1 /* Copyright (c) 2014 - 2020 Samsung Electronics Co., Ltd All Rights Reserved
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License
16 * @file client-manager-impl.cpp
17 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
19 * @brief Manager implementation.
21 #include <openssl/evp.h>
23 #include <dpl/serialization.h>
24 #include <dpl/log/log.h>
26 #include <crypto-init.h>
27 #include <client-manager-impl.h>
28 #include <client-common.h>
29 #include <exception.h>
30 #include <message-buffer.h>
31 #include <protocols.h>
33 #include <key-aes-impl.h>
34 #include <certificate-impl.h>
41 ServiceConnection &serviceConnection,
44 const CertificateShPtr &certificate,
45 const T &untrustedVector,
46 const T &trustedVector,
47 bool useTrustedSystemCertificates,
48 CertificateShPtrVector &certificateChainVector)
50 EXCEPTION_GUARD_START_CPPAPI
53 auto send = MessageBuffer::Serialize(static_cast<int>(command),
55 certificate->getDER(),
58 useTrustedSystemCertificates);
60 int retCode = serviceConnection.processRequest(send.Pop(), recv);
62 if (CKM_API_SUCCESS != retCode)
66 RawBufferVector rawBufferVector;
67 recv.Deserialize(retMsgId, retCode, rawBufferVector);
69 if (msgId != retMsgId)
70 return CKM_API_ERROR_UNKNOWN;
72 if (retCode != CKM_API_SUCCESS)
75 for (auto &e : rawBufferVector) {
76 CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
79 return CKM_API_ERROR_BAD_RESPONSE;
81 certificateChainVector.push_back(cert);
89 } // namespace anonymous
93 m_storageConnection(SERVICE_SOCKET_CKM_STORAGE),
94 m_ocspConnection(SERVICE_SOCKET_OCSP),
95 m_encryptionConnection(SERVICE_SOCKET_ENCRYPTION)
101 int Manager::Impl::saveBinaryData(
104 const RawBuffer &rawData,
105 const Policy &policy)
107 int msgId = ++m_counter;
109 EXCEPTION_GUARD_START_CPPAPI
111 if (alias.empty() || rawData.empty())
112 return CKM_API_ERROR_INPUT_PARAM;
115 AliasSupport helper(alias);
116 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SAVE),
118 static_cast<int>(dataType),
122 PolicySerializable(policy));
124 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
126 if (CKM_API_SUCCESS != retCode)
131 recv.Deserialize(retMsgId, retCode, opType);
133 if (retMsgId != msgId)
134 return CKM_API_ERROR_UNKNOWN;
141 int Manager::Impl::saveKey(const Alias &alias, const KeyShPtr &key,
142 const Policy &policy)
144 if (key.get() == NULL || key->empty())
145 return CKM_API_ERROR_INPUT_PARAM;
148 return saveBinaryData(alias, DataType(key->getType()), key->getDER(), policy);
149 } catch (const Exc::Exception &e) {
150 LogError("Exception: " << e.what());
155 int Manager::Impl::saveCertificate(
157 const CertificateShPtr &cert,
158 const Policy &policy)
160 if (cert.get() == NULL || cert->empty())
161 return CKM_API_ERROR_INPUT_PARAM;
163 return saveBinaryData(alias, DataType::CERTIFICATE, cert->getDER(), policy);
166 int Manager::Impl::saveData(const Alias &alias, const RawBuffer &rawData,
167 const Policy &policy)
169 if (!policy.extractable)
170 return CKM_API_ERROR_INPUT_PARAM;
172 return saveBinaryData(alias, DataType::BINARY_DATA, rawData, policy);
176 int Manager::Impl::savePKCS12(
178 const PKCS12ShPtr &pkcs,
179 const Policy &keyPolicy,
180 const Policy &certPolicy)
182 if (alias.empty() || pkcs.get() == NULL)
183 return CKM_API_ERROR_INPUT_PARAM;
185 int msgId = ++m_counter;
187 EXCEPTION_GUARD_START_CPPAPI
190 AliasSupport helper(alias);
191 auto send = MessageBuffer::Serialize(static_cast<int>
192 (LogicCommand::SAVE_PKCS12),
196 PKCS12Serializable(*pkcs.get()),
197 PolicySerializable(keyPolicy),
198 PolicySerializable(certPolicy));
200 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
202 if (CKM_API_SUCCESS != retCode)
206 recv.Deserialize(retMsgId, retCode);
208 if (retMsgId != msgId)
209 return CKM_API_ERROR_UNKNOWN;
216 int Manager::Impl::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs)
218 return getPKCS12(alias, Password(), Password(), pkcs);
221 int Manager::Impl::getPKCS12(const Alias &alias, const Password &keyPass,
222 const Password &certPass, PKCS12ShPtr &pkcs)
225 return CKM_API_ERROR_INPUT_PARAM;
227 int msgId = ++m_counter;
229 EXCEPTION_GUARD_START_CPPAPI
232 AliasSupport helper(alias);
233 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_PKCS12),
240 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
242 if (CKM_API_SUCCESS != retCode)
246 PKCS12Serializable gotPkcs;
247 recv.Deserialize(retMsgId, retCode, gotPkcs);
249 if (retMsgId != msgId)
250 return CKM_API_ERROR_UNKNOWN;
252 pkcs = std::make_shared<PKCS12Impl>(std::move(gotPkcs));
260 int Manager::Impl::removeAlias(const Alias &alias)
263 return CKM_API_ERROR_INPUT_PARAM;
265 int msgId = ++m_counter;
267 EXCEPTION_GUARD_START_CPPAPI
270 AliasSupport helper(alias);
271 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::REMOVE),
276 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
278 if (CKM_API_SUCCESS != retCode)
282 recv.Deserialize(retMsgId, retCode);
284 if (retMsgId != msgId)
285 return CKM_API_ERROR_UNKNOWN;
292 int Manager::Impl::getBinaryData(
294 DataType sendDataType,
295 const Password &password,
296 DataType &recvDataType,
300 return CKM_API_ERROR_INPUT_PARAM;
302 int msgId = ++m_counter;
304 EXCEPTION_GUARD_START_CPPAPI
307 AliasSupport helper(alias);
308 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET),
310 static_cast<int>(sendDataType),
315 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
317 if (CKM_API_SUCCESS != retCode)
322 recv.Deserialize(retMsgId, retCode, tmpDataType, rawData);
323 recvDataType = DataType(tmpDataType);
325 if (retMsgId != msgId)
326 return CKM_API_ERROR_UNKNOWN;
333 int Manager::Impl::getBinaryDataEncryptionStatus(const DataType sendDataType,
334 const Alias &alias, bool &status)
338 return CKM_API_ERROR_INPUT_PARAM;
340 int msgId = ++m_counter;
342 EXCEPTION_GUARD_START_CPPAPI
345 AliasSupport helper(alias);
346 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_PROTECTION_STATUS),
348 static_cast<int>(sendDataType),
352 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
354 if (CKM_API_SUCCESS != retCode)
359 bool passwordProtectionStatus;
360 recv.Deserialize(retMsgId, retCode, tmpDataType, passwordProtectionStatus);
362 if (retMsgId != msgId)
363 return CKM_API_ERROR_UNKNOWN;
365 if (retCode != CKM_API_SUCCESS) {
368 status = passwordProtectionStatus;
369 return CKM_API_SUCCESS;
374 int Manager::Impl::getKey(const Alias &alias, const Password &password,
377 DataType recvDataType;
380 int retCode = getBinaryData(
382 DataType::KEY_RSA_PUBLIC,
387 if (retCode != CKM_API_SUCCESS)
392 if (DataType::KEY_AES == recvDataType)
393 keyParsed = KeyShPtr(new KeyAESImpl(rawData));
395 keyParsed = KeyShPtr(new KeyImpl(rawData));
397 if (keyParsed->empty()) {
398 LogDebug("Key empty - failed to parse!");
399 return CKM_API_ERROR_BAD_RESPONSE;
404 return CKM_API_SUCCESS;
407 int Manager::Impl::getCertificate(const Alias &alias, const Password &password,
408 CertificateShPtr &cert)
410 DataType recvDataType;
413 int retCode = getBinaryData(
415 DataType::CERTIFICATE,
420 if (retCode != CKM_API_SUCCESS)
423 if (recvDataType != DataType::CERTIFICATE)
424 return CKM_API_ERROR_BAD_RESPONSE;
426 CertificateShPtr certParsed(new CertificateImpl(rawData, DataFormat::FORM_DER));
428 if (certParsed->empty())
429 return CKM_API_ERROR_BAD_RESPONSE;
433 return CKM_API_SUCCESS;
436 int Manager::Impl::getData(const Alias &alias, const Password &password,
439 DataType recvDataType = DataType::BINARY_DATA;
441 int retCode = getBinaryData(
443 DataType::BINARY_DATA,
448 if (retCode != CKM_API_SUCCESS)
451 if (recvDataType != DataType::BINARY_DATA)
452 return CKM_API_ERROR_BAD_RESPONSE;
454 return CKM_API_SUCCESS;
457 int Manager::Impl::getBinaryDataAliasVectorHelper(DataType dataType,
458 OwnerNameVector &ownerNameVector)
460 int msgId = ++m_counter;
463 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_LIST),
465 static_cast<int>(dataType));
467 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
469 if (retCode != CKM_API_SUCCESS)
474 recv.Deserialize(retMsgId, retCode, tmpDataType, ownerNameVector);
476 if (retMsgId != msgId)
477 return CKM_API_ERROR_UNKNOWN;
479 return CKM_API_SUCCESS;
482 int Manager::Impl::getBinaryDataAliasVector(DataType dataType,
483 AliasVector &aliasVector)
485 EXCEPTION_GUARD_START_CPPAPI
486 OwnerNameVector ownerNameVector;
487 int retCode = getBinaryDataAliasVectorHelper(dataType, ownerNameVector);
489 if (retCode != CKM_API_SUCCESS)
492 for (const auto &it : ownerNameVector)
493 aliasVector.push_back(AliasSupport::merge(it.first, it.second));
495 return CKM_API_SUCCESS;
499 int Manager::Impl::getBinaryDataAliasPwdVector(DataType dataType,
500 AliasPwdVector &aliasPwdVector)
502 EXCEPTION_GUARD_START_CPPAPI
503 OwnerNameVector ownerNameVector;
504 OwnerNameEncryptionStatusVector ownerNameEncryptionStatusVector;
505 int retCode = getBinaryDataAliasVectorHelper(dataType, ownerNameVector);
507 if (retCode != CKM_API_SUCCESS)
510 for (const auto &it : ownerNameVector)
512 Alias alias = AliasSupport::merge(std::get<0>(it), std::get<1>(it));
514 retCode = getBinaryDataEncryptionStatus(dataType, alias, status);
516 if (retCode != CKM_API_SUCCESS)
519 aliasPwdVector.push_back(std::make_pair(alias, status));
521 return CKM_API_SUCCESS;
525 int Manager::Impl::getKeyAliasVector(AliasVector &aliasVector)
527 // in fact datatype has no meaning here - if not certificate or binary data
528 // then manager decides to list all between DB_KEY_FIRST and DB_KEY_LAST
529 return getBinaryDataAliasVector(DataType::DB_KEY_LAST, aliasVector);
532 int Manager::Impl::getCertificateAliasVector(AliasVector &aliasVector)
534 return getBinaryDataAliasVector(DataType::CERTIFICATE, aliasVector);
537 int Manager::Impl::getDataAliasVector(AliasVector &aliasVector)
539 return getBinaryDataAliasVector(DataType::BINARY_DATA, aliasVector);
542 int Manager::Impl::getKeyAliasPwdVector(AliasPwdVector &aliasPwdVector)
544 return getBinaryDataAliasPwdVector(DataType::DB_KEY_LAST, aliasPwdVector);
547 int Manager::Impl::getKeyEncryptionStatus(const Alias &alias, bool &status)
549 return getBinaryDataEncryptionStatus(DataType::DB_KEY_LAST, alias, status);
552 int Manager::Impl::getCertificateAliasPwdVector(AliasPwdVector &aliasPwdVector)
554 return getBinaryDataAliasPwdVector(DataType::CERTIFICATE, aliasPwdVector);
557 int Manager::Impl::getCertificateEncryptionStatus(const Alias &alias, bool &status)
559 return getBinaryDataEncryptionStatus(DataType::CERTIFICATE, alias, status);
562 int Manager::Impl::getDataAliasPwdVector(AliasPwdVector &aliasPwdVector)
564 return getBinaryDataAliasPwdVector(DataType::BINARY_DATA, aliasPwdVector);
567 int Manager::Impl::getDataEncryptionStatus(const Alias &alias, bool &status)
569 return getBinaryDataEncryptionStatus(DataType::BINARY_DATA, alias, status);
572 int Manager::Impl::createKeyPairRSA(
574 const Alias &privateKeyAlias,
575 const Alias &publicKeyAlias,
576 const Policy &policyPrivateKey,
577 const Policy &policyPublicKey)
579 return this->createKeyPair(CKM::KeyType::KEY_RSA_PUBLIC, size, privateKeyAlias,
580 publicKeyAlias, policyPrivateKey, policyPublicKey);
583 int Manager::Impl::createKeyPairDSA(
585 const Alias &privateKeyAlias,
586 const Alias &publicKeyAlias,
587 const Policy &policyPrivateKey,
588 const Policy &policyPublicKey)
590 return this->createKeyPair(CKM::KeyType::KEY_DSA_PUBLIC, size, privateKeyAlias,
591 publicKeyAlias, policyPrivateKey, policyPublicKey);
594 int Manager::Impl::createKeyPairECDSA(
596 const Alias &privateKeyAlias,
597 const Alias &publicKeyAlias,
598 const Policy &policyPrivateKey,
599 const Policy &policyPublicKey)
601 return this->createKeyPair(CKM::KeyType::KEY_ECDSA_PUBLIC,
602 static_cast<int>(type), privateKeyAlias, publicKeyAlias, policyPrivateKey,
606 int Manager::Impl::createKeyAES(
608 const Alias &keyAlias,
609 const Policy &policyKey)
611 // proceed with sending request
612 int msgId = ++m_counter;
614 EXCEPTION_GUARD_START_CPPAPI
617 AliasSupport aliasHelper(keyAlias);
618 auto send = MessageBuffer::Serialize(static_cast<int>
619 (LogicCommand::CREATE_KEY_AES),
621 static_cast<int>(size),
622 PolicySerializable(policyKey),
623 aliasHelper.getName(),
624 aliasHelper.getOwner());
626 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
628 if (CKM_API_SUCCESS != retCode)
632 recv.Deserialize(retMsgId, retCode);
634 if (retMsgId != msgId)
635 return CKM_API_ERROR_UNKNOWN;
643 int Manager::Impl::createKeyPair(
644 const KeyType key_type,
645 const int additional_param,
646 const Alias &privateKeyAlias,
647 const Alias &publicKeyAlias,
648 const Policy &policyPrivateKey,
649 const Policy &policyPublicKey)
652 CryptoAlgorithm keyGenAlgorithm;
655 case KeyType::KEY_RSA_PUBLIC:
656 case KeyType::KEY_RSA_PRIVATE:
657 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_GEN);
658 keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
661 case KeyType::KEY_DSA_PUBLIC:
662 case KeyType::KEY_DSA_PRIVATE:
663 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::DSA_GEN);
664 keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
667 case KeyType::KEY_ECDSA_PUBLIC:
668 case KeyType::KEY_ECDSA_PRIVATE:
669 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::ECDSA_GEN);
670 keyGenAlgorithm.setParam(ParamName::GEN_EC, additional_param);
674 return CKM_API_ERROR_INPUT_PARAM;
677 // proceed with sending request
678 int msgId = ++m_counter;
680 EXCEPTION_GUARD_START_CPPAPI
683 AliasSupport privateHelper(privateKeyAlias);
684 AliasSupport publicHelper(publicKeyAlias);
685 auto send = MessageBuffer::Serialize(static_cast<int>
686 (LogicCommand::CREATE_KEY_PAIR),
688 CryptoAlgorithmSerializable(keyGenAlgorithm),
689 PolicySerializable(policyPrivateKey),
690 PolicySerializable(policyPublicKey),
691 privateHelper.getName(),
692 privateHelper.getOwner(),
693 publicHelper.getName(),
694 publicHelper.getOwner());
696 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
698 if (CKM_API_SUCCESS != retCode)
702 recv.Deserialize(retMsgId, retCode);
704 if (retMsgId != msgId)
705 return CKM_API_ERROR_UNKNOWN;
712 int Manager::Impl::getCertificateChain(
713 const CertificateShPtr &certificate,
714 const CertificateShPtrVector &untrustedCertificates,
715 const CertificateShPtrVector &trustedCertificates,
716 bool useTrustedSystemCertificates,
717 CertificateShPtrVector &certificateChainVector)
719 RawBufferVector untrustedVector;
720 RawBufferVector trustedVector;
722 if (!certificate || certificate->empty())
723 return CKM_API_ERROR_INPUT_PARAM;
725 for (auto &e : untrustedCertificates) {
726 if (!e || e->empty())
727 return CKM_API_ERROR_INPUT_PARAM;
728 untrustedVector.push_back(e->getDER());
731 for (auto &e : trustedCertificates) {
732 if (!e || e->empty())
733 return CKM_API_ERROR_INPUT_PARAM;
734 trustedVector.push_back(e->getDER());
739 LogicCommand::GET_CHAIN_CERT,
744 useTrustedSystemCertificates,
745 certificateChainVector);
748 int Manager::Impl::getCertificateChain(
749 const CertificateShPtr &certificate,
750 const AliasVector &untrustedCertificates,
751 const AliasVector &trustedCertificates,
752 bool useTrustedSystemCertificates,
753 CertificateShPtrVector &certificateChainVector)
755 OwnerNameVector untrustedVector;
756 OwnerNameVector trustedVector;
758 if (!certificate || certificate->empty())
759 return CKM_API_ERROR_INPUT_PARAM;
761 for (auto &e : untrustedCertificates) {
762 AliasSupport helper(e);
763 untrustedVector.push_back(std::make_pair(helper.getOwner(), helper.getName()));
766 for (auto &e : trustedCertificates) {
767 AliasSupport helper(e);
768 trustedVector.push_back(std::make_pair(helper.getOwner(), helper.getName()));
773 LogicCommand::GET_CHAIN_ALIAS,
778 useTrustedSystemCertificates,
779 certificateChainVector);
782 int Manager::Impl::createSignature(
783 const Alias &privateKeyAlias,
784 const Password &password, // password for private_key
785 const RawBuffer &message,
786 const CryptoAlgorithm &cAlgorithm,
787 RawBuffer &signature)
789 int msgId = ++m_counter;
791 EXCEPTION_GUARD_START_CPPAPI
794 AliasSupport helper(privateKeyAlias);
795 auto send = MessageBuffer::Serialize(static_cast<int>
796 (LogicCommand::CREATE_SIGNATURE),
802 CryptoAlgorithmSerializable(cAlgorithm));
804 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
806 if (CKM_API_SUCCESS != retCode)
810 recv.Deserialize(retMsgId, retCode, signature);
812 if (retMsgId != msgId)
813 return CKM_API_ERROR_UNKNOWN;
820 int Manager::Impl::verifySignature(
821 const Alias &publicKeyOrCertAlias,
822 const Password &password, // password for public_key (optional)
823 const RawBuffer &message,
824 const RawBuffer &signature,
825 const CryptoAlgorithm &cAlg)
827 int msgId = ++m_counter;
829 EXCEPTION_GUARD_START_CPPAPI
832 AliasSupport helper(publicKeyOrCertAlias);
833 auto send = MessageBuffer::Serialize(static_cast<int>
834 (LogicCommand::VERIFY_SIGNATURE),
841 CryptoAlgorithmSerializable(cAlg));
843 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
845 if (CKM_API_SUCCESS != retCode)
849 recv.Deserialize(retMsgId, retCode);
851 if (retMsgId != msgId)
852 return CKM_API_ERROR_UNKNOWN;
859 int Manager::Impl::ocspCheck(const CertificateShPtrVector &certChain,
862 EXCEPTION_GUARD_START_CPPAPI
864 int msgId = ++m_counter;
867 RawBufferVector rawCertChain;
869 for (auto &e : certChain) {
870 if (!e || e->empty()) {
871 LogError("Empty certificate");
872 return CKM_API_ERROR_INPUT_PARAM;
875 rawCertChain.push_back(e->getDER());
878 auto send = MessageBuffer::Serialize(msgId, rawCertChain);
880 int retCode = m_ocspConnection.processRequest(send.Pop(), recv);
882 if (CKM_API_SUCCESS != retCode)
886 recv.Deserialize(retMsgId, retCode, ocspStatus);
888 if (msgId != retMsgId)
889 return CKM_API_ERROR_UNKNOWN;
896 int Manager::Impl::setPermission(const Alias &alias,
897 const ClientId &accessor,
898 PermissionMask permissionMask)
900 int msgId = ++m_counter;
902 EXCEPTION_GUARD_START_CPPAPI
905 AliasSupport helper(alias);
906 auto send = MessageBuffer::Serialize(static_cast<int>
907 (LogicCommand::SET_PERMISSION),
914 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
916 if (CKM_API_SUCCESS != retCode)
920 recv.Deserialize(retMsgId, retCode);
922 if (msgId != retMsgId)
923 return CKM_API_ERROR_UNKNOWN;
930 int Manager::Impl::crypt(EncryptionCommand command,
931 const CryptoAlgorithm &algo,
932 const Alias &keyAlias,
933 const Password &password,
934 const RawBuffer &input,
937 int msgId = ++m_counter;
939 EXCEPTION_GUARD_START_CPPAPI
942 AliasSupport helper(keyAlias);
943 CryptoAlgorithmSerializable cas(algo);
944 auto send = MessageBuffer::Serialize(static_cast<int>(command),
952 int retCode = m_encryptionConnection.processRequest(send.Pop(), recv);
954 if (CKM_API_SUCCESS != retCode)
958 recv.Deserialize(retMsgId, retCode, output);
960 if (msgId != retMsgId)
961 return CKM_API_ERROR_UNKNOWN;
968 int Manager::Impl::encrypt(const CryptoAlgorithm &algo,
969 const Alias &keyAlias,
970 const Password &password,
971 const RawBuffer &plain,
972 RawBuffer &encrypted)
974 return crypt(EncryptionCommand::ENCRYPT, algo, keyAlias, password, plain,
978 int Manager::Impl::decrypt(const CryptoAlgorithm &algo,
979 const Alias &keyAlias,
980 const Password &password,
981 const RawBuffer &encrypted,
982 RawBuffer &decrypted)
984 return crypt(EncryptionCommand::DECRYPT, algo, keyAlias, password, encrypted,