File containing the implementation of crypt service configuration utilities. More...

#include "crypt_service.h"
#include "crypt_config.h"
#include "generic_hsm_driver.h"
#include "sqlite_crypt_writer.h"
#include "../utils/allocs.h"
#include "../utils/base64.h"
#include "../utils/cryptou.h"
#include "../utils/log.h"
#include "../utils/os.h"

Include dependency graph for crypt_service.c:

Functions
void	free_crypt_service (struct crypt_context *ctx)
	Frees the crypt context. More...

int	generate_user_key (const uint8_t user_secret, int user_secret_size, uint8_t user_key, int user_key_size, const uint8_t *user_key_salt, int user_key_salt_size)
	Generates a the key for a user. More...

struct secrets_row *	prepare_secret_entry (const char key_id, const uint8_t key, int key_size, const uint8_t salt, int salt_size, const uint8_t iv, int iv_size)

int	extract_secret_entry (const struct secrets_row row, uint8_t key, int key_size, uint8_t salt, int salt_size, uint8_t iv, int *iv_size)
	Extracts the secret key, salt, and IV from a secret entry. More...

int	extract_user_crypto_key_entry (struct secrets_row row_secret, uint8_t user_secret, int user_secret_size, uint8_t *crypto_key)

struct secrets_row *	generate_user_crypto_key_entry (const char key_id, const uint8_t user_secret, int user_secret_size, uint8_t *crypto_key)

struct crypt_context *	load_crypt_service (const char crypt_db_path, const char key_id, uint8_t *user_secret, int user_secret_size)
	Load the crypt service. More...

void	free_crypt_pair (struct crypt_pair *pair)
	Frees the crypt pair. More...

struct crypt_pair *	get_crypt_pair (struct crypt_context ctx, const char key)
	Retrieves a key/value pair from the crypt. More...

int	put_crypt_pair (struct crypt_context ctx, struct crypt_pair pair)
	Inserts a key/value pair into the crypt. More...

Detailed Description

File containing the implementation of crypt service configuration utilities.

Author: Alexandru Mereacre

Date: 2021

Copyright: SPDX-FileCopyrightText: © 2021 NQMCyber Ltd and edgesec contributors SPDX-License-Identifier: LGPL-3.0-or-later

Function Documentation

◆ extract_secret_entry()

int extract_secret_entry	(	const struct secrets_row *	row,
		uint8_t *	key,
		int *	key_size,
		uint8_t *	salt,
		int *	salt_size,
		uint8_t *	iv,
		int *	iv_size
	)

Extracts the secret key, salt, and IV from a secret entry.

Parameters

	row	The row to extract the data from.
[out]	key	The output secret key buffer.
	key_size	The size of `key`.
[out]	salt	The output secret salt buffer.
	salt_size	The size of `salt`.
[out]	iv	The output IV buffer.
	iv_size	The size of `iv`.

Return values

0	On success.
-1	On error.

◆ extract_user_crypto_key_entry()

int extract_user_crypto_key_entry	(	struct secrets_row *	row_secret,
		uint8_t *	user_secret,
		int	user_secret_size,
		uint8_t *	crypto_key
	)

◆ free_crypt_pair()

void free_crypt_pair ( struct crypt_pair * pair )

Frees the crypt pair.

Parameters

pair	The crypt pair

◆ free_crypt_service()

void free_crypt_service ( struct crypt_context * ctx )

Frees the crypt context.

Parameters

ctx	The crypt context

◆ generate_user_crypto_key_entry()

struct secrets_row* generate_user_crypto_key_entry	(	const char *	key_id,
		const uint8_t *	user_secret,
		int	user_secret_size,
		uint8_t *	crypto_key
	)

◆ generate_user_key()

int generate_user_key	(	const uint8_t *	user_secret,
		int	user_secret_size,
		uint8_t *	user_key,
		int	user_key_size,
		const uint8_t *	user_key_salt,
		int	user_key_salt_size
	)

Generates a the key for a user.

Parameters

	user_secret	Secret bytes.
	user_secret_size	Size of `user_secret`.
[out]	user_key	Output buffer for the generated key.
	user_key_size	Size of `user_key`
	user_key_salt	Salt bytes.
	user_key_salt_size	Size of `user_key_salt_size`

Return values

0	On success.
-1	On error.

◆ get_crypt_pair()

struct crypt_pair* get_crypt_pair	(	struct crypt_context *	ctx,
		const char *	key
	)

Retrieves a key/value pair from the crypt.

Parameters

ctx	The crypt context
key	The key string

Returns: struct crypt_pair* The returned pair, NULL on failure

◆ load_crypt_service()

struct crypt_context* load_crypt_service	(	const char *	crypt_db_path,
		const char *	key_id,
		uint8_t *	user_secret,
		int	user_secret_size
	)

Load the crypt service.

Parameters

	crypt_db_path	The crypt db path
	key_id	The crypt secrets key id
[in,out]	user_secret	The user secret. If creating a new key, the user secret will be loaded from this variable. If loading an existing key, the existing key will be writen to the buffer.
	user_secret_size	The user secret size, if zero use the hardware secure element

Returns: The crypt contex, NULL on failure. Use free_crypt_service() to deallocate.

◆ prepare_secret_entry()

struct secrets_row* prepare_secret_entry	(	const char *	key_id,
		const uint8_t *	key,
		int	key_size,
		const uint8_t *	salt,
		int	salt_size,
		const uint8_t *	iv,
		int	iv_size
	)

◆ put_crypt_pair()

int put_crypt_pair	(	struct crypt_context *	ctx,
		struct crypt_pair *	pair
	)

Inserts a key/value pair into the crypt.

Parameters

ctx	The crypt context
pair	The key/value pair

Returns: 0 on success, -1 on failure

Functions

Detailed Description

Function Documentation

◆ extract_secret_entry()

◆ extract_user_crypto_key_entry()

◆ free_crypt_pair()

◆ free_crypt_service()

◆ generate_user_crypto_key_entry()

◆ generate_user_key()

◆ get_crypt_pair()

◆ load_crypt_service()

◆ prepare_secret_entry()

◆ put_crypt_pair()