Encrypt communication with plugins
authorRauli Ikonen <rauli.ikonen@nixuopen.org>
Thu, 10 Feb 2011 11:55:59 +0000 (13:55 +0200)
committerAlberto Mardegan <alberto.mardegan@nokia.com>
Sat, 30 Apr 2011 06:53:30 +0000 (09:53 +0300)
commit00fb486df79ed9aaf4dd4f2cfc275f0dbf21c880
tree06bde855654ebd3957f89ade3f571601630c19df
parent05a4269e61e02e831ab1ae30592871bb8de4aa24
Encrypt communication with plugins

Added new class EncryptedDevice. EncryptedDevice inherits QIODevice and uses
AES in OFB mode to encrypt/decrypt any data that passes through it. The
constructor allows specifying the actual device from which data is read from /
written to, encryption key and initialization vectors for input and output
streams. PluginProxy and RemotePluginProcess were changed so that they wrap the
QProcess and QFile devices into EncryptedDevice objects and use those for
reading/writing data so that no data is passed in plain text.

The encryption key and initialization vectors are generated by PluginProxy
after launching remotepluginprocess and passed through normal stdin channel
before any other data as a string that has been encrypted using aegis-crypto
with *sso-encryption-token the remotepluginprocess provides. That is,
aegis-crypto is only used to protect the encryption key. This is because
aegis-crypto does not allow maintaining a state and is thus unsuitable for
doing stream encryption.

Fixes https://bugs.meego.com/show_bug.cgi?id=12435
12 files changed:
lib/plugins/signon-plugins-common/SignOn/encrypteddevice.cpp [new file with mode: 0644]
lib/plugins/signon-plugins-common/SignOn/encrypteddevice.h [new file with mode: 0644]
lib/plugins/signon-plugins-common/signon-plugins-common.pro
src/remotepluginprocess/remotepluginprocess.cpp
src/remotepluginprocess/remotepluginprocess.h
src/remotepluginprocess/remotepluginprocess.pro
src/signond/pluginproxy.cpp
src/signond/pluginproxy.h
src/signond/signond.pro
tests/authpluginstest/authpluginstest.pro
tests/pluginproxytest/pluginproxytest.pro
tests/signond-tests/signond-tests.pro