diff options
author | Bartlomiej Grzelewski <b.grzelewski@samsung.com> | 2015-05-04 14:31:27 +0200 |
---|---|---|
committer | Bartlomiej Grzelewski <b.grzelewski@samsung.com> | 2015-05-12 16:12:25 +0200 |
commit | ea43f2088832df7a4bdda3714bc595b14d46af2c (patch) | |
tree | 9c0ff7f67f8bd257ce5cb9008679878bd60bd12b | |
parent | d2ce48eb176a1f51a61102f510f67b5ccb957a7c (diff) | |
download | key-manager-ea43f2088832df7a4bdda3714bc595b14d46af2c.tar.gz key-manager-ea43f2088832df7a4bdda3714bc595b14d46af2c.tar.bz2 key-manager-ea43f2088832df7a4bdda3714bc595b14d46af2c.zip |
New class hierarchy (multiple backends support).
Current implemantion my use only one crypto library. The target is to
use at least two libraries at the same time (openssl and trustzone
library for arm devices).
Change-Id: I3563fb1c89f3603a927b8b19f6358b4fc3f5c7cf
18 files changed, 588 insertions, 31 deletions
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index ed6db613..f0420c19 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -29,7 +29,6 @@ SET(KEY_MANAGER_SOURCES ${KEY_MANAGER_PATH}/service/key-provider.cpp ${KEY_MANAGER_PATH}/service/ocsp.cpp ${KEY_MANAGER_PATH}/service/crypto-logic.cpp - ${KEY_MANAGER_PATH}/service/CryptoService.cpp ${KEY_MANAGER_PATH}/service/file-system.cpp ${KEY_MANAGER_PATH}/service/db-crypto.cpp ${KEY_MANAGER_PATH}/service/ocsp-service.cpp @@ -38,6 +37,10 @@ SET(KEY_MANAGER_SOURCES ${KEY_MANAGER_PATH}/dpl/db/src/sql_connection.cpp ${KEY_MANAGER_PATH}/dpl/db/src/naive_synchronization_object.cpp ${KEY_MANAGER_PATH}/sqlcipher/sqlcipher.c + ${KEY_MANAGER_PATH}/crypto/sw-backend/key.cpp + ${KEY_MANAGER_PATH}/crypto/sw-backend/store.cpp + ${KEY_MANAGER_PATH}/crypto/sw-backend/crypto-service.cpp + ${KEY_MANAGER_PATH}/crypto/platform/decider.cpp ) # -fPIE and -pie flag is added for ASLR @@ -59,6 +62,7 @@ INCLUDE_DIRECTORIES( ${KEY_MANAGER_PATH}/dpl/core/include ${KEY_MANAGER_PATH}/dpl/log/include ${KEY_MANAGER_PATH}/dpl/db/include + ${KEY_MANAGER_PATH}/crypto ) ADD_EXECUTABLE(${TARGET_KEY_MANAGER} ${KEY_MANAGER_SOURCES}) diff --git a/src/manager/crypto/generic-backend/exception.h b/src/manager/crypto/generic-backend/exception.h new file mode 100644 index 00000000..647f9e9f --- /dev/null +++ b/src/manager/crypto/generic-backend/exception.h @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file exception.h + * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + */ +#pragma once + +#include <dpl/exception.h> + +namespace CKM { +namespace Crypto { +namespace Exception { + +DECLARE_EXCEPTION_TYPE(CKM::Exception, Base) +DECLARE_EXCEPTION_TYPE(Base, InternalError) +DECLARE_EXCEPTION_TYPE(Base, KeyNotSupported) +DECLARE_EXCEPTION_TYPE(Base, OperationNotSupported) +DECLARE_EXCEPTION_TYPE(Base, WrongBackend) + +} // namespace Exception +} // namespace Crypto +} // namespace CKM + diff --git a/src/manager/crypto/generic-backend/gkey.h b/src/manager/crypto/generic-backend/gkey.h new file mode 100644 index 00000000..5d03c8d1 --- /dev/null +++ b/src/manager/crypto/generic-backend/gkey.h @@ -0,0 +1,63 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file gkey.h + * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + */ +#pragma once +#include <memory> + +#include <ckm/ckm-raw-buffer.h> +#include <ckm/ckm-type.h> + +#include <generic-backend/exception.h> + +namespace CKM { +namespace Crypto { + +class GKey { +protected: + GKey(){} +public: + virtual RawBuffer getBinary() { + Throw(Exception::OperationNotSupported); + } + + virtual RawBuffer encrypt(const CryptoAlgorithm &, const RawBuffer &) { + Throw(Exception::OperationNotSupported); + } + + virtual RawBuffer decrypt(const CryptoAlgorithm &, const RawBuffer &) { + Throw(Exception::OperationNotSupported); + } + + virtual RawBuffer sign(const CryptoAlgorithm &, const RawBuffer &) { + Throw(Exception::OperationNotSupported); + } + + virtual bool verify(const CryptoAlgorithm &, const RawBuffer &, const RawBuffer &) { + Throw(Exception::OperationNotSupported); + } + + virtual ~GKey () {} +}; + +typedef std::shared_ptr<GKey> GKeyShPtr; + +} // namespace Crypto +} // namespace CKM + diff --git a/src/manager/crypto/generic-backend/gstore.h b/src/manager/crypto/generic-backend/gstore.h new file mode 100644 index 00000000..a3c76fdb --- /dev/null +++ b/src/manager/crypto/generic-backend/gstore.h @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file gstore.h + * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + */ +#pragma once + +#include <memory> + +#include <generic-backend/exception.h> +#include <generic-backend/gkey.h> +#include <generic-backend/id.h> +#include <generic-backend/token.h> +#include <ckm/ckm-type.h> + +namespace CKM { +namespace Crypto { + +class GStore { +protected: + GStore(){} +public: + virtual Id getBackendId() const { Throw(Exception::OperationNotSupported); } + virtual GKeyShPtr getKey(const Token &) { Throw(Exception::OperationNotSupported); } + virtual TokenPair generateAKey(const CryptoAlgorithm &) { Throw(Exception::OperationNotSupported); } + virtual Token generateSKey(const CryptoAlgorithm &) { Throw(Exception::OperationNotSupported); } + virtual Token import(KeyType, const RawBuffer &) { Throw(Exception::OperationNotSupported); } + virtual void destroy(const Token &) { Throw(Exception::OperationNotSupported); } + virtual ~GStore() {} +}; + +typedef std::shared_ptr<GStore> GStoreShPtr; + +} // namespace Crypto +} // namespace CKM + diff --git a/src/manager/crypto/generic-backend/id.h b/src/manager/crypto/generic-backend/id.h new file mode 100644 index 00000000..4086d577 --- /dev/null +++ b/src/manager/crypto/generic-backend/id.h @@ -0,0 +1,33 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file id.h + * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + */ +#pragma once + +namespace CKM { +namespace Crypto { + +enum class Id { + OpenSSL = 0, + TrustZone = 1 +}; + +} // namespace Crypto +} // namespace CKM + diff --git a/src/manager/crypto/generic-backend/token.h b/src/manager/crypto/generic-backend/token.h new file mode 100644 index 00000000..a91dfdbb --- /dev/null +++ b/src/manager/crypto/generic-backend/token.h @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file gstore.h + * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + */ +#pragma once + +#include <utility> + +#include <ckm/ckm-raw-buffer.h> +#include <ckm/ckm-type.h> + +#include <generic-backend/id.h> + +namespace CKM { +namespace Crypto { + +struct Token { + RawBuffer buffer; + Id backendId; + KeyType keyType; +}; + +typedef std::pair<Token,Token> TokenPair; + +} // namespace Crypto +} // namespace CKM + diff --git a/src/manager/crypto/platform/decider.cpp b/src/manager/crypto/platform/decider.cpp new file mode 100644 index 00000000..995a6e72 --- /dev/null +++ b/src/manager/crypto/platform/decider.cpp @@ -0,0 +1,19 @@ +#include <platform/decider.h> + +#include <sw-backend/store.h> + +namespace CKM { +namespace Crypto { + +Decider::Decider() + : m_store(new SW::Store) +{} + +GStoreShPtr Decider::getStore(const Token &) { + // This the place where we should choose backend bases on token information. + return m_store; +}; + +} // namespace Crypto +} // namespace CKM + diff --git a/src/manager/crypto/platform/decider.h b/src/manager/crypto/platform/decider.h new file mode 100644 index 00000000..535722a0 --- /dev/null +++ b/src/manager/crypto/platform/decider.h @@ -0,0 +1,22 @@ +#pragma once + +#include <memory> + +#include <generic-backend/gstore.h> +#include <generic-backend/token.h> + +namespace CKM { +namespace Crypto { + +class Decider { +public: + Decider(); + GStoreShPtr getStore(const Token &token); + virtual ~Decider(){} +private: + GStoreShPtr m_store; +}; + +} // Crypto +} // CKM + diff --git a/src/manager/service/CryptoService.cpp b/src/manager/crypto/sw-backend/crypto-service.cpp index c57c840c..c98b52f3 100644 --- a/src/manager/service/CryptoService.cpp +++ b/src/manager/crypto/sw-backend/crypto-service.cpp @@ -21,7 +21,7 @@ #include <ckm/ckm-error.h> #include <ckm/ckm-type.h> #include <key-impl.h> -#include <CryptoService.h> +#include <sw-backend/crypto-service.h> #include <assert.h> #include <dpl/log/log.h> @@ -29,6 +29,8 @@ #define OPENSSL_FAIL 0 // DO NOTCHANGE THIS VALUE namespace CKM { +namespace Crypto { +namespace SW { CryptoService::CryptoService(){ } @@ -721,4 +723,7 @@ int CryptoService::digestVerifyMessage(EVP_PKEY *pubKey, return ret; } -} + +} // namespace SW +} // namespace Crypto +} // namespace CKM diff --git a/src/manager/service/CryptoService.h b/src/manager/crypto/sw-backend/crypto-service.h index 6828ddb6..f98764d0 100644 --- a/src/manager/service/CryptoService.h +++ b/src/manager/crypto/sw-backend/crypto-service.h @@ -29,6 +29,8 @@ #define NOT_DEFINED -1 namespace CKM { +namespace Crypto { +namespace SW { // typedef std::vector<unsigned char> RawData; this must be defined in common header. // This is internal api so all functions should throw exception on errors. @@ -99,6 +101,8 @@ private: const EVP_MD *md_algo, const int rsa_padding); }; -} +} // namespace SW +} // namespace Crypto +} // namespace CKM diff --git a/src/manager/service/crypto.h b/src/manager/crypto/sw-backend/crypto.h index a7f7519e..cd05da51 100644 --- a/src/manager/service/crypto.h +++ b/src/manager/crypto/sw-backend/crypto.h @@ -20,28 +20,21 @@ */ #pragma once -#include <dpl/log/log.h> +#include <vector> #include <openssl/evp.h> -#include <vector> -#include <dpl/exception.h> +#include <dpl/log/log.h> #include <dpl/raw-buffer.h> +#include <generic-backend/exception.h> + // TODO move it to static const int #define AES_GCM_TAG_SIZE 16 namespace CKM { - namespace Crypto { - -class Exception -{ -public: - DECLARE_EXCEPTION_TYPE(CKM::Exception, Base) - DECLARE_EXCEPTION_TYPE(Base, InternalError) -}; - +namespace SW { namespace Cipher { template<class T> @@ -140,6 +133,7 @@ DEFINE_CIPHER(AesGcmDecryption, RawBuffer, EVP_aes_256_gcm(), false); #undef DEFINE_CIPHER } // namespace Cipher +} // namespace SW } // namespace Crypto } // namespace CKM diff --git a/src/manager/crypto/sw-backend/key.cpp b/src/manager/crypto/sw-backend/key.cpp new file mode 100644 index 00000000..c83a86f7 --- /dev/null +++ b/src/manager/crypto/sw-backend/key.cpp @@ -0,0 +1,96 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file key.cpp + * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + */ +#include <memory> + +#include <openssl/bio.h> +#include <openssl/evp.h> +#include <openssl/x509.h> + +#include <dpl/log/log.h> + +#include <generic-backend/exception.h> +#include <sw-backend/key.h> + +#define EVP_SUCCESS 1 // DO NOTCHANGE THIS VALUE +#define EVP_FAIL 0 // DO NOTCHANGE THIS VALUE + +namespace CKM { +namespace Crypto { +namespace SW { + +typedef std::unique_ptr<BIO, std::function<void(BIO*)>> BioUniquePtr; + +RawBuffer AKey::sign( + const CryptoAlgorithm &alg, + const RawBuffer &message) +{ + (void) alg; + (void) message; + + auto key = getEvpShPtr(); + return RawBuffer(); +} + +bool AKey::verify(const CryptoAlgorithm &alg, const RawBuffer &message, const RawBuffer &sign) { + (void) alg; + (void) message; + (void) sign; + + auto key = getEvpShPtr(); + return false; +} + +EvpShPtr AKey::getEvpShPtr() { + if (m_evp) + return m_evp; + + EVP_PKEY *pkey = NULL; + BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all); + + LogDebug("Start to parse key:"); + + if (!pkey) { + (void)BIO_reset(bio.get()); + BIO_write(bio.get(), m_key.data(), m_key.size()); + pkey = d2i_PrivateKey_bio(bio.get(), NULL); + LogDebug("Trying d2i_PrivateKey_bio Status: " << (void*)pkey); + } + + if (!pkey) { + (void)BIO_reset(bio.get()); + BIO_write(bio.get(), m_key.data(), m_key.size()); + pkey = d2i_PUBKEY_bio(bio.get(), NULL); + LogDebug("Trying d2i_PUBKEY_bio Status: " << (void*)pkey); + } + + if (!pkey) { + LogError("Failed to parse key"); + ThrowMsg(Exception::InternalError, "Failed to parse key"); + } + + m_evp.reset(pkey, EVP_PKEY_free); + return m_evp; +} + +} // namespace SW +} // namespace Crypto +} // namespace CKM + diff --git a/src/manager/crypto/sw-backend/key.h b/src/manager/crypto/sw-backend/key.h new file mode 100644 index 00000000..9a9338c7 --- /dev/null +++ b/src/manager/crypto/sw-backend/key.h @@ -0,0 +1,66 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file key.h + * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + */ +#pragma once +#include <memory> + +#include <openssl/evp.h> + +#include <generic-backend/gkey.h> + +namespace CKM { +namespace Crypto { +namespace SW { + +typedef std::unique_ptr<EVP_PKEY_CTX,std::function<void(EVP_PKEY_CTX*)>> ContextUPtr; +typedef std::shared_ptr<EVP_PKEY> EvpShPtr; + +class SKey : public GKey { +public: + SKey(RawBuffer buffer, KeyType keyType) + : m_key(std::move(buffer)) + , m_type(keyType) + {} +protected: + RawBuffer m_key; + KeyType m_type; +}; + +class AKey : public GKey { +public: + AKey(RawBuffer buffer, KeyType keyType) + : m_key(std::move(buffer)) + , m_type(keyType) + {} + virtual RawBuffer sign(const CryptoAlgorithm &alg, const RawBuffer &message); + virtual bool verify(const CryptoAlgorithm &alg, const RawBuffer &message, const RawBuffer &sign); + virtual ~AKey(){} +protected: + virtual EvpShPtr getEvpShPtr(); + + EvpShPtr m_evp; + RawBuffer m_key; + KeyType m_type; +}; + +} // namespace SW +} // namespace Crypto +} // namespace CKM + diff --git a/src/manager/crypto/sw-backend/store.cpp b/src/manager/crypto/sw-backend/store.cpp new file mode 100644 index 00000000..38d36c37 --- /dev/null +++ b/src/manager/crypto/sw-backend/store.cpp @@ -0,0 +1,71 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file store.cpp + * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + */ +#include <memory> + +#include <dpl/log/log.h> + +#include <generic-backend/exception.h> +#include <sw-backend/key.h> +#include <sw-backend/store.h> + +namespace CKM { +namespace Crypto { +namespace SW { + +Id Store::getBackendId() const { return Id::OpenSSL; } + +GKeyShPtr Store::getKey(const Token &token) { + if (token.backendId != getBackendId()) { + LogDebug("Decider choose wrong backend!"); + ThrowMsg(Exception::WrongBackend, "Decider choose wrong backend!"); + } + + switch (token.keyType) { + case KeyType::KEY_RSA_PUBLIC: + case KeyType::KEY_RSA_PRIVATE: + case KeyType::KEY_DSA_PUBLIC: + case KeyType::KEY_DSA_PRIVATE: + case KeyType::KEY_ECDSA_PUBLIC: + case KeyType::KEY_ECDSA_PRIVATE: + return std::make_shared<AKey>(token.buffer, token.keyType); + case KeyType::KEY_AES: + return std::make_shared<SKey>(token.buffer, token.keyType); + default: + LogDebug( + "This type of key is not supported by openssl backend: " << (int)token.keyType); + ThrowMsg(Exception::KeyNotSupported, + "This type of key is not supported by openssl backend: " << (int)token.keyType); + } + +} + +Token Store::import(KeyType keyType, const RawBuffer &buffer) { + Token token; + token.buffer = buffer; + token.keyType = keyType; + token.backendId = getBackendId(); + return token; +} + +} // namespace SW +} // namespace Crypto +} // namespace CKM + diff --git a/src/manager/crypto/sw-backend/store.h b/src/manager/crypto/sw-backend/store.h new file mode 100644 index 00000000..31247ab7 --- /dev/null +++ b/src/manager/crypto/sw-backend/store.h @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file store.h + * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + */ +#pragma once + +#include <generic-backend/gkey.h> +#include <generic-backend/gstore.h> +#include <generic-backend/id.h> + +namespace CKM { +namespace Crypto { +namespace SW { + +class Store : public GStore { +public: + virtual Id getBackendId() const; + virtual GKeyShPtr getKey(const Token &token); + virtual Token import(KeyType keyType, const RawBuffer &buffer); + virtual void destroy(const Token &){} +}; + +} // namespace SW +} // namespace Crypto +} // namespace CKM + diff --git a/src/manager/main/key-manager-main.cpp b/src/manager/main/key-manager-main.cpp index a92f8d37..5e17a3ac 100644 --- a/src/manager/main/key-manager-main.cpp +++ b/src/manager/main/key-manager-main.cpp @@ -36,9 +36,11 @@ #include <ocsp-service.h> #include <key-provider.h> -#include <CryptoService.h> #include <file-system.h> +/* TODO remove this include */ +#include <sw-backend/crypto-service.h> + #define REGISTER_SOCKET_SERVICE(manager, service) \ registerSocketService<service>(manager, #service) @@ -94,7 +96,9 @@ int main(void) { OPENSSL_config(NULL); CKM::KeyProvider::initializeLibrary(); - CKM::CryptoService::initialize(); + + /* ToDO remove it */ + CKM::Crypto::SW::CryptoService::initialize(); { LogInfo("Start!"); diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp index 8e25c1ef..e8e7f0c2 100644 --- a/src/manager/service/ckm-logic.cpp +++ b/src/manager/service/ckm-logic.cpp @@ -25,12 +25,13 @@ #include <ckm/ckm-type.h> #include <key-provider.h> #include <file-system.h> -#include <CryptoService.h> #include <ckm-logic.h> #include <key-impl.h> #include <certificate-config.h> #include <certificate-store.h> +#include <sw-backend/crypto-service.h> + namespace { const char * const CERT_SYSTEM_DIR = "/etc/ssl/certs"; @@ -976,17 +977,17 @@ int CKMLogic::createKeyPairHelper( { case KeyType::KEY_RSA_PUBLIC: case KeyType::KEY_RSA_PRIVATE: - retCode = CryptoService::createKeyPairRSA(additional_param, prv, pub); + retCode = Crypto::SW::CryptoService::createKeyPairRSA(additional_param, prv, pub); break; case KeyType::KEY_DSA_PUBLIC: case KeyType::KEY_DSA_PRIVATE: - retCode = CryptoService::createKeyPairDSA(additional_param, prv, pub); + retCode = Crypto::SW::CryptoService::createKeyPairDSA(additional_param, prv, pub); break; case KeyType::KEY_ECDSA_PUBLIC: case KeyType::KEY_ECDSA_PRIVATE: - retCode = CryptoService::createKeyPairECDSA(static_cast<ElipticCurve>(additional_param), prv, pub); + retCode = Crypto::SW::CryptoService::createKeyPairECDSA(static_cast<ElipticCurve>(additional_param), prv, pub); break; default: @@ -1268,7 +1269,7 @@ RawBuffer CKMLogic::createSignature( const RSAPaddingAlgorithm padding) { DB::Row row; - CryptoService cs; + Crypto::SW::CryptoService cs; RawBuffer signature; int retCode = CKM_API_SUCCESS; @@ -1322,7 +1323,7 @@ RawBuffer CKMLogic::verifySignature( try { do { - CryptoService cs; + Crypto::SW::CryptoService cs; DB::Row row; KeyImpl key; @@ -1349,10 +1350,10 @@ RawBuffer CKMLogic::verifySignature( retCode = cs.verifySignature(key, message, signature, hash, padding); } while(0); - } catch (const CryptoService::Exception::Crypto_internal &e) { + } catch (const Crypto::SW::CryptoService::Exception::Crypto_internal &e) { LogError("KeyProvider failed with message: " << e.GetMessage()); retCode = CKM_API_ERROR_SERVER_ERROR; - } catch (const CryptoService::Exception::opensslError &e) { + } catch (const Crypto::SW::CryptoService::Exception::opensslError &e) { LogError("KeyProvider failed with message: " << e.GetMessage()); retCode = CKM_API_ERROR_SERVER_ERROR; } catch (const KeyProvider::Exception::Base &e) { diff --git a/src/manager/service/crypto-logic.cpp b/src/manager/service/crypto-logic.cpp index d6eb2415..8dc45858 100644 --- a/src/manager/service/crypto-logic.cpp +++ b/src/manager/service/crypto-logic.cpp @@ -34,9 +34,10 @@ #include <base64.h> #include <digest.h> -#include <crypto.h> #include <crypto-logic.h> +#include <sw-backend/crypto.h> + #define AES_CBC_KEY_SIZE 32 namespace CKM { @@ -80,7 +81,7 @@ RawBuffer CryptoLogic::encryptDataAesCbc( const RawBuffer &key, const RawBuffer &iv) const { - Crypto::Cipher::AesCbcEncryption enc(key, iv); + Crypto::SW::Cipher::AesCbcEncryption enc(key, iv); RawBuffer result = enc.Append(data); RawBuffer tmp = enc.Finalize(); std::copy(tmp.begin(), tmp.end(), std::back_inserter(result)); @@ -92,7 +93,7 @@ RawBuffer CryptoLogic::decryptDataAesCbc( const RawBuffer &key, const RawBuffer &iv) const { - Crypto::Cipher::AesCbcDecryption dec(key, iv); + Crypto::SW::Cipher::AesCbcDecryption dec(key, iv); RawBuffer result = dec.Append(data); RawBuffer tmp = dec.Finalize(); std::copy(tmp.begin(), tmp.end(), std::back_inserter(result)); @@ -105,7 +106,7 @@ std::pair<RawBuffer,RawBuffer> CryptoLogic::encryptDataAesGcm( const RawBuffer &iv) const { RawBuffer tag(AES_GCM_TAG_SIZE); - Crypto::Cipher::AesGcmEncryption enc(key, iv); + Crypto::SW::Cipher::AesGcmEncryption enc(key, iv); RawBuffer result = enc.Append(data); RawBuffer tmp = enc.Finalize(); std::copy(tmp.begin(), tmp.end(), std::back_inserter(result)); @@ -122,7 +123,7 @@ RawBuffer CryptoLogic::decryptDataAesGcm( const RawBuffer &iv, const RawBuffer &tag) const { - Crypto::Cipher::AesGcmDecryption dec(key, iv); + Crypto::SW::Cipher::AesGcmDecryption dec(key, iv); if (tag.size() < AES_GCM_TAG_SIZE) { LogError("Error in decryptDataAesGcm. Tag is too short."); ThrowMsg(Exception::DecryptDBRowError, "Error in decryptDataAesGcm. Tag is too short"); |