diff options
Diffstat (limited to 'SoftHSMv2/src/lib/data_mgr/SecureDataManager.h')
-rw-r--r-- | SoftHSMv2/src/lib/data_mgr/SecureDataManager.h | 154 |
1 files changed, 154 insertions, 0 deletions
diff --git a/SoftHSMv2/src/lib/data_mgr/SecureDataManager.h b/SoftHSMv2/src/lib/data_mgr/SecureDataManager.h new file mode 100644 index 0000000..93d99bc --- /dev/null +++ b/SoftHSMv2/src/lib/data_mgr/SecureDataManager.h @@ -0,0 +1,154 @@ +/* + * Copyright (c) 2010 SURFnet bv + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER + * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN + * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/***************************************************************************** + SecureDataManager.h + + The secure data manager main class. Every token instance has a secure data + manager instance member that is used to decrypt and encrypt sensitive object + attributes such as key material. The secure data manager maintains a key blob + containing a 256-bit AES key that is used in this decryption and encryption + process. The key blob itself is encrypted using a PBE derived key that is + derived from the user PIN and a PBE key that is derived from the SO PIN. It + is up to the token to enforce access control based on which user is logged + in; authentication using the SO PIN is required to be able to change the + user PIN. The master key that is used to decrypt/encrypt sensitive attributes + is stored in memory under a mask that is changed every time the key is used. + *****************************************************************************/ + +#ifndef _SOFTHSM_V2_SECUREDATAMANAGER_H +#define _SOFTHSM_V2_SECUREDATAMANAGER_H + +#include "config.h" +#include "ByteString.h" +#include "log.h" +#include "AESKey.h" +#include "RNG.h" +#include "SymmetricAlgorithm.h" +#include "MutexFactory.h" + +class SecureDataManager +{ +public: + // Constructors + + // Constructs a new SecureDataManager for a blank token; actual + // initialisation is done by setting the SO PIN + SecureDataManager(); + + // Constructs a SecureDataManager using the specified SO PIN and user PIN + SecureDataManager(const ByteString& soPINBlob, const ByteString& userPINBlob); + + // Destructor + virtual ~SecureDataManager(); + + // Set the SO PIN (requires either a blank SecureDataManager or the + // SO to have logged in previously) + bool setSOPIN(const ByteString& soPIN); + + // Set the user PIN (requires either the SO or the user to have logged + // in previously) + bool setUserPIN(const ByteString& userPIN); + + // Log in using the SO PIN + bool loginSO(const ByteString& soPIN); + bool isSOLoggedIn(); + + // Log in using the user PIN + bool loginUser(const ByteString& userPIN); + bool isUserLoggedIn(); + + // Re-authentication + bool reAuthenticateSO(const ByteString& soPIN); + bool reAuthenticateUser(const ByteString& userPIN); + + // Log out + void logout(); + + // Decrypt the supplied data + bool decrypt(const ByteString& encrypted, ByteString& plaintext); + + // Encrypt the supplied data + bool encrypt(const ByteString& plaintext, ByteString& encrypted); + + // Returns the key blob for the SO PIN + ByteString getSOPINBlob(); + + // Returns the key blob for the user PIN + ByteString getUserPINBlob(); + +private: + // Initialise the object + void initObject(); + + // Generic login function + bool login(const ByteString& passphrase, const ByteString& encryptedKey); + + // Generic re-authentication function + bool reAuthenticate(const ByteString& passphrase, const ByteString& encryptedKey); + + // Generic function for creating an encrypted version of the key from the specified passphrase + bool pbeEncryptKey(const ByteString& passphrase, ByteString& encryptedKey); + + // Unmask the key + void unmask(ByteString& key); + + // Remask the key + void remask(ByteString& key); + + // The user PIN encrypted key + ByteString userEncryptedKey; + + // The SO PIN encrypted key + ByteString soEncryptedKey; + + // Which users are logged in + bool soLoggedIn; + bool userLoggedIn; + + // The masked version of the actual key + ByteString maskedKey; + + // The "magic" data used to detect if a PIN was likely to be correct + ByteString magic; + + // The mask; this is not a stack member but a heap member. This + // hopefully ensures that the mask ends up in a memory location + // that is not logically linked to the masked key + ByteString* mask; + + // Random number generator instance + RNG* rng; + + // AES instance + SymmetricAlgorithm* aes; + + // Mutex + Mutex* dataMgrMutex; +}; + +#endif // !_SOFTHSM_V2_SECUREDATAMANAGER_H + |