diff options
author | Ernest Borowski <e.borowski@partner.samsung.com> | 2018-02-19 19:52:07 +0100 |
---|---|---|
committer | Krzysztof Jackiewicz <k.jackiewicz@samsung.com> | 2019-02-22 12:43:38 +0100 |
commit | 0033ef9795213e1421e214c2ffb8b44fa29b5d52 (patch) | |
tree | 70afa0d04665c2c0a991a58d367c6ee874fdbe33 /src | |
parent | a22e8727811e6b4adfbd24659f58594ba11fb00c (diff) | |
download | key-manager-0033ef9795213e1421e214c2ffb8b44fa29b5d52.tar.gz key-manager-0033ef9795213e1421e214c2ffb8b44fa29b5d52.tar.bz2 key-manager-0033ef9795213e1421e214c2ffb8b44fa29b5d52.zip |
Add option to list aliases with password protection statuses
Change-Id: I045174602edd51dc7efcc8d79eb1beed76215b10
Signed-off-by: Ernest Borowski <e.borowski@partner.samsung.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/include/ckm/ckm-manager.h | 8 | ||||
-rw-r--r-- | src/include/ckm/ckm-type.h | 3 | ||||
-rw-r--r-- | src/manager/client/client-manager-impl.cpp | 124 | ||||
-rw-r--r-- | src/manager/client/client-manager-impl.h | 21 | ||||
-rw-r--r-- | src/manager/client/client-manager.cpp | 32 | ||||
-rw-r--r-- | src/manager/common/protocols.h | 6 | ||||
-rw-r--r-- | src/manager/crypto/tz-backend/store.cpp | 9 | ||||
-rw-r--r-- | src/manager/dpl/core/include/dpl/serialization.h | 32 | ||||
-rw-r--r-- | src/manager/service/ckm-logic.cpp | 41 | ||||
-rw-r--r-- | src/manager/service/ckm-logic.h | 9 | ||||
-rw-r--r-- | src/manager/service/ckm-service.cpp | 12 |
11 files changed, 277 insertions, 20 deletions
diff --git a/src/include/ckm/ckm-manager.h b/src/include/ckm/ckm-manager.h index 22ec9a50..001f72f1 100644 --- a/src/include/ckm/ckm-manager.h +++ b/src/include/ckm/ckm-manager.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -78,8 +78,14 @@ public: // send request for list of all keys/certificates/data that application/user may use int getKeyAliasVector(AliasVector &aliasVector); + int getKeyAliasPwdVector(AliasPwdVector &aliasPwdVector); + int getKeyEncryptionStatus(const Alias &alias, bool &status); int getCertificateAliasVector(AliasVector &aliasVector); + int getCertificateAliasPwdVector(AliasPwdVector &aliasPwdVector); + int getCertificateEncryptionStatus(const Alias &alias, bool &status); int getDataAliasVector(AliasVector &aliasVector); + int getDataAliasPwdVector(AliasPwdVector &aliasPwdVector); + int getDataEncryptionStatus(const Alias &alias, bool &status); int createKeyPairRSA( const int size, // size in bits [1024, 2048, 4096] diff --git a/src/include/ckm/ckm-type.h b/src/include/ckm/ckm-type.h index 5021f263..43a7de72 100644 --- a/src/include/ckm/ckm-type.h +++ b/src/include/ckm/ckm-type.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -51,6 +51,7 @@ typedef std::string Alias; */ typedef std::string ClientId; typedef std::vector<Alias> AliasVector; +typedef std::vector<std::pair<Alias, bool>> AliasPwdVector; enum class KeyType : int { KEY_NONE = 0, diff --git a/src/manager/client/client-manager-impl.cpp b/src/manager/client/client-manager-impl.cpp index 7a81943d..6afc3773 100644 --- a/src/manager/client/client-manager-impl.cpp +++ b/src/manager/client/client-manager-impl.cpp @@ -1,4 +1,4 @@ -/* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved +/* Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -336,6 +336,48 @@ int Manager::Impl::getBinaryData( EXCEPTION_GUARD_END } +int Manager::Impl::getBinaryDataEncryptionStatus(const DataType sendDataType, + const Alias &alias, bool &status) +{ + status = false; + if (alias.empty()) + return CKM_API_ERROR_INPUT_PARAM; + + int my_counter = ++m_counter; + + EXCEPTION_GUARD_START_CPPAPI + + MessageBuffer recv; + AliasSupport helper(alias); + auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_PROTECTION_STATUS), + my_counter, + static_cast<int>(sendDataType), + helper.getName(), + helper.getOwner()); + + int retCode = m_storageConnection.processRequest(send.Pop(), recv); + + if (CKM_API_SUCCESS != retCode) + return retCode; + + int command; + int counter; + int tmpDataType; + bool passwordProtectionStatus; + recv.Deserialize(command, counter, retCode, tmpDataType, passwordProtectionStatus); + + if (counter != my_counter) + return CKM_API_ERROR_UNKNOWN; + + if (retCode != CKM_API_SUCCESS) { + return retCode; + } else { + status = passwordProtectionStatus; + return CKM_API_SUCCESS; + } + EXCEPTION_GUARD_END +} + int Manager::Impl::getKey(const Alias &alias, const Password &password, KeyShPtr &key) { @@ -419,13 +461,11 @@ int Manager::Impl::getData(const Alias &alias, const Password &password, return CKM_API_SUCCESS; } -int Manager::Impl::getBinaryDataAliasVector(DataType dataType, - AliasVector &aliasVector) +int Manager::Impl::getBinaryDataAliasVectorHelper(DataType dataType, + OwnerNameVector &ownerNameVector) { int my_counter = ++m_counter; - EXCEPTION_GUARD_START_CPPAPI - MessageBuffer recv; auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_LIST), my_counter, @@ -433,24 +473,62 @@ int Manager::Impl::getBinaryDataAliasVector(DataType dataType, int retCode = m_storageConnection.processRequest(send.Pop(), recv); - if (CKM_API_SUCCESS != retCode) + if (retCode != CKM_API_SUCCESS) return retCode; int command; int counter; int tmpDataType; - OwnerNameVector ownerNameVector; + recv.Deserialize(command, counter, retCode, tmpDataType, ownerNameVector); if ((command != static_cast<int>(LogicCommand::GET_LIST)) || (counter != my_counter)) return CKM_API_ERROR_UNKNOWN; + return CKM_API_SUCCESS; +} + +int Manager::Impl::getBinaryDataAliasVector(DataType dataType, + AliasVector &aliasVector) +{ + EXCEPTION_GUARD_START_CPPAPI + OwnerNameVector ownerNameVector; + int retCode = getBinaryDataAliasVectorHelper(dataType, ownerNameVector); + + if (retCode != CKM_API_SUCCESS) + return retCode; + for (const auto &it : ownerNameVector) aliasVector.push_back(AliasSupport::merge(it.first, it.second)); - return retCode; + return CKM_API_SUCCESS; + EXCEPTION_GUARD_END +} + +int Manager::Impl::getBinaryDataAliasPwdVector(DataType dataType, + AliasPwdVector &aliasPwdVector) +{ + EXCEPTION_GUARD_START_CPPAPI + OwnerNameVector ownerNameVector; + OwnerNameEncryptionStatusVector ownerNameEncryptionStatusVector; + int retCode = getBinaryDataAliasVectorHelper(dataType, ownerNameVector); + + if (retCode != CKM_API_SUCCESS) + return retCode; + + for (const auto &it : ownerNameVector) + { + Alias alias = AliasSupport::merge(std::get<0>(it), std::get<1>(it)); + bool status; + retCode = getBinaryDataEncryptionStatus(dataType, alias, status); + if (retCode != CKM_API_SUCCESS) + return retCode; + + aliasPwdVector.push_back(std::make_pair(alias, status)); + } + return CKM_API_SUCCESS; EXCEPTION_GUARD_END } @@ -471,6 +549,36 @@ int Manager::Impl::getDataAliasVector(AliasVector &aliasVector) return getBinaryDataAliasVector(DataType::BINARY_DATA, aliasVector); } +int Manager::Impl::getKeyAliasPwdVector(AliasPwdVector &aliasPwdVector) +{ + return getBinaryDataAliasPwdVector(DataType::DB_KEY_LAST, aliasPwdVector); +} + +int Manager::Impl::getKeyEncryptionStatus(const Alias &alias, bool &status) +{ + return getBinaryDataEncryptionStatus(DataType::DB_KEY_LAST, alias, status); +} + +int Manager::Impl::getCertificateAliasPwdVector(AliasPwdVector &aliasPwdVector) +{ + return getBinaryDataAliasPwdVector(DataType::CERTIFICATE, aliasPwdVector); +} + +int Manager::Impl::getCertificateEncryptionStatus(const Alias &alias, bool &status) +{ + return getBinaryDataEncryptionStatus(DataType::CERTIFICATE, alias, status); +} + +int Manager::Impl::getDataAliasPwdVector(AliasPwdVector &aliasPwdVector) +{ + return getBinaryDataAliasPwdVector(DataType::BINARY_DATA, aliasPwdVector); +} + +int Manager::Impl::getDataEncryptionStatus(const Alias &alias, bool &status) +{ + return getBinaryDataEncryptionStatus(DataType::BINARY_DATA, alias, status); +} + int Manager::Impl::createKeyPairRSA( const int size, const Alias &privateKeyAlias, diff --git a/src/manager/client/client-manager-impl.h b/src/manager/client/client-manager-impl.h index caaf6696..9b4ca254 100644 --- a/src/manager/client/client-manager-impl.h +++ b/src/manager/client/client-manager-impl.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved +/* Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -36,17 +36,23 @@ public: int saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy); int getKey(const Alias &alias, const Password &password, KeyShPtr &key); int getKeyAliasVector(AliasVector &aliasVector); + int getKeyAliasPwdVector(AliasPwdVector &aliasPwdVector); + int getKeyEncryptionStatus(const Alias &alias, bool &status); int saveCertificate(const Alias &alias, const CertificateShPtr &cert, const Policy &policy); int getCertificate(const Alias &alias, const Password &password, CertificateShPtr &cert); int getCertificateAliasVector(AliasVector &aliasVector); + int getCertificateAliasPwdVector(AliasPwdVector &aliasPwdVector); + int getCertificateEncryptionStatus(const Alias &alias, bool &status); int saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy); int getData(const Alias &alias, const Password &password, RawBuffer &cert); int getDataAliasVector(AliasVector &aliasVector); + int getDataAliasPwdVector(AliasPwdVector &aliasPwdVector); + int getDataEncryptionStatus(const Alias &alias, bool &status); int savePKCS12( const Alias &alias, @@ -144,10 +150,23 @@ protected: DataType &recvDataType, RawBuffer &rawData); + int getBinaryDataEncryptionStatus( + DataType sendDataType, + const Alias &alias, + bool &status); + int getBinaryDataAliasVector( DataType sendDataType, AliasVector &aliasVector); + int getBinaryDataAliasVectorHelper( + DataType sendDataType, + OwnerNameVector &ownerNameVector); + + int getBinaryDataAliasPwdVector( + DataType sendDataType, + AliasPwdVector &aliasPwdVector); + int createKeyPair( const KeyType key_type, const int diff --git a/src/manager/client/client-manager.cpp b/src/manager/client/client-manager.cpp index 073f8293..7155ea9a 100644 --- a/src/manager/client/client-manager.cpp +++ b/src/manager/client/client-manager.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2015 - 2019 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -69,6 +69,11 @@ int Manager::getKey(const Alias &alias, const Password &password, KeyShPtr &key) return m_impl->getKey(alias, password, key); } +int Manager::getKeyEncryptionStatus(const Alias &alias, bool &status) +{ + return m_impl->getKeyEncryptionStatus(alias, status); +} + int Manager::getCertificate( const Alias &alias, const Password &password, @@ -77,12 +82,22 @@ int Manager::getCertificate( return m_impl->getCertificate(alias, password, certificate); } +int Manager::getCertificateEncryptionStatus(const Alias &alias, bool &status) +{ + return m_impl->getCertificateEncryptionStatus(alias, status); +} + int Manager::getData(const Alias &alias, const Password &password, RawBuffer &data) { return m_impl->getData(alias, password, data); } +int Manager::getDataEncryptionStatus(const Alias &alias, bool &status) +{ + return m_impl->getDataEncryptionStatus(alias, status); +} + int Manager::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs) { return m_impl->getPKCS12(alias, pkcs); @@ -102,16 +117,31 @@ int Manager::getKeyAliasVector(AliasVector &aliasVector) return m_impl->getKeyAliasVector(aliasVector); } +int Manager::getKeyAliasPwdVector(AliasPwdVector &aliasPwdVector) +{ + return m_impl->getKeyAliasPwdVector(aliasPwdVector); +} + int Manager::getCertificateAliasVector(AliasVector &aliasVector) { return m_impl->getCertificateAliasVector(aliasVector); } +int Manager::getCertificateAliasPwdVector(AliasPwdVector &aliasPwdVector) +{ + return m_impl->getCertificateAliasPwdVector(aliasPwdVector); +} + int Manager::getDataAliasVector(AliasVector &aliasVector) { return m_impl->getDataAliasVector(aliasVector); } +int Manager::getDataAliasPwdVector(AliasPwdVector &aliasPwdVector) +{ + return m_impl->getDataAliasPwdVector(aliasPwdVector); +} + int Manager::createKeyPairRSA( const int size, // size in bits [1024, 2048, 4096] const Alias &privateKeyAlias, diff --git a/src/manager/common/protocols.h b/src/manager/common/protocols.h index 8f7ec0e2..8802578f 100644 --- a/src/manager/common/protocols.h +++ b/src/manager/common/protocols.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -65,7 +65,8 @@ enum class LogicCommand : int { VERIFY_SIGNATURE, SET_PERMISSION, SAVE_PKCS12, - GET_PKCS12 + GET_PKCS12, + GET_PROTECTION_STATUS }; enum class EncryptionCommand : int { @@ -80,6 +81,7 @@ COMMON_API extern char const *const CLIENT_ID_ADMIN_USER; typedef std::string Name; typedef std::vector<std::pair<ClientId, Name>> OwnerNameVector; +typedef std::vector<std::tuple<ClientId, Name, bool>> OwnerNameEncryptionStatusVector; class IStream; diff --git a/src/manager/crypto/tz-backend/store.cpp b/src/manager/crypto/tz-backend/store.cpp index 166ae744..9549693c 100644 --- a/src/manager/crypto/tz-backend/store.cpp +++ b/src/manager/crypto/tz-backend/store.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015 - 2018 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2015 - 2019 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -106,6 +106,13 @@ GObjUPtr Store::getObject(const Token &token, const Password &pass) RawBuffer tag; unpack(token.data, scheme, id, iv, tag); + if (scheme & EncryptionScheme::PASSWORD && pass.empty()) { + ThrowErr(Exc::Crypto::AuthenticationFailed, + "This token is protected with password and none passed"); + } else if (!(scheme & EncryptionScheme::PASSWORD) && !pass.empty()) { + ThrowErr(Exc::Crypto::AuthenticationFailed, + "This token is not protected with password but passed one"); + } // TODO AKeys if (token.dataType.isSKey()) diff --git a/src/manager/dpl/core/include/dpl/serialization.h b/src/manager/dpl/core/include/dpl/serialization.h index 4448923e..0559c422 100644 --- a/src/manager/dpl/core/include/dpl/serialization.h +++ b/src/manager/dpl/core/include/dpl/serialization.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011 - 2018 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2011 - 2019 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -29,6 +29,7 @@ #include <list> #include <map> #include <memory> +#include <tuple> namespace CKM { // Abstract data stream buffer @@ -216,6 +217,20 @@ struct Serialization { Serialize(stream, *p); } + // std::tuple non generic! + template <typename A, typename B, typename C> + static void Serialize(IStream &stream, const std::tuple<A, B, C> &p) + { + Serialize(stream, std::get<0>(p)); + Serialize(stream, std::get<1>(p)); + Serialize(stream, std::get<2>(p)); + } + template <typename A, typename B, typename C> + static void Serialize(IStream &stream, const std::tuple<A, B, C> *const p) + { + Serialize(stream, *p); + } + // std::map template <typename K, typename T> static void Serialize(IStream &stream, const std::map<K, T> &map) @@ -430,6 +445,21 @@ struct Deserialization { DeserializePtr(stream, p); } + // std::tuple non generic! + template <typename A, typename B, typename C> + static void Deserialize(IStream &stream, std::tuple<A, B, C> &p) + { + Deserialize(stream, std::get<0>(p)); + Deserialize(stream, std::get<1>(p)); + Deserialize(stream, std::get<2>(p)); + } + template <typename A, typename B, typename C> + static void Deserialize(IStream &stream, std::tuple<A, B, C> *&p) + { + p = new std::tuple<A, B, C>; + Deserialize(stream, *p); + } + // std::map template <typename K, typename T> static void Deserialize(IStream &stream, std::map<K, T> &map) diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp index 6a10ad78..c54b9a4f 100644 --- a/src/manager/service/ckm-logic.cpp +++ b/src/manager/service/ckm-logic.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014 - 2018 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2014 - 2019 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -917,7 +917,7 @@ int CKMLogic::readDataHelper( // check access rights retCode = checkDataPermissionsHelper(cred, name, owner, row, exportFlag, - handler.database); + handler.database); if (CKM_API_SUCCESS != retCode) return retCode; @@ -972,6 +972,43 @@ RawBuffer CKMLogic::getData( return response.Pop(); } +RawBuffer CKMLogic::getDataProtectionStatus( + const Credentials &cred, + int commandId, + DataType dataType, + const Name &name, + const ClientId &explicitOwner) +{ + int retCode = CKM_API_SUCCESS; + bool status = false; + DataType objDataType; + Password password; + + try { + Crypto::GObjUPtr obj; + retCode = readDataHelper(false, cred, dataType, name, explicitOwner, + password, obj, objDataType); + + } catch (const Exc::Exception &e) { + retCode = e.error(); + } catch (const CKM::Exception &e) { + LogError("CKM::Exception: " << e.GetMessage()); + retCode = CKM_API_ERROR_SERVER_ERROR; + } + + if (retCode == CKM_API_ERROR_AUTHENTICATION_FAILED) { + status = true; + retCode = CKM_API_SUCCESS; + } + + auto response = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_PROTECTION_STATUS), + commandId, + retCode, + static_cast<int>(objDataType), + status); + return response.Pop(); +} + int CKMLogic::getPKCS12Helper( const Credentials &cred, const Name &name, diff --git a/src/manager/service/ckm-logic.h b/src/manager/service/ckm-logic.h index 7f9b5f02..8a849f81 100644 --- a/src/manager/service/ckm-logic.h +++ b/src/manager/service/ckm-logic.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014 - 2018 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2014 - 2019 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -107,6 +107,13 @@ public: const ClientId &explicitOwner, const Password &password); + RawBuffer getDataProtectionStatus( + const Credentials &cred, + int commandId, + DataType dataType, + const Name &name, + const ClientId &explicitOwner); + RawBuffer getPKCS12( const Credentials &cred, int commandId, diff --git a/src/manager/service/ckm-service.cpp b/src/manager/service/ckm-service.cpp index 127e0a85..7d29ca88 100644 --- a/src/manager/service/ckm-service.cpp +++ b/src/manager/service/ckm-service.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -300,6 +300,16 @@ RawBuffer CKMService::ProcessStorage(Credentials &cred, MessageBuffer &buffer) passCert); } + case LogicCommand::GET_PROTECTION_STATUS: { + buffer.Deserialize(tmpDataType, name, explicitOwner); + return m_logic->getDataProtectionStatus( + cred, + msgID, + DataType(tmpDataType), + name, + explicitOwner); + } + case LogicCommand::GET_LIST: { buffer.Deserialize(tmpDataType); return m_logic->getDataList( |