aboutsummaryrefslogtreecommitdiffstats
path: root/SoftHSMv2/src/lib/data_mgr/SecureDataManager.h
diff options
context:
space:
mode:
Diffstat (limited to 'SoftHSMv2/src/lib/data_mgr/SecureDataManager.h')
-rw-r--r--SoftHSMv2/src/lib/data_mgr/SecureDataManager.h154
1 files changed, 154 insertions, 0 deletions
diff --git a/SoftHSMv2/src/lib/data_mgr/SecureDataManager.h b/SoftHSMv2/src/lib/data_mgr/SecureDataManager.h
new file mode 100644
index 0000000..93d99bc
--- /dev/null
+++ b/SoftHSMv2/src/lib/data_mgr/SecureDataManager.h
@@ -0,0 +1,154 @@
+/*
+ * Copyright (c) 2010 SURFnet bv
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*****************************************************************************
+ SecureDataManager.h
+
+ The secure data manager main class. Every token instance has a secure data
+ manager instance member that is used to decrypt and encrypt sensitive object
+ attributes such as key material. The secure data manager maintains a key blob
+ containing a 256-bit AES key that is used in this decryption and encryption
+ process. The key blob itself is encrypted using a PBE derived key that is
+ derived from the user PIN and a PBE key that is derived from the SO PIN. It
+ is up to the token to enforce access control based on which user is logged
+ in; authentication using the SO PIN is required to be able to change the
+ user PIN. The master key that is used to decrypt/encrypt sensitive attributes
+ is stored in memory under a mask that is changed every time the key is used.
+ *****************************************************************************/
+
+#ifndef _SOFTHSM_V2_SECUREDATAMANAGER_H
+#define _SOFTHSM_V2_SECUREDATAMANAGER_H
+
+#include "config.h"
+#include "ByteString.h"
+#include "log.h"
+#include "AESKey.h"
+#include "RNG.h"
+#include "SymmetricAlgorithm.h"
+#include "MutexFactory.h"
+
+class SecureDataManager
+{
+public:
+ // Constructors
+
+ // Constructs a new SecureDataManager for a blank token; actual
+ // initialisation is done by setting the SO PIN
+ SecureDataManager();
+
+ // Constructs a SecureDataManager using the specified SO PIN and user PIN
+ SecureDataManager(const ByteString& soPINBlob, const ByteString& userPINBlob);
+
+ // Destructor
+ virtual ~SecureDataManager();
+
+ // Set the SO PIN (requires either a blank SecureDataManager or the
+ // SO to have logged in previously)
+ bool setSOPIN(const ByteString& soPIN);
+
+ // Set the user PIN (requires either the SO or the user to have logged
+ // in previously)
+ bool setUserPIN(const ByteString& userPIN);
+
+ // Log in using the SO PIN
+ bool loginSO(const ByteString& soPIN);
+ bool isSOLoggedIn();
+
+ // Log in using the user PIN
+ bool loginUser(const ByteString& userPIN);
+ bool isUserLoggedIn();
+
+ // Re-authentication
+ bool reAuthenticateSO(const ByteString& soPIN);
+ bool reAuthenticateUser(const ByteString& userPIN);
+
+ // Log out
+ void logout();
+
+ // Decrypt the supplied data
+ bool decrypt(const ByteString& encrypted, ByteString& plaintext);
+
+ // Encrypt the supplied data
+ bool encrypt(const ByteString& plaintext, ByteString& encrypted);
+
+ // Returns the key blob for the SO PIN
+ ByteString getSOPINBlob();
+
+ // Returns the key blob for the user PIN
+ ByteString getUserPINBlob();
+
+private:
+ // Initialise the object
+ void initObject();
+
+ // Generic login function
+ bool login(const ByteString& passphrase, const ByteString& encryptedKey);
+
+ // Generic re-authentication function
+ bool reAuthenticate(const ByteString& passphrase, const ByteString& encryptedKey);
+
+ // Generic function for creating an encrypted version of the key from the specified passphrase
+ bool pbeEncryptKey(const ByteString& passphrase, ByteString& encryptedKey);
+
+ // Unmask the key
+ void unmask(ByteString& key);
+
+ // Remask the key
+ void remask(ByteString& key);
+
+ // The user PIN encrypted key
+ ByteString userEncryptedKey;
+
+ // The SO PIN encrypted key
+ ByteString soEncryptedKey;
+
+ // Which users are logged in
+ bool soLoggedIn;
+ bool userLoggedIn;
+
+ // The masked version of the actual key
+ ByteString maskedKey;
+
+ // The "magic" data used to detect if a PIN was likely to be correct
+ ByteString magic;
+
+ // The mask; this is not a stack member but a heap member. This
+ // hopefully ensures that the mask ends up in a memory location
+ // that is not logically linked to the masked key
+ ByteString* mask;
+
+ // Random number generator instance
+ RNG* rng;
+
+ // AES instance
+ SymmetricAlgorithm* aes;
+
+ // Mutex
+ Mutex* dataMgrMutex;
+};
+
+#endif // !_SOFTHSM_V2_SECUREDATAMANAGER_H
+