2 * Copyright (c) 2014 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 #include <exception.h>
18 #include <key-provider.h>
19 #include <dpl/log/log.h>
20 #include <ckm/ckm-zero-memory.h>
25 #include <crypto-backend.h>
26 #ifdef SE_BACKEND_ENABLED
27 #include <se-backend/internals.h>
34 RawBuffer toRawBuffer(const T &data)
37 const unsigned char *ptr = reinterpret_cast<const unsigned char *>(&data);
38 output.assign(ptr, ptr + sizeof(T));
42 // You cannot use toRawBuffer template with pointers
44 RawBuffer toRawBuffer(T *)
46 class NoPointerAllowed {
53 typedef std::unique_ptr<EVP_CIPHER_CTX, decltype(&EVP_CIPHER_CTX_free)> CipherCtxPtr;
55 int encryptAes256Gcm(const unsigned char *plaintext,
56 int plaintext_len, const unsigned char *key, const unsigned char *iv,
57 unsigned char *ciphertext, unsigned char *tag)
60 int ciphertext_len = 0;
62 CipherCtxPtr ctx(EVP_CIPHER_CTX_new(), EVP_CIPHER_CTX_free);
64 return OPENSSL_ENGINE_ERROR;
66 if (!EVP_EncryptInit_ex(ctx.get(), EVP_aes_256_gcm(), NULL, NULL, NULL))
67 return OPENSSL_ENGINE_ERROR;
69 if (!EVP_EncryptInit_ex(ctx.get(), NULL, NULL, key, iv))
70 return OPENSSL_ENGINE_ERROR;
72 if (!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
73 return OPENSSL_ENGINE_ERROR;
75 if (!EVP_EncryptUpdate(ctx.get(), ciphertext, &len, plaintext, plaintext_len))
76 return OPENSSL_ENGINE_ERROR;
80 if (!EVP_EncryptFinal_ex(ctx.get(), ciphertext + len, &len))
81 return OPENSSL_ENGINE_ERROR;
83 ciphertext_len += len;
85 if (!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_GET_TAG, MAX_IV_SIZE, tag))
86 return OPENSSL_ENGINE_ERROR;
88 return ciphertext_len;
91 int decryptAes256Gcm(const unsigned char *ciphertext,
92 int ciphertext_len, unsigned char *tag, const unsigned char *key,
93 const unsigned char *iv, unsigned char *plaintext)
99 CipherCtxPtr ctx(EVP_CIPHER_CTX_new(), EVP_CIPHER_CTX_free);
101 return OPENSSL_ENGINE_ERROR;
103 if (!EVP_DecryptInit_ex(ctx.get(), EVP_aes_256_gcm(), NULL, NULL, NULL))
104 return OPENSSL_ENGINE_ERROR;
106 if (!EVP_DecryptInit_ex(ctx.get(), NULL, NULL, key, iv))
107 return OPENSSL_ENGINE_ERROR;
109 if (!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
110 return OPENSSL_ENGINE_ERROR;
112 if (!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_TAG, MAX_IV_SIZE, tag))
113 return OPENSSL_ENGINE_ERROR;
115 if (!EVP_DecryptUpdate(ctx.get(), plaintext, &len, ciphertext, ciphertext_len))
116 return OPENSSL_ENGINE_ERROR;
120 if (!(ret = EVP_DecryptFinal_ex(ctx.get(), plaintext + len, &len)))
121 return OPENSSL_ENGINE_ERROR;
124 plaintext_len += len;
125 return plaintext_len;
131 typedef std::array<uint8_t, MAX_KEY_SIZE> KeyData;
132 // derives a key used for DomainKEK encryption (aka PKEK1) from random salt & user password
133 KeyData makePKEK1(const KeyComponentsInfoDKEK& keyInfo, const Password &password)
135 std::string concatPasswordClient(password.c_str());
136 concatPasswordClient += std::string(keyInfo.client);
138 if (keyInfo.version != KEYCOMPONENT_VERSION)
139 ThrowErr(Exc::InternalError, "It's not expected version");
141 #if SE_BACKEND_ENABLED
143 if (keyInfo.backend == (int)CryptoBackend::SecureElement) {
144 RawBuffer salt = Crypto::SE::Internals::encryptWithDbpKey((unsigned char*)keyInfo.salt, MAX_SALT_SIZE,
145 (unsigned char*)keyInfo.iv, MAX_IV_SIZE);
147 salt = RawBuffer(keyInfo.salt, keyInfo.salt + MAX_SALT_SIZE);
150 if (keyInfo.backend != (int)CryptoBackend::OpenSSL)
151 ThrowErr(Exc::InternalError, "It's not expected backend");
153 RawBuffer salt(keyInfo.salt, keyInfo.salt + MAX_SALT_SIZE);
155 if (!PKCS5_PBKDF2_HMAC_SHA1(concatPasswordClient.c_str(),
156 concatPasswordClient.size(),
162 ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR");
167 // derives a key (PKEK2) from DomainKEK and custom client string (may be a client id or uid)
168 KeyData makePKEK2(const uint8_t *domainKEK, const std::string &client)
171 if (!PKCS5_PBKDF2_HMAC_SHA1(client.c_str(),
178 ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR");
183 void unwrapDomainKEK(const RawBuffer &wrappedDomainKEKbuffer,
184 const Password &password,
185 KeyAndInfoContainer &domainKEK)
187 WrappedKeyAndInfoContainer wrappedDomainKEK;
188 wrappedDomainKEK.setWrappedDKEKAndInfo(wrappedDomainKEKbuffer.data());
189 KeyData PKEK1 = makePKEK1(wrappedDomainKEK.getWrappedDKEKAndInfo().keyInfo, password);
192 if (0 > (keyLength = decryptAes256Gcm(wrappedDomainKEK.getWrappedDKEKAndInfo().wrappedKey,
193 wrappedDomainKEK.getWrappedDKEKAndInfo().keyInfo.keyLength,
194 wrappedDomainKEK.getWrappedDKEKAndInfo().keyInfo.tag,
196 wrappedDomainKEK.getWrappedDKEKAndInfo().keyInfo.iv,
197 domainKEK.getDKEKAndInfo().key)))
198 ThrowErr(Exc::AuthenticationFailed, "DomainKEK decryption failed");
200 domainKEK.setKeyInfo(&(wrappedDomainKEK.getWrappedDKEKAndInfo().keyInfo));
201 domainKEK.setDKEKInfo(wrappedDomainKEK.getWrappedDKEKAndInfo().keyInfo.version,
202 wrappedDomainKEK.getWrappedDKEKAndInfo().keyInfo.backend);
203 domainKEK.setKeyInfoKeyLength(static_cast<unsigned int>(keyLength));
206 RawBuffer wrapDomainKEK(KeyAndInfoContainer &domainKEK, const Password &password)
208 KeyData PKEK1 = makePKEK1(domainKEK.getDKEKAndInfo().keyInfo, password);
210 WrappedKeyAndInfoContainer wrappedDomainKEK = WrappedKeyAndInfoContainer();
211 wrappedDomainKEK.setKeyInfo(&(domainKEK.getDKEKAndInfo().keyInfo));
212 wrappedDomainKEK.setDKEKInfo(domainKEK.getDKEKAndInfo().keyInfo.version,
213 domainKEK.getDKEKAndInfo().keyInfo.backend);
216 if (0 > (wrappedLength = encryptAes256Gcm(domainKEK.getDKEKAndInfo().key,
217 domainKEK.getDKEKAndInfo().keyInfo.keyLength,
219 domainKEK.getDKEKAndInfo().keyInfo.iv,
220 wrappedDomainKEK.getWrappedDKEKAndInfo().wrappedKey,
221 wrappedDomainKEK.getWrappedDKEKAndInfo().keyInfo.tag)))
222 ThrowErr(Exc::InternalError, "DomainKEK encryption failed");
224 wrappedDomainKEK.setKeyInfoKeyLength(static_cast<unsigned int>(wrappedLength));
225 return toRawBuffer(wrappedDomainKEK.getWrappedDKEKAndInfo());
229 bool randomize(uint8_t (&array)[N])
231 return RAND_bytes(array, N) == 1;
234 } // anonymous namespace
236 WrappedKeyAndInfoContainer::WrappedKeyAndInfoContainer()
238 memset(&wrappedKeyAndInfo, 0, sizeof(WrappedKeyAndInfo));
239 memset(&wrappedDKEKAndInfo, 0, sizeof(WrappedKeyAndInfoDKEK));
242 WrappedKeyAndInfo &WrappedKeyAndInfoContainer::getWrappedKeyAndInfo()
244 return wrappedKeyAndInfo;
247 WrappedKeyAndInfoDKEK &WrappedKeyAndInfoContainer::getWrappedDKEKAndInfo()
249 return wrappedDKEKAndInfo;
252 void WrappedKeyAndInfoContainer::setWrappedKeyAndInfo(
253 const unsigned char *data)
255 memcpy(&wrappedKeyAndInfo, data, sizeof(WrappedKeyAndInfo));
257 if (wrappedKeyAndInfo.keyInfo.keyLength > sizeof(wrappedKeyAndInfo.wrappedKey)) {
258 ThrowErr(Exc::InternalError,
259 "Wrapped key info is corrupted. Key length exceeds the size of the key buffer.");
262 size_t maxlen = sizeof(wrappedKeyAndInfo.keyInfo.client);
263 if (strnlen(wrappedKeyAndInfo.keyInfo.client, maxlen) == maxlen) {
264 ThrowErr(Exc::InternalError,
265 "Wrapped key info is corrupted. Client id is not NULL terminated.");
269 void WrappedKeyAndInfoContainer::setWrappedDKEKAndInfo(
270 const unsigned char *data)
272 memcpy(&wrappedDKEKAndInfo, data, sizeof(WrappedKeyAndInfoDKEK));
274 if (wrappedDKEKAndInfo.keyInfo.keyLength > sizeof(wrappedDKEKAndInfo.wrappedKey)) {
275 ThrowErr(Exc::InternalError,
276 "Wrapped key info is corrupted. Key length exceeds the size of the key buffer.");
279 size_t maxlen = sizeof(wrappedDKEKAndInfo.keyInfo.client);
280 if (strnlen(wrappedDKEKAndInfo.keyInfo.client, maxlen) == maxlen) {
281 ThrowErr(Exc::InternalError,
282 "Wrapped key info is corrupted. Client id is not NULL terminated.");
286 void WrappedKeyAndInfoContainer::setKeyInfoKeyLength(const uint32_t length)
288 wrappedKeyAndInfo.keyInfo.keyLength = length;
289 wrappedDKEKAndInfo.keyInfo.keyLength = length;
292 void WrappedKeyAndInfoContainer::setKeyInfoClient(const std::string resized_client)
294 if (resized_client.size() >= sizeof(wrappedKeyAndInfo.keyInfo.client)) {
295 ThrowErr(Exc::InternalError, "Client name too long");
298 strncpy(wrappedKeyAndInfo.keyInfo.client, resized_client.c_str(), resized_client.size());
299 strncpy(wrappedDKEKAndInfo.keyInfo.client, resized_client.c_str(), resized_client.size());
302 void WrappedKeyAndInfoContainer::setKeyInfoSalt(const unsigned char *salt,
305 memcpy(wrappedKeyAndInfo.keyInfo.salt, salt, size);
306 memcpy(wrappedDKEKAndInfo.keyInfo.salt, salt, size);
309 void WrappedKeyAndInfoContainer::setKeyInfo(const KeyComponentsInfo
312 memcpy(&(wrappedKeyAndInfo.keyInfo), keyComponentsInfo,
313 sizeof(KeyComponentsInfo));
314 wrappedDKEKAndInfo.keyInfo.set(wrappedKeyAndInfo.keyInfo);
317 void WrappedKeyAndInfoContainer::setDKEKInfo(const uint32_t version, const uint32_t backend)
319 wrappedDKEKAndInfo.keyInfo.version = version;
320 wrappedDKEKAndInfo.keyInfo.backend = backend;
323 WrappedKeyAndInfoContainer::~WrappedKeyAndInfoContainer()
327 KeyAndInfoContainer::KeyAndInfoContainer()
329 memset(&keyAndInfo, 0, sizeof(KeyAndInfo));
330 memset(&DKEKAndInfo, 0, sizeof(KeyAndInfoDKEK));
333 KeyAndInfo &KeyAndInfoContainer::getKeyAndInfo()
338 KeyAndInfoDKEK &KeyAndInfoContainer::getDKEKAndInfo()
343 void KeyAndInfoContainer::setKeyAndInfo(const unsigned char *data)
345 memcpy(&keyAndInfo, data, sizeof(KeyAndInfo));
348 void KeyAndInfoContainer::setDKEKAndInfo(const unsigned char *data)
350 memcpy(&DKEKAndInfo, data, sizeof(KeyAndInfoDKEK));
353 void KeyAndInfoContainer::setKeyInfoKeyLength(const uint32_t length)
355 keyAndInfo.keyInfo.keyLength = length;
356 DKEKAndInfo.keyInfo.keyLength = length;
359 void KeyAndInfoContainer::setKeyInfo(const KeyComponentsInfo *keyComponentsInfo)
361 memcpy(&(keyAndInfo.keyInfo), keyComponentsInfo, sizeof(KeyComponentsInfo));
362 DKEKAndInfo.keyInfo.set(keyAndInfo.keyInfo);
365 void KeyAndInfoContainer::setDKEKInfo(const uint32_t version, const uint32_t backend)
367 DKEKAndInfo.keyInfo.version = version;
368 DKEKAndInfo.keyInfo.backend = backend;
371 KeyAndInfoContainer::~KeyAndInfoContainer()
374 ZeroMemory(reinterpret_cast<unsigned char*>(&keyAndInfo), sizeof(KeyAndInfo));
375 ZeroMemory(reinterpret_cast<unsigned char*>(&DKEKAndInfo), sizeof(KeyAndInfoDKEK));
378 KeyProvider::KeyProvider() :
380 m_isInitialized(false)
382 LogDebug("Created empty KeyProvider");
385 KeyProvider::KeyProvider(
386 const RawBuffer &domainKEKInWrapForm,
387 const Password &password) :
388 m_domainKEK(new KeyAndInfoContainer()),
389 m_isInitialized(true)
391 if (!m_isInitialized)
392 ThrowErr(Exc::InternalError, "Object not initialized!. Should not happened");
394 if (domainKEKInWrapForm.size() != sizeof(WrappedKeyAndInfoDKEK)) {
395 LogWarning("input size:" << domainKEKInWrapForm.size()
396 << " Expected: " << sizeof(WrappedKeyAndInfoDKEK));
397 LogWarning("buffer doesn't have proper size to store WrappedKeyAndInfoDKEK in KeyProvider Constructor");
398 m_isInitialized = false;
402 unwrapDomainKEK(domainKEKInWrapForm, password, *m_domainKEK);
405 KeyProvider &KeyProvider::operator=(KeyProvider &&second)
407 LogDebug("Moving KeyProvider");
412 m_isInitialized = second.m_isInitialized;
413 m_domainKEK = second.m_domainKEK;
414 second.m_isInitialized = false;
415 second.m_domainKEK = NULL;
419 KeyProvider::KeyProvider(KeyProvider &&second)
421 LogDebug("Moving KeyProvider");
422 m_isInitialized = second.m_isInitialized;
423 m_domainKEK = second.m_domainKEK;
424 second.m_isInitialized = false;
425 second.m_domainKEK = NULL;
428 bool KeyProvider::isInitialized()
430 return m_isInitialized;
433 RawBuffer KeyProvider::getPureDomainKEK()
435 if (!m_isInitialized)
436 ThrowErr(Exc::InternalError, "Object not initialized!");
439 return RawBuffer(m_domainKEK->getDKEKAndInfo().key,
440 (m_domainKEK->getDKEKAndInfo().key) +
441 m_domainKEK->getDKEKAndInfo().keyInfo.keyLength);
444 RawBuffer KeyProvider::getWrappedDomainKEK(const Password &password)
446 if (!m_isInitialized)
447 ThrowErr(Exc::InternalError, "Object not initialized!");
449 return wrapDomainKEK(*m_domainKEK, password);
453 RawBuffer KeyProvider::getPureDEK(const RawBuffer &DEKInWrapForm)
455 if (!m_isInitialized)
456 ThrowErr(Exc::InternalError, "Object not initialized!");
458 if (DEKInWrapForm.size() != sizeof(WrappedKeyAndInfo)) {
459 LogError("input size:" << DEKInWrapForm.size()
460 << " Expected: " << sizeof(WrappedKeyAndInfo));
462 ThrowErr(Exc::InternalError,
463 "buffer doesn't have proper size to store "
464 "WrappedKeyAndInfo in KeyProvider::getPureDEK");
467 KeyAndInfoContainer kmcDEK = KeyAndInfoContainer();
468 WrappedKeyAndInfoContainer wkmcDEK = WrappedKeyAndInfoContainer();
469 wkmcDEK.setWrappedKeyAndInfo(DEKInWrapForm.data());
471 KeyData PKEK2 = makePKEK2(m_domainKEK->getDKEKAndInfo().key,
472 wkmcDEK.getWrappedKeyAndInfo().keyInfo.client);
475 if (0 > (keyLength = decryptAes256Gcm(
476 wkmcDEK.getWrappedKeyAndInfo().wrappedKey,
477 wkmcDEK.getWrappedKeyAndInfo().keyInfo.keyLength,
478 wkmcDEK.getWrappedKeyAndInfo().keyInfo.tag,
480 wkmcDEK.getWrappedKeyAndInfo().keyInfo.iv,
481 kmcDEK.getKeyAndInfo().key)))
482 ThrowErr(Exc::InternalError,
483 "UnwrapDEK Failed in KeyProvider::getPureDEK");
485 kmcDEK.setKeyInfoKeyLength((unsigned int)keyLength);
487 LogDebug("getPureDEK SUCCESS");
489 kmcDEK.getKeyAndInfo().key,
490 (kmcDEK.getKeyAndInfo().key) + kmcDEK.getKeyAndInfo().keyInfo.keyLength);
493 RawBuffer KeyProvider::generateDEK(const std::string &client)
495 if (!m_isInitialized)
496 ThrowErr(Exc::InternalError, "Object not initialized!");
498 WrappedKeyAndInfoContainer wkmcDEK = WrappedKeyAndInfoContainer();
499 std::string resized_client;
501 if (client.length() < MAX_CLIENT_ID_SIZE)
502 resized_client = client;
504 resized_client = client.substr(0, MAX_CLIENT_ID_SIZE - 1);
506 uint8_t key[MAX_KEY_SIZE];
508 if (!randomize(key) || !randomize(wkmcDEK.getWrappedKeyAndInfo().keyInfo.iv))
509 ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR");
511 KeyData PKEK2 = makePKEK2(m_domainKEK->getDKEKAndInfo().key, resized_client);
513 int wrappedKeyLength;
514 if (0 > (wrappedKeyLength = encryptAes256Gcm(key,
515 m_domainKEK->getDKEKAndInfo().keyInfo.keyLength,
517 wkmcDEK.getWrappedKeyAndInfo().keyInfo.iv,
518 wkmcDEK.getWrappedKeyAndInfo().wrappedKey,
519 wkmcDEK.getWrappedKeyAndInfo().keyInfo.tag)))
520 ThrowErr(Exc::InternalError, "GenerateDEK Failed in KeyProvider::generateDEK");
522 wkmcDEK.setKeyInfoKeyLength((unsigned int)wrappedKeyLength);
523 wkmcDEK.setKeyInfoClient(resized_client);
525 LogDebug("GenerateDEK Success");
526 return toRawBuffer(wkmcDEK.getWrappedKeyAndInfo());
529 void KeyProvider::migrateDKEK(const RawBuffer &wrappedDomainKEKbuffer,
530 const Password &password)
532 WrappedKeyAndInfo wrappedInfo;
533 if (wrappedDomainKEKbuffer.size() != sizeof(WrappedKeyAndInfo)) {
534 LogError("[migrateDKEK] Input size:" << wrappedDomainKEKbuffer.size() <<
535 " Expected: " << sizeof(WrappedKeyAndInfo));
536 ThrowErr(Exc::InternalError,
537 "buffer doesn't have proper size to store ");
539 memcpy(&wrappedInfo, wrappedDomainKEKbuffer.data(), sizeof(WrappedKeyAndInfo));
541 size_t maxlen = sizeof(wrappedInfo.keyInfo.client);
542 if (strnlen(wrappedInfo.keyInfo.client, maxlen) == maxlen) {
543 ThrowErr(Exc::InternalError,
544 "Wrapped key info is corrupted. Client id is not NULL terminated.");
547 KeyComponentsInfo keyInfo = wrappedInfo.keyInfo;
548 std::string concatPasswordClient(password.c_str());
549 concatPasswordClient += std::string(keyInfo.client);
552 if (!PKCS5_PBKDF2_HMAC_SHA1(concatPasswordClient.c_str(),
553 concatPasswordClient.size(),
559 ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR");
563 if (0 > (keyLength = decryptAes256Gcm(wrappedInfo.wrappedKey,
568 m_domainKEK->getDKEKAndInfo().key)))
569 ThrowErr(Exc::AuthenticationFailed, "DomainKEK decryption failed");
571 m_domainKEK->getDKEKAndInfo().keyInfo.set(keyInfo);
572 m_domainKEK->setDKEKInfo(KEYCOMPONENT_VERSION, (uint32_t)CryptoBackend::OpenSSL);
573 #ifdef SE_BACKEND_ENABLED
574 m_domainKEK->setDKEKInfo(KEYCOMPONENT_VERSION, (uint32_t)CryptoBackend::SecureElement);
576 m_domainKEK->setKeyInfoKeyLength(static_cast<unsigned int>(keyLength));
577 m_isInitialized = true;
578 LogDebug("Migrate DKEK Success");
581 RawBuffer KeyProvider::reencrypt(
582 const RawBuffer &domainKEKInWrapForm,
583 const Password &oldPass,
584 const Password &newPass)
586 if (domainKEKInWrapForm.size() != sizeof(WrappedKeyAndInfo)) {
587 LogError("input size:" << domainKEKInWrapForm.size()
588 << " Expected: " << sizeof(WrappedKeyAndInfo));
589 ThrowErr(Exc::InternalError,
590 "buffer doesn't have proper size to store "
591 "WrappedKeyAndInfo in KeyProvider::reencrypt");
594 KeyAndInfoContainer domainKEK;
595 unwrapDomainKEK(domainKEKInWrapForm, oldPass, domainKEK);
596 return wrapDomainKEK(domainKEK, newPass);
599 RawBuffer KeyProvider::generateDomainKEK(
600 const std::string &user,
601 const Password &userPassword)
603 KeyAndInfoContainer domainKEK;
605 if (!randomize(domainKEK.getDKEKAndInfo().keyInfo.salt) ||
606 !randomize(domainKEK.getDKEKAndInfo().key) ||
607 !randomize(domainKEK.getDKEKAndInfo().keyInfo.iv)) {
608 ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR");
611 domainKEK.setDKEKInfo(KEYCOMPONENT_VERSION, (uint32_t)CryptoBackend::OpenSSL);
612 #ifdef SE_BACKEND_ENABLED
613 domainKEK.setDKEKInfo(KEYCOMPONENT_VERSION, (uint32_t)CryptoBackend::SecureElement);
615 domainKEK.setKeyInfoKeyLength(sizeof(domainKEK.getDKEKAndInfo().key));
616 if (user.size() >= sizeof(domainKEK.getDKEKAndInfo().keyInfo.client)) {
617 ThrowErr(Exc::InternalError, "Client name too long");
619 strncpy(domainKEK.getDKEKAndInfo().keyInfo.client, user.c_str(), user.size());
621 return wrapDomainKEK(domainKEK, userPassword);
624 int KeyProvider::initializeLibrary()
626 LogDebug("initializeLibrary Success");
630 int KeyProvider::closeLibrary()
632 LogDebug("closeLibrary Success");
636 KeyProvider::~KeyProvider()
638 LogDebug("KeyProvider Destructor");