Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Add security API

Open-webOS-DCO-1.0-Signed-off-by: Janne Kiiski <janne.kiiski@palm.com>
Open-webOS-DCO-1.0-Signed-off-by: Keith Derrick <keith.derrick@lge.com>

Conflicts:

	include/public/nyx/common/nyx_device.h
	include/public/nyx/module/nyx_device_internal.h
	src/core/nyx_core_impl.c

Change-Id: Id58df1b81b320f60becaaba1463ba5ee633094c5
  • Loading branch information...
commit 813cf0a5438f2f4ddc084563a1c69b525a79b63d 1 parent fa5dfde
Janne Kiiski authored kdopen committed
View
240 include/public/nyx/client/nyx_security.h
@@ -0,0 +1,240 @@
+/* @@@LICENSE
+*
+* Copyright (c) 2013 Hewlett-Packard Development Company, L.P.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*
+* LICENSE@@@ */
+
+/**
+ * @file nyx_security.h
+ *
+ */
+
+/**
+ * @brief Nyx's public API for accessing security module
+ *
+ */
+
+#ifndef _NYX_SECURITY_H_
+#define _NYX_SECURITY_H_
+
+#include <nyx/common/nyx_device.h>
+#include <nyx/common/nyx_security_common.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @defgroup nyx_security_public Security
+ * @ingroup nyx_public
+ * @{
+ */
+
+/**
+ * @defgroup nyx_security_aes AES
+ * @ingroup nyx_security_public
+ * @{
+ */
+
+/**
+ * @brief Create AES key
+ *
+ * @param[in] handle - handle to the device
+ * @param[in] keylen - key length in bits (128, 256, ...)
+ * @param[in,out] key_index - index to key
+ * in: -1: device assign new index, >=0 overwrite existing index)
+ * out: device assigned index
+ *
+ * @return error code
+ * - NYX_ERROR_NONE if operation is successful
+ */
+NYX_API_EXPORT nyx_error_t
+nyx_security_create_aes_key(nyx_device_handle_t handle, int keylen, int *key_index);
+
+/**
+ * @brief Encrypt/decrypt data
+ *
+ * Encryption is required to generate IV and return it at front of dest buffer.
+ * Decryption requires that IV is at front of src buffer.
+ * Destination buffer size need to have space for encrypted data + IV + block size of used cipher.
+ *
+ * @param[in] handle - handle to the device
+ * @param[in] encrypt - encrypt != 0, decrypt = 0
+ * @param[in] key_index - index to key
+ * @param[in] mode - block cipher mode
+ * @param[in] src - buffer to crypt
+ * @param[in] srclen - length of src buffer (includes IV in decrypt)
+ * @param[in] dest - crypted data
+ * @param[out] destlen - length of crypted data (includes IV in encrypt)
+ * @param[in,out] ivlen - length of IV
+ *
+ * @return error code
+ * - NYX_ERROR_NONE if operation is successful
+ */
+NYX_API_EXPORT nyx_error_t
+nyx_security_crypt_aes(nyx_device_handle_t handle, int key_index, nyx_security_aes_block_mode_t mode, int encrypt, const char *src, int srclen, char *dest, int *destlen, int *ivlen);
+
+/** @} */
+
+/**
+ * @defgroup nyx_security_rsa RSA
+ * @ingroup nyx_security_public
+ * @{
+ */
+
+/**
+ * @brief Create RSA key
+ *
+ * @param[in] handle - handle to the device
+ * @param[in] keylen - length of RSA key (1024, 2048, 4096, ...)
+ * @param[in,out] key_index - index to key
+ * in: -1: device assign new index, >=0 overwrite existing index)
+ * out: device assigned index
+ *
+ * @return error code
+ * - NYX_ERROR_NONE if operation is successful
+ */
+NYX_API_EXPORT nyx_error_t
+nyx_security_create_rsa_key(nyx_device_handle_t handle, int keylen, int *key_index);
+
+/**
+ * @brief Encrypt/decrypt data
+ *
+ * @param[in] handle - handle to the device
+ * @param[in] encrypt - encrypt != 0, decrypt = 0
+ * @param[in] key_index - index to key
+ * @param[in] src - buffer to crypt
+ * @param[in] srclen - length of src buffer
+ * @param[in] dest - crypted data
+ * @param[out] destlen - length of crypted data
+ *
+ * @return error code
+ * - NYX_ERROR_NONE if operation is successful
+ */
+NYX_API_EXPORT nyx_error_t
+nyx_security_crypt_rsa(nyx_device_handle_t handle, int key_index, int encrypt, const char *src, int srclen, char *dest, int *destlen);
+
+/** @} */
+
+/**
+ * @defgroup nyx_security_hash Hash
+ * @ingroup nyx_security_public
+ * @{
+ */
+
+/**
+ * @brief Calculate hash from given buffer to memory
+ *
+ * @param[in] handle - handle to the device
+ * @param[in] hash_algo - hash algorithm type (as in openssl/obj_mac.h)
+ *
+ * @return error code
+ * - NYX_ERROR_NONE if operation is successful
+ */
+NYX_API_EXPORT nyx_error_t
+nyx_security_init_hash(nyx_device_handle_t handle, const char *hash_algo);
+
+/**
+ * @brief Update hash calculation
+ *
+ * @param[in] handle - handle to the device
+ * @param[in] src - buffer for hash calculation
+ * @param[in] srclen - src buffer length
+ *
+ * @return error code
+ * - NYX_ERROR_NONE if operation is successful
+ */
+NYX_API_EXPORT nyx_error_t
+nyx_security_update_hash(nyx_device_handle_t handle, const char *src, int srclen);
+
+/**
+ * @brief Finalize hash calculation and write result to memory
+ *
+ * @param[in] handle - handle to the device
+ * @param[out] dest - calculated hash as base64 encoded (NULL terminated) string
+ *
+ * @return error code
+ * - NYX_ERROR_NONE if operation is successful
+ */
+NYX_API_EXPORT nyx_error_t
+nyx_security_finalize_hash(nyx_device_handle_t handle, char *dest);
+
+/**
+ * @brief Finalize hash calculation and write result to device
+ *
+ * @param[in] handle - handle to the device
+ * @param[in,out] index - in,out: hash->index (-1: device assign new index, >=0: overwrite existing index)
+ *
+ * @return error code
+ * - NYX_ERROR_NONE if operation is successful
+ */
+NYX_API_EXPORT nyx_error_t
+nyx_security_finalize_and_save_hash(nyx_device_handle_t handle, int *index);
+
+/**
+ * @brief Load hash from device
+ *
+ * @param[in] handle - handle to the device
+ * @param[in] hash_algo - hash algorithm type (as in openssl/obj_mac.h)
+ * @param[in] index - index in device
+ * @param[out] dest - hash from device as base64 encoded string
+ *
+ * @return error code
+ * - NYX_ERROR_NONE if operation is successful
+ */
+NYX_API_EXPORT nyx_error_t
+nyx_security_load_hash(nyx_device_handle_t handle, const char *hash_algo, int index, char *dest);
+
+/** @} */
+
+/**
+ * @defgroup nyx_security_certificate Certificate
+ * @ingroup nyx_security_public
+ * @{
+ */
+
+/**
+ * @brief Set certificate
+ *
+ * @param[in] handle - handle to the device
+ * @param[in,out] index - certificate index (-1: device assign new index, >=0 assign to index)
+ * @param[in] x509 - certificate in X.509 format
+ *
+ * @return error code
+ * - NYX_ERROR_NONE if operation is successful
+ */
+NYX_API_EXPORT nyx_error_t
+nyx_security_save_certificate(nyx_device_handle_t handle, int *index, const char *x509);
+
+/**
+ * @brief Get certificate
+ *
+ * @param[in] handle - handle to the device
+ * @param[in] index - certificate index
+ * @param[out] x509 - certificate in X.509 format, malloc by device
+ *
+ * @return error code
+ * - NYX_ERROR_NONE if operation is successful
+ */
+NYX_API_EXPORT nyx_error_t
+nyx_security_load_certificate(nyx_device_handle_t handle, int index, char **x509);
+
+/** @} */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _NYX_SECURITY_H_ */
View
5 include/public/nyx/common/nyx_device.h
@@ -56,8 +56,8 @@ typedef enum {
NYX_DEVICE_BATTERY = NYX_DEVICE_FIRST_VALID,
NYX_DEVICE_BLUETOOTH_INPUT_DETECT,
NYX_DEVICE_CHARGER,
- NYX_DEVICE_DEVICE_INFO,
- NYX_DEVICE_DISPLAY,
+ NYX_DEVICE_DEVICE_INFO,
+ NYX_DEVICE_DISPLAY,
NYX_DEVICE_FIRMWARE_UPDATE,
NYX_DEVICE_GENERIC,
NYX_DEVICE_HAPTICS,
@@ -83,6 +83,7 @@ typedef enum {
NYX_DEVICE_MEDIA_CAMERA,
NYX_DEVICE_MASS_STORAGE_MODE,
NYX_DEVICE_OS_INFO,
+ NYX_DEVICE_SECURITY,
NYX_DEVICE_TYPE_COUNT, /* should always be the last, used primarly in testing
for iterating over all known devices */
} nyx_device_type_t;
View
59 include/public/nyx/common/nyx_security_common.h
@@ -0,0 +1,59 @@
+/* @@@LICENSE
+*
+* Copyright (c) 2013 Hewlett-Packard Development Company, L.P.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*
+* LICENSE@@@ */
+
+/**
+ * @file nyx_security_common.h
+ *
+ */
+
+
+#ifndef _NYX_SECURITY_COMMON_H_
+#define _NYX_SECURITY_COMMON_H_
+
+#include <stdbool.h>
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+* @defgroup nyx_security_public Security
+* @ingroup nyx_public
+* @brief Nyx's public security API.
+* @{
+*/
+
+/**
+ * @brief AES cipher block modes
+ */
+typedef enum {
+ NYX_SECURITY_AES_ECB,
+ NYX_SECURITY_AES_CBC,
+ NYX_SECURITY_AES_OFB,
+ NYX_SECURITY_AES_CFB,
+ NYX_SECURITY_AES_CTR
+} nyx_security_aes_block_mode_t;
+
+/** @} */
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _NYX_security_COMMON_H_ */
+
View
23 include/public/nyx/module/nyx_device_internal.h
@@ -111,6 +111,18 @@ typedef enum {
NYX_MASS_STORAGE_MODE_REGISTER_CHANGE_CALLBACK_MODULE_METHOD,
/* OS info module function*/
NYX_OS_INFO_QUERY_MODULE_METHOD,
+ /* security module functions */
+ NYX_SECURITY_CREATE_AES_KEY_MODULE_METHOD,
+ NYX_SECURITY_CRYPT_AES_MODULE_METHOD,
+ NYX_SECURITY_CREATE_RSA_KEY_MODULE_METHOD,
+ NYX_SECURITY_CRYPT_RSA_MODULE_METHOD,
+ NYX_SECURITY_INIT_HASH_MODULE_METHOD,
+ NYX_SECURITY_UPDATE_HASH_MODULE_METHOD,
+ NYX_SECURITY_FINALIZE_HASH_MODULE_METHOD,
+ NYX_SECURITY_FINALIZE_AND_SAVE_HASH_MODULE_METHOD,
+ NYX_SECURITY_LOAD_HASH_MODULE_METHOD,
+ NYX_SECURITY_SAVE_CERTIFICATE_MODULE_METHOD,
+ NYX_SECURITY_LOAD_CERTIFICATE_MODULE_METHOD,
} module_method_t;
typedef void* nyx_instance_t;
@@ -207,6 +219,17 @@ typedef nyx_error_t (*nyx_mass_storage_mode_get_state_function_t)(nyx_device_t *
typedef nyx_error_t (*nyx_mass_storage_mode_register_change_callback_function_t)(nyx_device_t *, nyx_device_callback_function_t, void *);
typedef nyx_error_t (*nyx_os_info_query_function_t)(nyx_device_t *, nyx_os_info_query_t type, const char ** val);
+typedef nyx_error_t (*nyx_security_create_aes_key_function_t)(nyx_device_handle_t handle, int keylen, int *key_index);
+typedef nyx_error_t (*nyx_security_crypt_aes_function_t)(nyx_device_handle_t handle, int key_index, nyx_security_aes_block_mode_t mode, int encrypt, const char *src, int srclen, char *dest, int *destlen, int *ivlen);
+typedef nyx_error_t (*nyx_security_create_rsa_key_function_t)(nyx_device_handle_t handle, int keylen, int *key_index);
+typedef nyx_error_t (*nyx_security_crypt_rsa_function_t)(nyx_device_handle_t handle, int key_index, int encrypt, const char *src, int srclen, char *dest, int *destlen);
+typedef nyx_error_t (*nyx_security_init_hash_function_t)(nyx_device_handle_t handle, const char *hash_algo);
+typedef nyx_error_t (*nyx_security_update_hash_function_t)(nyx_device_handle_t handle, const char *src, int srclen);
+typedef nyx_error_t (*nyx_security_finalize_hash_function_t)(nyx_device_handle_t handle, char *dest);
+typedef nyx_error_t (*nyx_security_finalize_and_save_hash_function_t)(nyx_device_handle_t handle, int *index);
+typedef nyx_error_t (*nyx_security_load_hash_function_t)(nyx_device_handle_t handle, const char *hash_algo, int index, char *dest);
+typedef nyx_error_t (*nyx_security_save_certificate_function_t)(nyx_device_handle_t handle, int *index, const char *x509);
+typedef nyx_error_t (*nyx_security_load_certificate_function_t)(nyx_device_handle_t handle, int index, char **x509);
#ifdef __cplusplus
}
View
2  include/public/nyx/nyx_client.h
@@ -67,4 +67,6 @@
#include <nyx/client/nyx_sensor_rotation.h>
#include <nyx/client/nyx_sensor_shake.h>
+#include <nyx/client/nyx_security.h>
+
#endif /* _NYX_CLIENT_H_ */
View
1  include/public/nyx/nyx_module.h
@@ -59,6 +59,7 @@
#include <nyx/common/nyx_system_common.h>
#include <nyx/common/nyx_mass_storage_mode_common.h>
#include <nyx/common/nyx_touchpanel_common.h>
+#include <nyx/common/nyx_security_common.h>
#include <nyx/module/nyx_log.h>
#include <nyx/module/nyx_device_internal.h>
View
1  src/core/nyx_core_impl.c
@@ -66,6 +66,7 @@ static const typeStringPair_t mapTypeToString[] =
{NYX_DEVICE_MEDIA_CAMERA, "Camera"},
{NYX_DEVICE_MASS_STORAGE_MODE, "MassStorageMode"},
{NYX_DEVICE_OS_INFO, "OSInfo"},
+ {NYX_DEVICE_SECURITY, "Security"},
};
const char* nyx_core_device_type_to_string(nyx_device_type_t type)
View
82 src/device/nyx_security_impl.c
@@ -0,0 +1,82 @@
+/* @@@LICENSE
+*
+* Copyright (c) 2013 Hewlett-Packard Development Company, L.P.
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*
+* LICENSE@@@ */
+
+/********************************************************************************
+ * @file nyx_security_impl.c
+ *
+ * @brief This is the nyx security lib implementation
+ ********************************************************************************/
+
+#include "nyx_device_impl.h"
+#include <nyx/module/nyx_device_internal.h>
+#include <nyx/client/nyx_security.h>
+
+nyx_error_t nyx_security_create_aes_key(nyx_device_handle_t handle, int keylen, int *key_index)
+{
+ nyx_execute_return_function(security_create_aes_key, SECURITY, CREATE_AES_KEY, handle, keylen, key_index);
+}
+
+nyx_error_t nyx_security_crypt_aes(nyx_device_handle_t handle, int key_index, nyx_security_aes_block_mode_t mode, int encrypt, const char *src, int srclen, char *dest, int *destlen, int *ivlen)
+{
+ nyx_execute_return_function(security_crypt_aes, SECURITY, CRYPT_AES, handle, key_index, mode, encrypt, src, srclen, dest, destlen, ivlen);
+}
+
+nyx_error_t nyx_security_create_rsa_key(nyx_device_handle_t handle, int keylen, int *key_index)
+{
+ nyx_execute_return_function(security_create_rsa_key, SECURITY, CREATE_RSA_KEY, handle, keylen, key_index);
+}
+
+nyx_error_t nyx_security_crypt_rsa(nyx_device_handle_t handle, int key_index, int encrypt, const char *src, int srclen, char *dest, int *destlen)
+{
+ nyx_execute_return_function(security_crypt_rsa, SECURITY, CRYPT_RSA, handle, key_index, encrypt, src, srclen, dest, destlen);
+}
+
+nyx_error_t nyx_security_init_hash(nyx_device_handle_t handle, const char *hash_algo)
+{
+ nyx_execute_return_function(security_init_hash, SECURITY, INIT_HASH, handle, hash_algo);
+}
+
+nyx_error_t nyx_security_update_hash(nyx_device_handle_t handle, const char *src, int srclen)
+{
+ nyx_execute_return_function(security_update_hash, SECURITY, UPDATE_HASH, handle, src, srclen);
+}
+
+nyx_error_t nyx_security_finalize_hash(nyx_device_handle_t handle, char *dest)
+{
+ nyx_execute_return_function(security_finalize_hash, SECURITY, FINALIZE_HASH, handle, dest);
+}
+
+nyx_error_t nyx_security_finalize_and_save_hash(nyx_device_handle_t handle, int *index)
+{
+ nyx_execute_return_function(security_finalize_and_save_hash, SECURITY, FINALIZE_AND_SAVE_HASH, handle, index);
+}
+
+nyx_error_t nyx_security_load_hash(nyx_device_handle_t handle, const char *hash_algo, int index, char *dest)
+{
+ nyx_execute_return_function(security_load_hash, SECURITY, LOAD_HASH, handle, hash_algo, index, dest);
+}
+
+nyx_error_t nyx_security_save_certificate(nyx_device_handle_t handle, int *index, const char *x509)
+{
+ nyx_execute_return_function(security_save_certificate, SECURITY, SAVE_CERTIFICATE, handle, index, x509);
+}
+
+nyx_error_t nyx_security_load_certificate(nyx_device_handle_t handle, int index, char **x509)
+{
+ nyx_execute_return_function(security_load_certificate, SECURITY, LOAD_CERTIFICATE, handle, index, x509);
+}
Please sign in to comment.
Something went wrong with that request. Please try again.