Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
f9985fc
commit 88748bd
Showing
13 changed files
with
138 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -63,6 +63,17 @@ namespace { | |
return 0; | ||
} | ||
|
||
const UCHAR CRYPT_RELEASE = LCK_SR; | ||
const UCHAR CRYPT_NORMAL = LCK_PR; | ||
const UCHAR CRYPT_CHANGE = LCK_PW; | ||
const UCHAR CRYPT_INIT = LCK_EX; | ||
|
||
const int MAX_PLUGIN_NAME_LEN = 31; | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
AlexPeshkoff
Author
Member
|
||
} | ||
|
||
|
||
namespace Jrd { | ||
|
||
class Header | ||
{ | ||
protected: | ||
|
@@ -88,7 +99,7 @@ namespace { | |
|
||
// This routine is getting clumplets from header page but is not ready to handle continuation | ||
// Fortunately, modern pages of size 4k and bigger can fit everything on one page. | ||
void getClumplets(ClumpletWriter& writer) | ||
void getClumplets(ClumpletWriter& writer) const | ||
{ | ||
writer.reset(header->hdr_data, header->hdr_end - HDR_SIZE); | ||
} | ||
|
@@ -224,17 +235,6 @@ namespace { | |
AutoPtr<UCHAR, ArrayDelete<UCHAR> > buffer; | ||
}; | ||
|
||
const UCHAR CRYPT_RELEASE = LCK_SR; | ||
const UCHAR CRYPT_NORMAL = LCK_PR; | ||
const UCHAR CRYPT_CHANGE = LCK_PW; | ||
const UCHAR CRYPT_INIT = LCK_EX; | ||
|
||
const int MAX_PLUGIN_NAME_LEN = 31; | ||
} | ||
|
||
|
||
namespace Jrd { | ||
|
||
CryptoManager::CryptoManager(thread_db* tdbb) | ||
: PermanentStorage(*tdbb->getDatabase()->dbb_permanent), | ||
sync(this), | ||
|
@@ -344,6 +344,9 @@ namespace Jrd { | |
(Arg::Gds(isc_bad_crypt_key) << keyName).raise(); | ||
} | ||
} | ||
|
||
if (flags & CRYPT_HDR_INIT) | ||
checkDigitalSignature(hdr); | ||
} | ||
|
||
void CryptoManager::loadPlugin(const char* pluginName) | ||
|
@@ -526,6 +529,8 @@ namespace Jrd { | |
header->hdr_crypt_page = 1; | ||
header->hdr_flags |= Ods::hdr_crypt_process; | ||
process = true; | ||
|
||
digitalySignDatabase(hdr); | ||
} | ||
catch (const Exception&) | ||
{ | ||
|
@@ -865,6 +870,8 @@ namespace Jrd { | |
hdr.setClumplets(hc); | ||
} | ||
} | ||
|
||
digitalySignDatabase(hdr); | ||
} | ||
|
||
bool CryptoManager::read(thread_db* tdbb, FbStatusVector* sv, Ods::pag* page, IOCallback* io) | ||
|
@@ -1172,4 +1179,93 @@ namespace Jrd { | |
st.check(); | ||
} | ||
|
||
void CryptoManager::addClumplet(string& signature, ClumpletReader& block, UCHAR tag) | ||
{ | ||
if (block.find(tag)) | ||
{ | ||
string tmp; | ||
block.getString(tmp); | ||
signature += ' '; | ||
signature += tmp; | ||
} | ||
} | ||
|
||
void CryptoManager::calcDigitalSignature(string& signature, const Header& hdr) | ||
{ | ||
/* | ||
We use the following items to calculate digital signature (hash of encrypted string) | ||
for database: | ||
hdr_flags & (hdr_crypt_process | hdr_encrypted) | ||
hdr_crypt_page | ||
hdr_crypt_plugin | ||
HDR_crypt_key | ||
HDR_crypt_hash | ||
*/ | ||
|
||
signature.printf("%d %d %d %s", | ||
hdr->hdr_flags & Ods::hdr_crypt_process ? 1 : 0, | ||
hdr->hdr_flags & Ods::hdr_encrypted ? 1 : 0, | ||
hdr->hdr_crypt_page, | ||
hdr->hdr_crypt_plugin); | ||
|
||
ClumpletWriter hc(ClumpletWriter::UnTagged, hdr->hdr_page_size); | ||
hdr.getClumplets(hc); | ||
|
||
addClumplet(signature, hc, Ods::HDR_crypt_key); | ||
addClumplet(signature, hc, Ods::HDR_crypt_hash); | ||
|
||
const unsigned QUANTUM = 16; | ||
signature += string(QUANTUM - 1, '$'); | ||
unsigned len = signature.length(); | ||
len &= ~(QUANTUM - 1); | ||
|
||
loadPlugin(hdr->hdr_crypt_plugin); | ||
|
||
string enc; | ||
FbLocalStatus sv; | ||
cryptPlugin->encrypt(&sv, len, signature.c_str(), enc.getBuffer(len)); | ||
if (sv->getState() & IStatus::STATE_ERRORS) | ||
Arg::StatusVector(&sv).raise(); | ||
|
||
Sha1::hashBased64(signature, enc); | ||
} | ||
|
||
|
||
void CryptoManager::digitalySignDatabase(CchHdr& hdr) | ||
{ | ||
ClumpletWriter hc(ClumpletWriter::UnTagged, hdr->hdr_page_size); | ||
hdr.getClumplets(hc); | ||
|
||
bool wf = hc.find(Ods::HDR_crypt_checksum); | ||
hc.deleteWithTag(Ods::HDR_crypt_checksum); | ||
|
||
if (hdr->hdr_flags & (Ods::hdr_crypt_process | Ods::hdr_encrypted)) | ||
{ | ||
wf = true; | ||
string signature; | ||
calcDigitalSignature(signature, hdr); | ||
hc.insertString(Ods::HDR_crypt_checksum, signature); | ||
} | ||
|
||
if (wf) | ||
hdr.setClumplets(hc); | ||
} | ||
|
||
void CryptoManager::checkDigitalSignature(const Header& hdr) | ||
{ | ||
if (hdr->hdr_flags & (Ods::hdr_crypt_process | Ods::hdr_encrypted)) | ||
{ | ||
ClumpletWriter hc(ClumpletWriter::UnTagged, hdr->hdr_page_size); | ||
hdr.getClumplets(hc); | ||
if (!hc.find(Ods::HDR_crypt_checksum)) | ||
Arg::Gds(isc_crypt_checksum).raise(); | ||
|
||
string sig1, sig2; | ||
hc.getString(sig1); | ||
calcDigitalSignature(sig2, hdr); | ||
if (sig1 != sig2) | ||
Arg::Gds(isc_crypt_checksum).raise(); | ||
} | ||
} | ||
|
||
} // namespace Jrd |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Why did we have this additional constant apparently related to others about metadata length?