bool MkStorage::store(string alias, SymKey *mk, Token *tok) {
if(exist(alias)) {
printf("Failed to store :: EMK already exists for %s\n",
alias.c_str());
return false;
}
EncItem *payload = pbkdf_create_mkek(tok);
SymKey *mkek = pbkdf_derive_mkek(payload, tok);
EncKey *emk = aes_gcm_encrypt(mk, mkek);
shared_ptr<SerializedItem> sEmk = emk->serialize();
shared_ptr<SerializedItem> sPayload = payload->serialize();
sEmk->dump("emk");
sPayload->dump("payload");
delete payload;
delete mkek;
delete emk;
shared_ptr<SqlRecord> rec(new SqlRecord());
rec->push(shared_ptr<SqlValue>(new SqlString(EMK_COL_ALIAS, alias)));
rec->push(shared_ptr<SqlValue>(new SqlString(EMK_COL_EMK, sEmk->getItem())));
rec->push(shared_ptr<SqlValue>(new SqlString(EMK_COL_EMK_AUTH_TAG, sEmk->getAuthTag())));
rec->push(shared_ptr<SqlValue>(new SqlString(EMK_COL_EMKEK, sPayload->getItem())));
rec->push(shared_ptr<SqlValue>(new SqlString(EMK_COL_EMKEK_AUTH_TAG, sPayload->getAuthTag())));
rec->push(shared_ptr<SqlValue>(new SqlString(EMK_COL_SALT, sPayload->getSalt())));
return mSqlHelper->insertRec(mDb, EMK_TBL_NAME, rec);
}
void encrypt(struct cipher c, unsigned char *d, int dlen, unsigned char *oiv) {
unsigned char out[1000], tag[16];
int outlen,i;
unsigned char newiv[12];
unsigned char cnt[10];
*(long long*)cnt = c.recvcnt;
cnt[8]=dlen%256;
cnt[9]=dlen/256;
for (i=0;i<4;i++)
newiv[i]=c.recviv[i];
for (i=0;i<8;i++)
newiv[i+4]=oiv[i];
aes_gcm_encrypt(c.recvkey, newiv, cnt, 10, d, dlen, out, &outlen, tag ,16);
printf("%d ", outlen);
for (i=0; i<outlen; i++)
printf("%c", out[i]);
for (i=0; i<16; i++)
printf("%c", tag[i]);
for (i=0;i<8;i++)
printf("%c", oiv[i]);
}
void FileBase::setxattr(const char* name, const char* value, size_t size, int flags)
{
if (!name || !value)
throw OSException(EFAULT);
std::unique_ptr<byte[]> buffer(new byte[size]);
byte* ciphertext = buffer.get();
byte meta[XATTR_MAC_LENGTH + XATTR_IV_LENGTH];
byte* iv = meta;
byte* mac = iv + XATTR_IV_LENGTH;
generate_random(iv, XATTR_IV_LENGTH);
auto name_len = strlen(name);
std::unique_ptr<byte[]> header(new byte[name_len + ID_LENGTH]);
memcpy(header.get(), get_id().data(), ID_LENGTH);
memcpy(header.get() + ID_LENGTH, name, name_len);
aes_gcm_encrypt(value,
size,
header.get(),
name_len + ID_LENGTH,
get_key().data(),
get_key().size(),
iv,
XATTR_IV_LENGTH,
mac,
XATTR_MAC_LENGTH,
ciphertext);
auto rc = fsetxattr_wrapper(file_descriptor(), name, ciphertext, size, flags);
if (rc < 0)
throw OSException(errno);
rc = fsetxattr_wrapper(m_meta_fd, name, meta, sizeof(meta), flags);
if (rc < 0)
throw OSException(errno);
}
int main(int argc, char **argv)
{
unsigned char *plain;
int i;
pt_len = atoi(argv[1]);
plain = (unsigned char *)malloc(sizeof(unsigned char)*pt_len);
printf("pt_len:%d\n",pt_len);
for(i=0;i<pt_len;i++)
plain[i]=gcm_pte[i%16];
gcm_pt = plain;
// printf("plain size: %d gcm_pt size: %d\n",sizeof(gcm_pte),sizeof(plain));
cycle_t tStart, tEnd;
RDTSC_LL(tStart);
aes_gcm_encrypt();
RDTSC_LL(tEnd);
printf("Encrypt time: %lf us\n",(tEnd-tStart)/2600.0);
RDTSC_LL(tStart);
aes_gcm_decrypt();
RDTSC_LL(tEnd);
printf("tStart:%ld\n",tStart);
printf("tEnd :%ld\n",tEnd);
printf("Decrypt time: %lf us\n",(tEnd-tStart)/2600.0);
printf("orignal plain text:");
printf("encrypt text:\n");
BIO_dump_fp(stdout, enbuf, pt_len);
printf("plain text:\n");
BIO_dump_fp(stdout, gcm_pt, pt_len);
printf("decrypt text:\n");
BIO_dump_fp(stdout, debuf, pt_len);
}
int main(int argc, char **argv)
{
aes_gcm_encrypt();
aes_gcm_decrypt();
}
int main(int argc, char **argv)
{
uint8 buf[4096];
uint8 tag[GCM_BLOCK_SZ];
status_t res;
ENABLE_DEBUG;
BEGINT(0);
memcpy(buf, p0, plen0);
aes_gcm_encrypt(k0, klen0, n0, nlen0, a0, alen0, buf, plen0,
tag, sizeof(tag));
res = !memcmp(tag, t0, tlen0) ? OK : ERR;
if (res != OK)
TAG_ERR(res, t0, tag, tlen0);
ENDT(0, res);
BEGINT(1);
memcpy(buf, p1, plen1);
aes_gcm_mac(k1, klen1, n1, nlen1, a1, alen1, buf, plen1,
tag, sizeof(tag));
res = !memcmp(tag, t1, tlen1) ? OK : ERR;
if (res != OK)
TAG_ERR(res, t1, tag, tlen1);
ENDT(1, res);
BEGINT(2);
memcpy(buf, p1, plen1);
aes_gcm_encrypt(k1, klen1, n1, nlen1, a1, alen1, buf, plen1,
tag, sizeof(tag));
res = !memcmp(c1, buf, plen1) ? OK : ERR;
if (res != OK) {
CTXT_ERR(res, c1, buf, plen1);
} else {
res = !memcmp(tag, t1, tlen1) ? OK : ERR;
if (res != OK)
TAG_ERR(res, t1, tag, tlen1);
}
ENDT(2, res);
BEGINT(3);
memcpy(buf, p3, plen3);
aes_gcm_encrypt(k3, klen3, n3, nlen3, a3, alen3, buf, plen3,
tag, sizeof(tag));
res = !memcmp(c3, buf, plen3) ? OK : ERR;
if (res != OK) {
CTXT_ERR(res, c3, buf, plen3);
} else {
res = !memcmp(tag, t3, tlen3) ? OK : ERR;
if (res != OK)
TAG_ERR(res, t3, tag, tlen3);
}
ENDT(3, res);
#ifdef HAVE_GCM_HASH
BEGINT(4);
gcm_hash(hk4, ac4, aclen4, buf, TRUE);
res = !memcmp(hac4, buf, haclen4) ? OK : ERR;
if (res != OK)
TAG_ERR(res, hac4, buf, haclen4);
ENDT(4, res);
#endif
BEGINT(5);
memcpy(buf, p5, plen5);
aes_gcm_encrypt(k5, klen5, n5, nlen5, a5, alen5, buf, plen5,
tag, sizeof(tag));
res = !memcmp(c5, buf, plen5) ? OK : ERR;
if (res != OK) {
CTXT_ERR(res, c5, buf, plen5);
} else {
res = !memcmp(tag, t5, tlen5) ? OK : ERR;
if (res != OK)
TAG_ERR(res, t5, tag, tlen5);
}
ENDT(5, res);
BEGINT(6);
memcpy(buf, p5, plen5);
aes_gcm_encrypt(k5, klen5, n6, nlen6, a5, alen5, buf, plen5,
tag, sizeof(tag));
res = !memcmp(c6, buf, plen5) ? OK : ERR;
if (res != OK) {
CTXT_ERR(res, c6, buf, plen5);
} else {
res = !memcmp(tag, t6, tlen6) ? OK : ERR;
if (res != OK)
TAG_ERR(res, t6, tag, tlen6);
}
ENDT(6, res);
BEGINT(7);
memcpy(buf, c6, plen5);
res = aes_gcm_decrypt(k5, klen5, n6, nlen6, a5, alen5, buf, plen5,
t6, tlen6) ? OK : ERR;
if (res != OK) {
DBG("aes_gcm_decrypt returned error", NULL, 0);
} else {
res = !memcmp(p5, buf, plen5) ? OK : ERR;
if (res != OK)
PTXT_ERR(res, p5, buf, plen5);
}
ENDT(7, res);
BEGINT(8);
memcpy(buf, p5, plen5);
res = aes_gcm_verify(k5, klen5, n6, nlen6, a5, alen5, buf, plen5,
t6, tlen6) ? OK : ERR;
if (res != OK) {
DBG("aes_gcm_verify returned error", NULL, 0);
}
ENDT(8, res);
BEGINT(9);
memcpy(buf, p5, plen5);
aes_gcm_mac(k5, klen5, n6, nlen6, a5, alen5, buf, plen5,
tag, sizeof(tag));
res = !memcmp(tag, t6, tlen6) ? OK : ERR;
if (res != OK)
TAG_ERR(res, t6, tag, tlen6);
ENDT(9, res);
BEGINT(10);
/* validate encrypt */
memcpy(buf, p10, plen10) ;
aes_gcm_encrypt(k10, klen10, n10, nlen10, a10, alen10, buf, plen10,
tag, sizeof(tag));
res = !memcmp(c10, buf, plen10) ? OK : ERR;
if (res != OK) {
CTXT_ERR(res, c10, buf, plen10);
} else {
res = !memcmp(tag, t10, tlen10) ? OK : ERR;
if (res != OK)
TAG_ERR(res, t10, tag, tlen10);
}
/* validate (just) mac */
memcpy(buf, p10, plen10);
aes_gcm_mac(k10, klen10, n10, nlen10, a10, alen10, buf, plen10,
tag, sizeof(tag));
res = !memcmp(tag, t10, tlen10) ? OK : ERR;
if (res != OK)
TAG_ERR(res, t10, tag, tlen10);
/* validate decrypt */
memcpy(buf, c10, clen10);
res = aes_gcm_decrypt(k10, klen10, n10, nlen10, a10, alen10, buf, clen10,
t10, tlen10) ? OK : ERR;
if (res != OK) {
DBG("aes_gcm_decrypt returned error", NULL, 0);
} else {
res = !memcmp(p10, buf, plen10) ? OK : ERR;
if (res != OK) {
PTXT_ERR(res, p10, buf, plen10);
}
}
/* validate verify */
memcpy(buf, p10, plen10);
res = aes_gcm_verify(k10, klen10, n10, nlen10, a10, alen10, buf, plen10,
t10, tlen10) ? OK : ERR;
if (res != OK) {
DBG("aes_gcm_verify returned error", NULL, 0);
}
ENDT(10, res);
BEGINT(11);
/* validate encrypt */
memcpy(buf, p10, plen10) ;
aes_gcm_encrypt(k11, klen11, n10, nlen10, a10, alen10, buf, plen10,
tag, sizeof(tag));
res = !memcmp(c11, buf, plen10) ? OK : ERR;
if (res != OK) {
CTXT_ERR(res, c11, buf, plen10);
} else {
res = !memcmp(tag, t11, tlen11) ? OK : ERR;
if (res != OK)
TAG_ERR(res, t11, tag, tlen11);
}
/* validate (just) mac */
memcpy(buf, p10, plen10);
aes_gcm_mac(k11, klen11, n10, nlen10, a10, alen10, buf, plen10,
tag, sizeof(tag));
res = !memcmp(tag, t11, tlen11) ? OK : ERR;
if (res != OK)
TAG_ERR(res, t11, tag, tlen11);
/* validate decrypt */
memcpy(buf, c11, clen11);
res = aes_gcm_decrypt(k11, klen11, n10, nlen10, a10, alen10, buf, clen11,
t11, tlen11) ? OK : ERR;
if (res != OK) {
DBG("aes_gcm_decrypt returned error", NULL, 0);
} else {
res = !memcmp(p10, buf, plen10) ? OK : ERR;
if (res != OK) {
PTXT_ERR(res, p10, buf, plen10);
}
}
/* validate verify */
memcpy(buf, p10, plen10);
res = aes_gcm_verify(k11, klen11, n10, nlen10, a10, alen10, buf, plen10,
t11, tlen11) ? OK : ERR;
if (res != OK) {
DBG("aes_gcm_verify returned error", NULL, 0);
}
ENDT(11, res);
BEGINT(12);
/* validate encrypt */
memcpy(buf, p12, plen12) ;
aes_gcm_encrypt(k12, klen12, n12, nlen12, a12, alen12, buf, plen12,
tag, sizeof(tag));
res = !memcmp(c12, buf, plen12) ? OK : ERR;
if (res != OK) {
CTXT_ERR(res, c12, buf, plen12);
} else {
res = !memcmp(tag, t12, tlen12) ? OK : ERR;
if (res != OK)
TAG_ERR(res, t12, tag, tlen12);
}
/* validate (just) mac */
memcpy(buf, p12, plen12);
aes_gcm_mac(k12, klen12, n12, nlen12, a12, alen12, buf, plen12,
tag, sizeof(tag));
res = !memcmp(tag, t12, tlen12) ? OK : ERR;
if (res != OK)
TAG_ERR(res, t12, tag, tlen12);
/* validate decrypt */
memcpy(buf, c12, clen12);
res = aes_gcm_decrypt(k12, klen12, n12, nlen12, a12, alen12, buf, clen12,
t12, tlen12) ? OK : ERR;
if (res != OK) {
DBG("aes_gcm_decrypt returned error", NULL, 0);
} else {
res = !memcmp(p12, buf, plen12) ? OK : ERR;
if (res != OK) {
PTXT_ERR(res, p12, buf, plen12);
}
}
/* validate verify */
memcpy(buf, p12, plen12);
res = aes_gcm_verify(k12, klen12, n12, nlen12, a12, alen12, buf, plen12,
t12, tlen12) ? OK : ERR;
if (res != OK) {
DBG("aes_gcm_verify returned error", NULL, 0);
}
ENDT(12, res);
BEGINT(13);
/* validate encrypt */
memcpy(buf, p12, plen12) ;
aes_gcm_encrypt(k13, klen13, n12, nlen12, a12, alen12, buf, plen12,
tag, sizeof(tag));
res = !memcmp(c13, buf, plen12) ? OK : ERR;
if (res != OK) {
CTXT_ERR(res, c13, buf, plen12);
} else {
res = !memcmp(tag, t13, tlen13) ? OK : ERR;
if (res != OK)
TAG_ERR(res, t13, tag, tlen13);
}
/* validate (just) mac */
memcpy(buf, p12, plen12);
aes_gcm_mac(k13, klen13, n12, nlen12, a12, alen12, buf, plen12,
tag, sizeof(tag));
res = !memcmp(tag, t13, tlen13) ? OK : ERR;
if (res != OK)
TAG_ERR(res, t13, tag, tlen13);
/* validate decrypt */
memcpy(buf, c13, clen13);
res = aes_gcm_decrypt(k13, klen13, n12, nlen12, a12, alen12, buf, clen12,
t13, tlen13) ? OK : ERR;
if (res != OK) {
DBG("aes_gcm_decrypt returned error", NULL, 0);
} else {
res = !memcmp(p12, buf, plen12) ? OK : ERR;
if (res != OK) {
PTXT_ERR(res, p12, buf, plen12);
}
}
/* validate verify */
memcpy(buf, p12, plen12);
res = aes_gcm_verify(k13, klen13, n12, nlen12, a12, alen12, buf, plen12,
t13, tlen13) ? OK : ERR;
if (res != OK) {
DBG("aes_gcm_verify returned error", NULL, 0);
}
ENDT(13, res);
BEGINT(14);
/* validate encrypt */
memcpy(buf, p14, plen14) ;
aes_gcm_encrypt(k14, klen14, n14, nlen14, a14, alen14, buf, plen14,
tag, sizeof(tag));
res = !memcmp(c14, buf, plen14) ? OK : ERR;
if (res != OK) {
CTXT_ERR(res, c14, buf, plen14);
} else {
res = !memcmp(tag, t14, tlen14) ? OK : ERR;
if (res != OK)
TAG_ERR(res, t14, tag, tlen14);
}
/* validate (just) mac */
memcpy(buf, p14, plen14);
aes_gcm_mac(k14, klen14, n14, nlen14, a14, alen14, buf, plen14,
tag, sizeof(tag));
res = !memcmp(tag, t14, tlen14) ? OK : ERR;
if (res != OK)
TAG_ERR(res, t14, tag, tlen14);
/* validate decrypt */
memcpy(buf, c14, clen14);
res = aes_gcm_decrypt(k14, klen14, n14, nlen14, a14, alen14, buf, clen14,
t14, tlen14) ? OK : ERR;
if (res != OK) {
DBG("aes_gcm_decrypt returned error", NULL, 0);
} else {
res = !memcmp(p14, buf, plen14) ? OK : ERR;
if (res != OK) {
PTXT_ERR(res, p14, buf, plen14);
}
}
/* validate verify */
memcpy(buf, p14, plen14);
res = aes_gcm_verify(k14, klen14, n14, nlen14, a14, alen14, buf, plen14,
t14, tlen14) ? OK : ERR;
if (res != OK) {
DBG("aes_gcm_verify returned error", NULL, 0);
}
ENDT(14, res);
return 0;
}
/** @brief Process an encrypt packet.
*
* An encrypt packet consists of a uint32 J and an uninterpreted array
* of MESSAGE_SIZE bytes. To be well-formed,
* J must identify a channel in the CSS_OPEN state.
* [uint32 J][MESSAGE_SIZE bytes of uninterpreted data]
*
* On success, the response is simply
* [CR_CIPHERTEXT][SESSION_BUFFER_SIZE bytes of uninterpreted data]
*
* @param ctx Non-null. The chat context.
* @param pkt Non-null. The incoming login packet. On success, this
* pointer re-used to format the outgoing reply message.
* @return 0 on success.
*/
int chat_process_encrypt(chat_context_t *ctx, ffs_packet_t *pkt, uint32_t *pos) {
int err = 0;
uint32_t channel = 0;
err = uint32_deserialize(pkt->data, FFS_DATA_SIZE, pos, &channel);
if (err) goto cleanup;
if (channel >= SESSIONS_SIZE) {
err = -1;
goto cleanup;
}
if (CSS_OPEN != ctx->sessions[channel].state)
{
err = -1;
goto cleanup;
}
/* Format our response. */
clean_session_buffer(ctx);
uint32_t out_pos = 0;
{
/* [SHA256_OUTPUT_LEN nonce] */
uint8_t nonce[SHA256_OUTPUT_LEN];
for (int i = 0; i < SHA256_OUTPUT_LEN; i += AES_BLOCK_SIZE)
prng_output(&ctx->prng, &nonce[i]);
sha256_hash(nonce, SHA256_OUTPUT_LEN, nonce);
msel_memcpy(&ctx->session_buffer[out_pos], nonce, SHA256_OUTPUT_LEN);
out_pos += SHA256_OUTPUT_LEN;
msel_memset(nonce, 0, SHA256_OUTPUT_LEN);
}
{
/* [CR_CIPHERTEXT] */
err = ChatResponse_serialize(ctx->session_buffer, SESSION_BUFFER_SIZE, &out_pos, CR_CIPHERTEXT);
if (err) goto cleanup;
}
{
/* [MESSAGE_SIZE The message] */
msel_memcpy(&ctx->session_buffer[out_pos], &pkt->data[*pos], MESSAGE_SIZE);
out_pos += MESSAGE_SIZE;
}
{
/* Encrypt seek string */
aes_gcm_ctx_t gcm;
msel_memset(&gcm, 0, sizeof(gcm));
aes_gcm_setkey(&gcm, AES_GCM_128, ctx->sessions[channel].send_key, ctx->sessions[channel].send_iv, SHA256_OUTPUT_LEN);
aes_gcm_aad(&gcm, NULL, 0);
aes_gcm_encrypt(&gcm, ctx->session_buffer, SESSION_BUFFER_SIZE, ctx->session_buffer);
msel_memset(&gcm, 0, sizeof(gcm));
}
{
/* Format the packet */
uint32_t length = 0;
msel_memset(pkt->data, 0, FFS_DATA_SIZE);
/* [CR_CIPHERTEXT] */
err = ChatResponse_serialize(pkt->data, FFS_DATA_SIZE, &length, CR_CIPHERTEXT);
if (err) goto cleanup;
/* SESSION_BUFFER_SIZE bytes of uninterpreted data */
msel_memcpy(&pkt->data[length], ctx->session_buffer, SESSION_BUFFER_SIZE);
length += SESSION_BUFFER_SIZE;
}
/* Advance the key and IV */
sha256_hash(ctx->sessions[channel].send_key, SHA256_OUTPUT_LEN, ctx->sessions[channel].send_key);
sha256_hash(ctx->sessions[channel].send_iv, SHA256_OUTPUT_LEN, ctx->sessions[channel].send_iv);
/* Send the response */
while (msel_svc(MSEL_SVC_SESSION_SEND, pkt) != MSEL_OK)
msel_svc(MSEL_SVC_YIELD, NULL);
cleanup:
return err;
}
/** @brief Process a get-exchange packet.
*
* A get-exchange packet consists of a uint32 J. To be well-formed,
* J must identify a channel in the CSS_LISTENING or CSS_OPEN state.
* [uint32 J]
*
* On success, the response is simply
* [CR_EXCHANGE][SESSION_BUFFER_SIZE bytes of uninterpreted data]
*
* @param ctx Non-null. The chat context.
* @param pkt Non-null. The incoming login packet. On success, this
* pointer re-used to format the outgoing reply message.
* @return 0 on success.
*/
int chat_process_getexchange(chat_context_t *ctx, ffs_packet_t *pkt, uint32_t *pos) {
int err = 0;
uint32_t channel = 0;
err = uint32_deserialize(pkt->data, FFS_DATA_SIZE, pos, &channel);
if (err) goto cleanup;
if (channel >= SESSIONS_SIZE) {
err = -1;
goto cleanup;
}
if ((CSS_LISTENING != ctx->sessions[channel].state) &&
(CSS_OPEN != ctx->sessions[channel].state))
{
err = -1;
goto cleanup;
}
/* Format our response. */
clean_session_buffer(ctx);
uint32_t out_pos = 0;
{
/* [SHA256_OUTPUT_LEN nonce] */
uint8_t nonce[SHA256_OUTPUT_LEN];
for (int i = 0; i < SHA256_OUTPUT_LEN; i += AES_BLOCK_SIZE)
prng_output(&ctx->prng, &nonce[i]);
sha256_hash(nonce, SHA256_OUTPUT_LEN, nonce);
msel_memcpy(&ctx->session_buffer[out_pos], nonce, SHA256_OUTPUT_LEN);
out_pos += SHA256_OUTPUT_LEN;
msel_memset(nonce, 0, SHA256_OUTPUT_LEN);
}
{
/* [CR_EXCHANGE] */
err = ChatResponse_serialize(ctx->session_buffer, SESSION_BUFFER_SIZE, &out_pos, CR_EXCHANGE);
if (err) goto cleanup;
}
{
/* [SHA256_OUTPUT_LEN The pubkey hash] */
msel_memcpy(&ctx->session_buffer[out_pos], ctx->sessions[channel].local_key_pub_hash, SHA256_OUTPUT_LEN);
out_pos += SHA256_OUTPUT_LEN;
}
{
/* [ECC_POINT_LEN The pubkey itself] */
msel_memcpy(&ctx->session_buffer[out_pos], ctx->sessions[channel].local_key_pub, ECC_POINT_LEN);
out_pos += ECC_POINT_LEN;
}
{
/* TODO: ECDSA signature of the pubkey hash */
}
{
/* TODO: hmac */
}
{
/* Encrypt exchange string */
aes_gcm_ctx_t gcm;
msel_memset(&gcm, 0, sizeof(gcm));
aes_gcm_setkey(&gcm, AES_GCM_128, ctx->sessions[channel].xchg_key, ctx->sessions[channel].xchg_iv, SHA256_OUTPUT_LEN);
aes_gcm_aad(&gcm, NULL, 0);
aes_gcm_encrypt(&gcm, ctx->session_buffer, SESSION_BUFFER_SIZE, ctx->session_buffer);
msel_memset(&gcm, 0, sizeof(gcm));
}
{
/* Format the packet */
uint32_t length = 0;
msel_memset(pkt->data, 0, FFS_DATA_SIZE);
/* [CR_EXCHANGE] */
err = ChatResponse_serialize(pkt->data, FFS_DATA_SIZE, &length, CR_EXCHANGE);
if (err) goto cleanup;
/* SESSION_BUFFER_SIZE bytes of uninterpreted data */
msel_memcpy(&pkt->data[length], ctx->session_buffer, SESSION_BUFFER_SIZE);
length += SESSION_BUFFER_SIZE;
}
/* Send the response */
while (msel_svc(MSEL_SVC_SESSION_SEND, pkt) != MSEL_OK)
msel_svc(MSEL_SVC_YIELD, NULL);
cleanup:
return err;
}
bool KekStorage::store(string alias, Key *key, Token *tok){
if(exist(alias, KeyName::getName(key))) {
printf("Failed to store :: key[%s] already exists for %s\n",
KeyName::getName(key), alias.c_str());
return false;
}
shared_ptr<SqlRecord> rec(new SqlRecord());
shared_ptr<SerializedItem> sItem;
if(key->type == KeyType::PUB) {
// don't encrypt the key
sItem = key->serialize();
rec->push(shared_ptr<SqlString>(
new SqlString(KEK_COL_ALIAS, alias)));
rec->push(shared_ptr<SqlString>(
new SqlString(KEK_COL_KEK_NAME, KeyName::getName(key))));
rec->push(shared_ptr<SqlInteger>(
new SqlInteger(KEK_COL_KEK_TYPE, KeyType::PUB)));
rec->push(shared_ptr<SqlInteger>(
new SqlInteger(KEK_COL_ENCRYPTED_BY, CryptAlg::PLAIN)));
rec->push(shared_ptr<SqlString>(
new SqlString(KEK_COL_EKEK, (string )sItem->getItem())));
} else {
if(tok->len > 32) {
printf("Token length cannot be more than 32 bytes [%d]\n", tok->len);
return false;
}
SymKey *symKey = new SymKey(32);
memcpy(symKey->getData(), tok->getData(), tok->len);
EncKey *eKey = aes_gcm_encrypt((Item *)key, symKey);
if(eKey == NULL) {
printf("Encryption failed!\n");
delete symKey;
return false;
}
sItem = eKey->serialize();
rec->push(shared_ptr<SqlString>(
new SqlString(KEK_COL_ALIAS, alias)));
rec->push(shared_ptr<SqlString>(
new SqlString(KEK_COL_KEK_NAME, KeyName::getName(key))));
rec->push(shared_ptr<SqlInteger>(
new SqlInteger(KEK_COL_KEK_TYPE, key->type)));
rec->push(shared_ptr<SqlInteger>(
new SqlInteger(KEK_COL_ENCRYPTED_BY, CryptAlg::AES)));
rec->push(shared_ptr<SqlString>(
new SqlString(KEK_COL_EKEK, (string )sItem->getItem())));
rec->push(shared_ptr<SqlString>(
new SqlString(KEK_COL_AUTH_TAG, (string )sItem->getAuthTag())));
delete eKey;
delete symKey;
}
sItem->dump("KekStorage::store - serializedItem");
bool rc = mSqlHelper->insertRec(mDb, KEK_TBL_NAME, rec);
return rc;
}
