AlexaClientSDK  1.26.0
A cross-platform, modular SDK for interacting with the Alexa Voice Service
PKCS11KeyStore.h
Go to the documentation of this file.
1 /*
2  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License").
5  * You may not use this file except in compliance with the License.
6  * A copy of the License is located at
7  *
8  * http://aws.amazon.com/apache2.0/
9  *
10  * or in the "license" file accompanying this file. This file is distributed
11  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
12  * express or implied. See the License for the specific language governing
13  * permissions and limitations under the License.
14  */
15 
16 #ifndef ACSDKPKCS11_PRIVATE_PKCS11KEYSTORE_H_
17 #define ACSDKPKCS11_PRIVATE_PKCS11KEYSTORE_H_
18 
19 #include <memory>
20 #include <unordered_map>
21 
22 #include <acsdkCryptoInterfaces/KeyStoreInterface.h>
23 #include <acsdkPkcs11/private/PKCS11Functions.h>
24 #include <acsdkPkcs11/private/PKCS11Key.h>
25 #include <acsdkPkcs11/private/PKCS11KeyDescriptor.h>
26 #include <acsdkPkcs11/private/PKCS11Session.h>
27 #include <acsdkPkcs11/private/PKCS11Slot.h>
28 #include <AVSCommon/Utils/Metrics/MetricRecorderInterface.h>
29 
30 namespace alexaClientSDK {
31 namespace acsdkPkcs11 {
32 
33 using alexaClientSDK::acsdkCryptoInterfaces::AlgorithmType;
34 using alexaClientSDK::acsdkCryptoInterfaces::KeyStoreInterface;
35 using alexaClientSDK::avsCommon::utils::metrics::MetricRecorderInterface;
36 
45 class PKCS11KeyStore : public KeyStoreInterface {
46 public:
54  static std::shared_ptr<KeyStoreInterface> create(
55  const std::shared_ptr<MetricRecorderInterface>& metricRecorder = nullptr) noexcept;
56 
59  ~PKCS11KeyStore() noexcept override;
60  bool encrypt(
61  const std::string& keyAlias,
62  AlgorithmType type,
63  const IV& iv,
64  const DataBlock& plaintext,
65  KeyChecksum& checksum,
66  DataBlock& ciphertext) noexcept override;
67  bool encryptAE(
68  const std::string& keyAlias,
69  AlgorithmType type,
70  const IV& iv,
71  const DataBlock& aad,
72  const DataBlock& plaintext,
73  KeyChecksum& checksum,
74  DataBlock& ciphertext,
75  Tag& tag) noexcept override;
76  bool decrypt(
77  const std::string& keyAlias,
78  AlgorithmType type,
79  const KeyChecksum& checksum,
80  const IV& iv,
81  const DataBlock& ciphertext,
82  DataBlock& plaintext) noexcept override;
83  bool decryptAD(
84  const std::string& keyAlias,
85  AlgorithmType type,
86  const KeyChecksum& checksum,
87  const IV& iv,
88  const DataBlock& aad,
89  const DataBlock& ciphertext,
90  const Tag& tag,
91  DataBlock& plaintext) noexcept override;
92  bool getDefaultKeyAlias(std::string& keyAlias) noexcept override;
94 
95 private:
97  PKCS11KeyStore(const std::shared_ptr<MetricRecorderInterface>& metricRecorder) noexcept;
98 
100  bool init() noexcept;
101 
109  std::shared_ptr<PKCS11Key> loadKey(const std::string& objectLabel, AlgorithmType type) noexcept;
110 
123  std::shared_ptr<PKCS11Key> loadKeyLocked(PKCS11KeyDescriptor&& descriptor) noexcept;
124 
136  void submitMetric(const std::string& activity, const std::string& eventName, uint64_t count, bool failure) noexcept;
137 
139  std::shared_ptr<MetricRecorderInterface> m_metricRecorder;
140 
142  std::shared_ptr<PKCS11Functions> m_functions;
143 
145  std::shared_ptr<PKCS11Session> m_session;
146 
148  std::mutex m_keysMutex;
149 
151  std::unordered_map<PKCS11KeyDescriptor, std::shared_ptr<PKCS11Key>> m_keys;
152 
154  std::string m_defaultKeyAlias;
155 };
156 
157 } // namespace acsdkPkcs11
158 } // namespace alexaClientSDK
159 
160 #endif // ACSDKPKCS11_PRIVATE_PKCS11KEYSTORE_H_
alexaClientSDK::acsdkPkcs11::PKCS11KeyStore::create
static std::shared_ptr< KeyStoreInterface > create(const std::shared_ptr< MetricRecorderInterface > &metricRecorder=nullptr) noexcept
Creates key store.
Definition: PKCS11KeyStore.cpp:69
PKCS11Slot.h
alexaClientSDK::acsdkCryptoInterfaces::KeyStoreInterface::KeyChecksum
std::vector< unsigned char > KeyChecksum
Data type for key checksum.
Definition: KeyStoreInterface.h:56
alexaClientSDK::acsdkPkcs11::PKCS11KeyStore::getDefaultKeyAlias
bool getDefaultKeyAlias(std::string &keyAlias) noexcept override
Returns default key alias.
Definition: PKCS11KeyStore.cpp:277
alexaClientSDK::acsdkCryptoInterfaces::KeyStoreInterface::IV
std::vector< unsigned char > IV
Data type for initialization vector data.
Definition: KeyStoreInterface.h:53
PKCS11Functions.h
alexaClientSDK::acsdkPkcs11::PKCS11KeyStore::decryptAD
bool decryptAD(const std::string &keyAlias, AlgorithmType type, const KeyChecksum &checksum, const IV &iv, const DataBlock &aad, const DataBlock &ciphertext, const Tag &tag, DataBlock &plaintext) noexcept override
Decrypts data block using authenticated decryption algorithm.
Definition: PKCS11KeyStore.cpp:214
alexaClientSDK::acsdkCryptoInterfaces::KeyStoreInterface
Key Store Interface.
Definition: KeyStoreInterface.h:47
KeyStoreInterface.h
MetricRecorderInterface.h
alexaClientSDK::acsdkPkcs11::PKCS11KeyDescriptor
Class to identify key object in HSM.
Definition: PKCS11KeyDescriptor.h:36
PKCS11Key.h
alexaClientSDK::acsdkCryptoInterfaces::KeyStoreInterface::DataBlock
std::vector< unsigned char > DataBlock
Data type for data block (encrypted or unencrypted).
Definition: KeyStoreInterface.h:50
alexaClientSDK::acsdkCryptoInterfaces::KeyStoreInterface::Tag
std::vector< unsigned char > Tag
Data type for tag. Tag (known as Message Authentication Code) is used with AEAD mode of operation lik...
Definition: KeyStoreInterface.h:60
alexaClientSDK::acsdkPkcs11::PKCS11KeyStore
Key store implementation for PKCS11.
Definition: PKCS11KeyStore.h:45
alexaClientSDK
Whether or not curl logs should be emitted.
Definition: AVSConnectionManager.h:36
PKCS11KeyDescriptor.h
alexaClientSDK::acsdkPkcs11::PKCS11KeyStore::encryptAE
bool encryptAE(const std::string &keyAlias, AlgorithmType type, const IV &iv, const DataBlock &aad, const DataBlock &plaintext, KeyChecksum &checksum, DataBlock &ciphertext, Tag &tag) noexcept override
Encrypts data block using authenticated encryption algorithm.
Definition: PKCS11KeyStore.cpp:166
alexaClientSDK::acsdkPkcs11::PKCS11KeyStore::encrypt
bool encrypt(const std::string &keyAlias, AlgorithmType type, const IV &iv, const DataBlock &plaintext, KeyChecksum &checksum, DataBlock &ciphertext) noexcept override
Encrypts data block.
Definition: PKCS11KeyStore.cpp:153
PKCS11Session.h
alexaClientSDK::avsCommon::utils::metrics::MetricRecorderInterface
Definition: MetricRecorderInterface.h:28
alexaClientSDK::acsdkPkcs11::PKCS11KeyStore::~PKCS11KeyStore
~PKCS11KeyStore() noexcept override
Definition: PKCS11KeyStore.cpp:126
alexaClientSDK::acsdkPkcs11::PKCS11KeyStore::decrypt
bool decrypt(const std::string &keyAlias, AlgorithmType type, const KeyChecksum &checksum, const IV &iv, const DataBlock &ciphertext, DataBlock &plaintext) noexcept override
Decrypts data block.
Definition: PKCS11KeyStore.cpp:202
alexaClientSDK::acsdkCryptoInterfaces::AlgorithmType
AlgorithmType
Enumeration of all supported encryption protocols.
Definition: AlgorithmType.h:31

AlexaClientSDK 1.26.0 - Copyright 2016-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. Licensed under the Apache License, Version 2.0