diff options
author | Kyungwook Tak <k.tak@samsung.com> | 2016-12-16 19:35:18 +0900 |
---|---|---|
committer | Kyungwook Tak <k.tak@samsung.com> | 2016-12-16 20:01:48 +0900 |
commit | 68495f439183a9f5fdaae8669fdadd29dfd16837 (patch) | |
tree | 57793b4b8d8f4a8f0cb84aee4c2bf2a866f2e17f | |
parent | eb62f62d570a6749be233b2680412e68639c5440 (diff) | |
download | key-manager-68495f439183a9f5fdaae8669fdadd29dfd16837.tar.gz key-manager-68495f439183a9f5fdaae8669fdadd29dfd16837.tar.bz2 key-manager-68495f439183a9f5fdaae8669fdadd29dfd16837.zip |
Clean up bit masking ENCR in CryptoLogic
Clean up some variables are double declared in anonymous
namespace and class member.
Make inline private member function for bit masking
operations for encryption scheme/version to clean up related codes.
Change-Id: I7bccdccd3f80fd259fa54b95d1906e1f386b2116
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
-rw-r--r-- | src/manager/service/crypto-logic.cpp | 45 | ||||
-rw-r--r-- | src/manager/service/crypto-logic.h | 45 |
2 files changed, 44 insertions, 46 deletions
diff --git a/src/manager/service/crypto-logic.cpp b/src/manager/service/crypto-logic.cpp index f0fb9036..9951e9c9 100644 --- a/src/manager/service/crypto-logic.cpp +++ b/src/manager/service/crypto-logic.cpp @@ -49,27 +49,6 @@ namespace { const static int AES_CBC_KEY_SIZE = 32; const static int AES_GCM_TAG_SIZE = 16; -// Encryption scheme flags (enable/disable specific encryption type, multiple choice) -const int ENCR_BASE64 = 1 << 0; -const int ENCR_APPKEY = 1 << 1; -const int ENCR_PASSWORD = 1 << 2; - -// Encryption order flags (single choice) -const int ENCR_ORDER_OFFSET = 24; -const int ENCR_ORDER_FILTER = - (UINT_MAX >> ENCR_ORDER_OFFSET) << ENCR_ORDER_OFFSET; // 0xff000000 -const int ENCR_ORDER_CLEAR = ~ENCR_ORDER_FILTER; // 0x00ffffff -/* - * ENCR_ORDER_V1 - v1 encryption order. Token returned from store is encrypted with app key and - * optionally by custom user password. In such form it is stored in db. - */ -const int ENCR_ORDER_V1 = CryptoLogic::ENCRYPTION_V1 << ENCR_ORDER_OFFSET; -/* - * ENCR_ORDER_V2 - v2 encryption order. Stored data is optionally encrypted by store with - * user password. Returned token is encrypted with app key and stored in db. - */ -const int ENCR_ORDER_V2 = CryptoLogic::ENCRYPTION_V2 << ENCR_ORDER_OFFSET; - } // anonymous namespace CryptoLogic::CryptoLogic() {} @@ -165,7 +144,8 @@ void CryptoLogic::encryptRow(DB::Row &row) crow.iv = generateRandIV(); key = m_keyMap[row.ownerLabel]; - crow.encryptionScheme = ENCR_APPKEY; + CLEAR_FLAG(crow.encryptionScheme); + SET_FLAG(ENCR_APPKEY, crow.encryptionScheme); auto dataPair = Crypto::SW::Internals::encryptDataAesGcm(key, crow.data, crow.iv, AES_GCM_TAG_SIZE); @@ -174,11 +154,10 @@ void CryptoLogic::encryptRow(DB::Row &row) crow.tag = dataPair.second; encBase64(crow.data); - crow.encryptionScheme |= ENCR_BASE64; + SET_FLAG(ENCR_BASE64, crow.encryptionScheme); encBase64(crow.iv); - crow.encryptionScheme &= ENCR_ORDER_CLEAR; - crow.encryptionScheme |= ENCR_ORDER_V2; + SET_ENCRYPTION_VERSION(ENCRYPTION_V2, crow.encryptionScheme); row = std::move(crow); } @@ -197,15 +176,15 @@ void CryptoLogic::decryptRow(const Password &password, DB::Row &row) if (row.algorithmType != DBCMAlgType::AES_GCM_256) ThrowErr(Exc::AuthenticationFailed, "Invalid algorithm type."); - if ((row.encryptionScheme & ENCR_PASSWORD) && password.empty()) + if (GET_FLAG(ENCR_PASSWORD, row.encryptionScheme) && password.empty()) ThrowErr(Exc::AuthenticationFailed, "DB row is password protected, but given password is empty."); - if (!(row.encryptionScheme & ENCR_PASSWORD) && !password.empty()) + if (!GET_FLAG(ENCR_PASSWORD, row.encryptionScheme) && !password.empty()) ThrowErr(Exc::AuthenticationFailed, "DB row is not password protected, but given password is not empty."); - if ((row.encryptionScheme & ENCR_APPKEY) && !haveKey(row.ownerLabel)) + if (GET_FLAG(ENCR_APPKEY, row.encryptionScheme) && !haveKey(row.ownerLabel)) ThrowErr(Exc::AuthenticationFailed, "Missing application key for ", row.ownerLabel, @@ -213,24 +192,24 @@ void CryptoLogic::decryptRow(const Password &password, DB::Row &row) decBase64(crow.iv); - if (crow.encryptionScheme & ENCR_BASE64) + if (GET_FLAG(ENCR_BASE64, crow.encryptionScheme)) decBase64(crow.data); try { - if ((crow.encryptionScheme >> ENCR_ORDER_OFFSET) == ENCR_ORDER_V2) { - if (crow.encryptionScheme & ENCR_APPKEY) { + if (GET_ENCRYPTION_VERSION(crow.encryptionScheme) == ENCRYPTION_V2) { + if (GET_FLAG(ENCR_APPKEY, crow.encryptionScheme)) { key = m_keyMap[crow.ownerLabel]; crow.data = Crypto::SW::Internals::decryptDataAesGcm(key, crow.data, crow.iv, crow.tag); } } else { - if (crow.encryptionScheme & ENCR_PASSWORD) { + if (GET_FLAG(ENCR_PASSWORD, crow.encryptionScheme)) { key = passwordToKey(password, crow.iv, AES_CBC_KEY_SIZE); crow.data = Crypto::SW::Internals::decryptDataAes(AlgoType::AES_CBC, key, crow.data, crow.iv); } - if (crow.encryptionScheme & ENCR_APPKEY) { + if (GET_FLAG(ENCR_APPKEY, crow.encryptionScheme)) { key = m_keyMap[crow.ownerLabel]; crow.data = Crypto::SW::Internals::decryptDataAesGcm(key, crow.data, crow.iv, crow.tag); diff --git a/src/manager/service/crypto-logic.h b/src/manager/service/crypto-logic.h index 9415ead5..707b070a 100644 --- a/src/manager/service/crypto-logic.h +++ b/src/manager/service/crypto-logic.h @@ -47,7 +47,18 @@ public: const RawBuffer &applicationKey); void removeKey(const Label &smackLabel); + /* + * v1 encryption. + * Token returned from store is encrypted with app key and + * optionally by custom user password. + */ static const int ENCRYPTION_V1 = 0; + + /* + * v2 encryption. + * Stored data is optionally encrypted by store with user password. + * Returned token is encrypted with app key and stored in db. + */ static const int ENCRYPTION_V2 = 1; private: @@ -56,19 +67,27 @@ private: static const int ENCR_APPKEY = 1 << 1; static const int ENCR_PASSWORD = 1 << 2; - // Encryption order flags (single choice) - static const int ENCR_ORDER_CLEAR = 0x00ffffff; - static const int ENCR_ORDER_FILTER = ~ENCR_ORDER_CLEAR; - /* - * ENCR_ORDER_V1 - v1 encryption order. Token returned from store is encrypted with app key and - * optionally by custom user password. Is such form it is stored in db. - */ - static const int ENCR_ORDER_V1 = ENCR_ORDER_CLEAR + 0; - /* - * ENCR_ORDER_V2 - v2 encryption order. Stored data is optionally encrypted by store with - * user password. Returned token is encrypted with app key and stored in db. - */ - static const int ENCR_ORDER_V2 = ENCR_ORDER_CLEAR + 1; + static const int ENCR_ORDER_OFFSET = 24; + + static inline void CLEAR_FLAG(int &encryptionScheme) { + encryptionScheme = 0; + } + + static inline void SET_FLAG(int fieldId, int &encryptionScheme) { + encryptionScheme |= fieldId; + } + + static inline bool GET_FLAG(int fieldId, int encryptionScheme) { + return encryptionScheme & fieldId; + } + + static inline void SET_ENCRYPTION_VERSION(int version, int &encryptionScheme) { + encryptionScheme |= (version << ENCR_ORDER_OFFSET); + } + + static inline int GET_ENCRYPTION_VERSION(int encryptionScheme) { + return encryptionScheme >> ENCR_ORDER_OFFSET; + } std::map<Label, RawBuffer> m_keyMap; |