This repository has been archived by the owner on Oct 15, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
object_store_impl.h
136 lines (108 loc) · 4.84 KB
/
object_store_impl.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
// Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef P11NET_OBJECT_STORE_IMPL_H_
#define P11NET_OBJECT_STORE_IMPL_H_
#include "object_store.h"
#include <map>
#include <memory>
#include <string>
#include <boost/filesystem/path.hpp>
#include <base/macros.h>
#include <brillo/secure_blob.h>
#include <leveldb/db.h>
#include <leveldb/env.h>
namespace p11net {
// An ObjectStore implementation based on SQLite.
class ObjectStoreImpl : public ObjectStore {
public:
ObjectStoreImpl();
virtual ~ObjectStoreImpl();
// Initializes the object store with the given database path. The magic file
// name ":memory:" will cause the store to create a memory-only database which
// is suitable for testing.
bool Init(const boost::filesystem::path& database_path);
// ObjectStore methods.
virtual bool GetInternalBlob(int blob_id, std::string* blob);
virtual bool SetInternalBlob(int blob_id, const std::string& blob);
virtual bool SetEncryptionKey(const brillo::SecureBlob& key);
virtual bool InsertObjectBlob(const ObjectBlob& blob, int* handle);
virtual bool DeleteObjectBlob(int handle);
virtual bool DeleteAllObjectBlobs();
virtual bool UpdateObjectBlob(int handle, const ObjectBlob& blob);
virtual bool LoadPublicObjectBlobs(std::map<int, ObjectBlob>* blobs);
virtual bool LoadPrivateObjectBlobs(std::map<int, ObjectBlob>* blobs);
private:
enum BlobType {
kInternal,
kPrivate,
kPublic
};
// Loads all object of a given type.
bool LoadObjectBlobs(BlobType type, std::map<int, ObjectBlob>* blobs);
// Encrypts an object blob with a random IV and appends an HMAC.
bool Encrypt(const ObjectBlob& plain_text,
ObjectBlob* cipher_text);
// Verifies and decrypts an object blob.
bool Decrypt(const ObjectBlob& cipher_text,
ObjectBlob* plain_text);
// Computes an HMAC and appends it to the given input.
std::string AppendHMAC(const std::string& input,
const brillo::SecureBlob& key);
// Verifies an appended HMAC and strips it from the given input.
bool VerifyAndStripHMAC(const std::string& input,
const brillo::SecureBlob& key,
std::string* stripped);
// Creates and returns a unique database key for a blob.
std::string CreateBlobKey(BlobType type, int blob_id);
// Given a valid blob key (as created by CreateBlobKey), determines whether
// the blob is internal, public, or private and the blob id. Returns true on
// success.
bool ParseBlobKey(const std::string& key, BlobType* type, int* blob_id);
// Computes and returns the next (unused) blob id;
bool GetNextID(int* next_id);
// Reads a blob from the database. Returns true on success.
bool ReadBlob(const std::string& key, std::string* value);
// Reads an integer from the database. Returns true on success.
bool ReadInt(const std::string& key, int* value);
// Writes a blob to the database. Returns true on success.
bool WriteBlob(const std::string& key, const std::string& value);
// Writes an integer to the database. Returns true on success.
bool WriteInt(const std::string& key, int value);
// Returns the blob type for the specified blob. If 'blob_id' is unknown,
// kInternal is returned.
BlobType GetBlobType(int blob_id);
// These strings are used to construct database keys for blobs. In general the
// format of a blob database key is: <prefix><separator><id>.
static const char kInternalBlobKeyPrefix[];
static const char kPublicBlobKeyPrefix[];
static const char kPrivateBlobKeyPrefix[];
static const char kBlobKeySeparator[];
// The key for the database version. The existence of this value indicates the
// database is not new.
static const char kDatabaseVersionKey[];
// The database key for the ID tracker, which always holds a value larger than
// any object blob ID in use.
static const char kIDTrackerKey[];
static const int kAESKeySizeBytes;
static const int kHMACSizeBytes;
// The leveldb directory.
static const char kDatabaseDirectory[];
// A directory in which to backup a corrupted database before recreating.
static const char kCorruptDatabaseDirectory[];
// An obfuscation key used for public objects.
static const char kObfuscationKey[];
// The current blob format version.
static const int kBlobVersion;
brillo::SecureBlob key_;
std::unique_ptr<leveldb::Env> env_;
std::unique_ptr<leveldb::DB> db_;
std::map<int, BlobType> blob_type_map_;
// friend class TestObjectStoreEncryption;
// FRIEND_TEST(TestObjectStoreEncryption, EncryptionInit);
// FRIEND_TEST(TestObjectStoreEncryption, Encryption);
// FRIEND_TEST(TestObjectStoreEncryption, CBCMode);
DISALLOW_COPY_AND_ASSIGN(ObjectStoreImpl);
};
} // namespace p11net
#endif // P11NET_OBJECT_STORE_IMPL_H_