.cpp @@ -396,7 +396,7 @@ RawBuffer CKMService::ProcessStorage(Credentials &cred, MessageBuffer &buffer) void CKMService::ProcessMessage(MsgKeyRequest msg) { - Crypto::GKeyShPtr key; + Crypto::GObjShPtr key; int ret = m_logic->getKeyForService(msg.cred, msg.name, msg.label, diff --git a/src/manager/service/iencryption-service.h b/src/manager/service/iencryption-service.h index 2c1d906..d69800a 100644 --- a/src/manager/service/iencryption-service.h +++ b/src/manager/service/iencryption-service.h @@ -23,7 +23,7 @@ #include #include -#include +#include #include #include diff --git a/tools/ckm_db_tool/CMakeLists.txt b/tools/ckm_db_tool/CMakeLists.txt index a2fd9db..c8fb53c 100644 --- a/tools/ckm_db_tool/CMakeLists.txt +++ b/tools/ckm_db_tool/CMakeLists.txt @@ -64,7 +64,7 @@ SET(CKM_DB_TOOL_SOURCES ${KEY_MANAGER_PATH}/dpl/db/src/sql_connection.cpp ${KEY_MANAGER_PATH}/dpl/db/src/naive_synchronization_object.cpp ${KEY_MANAGER_PATH}/sqlcipher/sqlcipher.c - ${KEY_MANAGER_PATH}/crypto/sw-backend/key.cpp + ${KEY_MANAGER_PATH}/crypto/sw-backend/obj.cpp ${KEY_MANAGER_PATH}/crypto/sw-backend/internals.cpp ${KEY_MANAGER_PATH}/crypto/sw-backend/store.cpp ${KEY_MANAGER_PATH}/crypto/platform/decider.cpp -- 2.7.4