From f323b4d1e97670aae8380563ef8e539dd76337bc Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Wed, 17 Jun 2015 14:19:50 +0200 Subject: [PATCH] Implement key retrieval in encryption service [Feature] Encryption/decryption service implementation [Solution] Encryption service sends a key request, CKM service retrieves the key and returns it to Encryption service. [Verification] Run ckm-tests --group=CKM_ENCRYPTION_DECRYPTION and observe journalctl -f. TED_0010_encrypt_invalid_param_list should print: "Attempt to retrieve key failed with error: -15" (5 times) other failing tests should print: "Encryption/decryption not yet supported" Change-Id: I56dc8a08ba211e996295f962da12193027c1a78c --- src/manager/service/ckm-logic.cpp | 28 ++++++++++++++++++++++++++++ src/manager/service/ckm-logic.h | 7 +++++++ src/manager/service/ckm-service.cpp | 23 +++++++++++++++++++++++ src/manager/service/ckm-service.h | 9 +++++++-- src/manager/service/encryption-logic.cpp | 29 ++++++++++++++++++++++++++++- src/manager/service/encryption-logic.h | 1 + src/manager/service/encryption-service.cpp | 20 +++++++++++++++----- src/manager/service/encryption-service.h | 13 ++++++++----- src/manager/service/iencryption-service.h | 4 +--- 9 files changed, 118 insertions(+), 16 deletions(-) diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp index 7ec4213..35e9613 100644 --- a/src/manager/service/ckm-logic.cpp +++ b/src/manager/service/ckm-logic.cpp @@ -503,6 +503,34 @@ int CKMLogic::verifyAndSaveDataHelper( return retCode; } +int CKMLogic::getKeyForService( + const Credentials &cred, + const Name &name, + const Label &label, + const Password &pass, + Crypto::GKeyShPtr &key) +{ + DB::Row row; + try { + // Key is for internal service use. It won't be exported to the client + int retCode = readDataHelper(false, cred, DataType::DB_KEY_FIRST, name, label, pass, row); + if (retCode == CKM_API_SUCCESS) + key = m_decider.getStore(row).getKey(row); + return retCode; + } catch (const KeyProvider::Exception::Base &e) { + LogError("KeyProvider failed with error: " << e.GetMessage()); + return CKM_API_ERROR_SERVER_ERROR; + } catch (const DB::Crypto::Exception::Base &e) { + LogError("DB::Crypto failed with message: " << e.GetMessage()); + return CKM_API_ERROR_DB_ERROR; + } catch (const Exc::Exception &e) { + return e.error(); + } catch (const CKM::Exception &e) { + LogError("CKM::Exception: " << e.GetMessage()); + return CKM_API_ERROR_SERVER_ERROR; + } +} + RawBuffer CKMLogic::saveData( const Credentials &cred, int commandId, diff --git a/src/manager/service/ckm-logic.h b/src/manager/service/ckm-logic.h index afc90be..b6dc1eb 100644 --- a/src/manager/service/ckm-logic.h +++ b/src/manager/service/ckm-logic.h @@ -35,6 +35,7 @@ #include #include #include +#include #include @@ -201,6 +202,12 @@ public: DataType dataType, const PolicySerializable &policy); + int getKeyForService(const Credentials &cred, + const Name &name, + const Label &label, + const Password& pass, + Crypto::GKeyShPtr& key); + private: // select private/system database depending on asking uid and owner label. diff --git a/src/manager/service/ckm-service.cpp b/src/manager/service/ckm-service.cpp index 644e1c4..0631ddd 100644 --- a/src/manager/service/ckm-service.cpp +++ b/src/manager/service/ckm-service.cpp @@ -59,6 +59,12 @@ GenericSocketService::ServiceDescriptionVector CKMService::GetServiceDescription }; } +void CKMService::SetCommManager(CommMgr *manager) +{ + ThreadService::SetCommManager(manager); + Register(*manager); +} + bool CKMService::ProcessOne( const ConnectionID &conn, ConnectionInfo &info) @@ -378,5 +384,22 @@ RawBuffer CKMService::ProcessStorage(Credentials &cred, MessageBuffer &buffer) } } +void CKMService::ProcessMessage(MsgKeyRequest msg) +{ + Crypto::GKeyShPtr key; + int ret = m_logic->getKeyForService(msg.cred, + msg.name, + msg.label, + msg.password, + key); + MsgKeyResponse kResp(msg.id, key, ret); + try { + if (!m_commMgr->SendMessage(kResp)) + LogError("No listener found"); // can't do much more + } catch (...) { + LogError("Uncaught exception in SendMessage. Check listeners."); + } +} + } // namespace CKM diff --git a/src/manager/service/ckm-service.h b/src/manager/service/ckm-service.h index b8b6c55..5bc7230 100644 --- a/src/manager/service/ckm-service.h +++ b/src/manager/service/ckm-service.h @@ -21,7 +21,8 @@ */ #pragma once -#include +#include +#include #include #include @@ -29,7 +30,7 @@ namespace CKM { class CKMLogic; -class CKMService : public CKM::ThreadService +class CKMService : public ThreadMessageService { public: CKMService(); @@ -46,6 +47,8 @@ public: ServiceDescriptionVector GetServiceDescription(); private: + virtual void SetCommManager(CommMgr *manager); + class Exception { public: DECLARE_EXCEPTION_TYPE(CKM::Exception, Base) @@ -63,6 +66,8 @@ private: Credentials &cred, MessageBuffer &buffer); + virtual void ProcessMessage(MsgKeyRequest msg); + CKMLogic *m_logic; }; diff --git a/src/manager/service/encryption-logic.cpp b/src/manager/service/encryption-logic.cpp index 5baac5b..2fd733c 100644 --- a/src/manager/service/encryption-logic.cpp +++ b/src/manager/service/encryption-logic.cpp @@ -44,7 +44,7 @@ void EncryptionLogic::Crypt(const CryptoRequest& request) // request key try { - m_service.RequestKey(request.cred, request.name, request.label); + m_service.RequestKey(request); } catch (...) { LogError("Key request failed"); m_requests.erase(request.msgId); @@ -52,4 +52,31 @@ void EncryptionLogic::Crypt(const CryptoRequest& request) } } +void EncryptionLogic::KeyRetrieved(MsgKeyResponse response) +{ + auto it = m_requests.find(response.id); + if (it == m_requests.end()) { + LogError("No matching request found"); // nothing we can do + return; + } + CryptoRequest req = std::move(it->second); + m_requests.erase(it); + + if (response.error != CKM_API_SUCCESS) { + LogError("Attempt to retrieve key failed with error: " << response.error); + m_service.RespondToClient(req, response.error); + return; + } + + if (!response.key) { + LogError("Retrieved key is empty"); + m_service.RespondToClient(req, CKM_API_ERROR_SERVER_ERROR); + return; + } + + // TODO encrypt/decrypt + LogError("Encryption/decryption not yet supported"); + m_service.RespondToClient(req, CKM_API_ERROR_SERVER_ERROR); +} + } /* namespace CKM */ diff --git a/src/manager/service/encryption-logic.h b/src/manager/service/encryption-logic.h index 21876f6..8f941dd 100644 --- a/src/manager/service/encryption-logic.h +++ b/src/manager/service/encryption-logic.h @@ -37,6 +37,7 @@ public: virtual ~EncryptionLogic() {} void Crypt(const CryptoRequest& request); + void KeyRetrieved(MsgKeyResponse response); private: IEncryptionService& m_service; diff --git a/src/manager/service/encryption-service.cpp b/src/manager/service/encryption-service.cpp index 47faf39..f08dbfa 100644 --- a/src/manager/service/encryption-service.cpp +++ b/src/manager/service/encryption-service.cpp @@ -54,12 +54,11 @@ void EncryptionService::RespondToClient(const CryptoRequest& request, } } -void EncryptionService::RequestKey(const Credentials& /*cred*/, - const Alias& /*alias*/, - const Label& /*label*/) +void EncryptionService::RequestKey(const CryptoRequest& request) { - // This will be replaced in next commit - throw std::runtime_error("Not supported"); + MsgKeyRequest kReq(request.msgId, request.cred, request.name, request.label, request.password); + if (!m_commMgr->SendMessage(kReq)) + throw std::runtime_error("No listener found"); // TODO } GenericSocketService::ServiceDescriptionVector EncryptionService::GetServiceDescription() @@ -77,6 +76,12 @@ void EncryptionService::Stop() { Join(); } +void EncryptionService::SetCommManager(CommMgr *manager) +{ + ThreadService::SetCommManager(manager); + Register(*manager); +} + bool EncryptionService::ProcessOne( const ConnectionID &conn, ConnectionInfo &info) @@ -100,6 +105,11 @@ bool EncryptionService::ProcessOne( return false; } +void EncryptionService::ProcessMessage(MsgKeyResponse msg) +{ + m_logic.KeyRetrieved(std::move(msg)); +} + void EncryptionService::ProcessEncryption(const ConnectionID &conn, const Credentials &cred, MessageBuffer &buffer) diff --git a/src/manager/service/encryption-service.h b/src/manager/service/encryption-service.h index 70146a1..73140b7 100644 --- a/src/manager/service/encryption-service.h +++ b/src/manager/service/encryption-service.h @@ -21,14 +21,15 @@ #pragma once -#include +#include #include #include #include +#include namespace CKM { -class EncryptionService : public ThreadService, public IEncryptionService +class EncryptionService : public ThreadMessageService, public IEncryptionService { public: EncryptionService(); @@ -40,8 +41,12 @@ public: void Start(); void Stop(); + private: + virtual void SetCommManager(CommMgr *manager); + bool ProcessOne(const ConnectionID &conn, ConnectionInfo &info); + void ProcessMessage(MsgKeyResponse msg); void ProcessEncryption(const ConnectionID &conn, const Credentials &cred, MessageBuffer &buffer); @@ -50,9 +55,7 @@ private: virtual void RespondToClient(const CryptoRequest& request, int retCode, const RawBuffer& data = RawBuffer()); - virtual void RequestKey(const Credentials& cred, - const Alias& alias, - const Label& label); + virtual void RequestKey(const CryptoRequest& request); EncryptionLogic m_logic; }; diff --git a/src/manager/service/iencryption-service.h b/src/manager/service/iencryption-service.h index 8e1ff5f..2c1d906 100644 --- a/src/manager/service/iencryption-service.h +++ b/src/manager/service/iencryption-service.h @@ -34,9 +34,7 @@ public: virtual void RespondToClient(const CryptoRequest& request, int retCode, const RawBuffer& data = RawBuffer()) = 0; - virtual void RequestKey(const Credentials& cred, - const Alias& alias, - const Label& label) = 0; + virtual void RequestKey(const CryptoRequest& request) = 0; }; } // namespace CKM -- 2.7.4