Crypto refactoring

.gitignore

@@ -1,4 +1,5 @@
 build/*
 .vscode/*
+.cache/*
 .*/*\!.github
 CMakeUserPresets.json

CMakeLists.txt

@@ -52,6 +52,8 @@ set(CMAKE_CXX_STANDARD 17)
 set(VERSION_CMAKE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/cmake)
 set(CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/cmake)
 
+set(WITH_TEST_TOOLS ${WITH_TEST})
+
 if(WITH_TEST)
     find_package(GTest REQUIRED)
 

src/core/cm/storagestate/itf/sender.hpp

@@ -7,7 +7,6 @@
 #ifndef AOS_CORE_CM_STORAGESTATE_ITF_SENDER_HPP_
 #define AOS_CORE_CM_STORAGESTATE_ITF_SENDER_HPP_
 
-#include <core/common/crypto/crypto.hpp>
 #include <core/common/types/common.hpp>
 
 namespace aos::cm::storagestate {

src/core/cm/storagestate/itf/storage.hpp

@@ -7,7 +7,7 @@
 #ifndef AOS_CORE_CM_STORAGESTATE_ITF_STORAGE_HPP_
 #define AOS_CORE_CM_STORAGESTATE_ITF_STORAGE_HPP_
 
-#include <core/common/crypto/crypto.hpp>
+#include <core/common/crypto/itf/hash.hpp>
 
 namespace aos::cm::storagestate {
 

src/core/cm/storagestate/itf/storagestate.hpp

@@ -7,8 +7,6 @@
 #ifndef AOS_CORE_CM_STORAGESTATE_ITF_STORAGESTATE_HPP_
 #define AOS_CORE_CM_STORAGESTATE_ITF_STORAGESTATE_HPP_
 
-#include <core/common/crypto/crypto.hpp>
-
 namespace aos::cm::storagestate {
 
 /** @addtogroup cm Communication Manager

src/core/cm/storagestate/storagestate.cpp

@@ -45,16 +45,16 @@ Error ToRelativePath(const String& base, const String& full, String& result)
  **********************************************************************************************************************/
 
 Error StorageState::Init(const Config& config, StorageItf& storage, SenderItf& sender, fs::FSPlatformItf& fsPlatform,
-    fs::FSWatcherItf& fsWatcher, crypto::CryptoProviderItf& cryptoProvider)
+    fs::FSWatcherItf& fsWatcher, crypto::HasherItf& hasher)
 {
     LOG_INF() << "Initialize storage state";
 
-    mConfig         = config;
-    mStorage        = &storage;
-    mMessageSender  = &sender;
-    mFSPlatform     = &fsPlatform;
-    mFSWatcher      = &fsWatcher;
-    mCryptoProvider = &cryptoProvider;
+    mConfig        = config;
+    mStorage       = &storage;
+    mMessageSender = &sender;
+    mFSPlatform    = &fsPlatform;
+    mFSWatcher     = &fsWatcher;
+    mHasher        = &hasher;
 
     if (auto err = fs::MakeDirAll(mConfig.mStateDir); !err.IsNone()) {
         return AOS_ERROR_WRAP(err);
@@ -660,7 +660,7 @@ StaticString<cFilePathLen> StorageState::GetStoragePath(const InstanceIdent& ins
 
 Error StorageState::CalculateChecksum(const String& data, String& checksum)
 {
-    auto [hasher, err] = mCryptoProvider->CreateHash(cHashAlgorithm);
+    auto [hasher, err] = mHasher->CreateHash(cHashAlgorithm);
     if (!err.IsNone()) {
         return AOS_ERROR_WRAP(err);
     }

src/core/cm/storagestate/storagestate.hpp

@@ -7,7 +7,7 @@
 #ifndef AOS_CORE_CM_STORAGESTATE_STORAGESTATE_HPP_
 #define AOS_CORE_CM_STORAGESTATE_STORAGESTATE_HPP_
 
-#include <core/common/crypto/crypto.hpp>
+#include <core/common/crypto/itf/hash.hpp>
 #include <core/common/tools/fs.hpp>
 #include <core/common/tools/memory.hpp>
 #include <core/common/tools/thread.hpp>
@@ -41,7 +41,7 @@ class StorageState : public StateItf, public StorageStateItf, private fs::FSEven
      * @return Error.
      */
     Error Init(const Config& config, StorageItf& storage, SenderItf& sender, fs::FSPlatformItf& fsPlatform,
-        fs::FSWatcherItf& fsWatcher, crypto::CryptoProviderItf& cryptoProvider);
+        fs::FSWatcherItf& fsWatcher, crypto::HasherItf& hasher);
 
     /**
      * Starts storage state instance.
@@ -200,7 +200,7 @@ class StorageState : public StateItf, public StorageStateItf, private fs::FSEven
     SenderItf*                                                              mMessageSender                  = {};
     fs::FSPlatformItf*                                                      mFSPlatform                     = {};
     fs::FSWatcherItf*                                                       mFSWatcher                      = {};
-    crypto::CryptoProviderItf*                                              mCryptoProvider                 = {};
+    crypto::HasherItf*                                                      mHasher                         = {};
     bool                                                                    mStateAndStorageOnSamePartition = {};
     StaticArray<State, cMaxNumInstances>                                    mStates;
 };

src/core/cm/storagestate/storagestate.md

@@ -15,7 +15,7 @@ It requires the following interfaces:
 * [aos::cm::storagestate::StorageItf](itf/storage.hpp) - manages metadata about storage/state partitions;
 * [aos::fs::FSPlatformItf](../../common/tools/fs.hpp) - handle filesystem operations;
 * [aos::fs::FSWatcherItf](../../common/tools/fs.hpp) - subscribes to file change events.
-* [aos::crypto::CryptoProviderItf](../../common/crypto/crypto.hpp) - computes state file checksum;
+* [aos::crypto::HasherItf](../../common/crypto/itf/hasher.hpp) - computes state file checksum;
 
 ```mermaid
 classDiagram

src/core/common/CMakeLists.txt

@@ -64,7 +64,7 @@ add_subdirectory(tools)
 add_subdirectory(types)
 add_subdirectory(version)
 
-if(WITH_TEST)
+if(WITH_TEST_TOOLS)
     add_subdirectory(tests)
 endif()
 

src/core/common/crypto/CMakeLists.txt

@@ -71,7 +71,7 @@ endif()
 # Sources
 # ######################################################################################################################
 
-set(SOURCES crypto.cpp cryptohelper.cpp cryptoutils.cpp)
+set(SOURCES asn1.cpp cryptohelper.cpp certloader.cpp)
 
 if(WITH_MBEDTLS)
     list(APPEND SOURCES mbedtls/cryptoprovider.cpp mbedtls/driverwrapper.cpp)
@@ -85,7 +85,19 @@ endif()
 # Headers
 # ######################################################################################################################
 
-set(HEADERS crypto.hpp cryptoprovider.hpp cryptoutils.hpp)
+set(HEADERS
+    certloader.hpp
+    cryptoprovider.hpp
+    cryptohelper.hpp
+    itf/rand.hpp
+    itf/asn1.hpp
+    itf/certloader.hpp
+    itf/crypto.hpp
+    itf/cryptohelper.hpp
+    itf/hash.hpp
+    itf/privkey.hpp
+    itf/x509.hpp
+)
 
 if(WITH_MBEDTLS)
     list(APPEND HEADERS mbedtls/cryptoprovider.hpp mbedtls/driverwrapper.hpp)

src/core/common/crypto/crypto.cpp → src/core/common/crypto/asn1.cpp

@@ -4,7 +4,7 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-#include "crypto.hpp"
+#include "itf/asn1.hpp"
 
 namespace aos::crypto::asn1 {
 

src/core/common/crypto/cryptoutils.cpp → src/core/common/crypto/certloader.cpp

@@ -8,7 +8,7 @@
 #include <core/common/tools/fs.hpp>
 #include <core/common/tools/logger.hpp>
 
-#include "cryptoutils.hpp"
+#include "certloader.hpp"
 
 namespace aos::crypto {
 
@@ -24,7 +24,7 @@ constexpr auto cSchemeMaxLength = Max(sizeof(cSchemeFile), sizeof(cSchemePKCS11)
  * CertLoader
  **********************************************************************************************************************/
 
-Error CertLoader::Init(crypto::x509::ProviderItf& cryptoProvider, pkcs11::PKCS11Manager& pkcs11Manager)
+Error CertLoader::Init(x509::ProviderItf& cryptoProvider, pkcs11::PKCS11Manager& pkcs11Manager)
 {
     LOG_DBG() << "Init cert loader";
 
@@ -34,7 +34,7 @@ Error CertLoader::Init(crypto::x509::ProviderItf& cryptoProvider, pkcs11::PKCS11
     return ErrorEnum::eNone;
 }
 
-RetWithError<SharedPtr<crypto::x509::CertificateChain>> CertLoader::LoadCertsChainByURL(const String& url)
+RetWithError<SharedPtr<x509::CertificateChain>> CertLoader::LoadCertsChainByURL(const String& url)
 {
     LOG_DBG() << "Load certs chain by URL: url=" << url;
 
@@ -79,7 +79,7 @@ RetWithError<SharedPtr<crypto::x509::CertificateChain>> CertLoader::LoadCertsCha
     return {nullptr, ErrorEnum::eInvalidArgument};
 }
 
-RetWithError<SharedPtr<crypto::PrivateKeyItf>> CertLoader::LoadPrivKeyByURL(const String& url)
+RetWithError<SharedPtr<PrivateKeyItf>> CertLoader::LoadPrivKeyByURL(const String& url)
 {
     LOG_DBG() << "Load private key by URL: url=" << url;
 
@@ -186,7 +186,7 @@ RetWithError<pkcs11::SlotID> CertLoader::FindToken(const pkcs11::LibraryContext&
     return {0, ErrorEnum::eNotFound};
 }
 
-RetWithError<SharedPtr<crypto::x509::CertificateChain>> CertLoader::LoadCertsFromFile(const String& fileName)
+RetWithError<SharedPtr<x509::CertificateChain>> CertLoader::LoadCertsFromFile(const String& fileName)
 {
     LOG_DBG() << "Load certs chain from file: fileName=" << fileName;
 
@@ -197,18 +197,18 @@ RetWithError<SharedPtr<crypto::x509::CertificateChain>> CertLoader::LoadCertsFro
         return {nullptr, err};
     }
 
-    auto certificates = MakeShared<crypto::x509::CertificateChain>(&mAllocator);
+    auto certificates = MakeShared<x509::CertificateChain>(&mAllocator);
 
     err = mCryptoProvider->PEMToX509Certs(*buff, *certificates);
 
     return {certificates, err};
 }
 
-RetWithError<SharedPtr<crypto::PrivateKeyItf>> CertLoader::LoadPrivKeyFromFile(const String& fileName)
+RetWithError<SharedPtr<PrivateKeyItf>> CertLoader::LoadPrivKeyFromFile(const String& fileName)
 {
     LOG_DBG() << "Load private key from file: fileName=" << fileName;
 
-    auto buff = MakeUnique<StaticString<crypto::cPrivKeyPEMLen>>(&mAllocator);
+    auto buff = MakeUnique<StaticString<cPrivKeyPEMLen>>(&mAllocator);
 
     auto err = fs::ReadFileToString(fileName, *buff);
     if (!err.IsNone()) {

src/core/common/crypto/certloader.hpp

@@ -0,0 +1,76 @@
+/*
+ * Copyright (C) 2023 Renesas Electronics Corporation.
+ * Copyright (C) 2023 EPAM Systems, Inc.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#ifndef AOS_CORE_COMMON_CRYPTO_CRYPTOUTILS_HPP_
+#define AOS_CORE_COMMON_CRYPTO_CRYPTOUTILS_HPP_
+
+#include <core/common/pkcs11/pkcs11.hpp>
+#include <core/common/pkcs11/privatekey.hpp>
+
+#include "itf/certloader.hpp"
+#include "itf/crypto.hpp"
+
+namespace aos::crypto {
+
+/**
+ * Loads certificates and keys by URL.
+ */
+class CertLoader : public CertLoaderItf {
+public:
+    /**
+     * Initializes object instance.
+     *
+     * @param cryptoProvider crypto provider interface.
+     * @param pkcs11Manager PKCS11 library manager.
+     * @return Error.
+     */
+    Error Init(x509::ProviderItf& cryptoProvider, pkcs11::PKCS11Manager& pkcs11Manager);
+
+    /**
+     * Loads certificate chain by URL.
+     *
+     * @param url input url.
+     * @return RetWithError<SharedPtr<x509::CertificateChain>>.
+     */
+    RetWithError<SharedPtr<x509::CertificateChain>> LoadCertsChainByURL(const String& url) override;
+
+    /**
+     * Loads private key by URL.
+     *
+     * @param url input url.
+     * @return RetWithError<SharedPtr<PrivateKeyItf>>.
+     */
+    RetWithError<SharedPtr<PrivateKeyItf>> LoadPrivKeyByURL(const String& url) override;
+
+private:
+    using PEMCertChainBlob = StaticString<cCertPEMLen * cCertChainSize>;
+
+    static constexpr auto cCertAllocatorSize
+        = cCertChainsCount * cCertChainSize * sizeof(x509::Certificate) + sizeof(PEMCertChainBlob);
+    static constexpr auto cKeyAllocatorSize
+        = AOS_CONFIG_CRYPTO_PRIV_KEYS_COUNT * pkcs11::cPrivateKeyMaxSize + sizeof(cPrivKeyPEMLen);
+    static constexpr auto cNumAllocation = AOS_CONFIG_CRYPTO_NUM_ALLOCATIONS;
+
+    static constexpr auto cDefaultPKCS11Library = AOS_CONFIG_CRYPTO_DEFAULT_PKCS11_LIB;
+
+    RetWithError<SharedPtr<pkcs11::SessionContext>> OpenSession(
+        const String& libraryPath, const String& token, const String& userPIN);
+    RetWithError<pkcs11::SlotID> FindToken(const pkcs11::LibraryContext& library, const String& token);
+
+    RetWithError<SharedPtr<x509::CertificateChain>> LoadCertsFromFile(const String& fileName);
+    RetWithError<SharedPtr<PrivateKeyItf>>          LoadPrivKeyFromFile(const String& fileName);
+
+    x509::ProviderItf*     mCryptoProvider = nullptr;
+    pkcs11::PKCS11Manager* mPKCS11         = nullptr;
+
+    StaticAllocator<cCertAllocatorSize + cKeyAllocatorSize + pkcs11::Utils::cLocalObjectsMaxSize, cNumAllocation>
+        mAllocator;
+};
+
+} // namespace aos::crypto
+
+#endif