Skip to content

Commit

Permalink
Merge remote-tracking branch 'upstream/xc-apkam_symmetric_key' into j…
Browse files Browse the repository at this point in the history 
…t/reconnection
  • Loading branch information
@JeremyTubongbanua
JeremyTubongbanua committed Oct 18, 2024
2 parents 7d2e488 + 8c846c6 commit 6e50e1d
Show file tree
Hide file tree
Showing 4 changed files with 300 additions and 32 deletions.
18 changes: 16 additions & 2 deletions packages/atclient/include/atclient/atkeys.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,13 +14,15 @@
#define ATCLIENT_ATKEYS_ENCRYPT_PRIVATE_KEY_INDEX 0
#define ATCLIENT_ATKEYS_SELF_ENCRYPTION_KEY_INDEX 0
#define ATCLIENT_ATKEYS_ENROLLMENT_ID_INDEX 0
#define ATCLIENT_ATKEYS_APKAM_SYMMETRIC_KEY_INDEX 0

#define ATCLIENT_ATKEYS_PKAM_PUBLIC_KEY_INITIALIZED (VALUE_INITIALIZED << 0)
#define ATCLIENT_ATKEYS_PKAM_PRIVATE_KEY_INITIALIZED (VALUE_INITIALIZED << 1)
#define ATCLIENT_ATKEYS_ENCRYPT_PUBLIC_KEY_INITIALIZED (VALUE_INITIALIZED << 2)
#define ATCLIENT_ATKEYS_ENCRYPT_PRIVATE_KEY_INITIALIZED (VALUE_INITIALIZED << 3)
#define ATCLIENT_ATKEYS_SELF_ENCRYPTION_KEY_INITIALIZED (VALUE_INITIALIZED << 4)
#define ATCLIENT_ATKEYS_ENROLLMENT_ID_INITIALIZED (VALUE_INITIALIZED << 5)
#define ATCLIENT_ATKEYS_APKAM_SYMMETRIC_KEY_INITIALIZED (VALUE_INITIALIZED << 6)

/**
* @brief represents the atkeys file
Expand Down Expand Up @@ -48,6 +50,7 @@ typedef struct atclient_atkeys {

char *self_encryption_key_base64; // base64 encoded, AES-256 key, decrypted

char *apkam_symmetric_key_base64;
char *enrollment_id;

uint8_t _initialized_fields[1]; // used to track which fields have been initialized
Expand Down Expand Up @@ -82,7 +85,11 @@ int atclient_atkeys_set_encrypt_private_key_base64(atclient_atkeys *atkeys, cons
int atclient_atkeys_set_self_encryption_key_base64(atclient_atkeys *atkeys, const char *selfencryptionkeybase64,
const size_t selfencryptionkeybase64len);

int atclient_atkeys_set_enrollment_id(atclient_atkeys *atkeys, const char *enrollment_id, const size_t enrollment_id_len);
int atclient_atkeys_set_apkam_symmetric_key_base64(atclient_atkeys *atkeys, const char *apkamsymmetrickeybase64,
const size_t apkamsymmetrickeybase64len);

int atclient_atkeys_set_enrollment_id(atclient_atkeys *atkeys, const char *enrollment_id,
const size_t enrollment_id_len);

int atclient_atkeys_populate_pkam_public_key(atclient_atkeys *atkeys, const char *pkam_public_key_base64,
const size_t pkampublickeybase64len);
Expand All @@ -101,6 +108,7 @@ bool atclient_atkeys_is_pkam_private_key_base64_initialized(atclient_atkeys *atk
bool atclient_atkeys_is_encrypt_public_key_base64_initialized(atclient_atkeys *atkeys);
bool atclient_atkeys_is_encrypt_private_key_base64_initialized(atclient_atkeys *atkeys);
bool atclient_atkeys_is_self_encryption_key_base64_initialized(atclient_atkeys *atkeys);
bool atclient_atkeys_is_apkam_symmetric_key_base64_initialized(atclient_atkeys *atkeys);
bool atclient_atkeys_is_enrollment_id_initialized(atclient_atkeys *atkeys);

/**
Expand All @@ -122,6 +130,10 @@ bool atclient_atkeys_is_enrollment_id_initialized(atclient_atkeys *atkeys);
* @param aes_encrypt_private_key_len the length of the aes_encrypt_private_key_str buffer
* @param self_encryption_key_str the (decrypted) AES-256 selfencryptionkey in base64 format
* @param self_encryption_key_len the length of the self_encryption_key_str buffer
* @param apkam_symmetric_key_str the (decrypted) AES-256 apkamsymmetrickey in base64 format, if this is an apkam key
* @param apkam_symmetric_key_str_len the length of the apkam_symmetric_key_str buffer, if this is an apkam key
* @param enrollment_id_str the enrollment id, if this is an apkam key
* @param enrollment_id_str_length the length of enrollment_id_str, if this is an apkam key
* @return int 0 on success, non-zero on failure
*/
int atclient_atkeys_populate_from_strings(atclient_atkeys *atkeys, const char *aes_pkam_public_key_str,
Expand All @@ -130,7 +142,9 @@ int atclient_atkeys_populate_from_strings(atclient_atkeys *atkeys, const char *a
const size_t aes_encrypt_public_key_len,
const char *aes_encrypt_private_key_str,
const size_t aes_encrypt_private_key_len, const char *self_encryption_key_str,
const size_t self_encryption_key_len, const char *enrollment_id_str, const size_t enrollment_id_str_len);
const size_t self_encryption_key_str_len, const char *apkam_symmetric_key_str,
const size_t apkam_symmetric_key_str_len, const char *enrollment_id_str,
const size_t enrollment_id_str_len);

/**
* @brief populates the struct by decrypting the encrypted RSA keys found in a populated atclient_atkeys_file struct
Expand Down
39 changes: 33 additions & 6 deletions packages/atclient/include/atclient/atkeys_file.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,15 +13,26 @@
#define ATCLIENT_ATKEYS_FILE_AES_ENCRYPT_PRIVATE_KEY_STR_INDEX 0
#define ATCLIENT_ATKEYS_FILE_SELF_ENCRYPTION_KEY_STR_INDEX 0
#define ATCLIENT_ATKEYS_FILE_ENROLLMENT_ID_STR_INDEX 0
#define ATCLIENT_ATKEYS_FILE_APKAM_SYMMETRIC_KEY_STR_INDEX 0

#define ATCLIENT_ATKEYS_FILE_AES_PKAM_PUBLIC_KEY_STR_INITIALIZED (VALUE_INITIALIZED << 0)
#define ATCLIENT_ATKEYS_FILE_AES_PKAM_PRIVATE_KEY_STR_INITIALIZED (VALUE_INITIALIZED << 1)
#define ATCLIENT_ATKEYS_FILE_AES_ENCRYPT_PUBLIC_KEY_STR_INITIALIZED (VALUE_INITIALIZED << 2)
#define ATCLIENT_ATKEYS_FILE_AES_ENCRYPT_PRIVATE_KEY_STR_INITIALIZED (VALUE_INITIALIZED << 3)
#define ATCLIENT_ATKEYS_FILE_SELF_ENCRYPTION_KEY_STR_INITIALIZED (VALUE_INITIALIZED << 4)
#define ATCLIENT_ATKEYS_FILE_ENROLLMENT_ID_STR_INITIALIZED (VALUE_INITIALIZED << 5)
#define ATCLIENT_ATKEYS_FILE_APKAM_SYMMETRIC_KEY_STR_INITIALIZED (VALUE_INITIALIZED << 6)

#define ATCLIENT_ATKEYS_FILE_APKAM_PUBLIC_KEY_JSON_KEY "aesPkamPublicKey"
#define ATCLIENT_ATKEYS_FILE_APKAM_PRIVATE_KEY_JSON_KEY "aesPkamPrivateKey"
#define ATCLIENT_ATKEYS_FILE_DEFAULT_ENCRYPTION_PUBLIC_KEY_JSON_KEY "aesEncryptPublicKey"
#define ATCLIENT_ATKEYS_FILE_DEFAULT_ENCRYPTION_PRIVATE_KEY_JSON_KEY "aesEncryptPrivateKey"
#define ATCLIENT_ATKEYS_FILE_DEFAULT_SELF_ENCRYPTION_KEY_JSON_KEY "selfEncryptionKey"
#define ATCLIENT_ATKEYS_FILE_APKAM_SYMMETRIC_KEY_JSON_KEY "apkamSymmetricKey"
#define ATCLIENT_ATKEYS_FILE_APKAM_ENROLLMENT_ID_JSON_KEY "enrollmentId"

typedef struct atclient_atkeys_file {
// note: `aes_` prefix means the field is encrypted with aes, not that the type of key is aes
char *aes_pkam_public_key_str; // encrypted with self encryption key. AES decryption with self encryption key will
// reveal base64-encoded RSA key
char *aes_pkam_private_key_str; // encrypted with self encryption key. AES decryption with self encryption key will
Expand All @@ -32,6 +43,7 @@ typedef struct atclient_atkeys_file {
// reveal base64-encoded RSA key
char *self_encryption_key_str; // base64-encoded non-encrypted self encryption key. base64 decoding will reveal
// 32-byte AES key
char *apkam_symmetric_key_str;
char *enrollment_id_str;
uint8_t _initialized_fields[1];
} atclient_atkeys_file;
Expand Down Expand Up @@ -75,13 +87,28 @@ bool atclient_atkeys_file_is_aes_pkam_private_key_str_initialized(atclient_atkey
bool atclient_atkeys_file_is_aes_encrypt_public_key_str_initialized(atclient_atkeys_file *atkeys_file);
bool atclient_atkeys_file_is_aes_encrypt_private_key_str_initialized(atclient_atkeys_file *atkeys_file);
bool atclient_atkeys_file_is_self_encryption_key_str_initialized(atclient_atkeys_file *atkeys_file);
bool atclient_atkeys_file_is_apkam_symmetric_key_str_initialized(atclient_atkeys_file *atkeys_file);
bool atclient_atkeys_file_is_enrollment_id_str_initialized(atclient_atkeys_file *atkeys_file);

int atclient_atkeys_file_set_aes_pkam_public_key_str(atclient_atkeys_file *atkeys_file, const char *aes_pkam_public_key_str, const size_t aes_pkam_public_key_str_len);
int atclient_atkeys_file_set_aes_pkam_private_key_str(atclient_atkeys_file *atkeys_file, const char *aes_pkam_private_key_str, const size_t aes_pkam_private_key_str_len);
int atclient_atkeys_file_set_aes_encrypt_public_key_str(atclient_atkeys_file *atkeys_file, const char *aes_encrypt_public_key_str, const size_t aes_encrypt_public_key_str_len);
int atclient_atkeys_file_set_aes_encrypt_private_key_str(atclient_atkeys_file *atkeys_file, const char *aes_encrypt_private_key_str, const size_t aes_encrypt_private_key_str_len);
int atclient_atkeys_file_set_self_encryption_key_str(atclient_atkeys_file *atkeys_file, const char *self_encryption_key_str, const size_t self_encryption_key_str_len);
int atclient_atkeys_file_set_enrollment_id_str(atclient_atkeys_file *atkeys_file, const char *enrollment_id_str, const size_t enrollment_id_str_len);
int atclient_atkeys_file_set_aes_pkam_public_key_str(atclient_atkeys_file *atkeys_file,
const char *aes_pkam_public_key_str,
const size_t aes_pkam_public_key_str_len);
int atclient_atkeys_file_set_aes_pkam_private_key_str(atclient_atkeys_file *atkeys_file,
const char *aes_pkam_private_key_str,
const size_t aes_pkam_private_key_str_len);
int atclient_atkeys_file_set_aes_encrypt_public_key_str(atclient_atkeys_file *atkeys_file,
const char *aes_encrypt_public_key_str,
const size_t aes_encrypt_public_key_str_len);
int atclient_atkeys_file_set_aes_encrypt_private_key_str(atclient_atkeys_file *atkeys_file,
const char *aes_encrypt_private_key_str,
const size_t aes_encrypt_private_key_str_len);
int atclient_atkeys_file_set_self_encryption_key_str(atclient_atkeys_file *atkeys_file,
const char *self_encryption_key_str,
const size_t self_encryption_key_str_len);
int atclient_atkeys_file_set_apkam_symmetric_key_str(atclient_atkeys_file *atkeys_file,
const char *apkam_symmetric_key_str,
const size_t apkam_symmetric_key_str_len);
int atclient_atkeys_file_set_enrollment_id_str(atclient_atkeys_file *atkeys_file, const char *enrollment_id_str,
const size_t enrollment_id_str_len);

#endif
Loading

0 comments on commit 6e50e1d

Please sign in to comment.