1 /* Copyright (c) 2014-2020 Samsung Electronics Co., Ltd. All rights reserved
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License
16 * @file client-manager-impl.cpp
17 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
19 * @brief Manager implementation.
21 #include <openssl/evp.h>
23 #include <dpl/serialization.h>
24 #include <dpl/log/log.h>
26 #include <client-manager-impl.h>
27 #include <client-common.h>
28 #include <exception.h>
29 #include <message-buffer.h>
30 #include <protocols.h>
32 #include <key-aes-impl.h>
33 #include <certificate-impl.h>
39 int deserializeResponse(const int msgId, MessageBuffer &recv, T&&...t)
41 int retMsgId, retCode;
42 recv.Deserialize(retMsgId, retCode, std::forward<T>(t)...);
43 return msgId != retMsgId ? CKM_API_ERROR_UNKNOWN : retCode;
48 ServiceConnection &serviceConnection,
51 const CertificateShPtr &certificate,
52 const T &untrustedVector,
53 const T &trustedVector,
54 bool useTrustedSystemCertificates,
55 CertificateShPtrVector &certificateChainVector)
57 EXCEPTION_GUARD_START_CPPAPI
59 Manager::Impl::Request rq(impl, command, serviceConnection,
60 certificate->getDER(), untrustedVector, trustedVector, useTrustedSystemCertificates);
64 RawBufferVector rawBufferVector;
65 int retCode = rq.deserialize(rawBufferVector);
67 if (retCode != CKM_API_SUCCESS)
70 for (auto &e : rawBufferVector) {
71 CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
74 return CKM_API_ERROR_BAD_RESPONSE;
76 certificateChainVector.push_back(std::move(cert));
85 int doRequest(MessageBuffer &recv, CKM::ServiceConnection &conn, T&&...t)
87 return conn.processRequest(SerializeMessage(std::forward<T>(t)...), recv);
93 : m_storageConnection(SERVICE_SOCKET_CKM_STORAGE),
94 m_ocspConnection(SERVICE_SOCKET_OCSP),
95 m_encryptionConnection(SERVICE_SOCKET_ENCRYPTION)
99 template <class Cmd, class...T>
100 Manager::Impl::Request::Request(Manager::Impl &impl, Cmd cmd, CKM::ServiceConnection &conn, T&&...t)
102 static_assert(sizeof cmd <= sizeof(int));
103 const auto msgId = m_msgId = ++impl.m_counter;
104 m_retCode = doRequest(m_recv, conn, static_cast<int>(cmd), msgId, std::forward<T>(t)...);
107 Manager::Impl::Request::operator bool() const {
108 return CKM_API_SUCCESS == m_retCode;
111 int Manager::Impl::Request::err() const {
117 int Manager::Impl::Request::deserialize(T&&...t)
120 return deserializeResponse(m_msgId, m_recv, std::forward<T>(t)...);
124 int Manager::Impl::Request::maybeDeserialize(T&&...t)
126 return *this ? deserialize(std::forward<T>(t)...) : err();
129 int Manager::Impl::saveBinaryData(
132 const RawBuffer &rawData,
133 const Policy &policy)
135 EXCEPTION_GUARD_START_CPPAPI
137 if (alias.empty() || rawData.empty())
138 return CKM_API_ERROR_INPUT_PARAM;
140 AliasSupport helper(alias);
143 return Request(*this, LogicCommand::SAVE, m_storageConnection,
144 dataType, helper.getName(), helper.getOwner(), rawData, PolicySerializable(policy)
145 ).maybeDeserialize(opType);
150 int Manager::Impl::saveKey(const Alias &alias, const KeyShPtr &key,
151 const Policy &policy)
153 if (key.get() == NULL || key->empty())
154 return CKM_API_ERROR_INPUT_PARAM;
156 return saveBinaryData(alias, DataType(key->getType()), key->getDER(), policy);
157 } catch (const Exc::Exception &e) {
158 LogError("Exception: " << e.what());
163 int Manager::Impl::saveCertificate(
165 const CertificateShPtr &cert,
166 const Policy &policy)
168 return cert.get() == NULL || cert->empty()
169 ? CKM_API_ERROR_INPUT_PARAM
170 : saveBinaryData(alias, DataType::CERTIFICATE, cert->getDER(), policy);
173 int Manager::Impl::saveData(const Alias &alias, const RawBuffer &rawData,
174 const Policy &policy)
176 return saveBinaryData(alias, DataType::BINARY_DATA, rawData, policy);
180 int Manager::Impl::savePKCS12(
182 const PKCS12ShPtr &pkcs,
183 const Policy &keyPolicy,
184 const Policy &certPolicy)
186 if (alias.empty() || pkcs.get() == NULL)
187 return CKM_API_ERROR_INPUT_PARAM;
189 EXCEPTION_GUARD_START_CPPAPI
191 AliasSupport helper(alias);
193 return Request(*this, LogicCommand::SAVE_PKCS12, m_storageConnection,
194 helper.getName(), helper.getOwner(), PKCS12Serializable(*pkcs.get()),
195 PolicySerializable(keyPolicy), PolicySerializable(certPolicy)
196 ).maybeDeserialize();
201 int Manager::Impl::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs)
203 return getPKCS12(alias, Password(), Password(), pkcs);
206 int Manager::Impl::getPKCS12(const Alias &alias, const Password &keyPass,
207 const Password &certPass, PKCS12ShPtr &pkcs)
210 return CKM_API_ERROR_INPUT_PARAM;
212 EXCEPTION_GUARD_START_CPPAPI
214 AliasSupport helper(alias);
216 int msgId = ++m_counter;
219 int retCode = doRequest(recv, m_storageConnection,
220 static_cast<int>(LogicCommand::GET_PKCS12), msgId,
221 helper.getName(), helper.getOwner(), keyPass, certPass);
223 if (CKM_API_SUCCESS != retCode)
227 PKCS12Serializable gotPkcs;
228 recv.Deserialize(retMsgId, retCode, gotPkcs);
230 if (retMsgId != msgId)
231 return CKM_API_ERROR_UNKNOWN;
233 pkcs = std::make_shared<PKCS12Impl>(std::move(gotPkcs));
241 int Manager::Impl::removeAlias(const Alias &alias)
244 return CKM_API_ERROR_INPUT_PARAM;
246 EXCEPTION_GUARD_START_CPPAPI
248 AliasSupport helper(alias);
250 return Request(*this, LogicCommand::REMOVE, m_storageConnection,
251 helper.getName(), helper.getOwner()
252 ).maybeDeserialize();
257 int Manager::Impl::getBinaryData(
259 DataType sendDataType,
260 const Password &password,
261 DataType &recvDataType,
265 return CKM_API_ERROR_INPUT_PARAM;
267 EXCEPTION_GUARD_START_CPPAPI
269 AliasSupport helper(alias);
271 return Request(*this, LogicCommand::GET, m_storageConnection,
272 sendDataType, helper.getName(), helper.getOwner(), password
273 ).maybeDeserialize(recvDataType, rawData);
278 int Manager::Impl::getBinaryDataEncryptionStatus(const DataType sendDataType,
279 const Alias &alias, bool &status)
283 return CKM_API_ERROR_INPUT_PARAM;
285 EXCEPTION_GUARD_START_CPPAPI
287 AliasSupport helper(alias);
288 DataType tmpDataType;
290 int retCode = Request(*this, LogicCommand::GET_PROTECTION_STATUS, m_storageConnection,
291 sendDataType, helper.getName(), helper.getOwner()
292 ).maybeDeserialize(tmpDataType, status);
294 if (retCode != CKM_API_SUCCESS)
302 int Manager::Impl::getKey(const Alias &alias, const Password &password,
305 DataType recvDataType;
308 int retCode = getBinaryData(alias, DataType::KEY_RSA_PUBLIC, password, recvDataType, rawData);
310 if (retCode != CKM_API_SUCCESS)
313 KeyShPtr keyParsed = recvDataType.isSymmetricKey() ? Key::createAES(rawData) : Key::create(rawData);
316 LogDebug("Key empty - failed to parse!");
317 return CKM_API_ERROR_BAD_RESPONSE;
322 return CKM_API_SUCCESS;
325 int Manager::Impl::getCertificate(const Alias &alias, const Password &password,
326 CertificateShPtr &cert)
328 DataType recvDataType;
331 int retCode = getBinaryData(alias, DataType::CERTIFICATE, password, recvDataType, rawData);
333 if (retCode != CKM_API_SUCCESS)
336 if (!recvDataType.isCertificate())
337 return CKM_API_ERROR_BAD_RESPONSE;
339 CertificateShPtr certParsed(new CertificateImpl(rawData, DataFormat::FORM_DER));
341 if (certParsed->empty())
342 return CKM_API_ERROR_BAD_RESPONSE;
344 cert = std::move(certParsed);
346 return CKM_API_SUCCESS;
349 int Manager::Impl::getData(const Alias &alias, const Password &password,
352 DataType recvDataType = DataType::BINARY_DATA;
354 int retCode = getBinaryData(alias, DataType::BINARY_DATA, password, recvDataType, rawData);
356 if (retCode != CKM_API_SUCCESS)
359 return recvDataType.isBinaryData() ? CKM_API_SUCCESS : CKM_API_ERROR_BAD_RESPONSE;
362 int Manager::Impl::getBinaryDataAliasVectorHelper(DataType dataType,
363 OwnerNameVector &ownerNameVector)
365 DataType tmpDataType;
366 return Request(*this, LogicCommand::GET_LIST, m_storageConnection,
368 ).maybeDeserialize(tmpDataType, ownerNameVector);
371 int Manager::Impl::getBinaryDataAliasVector(DataType dataType,
372 AliasVector &aliasVector)
374 EXCEPTION_GUARD_START_CPPAPI
375 OwnerNameVector ownerNameVector;
376 int retCode = getBinaryDataAliasVectorHelper(dataType, ownerNameVector);
378 if (retCode != CKM_API_SUCCESS)
381 for (const auto &it : ownerNameVector)
382 aliasVector.push_back(AliasSupport::merge(it.first, it.second));
384 return CKM_API_SUCCESS;
388 int Manager::Impl::getBinaryDataAliasInfoVector(DataType dataType,
389 AliasInfoVector &aliasInfoVector)
391 EXCEPTION_GUARD_START_CPPAPI
392 OwnerNameVector ownerNameVector;
393 OwnerNameEncryptionStatusVector ownerNameEncryptionStatusVector;
394 int retCode = getBinaryDataAliasVectorHelper(dataType, ownerNameVector);
396 if (retCode != CKM_API_SUCCESS)
399 for (const auto &it : ownerNameVector)
401 Alias alias = AliasSupport::merge(std::get<0>(it), std::get<1>(it));
403 retCode = getBinaryDataEncryptionStatus(dataType, alias, status);
405 if (retCode != CKM_API_SUCCESS)
408 // TODO get the actual backend
409 aliasInfoVector.push_back(std::make_pair(alias, AliasInfo({status, BackendId::SW})));
411 return CKM_API_SUCCESS;
415 int Manager::Impl::getKeyAliasVector(AliasVector &aliasVector)
417 // in fact datatype has no meaning here - if not certificate or binary data
418 // then manager decides to list all between DB_KEY_FIRST and DB_KEY_LAST
419 return getBinaryDataAliasVector(DataType::DB_KEY_LAST, aliasVector);
422 int Manager::Impl::getCertificateAliasVector(AliasVector &aliasVector)
424 return getBinaryDataAliasVector(DataType::CERTIFICATE, aliasVector);
427 int Manager::Impl::getDataAliasVector(AliasVector &aliasVector)
429 return getBinaryDataAliasVector(DataType::BINARY_DATA, aliasVector);
432 int Manager::Impl::getKeyAliasInfoVector(AliasInfoVector &aliasInfoVector)
434 return getBinaryDataAliasInfoVector(DataType::DB_KEY_LAST, aliasInfoVector);
437 int Manager::Impl::getKeyEncryptionStatus(const Alias &alias, bool &status)
439 return getBinaryDataEncryptionStatus(DataType::DB_KEY_LAST, alias, status);
442 int Manager::Impl::getCertificateAliasInfoVector(AliasInfoVector &aliasInfoVector)
444 return getBinaryDataAliasInfoVector(DataType::CERTIFICATE, aliasInfoVector);
447 int Manager::Impl::getCertificateEncryptionStatus(const Alias &alias, bool &status)
449 return getBinaryDataEncryptionStatus(DataType::CERTIFICATE, alias, status);
452 int Manager::Impl::getDataAliasInfoVector(AliasInfoVector &aliasInfoVector)
454 return getBinaryDataAliasInfoVector(DataType::BINARY_DATA, aliasInfoVector);
457 int Manager::Impl::getDataEncryptionStatus(const Alias &alias, bool &status)
459 return getBinaryDataEncryptionStatus(DataType::BINARY_DATA, alias, status);
462 int Manager::Impl::createKeyPairRSA(
464 const Alias &privateKeyAlias,
465 const Alias &publicKeyAlias,
466 const Policy &policyPrivateKey,
467 const Policy &policyPublicKey)
469 return this->createKeyPair(CKM::KeyType::KEY_RSA_PUBLIC, size, privateKeyAlias,
470 publicKeyAlias, policyPrivateKey, policyPublicKey);
473 int Manager::Impl::createKeyPairDSA(
475 const Alias &privateKeyAlias,
476 const Alias &publicKeyAlias,
477 const Policy &policyPrivateKey,
478 const Policy &policyPublicKey)
480 return this->createKeyPair(CKM::KeyType::KEY_DSA_PUBLIC, size, privateKeyAlias,
481 publicKeyAlias, policyPrivateKey, policyPublicKey);
484 int Manager::Impl::createKeyPairECDSA(
486 const Alias &privateKeyAlias,
487 const Alias &publicKeyAlias,
488 const Policy &policyPrivateKey,
489 const Policy &policyPublicKey)
491 return this->createKeyPair(CKM::KeyType::KEY_ECDSA_PUBLIC,
492 static_cast<int>(type), privateKeyAlias, publicKeyAlias,
493 policyPrivateKey, policyPublicKey);
496 int Manager::Impl::createKeyAES(
498 const Alias &keyAlias,
499 const Policy &policyKey)
501 EXCEPTION_GUARD_START_CPPAPI
503 AliasSupport aliasHelper(keyAlias);
505 return Request(*this, LogicCommand::CREATE_KEY_AES, m_storageConnection,
506 static_cast<int>(size), PolicySerializable(policyKey),
507 aliasHelper.getName(), aliasHelper.getOwner()
508 ).maybeDeserialize();
514 int Manager::Impl::createKeyPair(
515 const KeyType key_type,
516 const int additional_param,
517 const Alias &privateKeyAlias,
518 const Alias &publicKeyAlias,
519 const Policy &policyPrivateKey,
520 const Policy &policyPublicKey)
523 CryptoAlgorithm keyGenAlgorithm;
526 case KeyType::KEY_RSA_PUBLIC:
527 case KeyType::KEY_RSA_PRIVATE:
528 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_GEN);
529 keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
532 case KeyType::KEY_DSA_PUBLIC:
533 case KeyType::KEY_DSA_PRIVATE:
534 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::DSA_GEN);
535 keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
538 case KeyType::KEY_ECDSA_PUBLIC:
539 case KeyType::KEY_ECDSA_PRIVATE:
540 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::ECDSA_GEN);
541 keyGenAlgorithm.setParam(ParamName::GEN_EC, additional_param);
545 return CKM_API_ERROR_INPUT_PARAM;
548 EXCEPTION_GUARD_START_CPPAPI
550 AliasSupport privateHelper(privateKeyAlias);
551 AliasSupport publicHelper(publicKeyAlias);
553 return Request(*this, LogicCommand::CREATE_KEY_PAIR, m_storageConnection,
554 CryptoAlgorithmSerializable(keyGenAlgorithm),
555 PolicySerializable(policyPrivateKey),
556 PolicySerializable(policyPublicKey),
557 privateHelper.getName(), privateHelper.getOwner(),
558 publicHelper.getName(), publicHelper.getOwner()
559 ).maybeDeserialize();
564 int Manager::Impl::getCertificateChain(
565 const CertificateShPtr &certificate,
566 const CertificateShPtrVector &untrustedCertificates,
567 const CertificateShPtrVector &trustedCertificates,
568 bool useTrustedSystemCertificates,
569 CertificateShPtrVector &certificateChainVector)
571 RawBufferVector untrustedVector;
572 RawBufferVector trustedVector;
574 if (!certificate || certificate->empty())
575 return CKM_API_ERROR_INPUT_PARAM;
577 for (auto &e : untrustedCertificates) {
578 if (!e || e->empty())
579 return CKM_API_ERROR_INPUT_PARAM;
580 untrustedVector.push_back(e->getDER());
583 for (auto &e : trustedCertificates) {
584 if (!e || e->empty())
585 return CKM_API_ERROR_INPUT_PARAM;
586 trustedVector.push_back(e->getDER());
589 return getCertChain(m_storageConnection, LogicCommand::GET_CHAIN_CERT, *this,
590 certificate, untrustedVector, trustedVector,
591 useTrustedSystemCertificates, certificateChainVector);
594 int Manager::Impl::getCertificateChain(
595 const CertificateShPtr &certificate,
596 const AliasVector &untrustedCertificates,
597 const AliasVector &trustedCertificates,
598 bool useTrustedSystemCertificates,
599 CertificateShPtrVector &certificateChainVector)
601 OwnerNameVector untrustedVector;
602 OwnerNameVector trustedVector;
604 if (!certificate || certificate->empty())
605 return CKM_API_ERROR_INPUT_PARAM;
607 for (auto &e : untrustedCertificates) {
608 AliasSupport helper(e);
609 untrustedVector.push_back(std::make_pair(helper.getOwner(), helper.getName()));
612 for (auto &e : trustedCertificates) {
613 AliasSupport helper(e);
614 trustedVector.push_back(std::make_pair(helper.getOwner(), helper.getName()));
617 return getCertChain(m_storageConnection, LogicCommand::GET_CHAIN_ALIAS, *this,
618 certificate, untrustedVector, trustedVector,
619 useTrustedSystemCertificates, certificateChainVector);
622 int Manager::Impl::createSignature(
623 const Alias &privateKeyAlias,
624 const Password &password, // password for private_key
625 const RawBuffer &message,
626 const CryptoAlgorithm &cAlgorithm,
627 RawBuffer &signature)
629 EXCEPTION_GUARD_START_CPPAPI
631 AliasSupport helper(privateKeyAlias);
633 return Request(*this, LogicCommand::CREATE_SIGNATURE, m_storageConnection,
634 helper.getName(), helper.getOwner(), password, message,
635 CryptoAlgorithmSerializable(cAlgorithm)
636 ).maybeDeserialize(signature);
641 int Manager::Impl::verifySignature(
642 const Alias &publicKeyOrCertAlias,
643 const Password &password, // password for public_key (optional)
644 const RawBuffer &message,
645 const RawBuffer &signature,
646 const CryptoAlgorithm &cAlg)
648 EXCEPTION_GUARD_START_CPPAPI
650 AliasSupport helper(publicKeyOrCertAlias);
652 return Request(*this, LogicCommand::VERIFY_SIGNATURE, m_storageConnection,
653 helper.getName(), helper.getOwner(), password, message, signature,
654 CryptoAlgorithmSerializable(cAlg)
655 ).maybeDeserialize();
660 int Manager::Impl::ocspCheck(const CertificateShPtrVector &certChain,
663 EXCEPTION_GUARD_START_CPPAPI
665 int msgId = ++m_counter;
668 RawBufferVector rawCertChain;
670 for (auto &e : certChain) {
671 if (!e || e->empty()) {
672 LogError("Empty certificate");
673 return CKM_API_ERROR_INPUT_PARAM;
676 rawCertChain.push_back(e->getDER());
679 int retCode = doRequest(recv, m_ocspConnection, msgId, rawCertChain);
681 if (CKM_API_SUCCESS != retCode)
684 return deserializeResponse(msgId, recv, ocspStatus);
689 int Manager::Impl::setPermission(const Alias &alias,
690 const ClientId &accessor,
691 PermissionMask permissionMask)
693 EXCEPTION_GUARD_START_CPPAPI
695 AliasSupport helper(alias);
697 return Request(*this, LogicCommand::SET_PERMISSION, m_storageConnection,
698 helper.getName(), helper.getOwner(), accessor, permissionMask
699 ).maybeDeserialize();
704 int Manager::Impl::crypt(EncryptionCommand command,
705 const CryptoAlgorithm &algo,
706 const Alias &keyAlias,
707 const Password &password,
708 const RawBuffer &input,
711 EXCEPTION_GUARD_START_CPPAPI
713 AliasSupport helper(keyAlias);
714 CryptoAlgorithmSerializable cas(algo);
716 return Request(*this, command, m_encryptionConnection,
717 cas, helper.getName(), helper.getOwner(), password, input
718 ).maybeDeserialize(output);
723 int Manager::Impl::encrypt(const CryptoAlgorithm &algo,
724 const Alias &keyAlias,
725 const Password &password,
726 const RawBuffer &plain,
727 RawBuffer &encrypted)
729 return crypt(EncryptionCommand::ENCRYPT, algo, keyAlias, password, plain,
733 int Manager::Impl::decrypt(const CryptoAlgorithm &algo,
734 const Alias &keyAlias,
735 const Password &password,
736 const RawBuffer &encrypted,
737 RawBuffer &decrypted)
739 return crypt(EncryptionCommand::DECRYPT, algo, keyAlias, password, encrypted,
743 int Manager::Impl::deriveKey(const CryptoAlgorithm &algo,
744 const Alias &secretAlias,
745 const Password &secretPassword,
746 const Alias &newKeyAlias,
747 const Policy &newKeyPolicy)
749 EXCEPTION_GUARD_START_CPPAPI
751 AliasSupport secret(secretAlias);
752 AliasSupport newKey(newKeyAlias);
753 CryptoAlgorithmSerializable cas(algo);
755 return Request(*this, LogicCommand::DERIVE, m_storageConnection,
756 cas, secret.getName(), secret.getOwner(), secretPassword,
757 newKey.getName(), newKey.getOwner(), PolicySerializable(newKeyPolicy)
758 ).maybeDeserialize();
763 int Manager::Impl::importWrappedKey(const CryptoAlgorithm ¶ms,
764 const Alias &wrappingKeyAlias,
765 const Password &wrappingKeyPassword,
767 const RawBuffer &wrappedKey,
768 const KeyType keyType,
769 const Policy &policy)
771 EXCEPTION_GUARD_START_CPPAPI
773 AliasSupport wrapping_helper(wrappingKeyAlias);
774 AliasSupport helper(alias);
776 return Request(*this,
777 LogicCommand::IMPORT_WRAPPED_KEY,
779 CryptoAlgorithmSerializable(params),
780 wrapping_helper.getName(),
781 wrapping_helper.getOwner(),
787 PolicySerializable(policy)
788 ).maybeDeserialize();
793 int Manager::Impl::exportWrappedKey(const CryptoAlgorithm ¶ms,
794 const Alias &wrappingKeyAlias,
795 const Password &wrappingKeyPassword,
797 const Password &password,
799 RawBuffer &wrappedKey)
801 EXCEPTION_GUARD_START_CPPAPI
803 AliasSupport wrapping_helper(wrappingKeyAlias);
804 AliasSupport helper(alias);
805 DataType dataTypeKey;
807 int retCode = Request(*this,
808 LogicCommand::EXPORT_WRAPPED_KEY,
810 CryptoAlgorithmSerializable(params),
811 wrapping_helper.getName(),
812 wrapping_helper.getOwner(),
817 ).maybeDeserialize(dataTypeKey, wrappedKey);
819 if (retCode != CKM_API_SUCCESS)
822 if (dataTypeKey.isSymmetricKey()) {
823 keyType = KeyType::KEY_AES;
824 } else if (dataTypeKey.isKeyPrivate()) {
825 keyType = KeyType::KEY_RSA_PRIVATE;
827 return CKM_API_ERROR_INVALID_FORMAT;