Sailfish Secrets
API DocumentationEncryptionPlugin Class
(Sailfish::Secrets::EncryptionPlugin)Specifies an interface to derive an encryption key from input data, and encrypt or decrypt secret data. More...
| Header: | #include <Secrets/Plugins/extensionplugins.h> |
| Inherits: | Sailfish::Secrets::PluginBase |
Public Types
| enum | EncryptionAlgorithm { NoAlgorithm, CustomAlgorithm, AES_256_CBC } |
| enum | EncryptionType { NoEncryption, SoftwareEncryption, TrustedExecutionSoftwareEncryption, SecurePeripheralEncryption } |
Public Functions
| EncryptionPlugin() | |
| virtual | ~EncryptionPlugin() |
| virtual Sailfish::Secrets::Result | decryptSecret(const QByteArray &encrypted, const QByteArray &key, QByteArray *plaintext) = 0 |
| virtual Sailfish::Secrets::Result | deriveKeyFromCode(const QByteArray &authenticationCode, const QByteArray &salt, QByteArray *key) = 0 |
| virtual Sailfish::Secrets::Result | encryptSecret(const QByteArray &plaintext, const QByteArray &key, QByteArray *encrypted) = 0 |
| virtual Sailfish::Secrets::EncryptionPlugin::EncryptionAlgorithm | encryptionAlgorithm() const = 0 |
| virtual Sailfish::Secrets::EncryptionPlugin::EncryptionType | encryptionType() const = 0 |
- 11 public functions inherited from Sailfish::Secrets::PluginBase
Detailed Description
Specifies an interface to derive an encryption key from input data, and encrypt or decrypt secret data.
The EncryptionPlugin type specifies a simple interface which includes key derivation, encryption and decryption operations.
The functionality provided by a concrete instance of this plugin is not intended to be used directly by application clients, but instead is used to encrypt (and decrypt) secret data which is stored in unencrypted storage (that is, within a StoragePlugin).
Plugin implementers must be aware that the information reporting methods (encryptionType(), and encryptionAlgorithm()) will be invoked from the main thread of the secrets daemon, while the various interface operation methods (deriveKeyFromCode(), encryptSecret(), and decryptSecret()) will be invoked from a separate thread. Plugins are loaded and plugin instances are constructed in the main thread.
Member Type Documentation
enum EncryptionPlugin::EncryptionAlgorithm
This enum defines the encryption algorithms which may be used by plugins
| Constant | Value | Description |
|---|---|---|
Sailfish::Secrets::EncryptionPlugin::NoAlgorithm | 0 | No encryption is performed |
Sailfish::Secrets::EncryptionPlugin::CustomAlgorithm | 1 | Some custom encryption algorithm is used by the plugin |
Sailfish::Secrets::EncryptionPlugin::AES_256_CBC | 2 | The plugin uses AES with 256-bit key in CBC mode to encrypt secrets |
enum EncryptionPlugin::EncryptionType
This enum defines the types of encryption capability which may be offered by plugins
| Constant | Value | Description |
|---|---|---|
Sailfish::Secrets::EncryptionPlugin::NoEncryption | 0 | No encryption is performed |
Sailfish::Secrets::EncryptionPlugin::SoftwareEncryption | 1 | Encryption is performed by "normal" rich execution environment application |
Sailfish::Secrets::EncryptionPlugin::TrustedExecutionSoftwareEncryption | 2 | Encryption is performed by trusted execution environment (TEE) application |
Sailfish::Secrets::EncryptionPlugin::SecurePeripheralEncryption | 3 | Encryption is performed by a secure element (SE) hardware peripheral via TEE application |
Member Function Documentation
EncryptionPlugin::EncryptionPlugin()
Constructs a new EncryptionPlugin instance
[virtual] EncryptionPlugin::~EncryptionPlugin()
Cleans up any memory associated with the EncryptionPlugin instance
[pure virtual] Sailfish::Secrets::Result EncryptionPlugin::decryptSecret(const QByteArray &encrypted, const QByteArray &key, QByteArray *plaintext)
Decrypt the given encrypted data with the given key and write the decrypted data to the out-parameter plaintext.
The key is guaranteed to have been derived by this plugin, via a previous call to deriveKeyFromCode(), and the encrypted data is guaranteed to have been generated by this plugin via a call to encryptSecret().
If the plugin itself is locked, this function should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Failed and the error code set to Sailfish::Secrets::Result::SecretsPluginIsLockedError.
[pure virtual] Sailfish::Secrets::Result EncryptionPlugin::deriveKeyFromCode(const QByteArray &authenticationCode, const QByteArray &salt, QByteArray *key)
Derive an encryption key valid for use in encryption and decryption operations offered by this plugin from the given authenticationCode and salt, and write it to the out-parameter key.
If the plugin itself is locked, this function should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Failed and the error code set to Sailfish::Secrets::Result::SecretsPluginIsLockedError.
[pure virtual] Sailfish::Secrets::Result EncryptionPlugin::encryptSecret(const QByteArray &plaintext, const QByteArray &key, QByteArray *encrypted)
Encrypt the given plaintext with the given key and write the resulting ciphertext to the out-parameter encrypted.
The key is guaranteed to have been derived by this plugin, via a previous call to deriveKeyFromCode().
If the plugin itself is locked, this function should return a Sailfish::Secrets::Result with the result code set to Sailfish::Secrets::Result::Failed and the error code set to Sailfish::Secrets::Result::SecretsPluginIsLockedError.
[pure virtual] Sailfish::Secrets::EncryptionPlugin::EncryptionAlgorithm EncryptionPlugin::encryptionAlgorithm() const
Returns the encryption algorithm which is used by the plugin
[pure virtual] Sailfish::Secrets::EncryptionPlugin::EncryptionType EncryptionPlugin::encryptionType() const
Returns the type of encryption capability offered by the plugin