+
+int Manager::Impl::createKeyPair(
+ const KeyType key_type,
+ const int additional_param,
+ const Alias &privateKeyAlias,
+ const Alias &publicKeyAlias,
+ const Policy &policyPrivateKey,
+ const Policy &policyPublicKey)
+{
+ // input type check
+ CryptoAlgorithm keyGenAlgorithm;
+
+ switch (key_type) {
+ case KeyType::KEY_RSA_PUBLIC:
+ case KeyType::KEY_RSA_PRIVATE:
+ keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_GEN);
+ keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
+ break;
+
+ case KeyType::KEY_DSA_PUBLIC:
+ case KeyType::KEY_DSA_PRIVATE:
+ keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::DSA_GEN);
+ keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
+ break;
+
+ case KeyType::KEY_ECDSA_PUBLIC:
+ case KeyType::KEY_ECDSA_PRIVATE:
+ keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::ECDSA_GEN);
+ keyGenAlgorithm.setParam(ParamName::GEN_EC, additional_param);
+ break;
+
+ default:
+ return CKM_API_ERROR_INPUT_PARAM;
+ }
+
+ EXCEPTION_GUARD_START_CPPAPI
+
+ AliasSupport privateHelper(privateKeyAlias);
+ AliasSupport publicHelper(publicKeyAlias);
+
+ return Request(*this, LogicCommand::CREATE_KEY_PAIR, m_storageConnection,
+ CryptoAlgorithmSerializable(keyGenAlgorithm),
+ PolicySerializable(policyPrivateKey),
+ PolicySerializable(policyPublicKey),
+ privateHelper.getName(), privateHelper.getOwner(),
+ publicHelper.getName(), publicHelper.getOwner()
+ ).maybeDeserialize();
+
+ EXCEPTION_GUARD_END
+}
+
+int Manager::Impl::getCertificateChain(
+ const CertificateShPtr &certificate,
+ const CertificateShPtrVector &untrustedCertificates,
+ const CertificateShPtrVector &trustedCertificates,
+ bool useTrustedSystemCertificates,
+ CertificateShPtrVector &certificateChainVector)
+{
+ RawBufferVector untrustedVector;
+ RawBufferVector trustedVector;
+
+ if (!certificate || certificate->empty())
+ return CKM_API_ERROR_INPUT_PARAM;
+
+ for (auto &e : untrustedCertificates) {
+ if (!e || e->empty())
+ return CKM_API_ERROR_INPUT_PARAM;
+ untrustedVector.push_back(e->getDER());
+ }
+
+ for (auto &e : trustedCertificates) {
+ if (!e || e->empty())
+ return CKM_API_ERROR_INPUT_PARAM;
+ trustedVector.push_back(e->getDER());
+ }
+
+ return getCertChain(m_storageConnection, LogicCommand::GET_CHAIN_CERT, *this,
+ certificate, untrustedVector, trustedVector,
+ useTrustedSystemCertificates, certificateChainVector);
+}
+
+int Manager::Impl::getCertificateChain(
+ const CertificateShPtr &certificate,
+ const AliasVector &untrustedCertificates,
+ const AliasVector &trustedCertificates,
+ bool useTrustedSystemCertificates,
+ CertificateShPtrVector &certificateChainVector)
+{
+ OwnerNameVector untrustedVector;
+ OwnerNameVector trustedVector;
+
+ if (!certificate || certificate->empty())
+ return CKM_API_ERROR_INPUT_PARAM;
+
+ for (auto &e : untrustedCertificates) {
+ AliasSupport helper(e);
+ untrustedVector.push_back(std::make_pair(helper.getOwner(), helper.getName()));
+ }
+
+ for (auto &e : trustedCertificates) {
+ AliasSupport helper(e);
+ trustedVector.push_back(std::make_pair(helper.getOwner(), helper.getName()));
+ }
+
+ return getCertChain(m_storageConnection, LogicCommand::GET_CHAIN_ALIAS, *this,
+ certificate, untrustedVector, trustedVector,
+ useTrustedSystemCertificates, certificateChainVector);
+}
+
+int Manager::Impl::createSignature(
+ const Alias &privateKeyAlias,
+ const Password &password, // password for private_key
+ const RawBuffer &message,
+ const CryptoAlgorithm &cAlgorithm,
+ RawBuffer &signature)
+{
+ EXCEPTION_GUARD_START_CPPAPI
+
+ AliasSupport helper(privateKeyAlias);
+
+ return Request(*this, LogicCommand::CREATE_SIGNATURE, m_storageConnection,
+ helper.getName(), helper.getOwner(), password, message,
+ CryptoAlgorithmSerializable(cAlgorithm)
+ ).maybeDeserialize(signature);
+
+ EXCEPTION_GUARD_END
+}
+
+int Manager::Impl::verifySignature(
+ const Alias &publicKeyOrCertAlias,
+ const Password &password, // password for public_key (optional)
+ const RawBuffer &message,
+ const RawBuffer &signature,
+ const CryptoAlgorithm &cAlg)
+{
+ EXCEPTION_GUARD_START_CPPAPI
+
+ AliasSupport helper(publicKeyOrCertAlias);
+
+ return Request(*this, LogicCommand::VERIFY_SIGNATURE, m_storageConnection,
+ helper.getName(), helper.getOwner(), password, message, signature,
+ CryptoAlgorithmSerializable(cAlg)
+ ).maybeDeserialize();
+
+ EXCEPTION_GUARD_END
+}
+
+int Manager::Impl::ocspCheck(const CertificateShPtrVector &certChain,
+ int &ocspStatus)
+{
+ EXCEPTION_GUARD_START_CPPAPI
+
+ int msgId = ++m_counter;
+ MessageBuffer recv;
+
+ RawBufferVector rawCertChain;
+
+ for (auto &e : certChain) {
+ if (!e || e->empty()) {
+ LogError("Empty certificate");
+ return CKM_API_ERROR_INPUT_PARAM;
+ }
+
+ rawCertChain.push_back(e->getDER());
+ }
+
+ int retCode = doRequest(recv, m_ocspConnection, msgId, rawCertChain);
+
+ if (CKM_API_SUCCESS != retCode)
+ return retCode;
+
+ return deserializeResponse(msgId, recv, ocspStatus);
+
+ EXCEPTION_GUARD_END
+}
+
+int Manager::Impl::setPermission(const Alias &alias,
+ const ClientId &accessor,
+ PermissionMask permissionMask)
+{
+ EXCEPTION_GUARD_START_CPPAPI
+
+ AliasSupport helper(alias);
+
+ return Request(*this, LogicCommand::SET_PERMISSION, m_storageConnection,
+ helper.getName(), helper.getOwner(), accessor, permissionMask
+ ).maybeDeserialize();
+
+ EXCEPTION_GUARD_END
+}
+
+int Manager::Impl::crypt(EncryptionCommand command,
+ const CryptoAlgorithm &algo,
+ const Alias &keyAlias,
+ const Password &password,
+ const RawBuffer &input,
+ RawBuffer &output)
+{
+ EXCEPTION_GUARD_START_CPPAPI
+
+ AliasSupport helper(keyAlias);
+ CryptoAlgorithmSerializable cas(algo);
+
+ return Request(*this, command, m_encryptionConnection,
+ cas, helper.getName(), helper.getOwner(), password, input
+ ).maybeDeserialize(output);
+
+ EXCEPTION_GUARD_END
+}
+
+int Manager::Impl::encrypt(const CryptoAlgorithm &algo,
+ const Alias &keyAlias,
+ const Password &password,
+ const RawBuffer &plain,
+ RawBuffer &encrypted)
+{
+ return crypt(EncryptionCommand::ENCRYPT, algo, keyAlias, password, plain,
+ encrypted);
+}
+
+int Manager::Impl::decrypt(const CryptoAlgorithm &algo,
+ const Alias &keyAlias,
+ const Password &password,
+ const RawBuffer &encrypted,
+ RawBuffer &decrypted)
+{
+ return crypt(EncryptionCommand::DECRYPT, algo, keyAlias, password, encrypted,
+ decrypted);
+}
+
+int Manager::Impl::deriveKey(const CryptoAlgorithm &algo,
+ const Alias &secretAlias,
+ const Password &secretPassword,
+ const Alias &newKeyAlias,
+ const Policy &newKeyPolicy)
+{
+ EXCEPTION_GUARD_START_CPPAPI
+
+ AliasSupport secret(secretAlias);
+ AliasSupport newKey(newKeyAlias);
+ CryptoAlgorithmSerializable cas(algo);
+
+ return Request(*this, LogicCommand::DERIVE, m_storageConnection,
+ cas, secret.getName(), secret.getOwner(), secretPassword,
+ newKey.getName(), newKey.getOwner(), PolicySerializable(newKeyPolicy)
+ ).maybeDeserialize();
+
+ EXCEPTION_GUARD_END
+}
+
+int Manager::Impl::importWrappedKey(const CryptoAlgorithm ¶ms,
+ const Alias &wrappingKeyAlias,
+ const Password &wrappingKeyPassword,
+ const Alias &alias,
+ const RawBuffer &wrappedKey,
+ const KeyType keyType,
+ const Policy &policy)
+{
+ EXCEPTION_GUARD_START_CPPAPI
+
+ if (keyType == KeyType::KEY_NONE)
+ return CKM_API_ERROR_INPUT_PARAM;
+
+ AliasSupport wrapping_helper(wrappingKeyAlias);
+ AliasSupport helper(alias);
+
+ return Request(*this,
+ LogicCommand::IMPORT_WRAPPED_KEY,
+ m_storageConnection,
+ CryptoAlgorithmSerializable(params),
+ wrapping_helper.getName(),
+ wrapping_helper.getOwner(),
+ wrappingKeyPassword,
+ helper.getName(),
+ helper.getOwner(),
+ wrappedKey,
+ DataType(keyType),
+ PolicySerializable(policy)
+ ).maybeDeserialize();
+
+ EXCEPTION_GUARD_END
+}
+
+int Manager::Impl::exportWrappedKey(const CryptoAlgorithm ¶ms,
+ const Alias &wrappingKeyAlias,
+ const Password &wrappingKeyPassword,
+ const Alias &alias,
+ const Password &password,
+ KeyType &keyType,
+ RawBuffer &wrappedKey)
+{
+ EXCEPTION_GUARD_START_CPPAPI
+
+ AliasSupport wrapping_helper(wrappingKeyAlias);
+ AliasSupport helper(alias);
+ DataType dataTypeKey;
+
+ int retCode = Request(*this,
+ LogicCommand::EXPORT_WRAPPED_KEY,
+ m_storageConnection,
+ CryptoAlgorithmSerializable(params),
+ wrapping_helper.getName(),
+ wrapping_helper.getOwner(),
+ wrappingKeyPassword,
+ helper.getName(),
+ helper.getOwner(),
+ password
+ ).maybeDeserialize(dataTypeKey, wrappedKey);
+
+ if (retCode != CKM_API_SUCCESS)
+ return retCode;
+
+ if (dataTypeKey.isSymmetricKey()) {
+ keyType = KeyType::KEY_AES;
+ } else if (dataTypeKey.isKeyPrivate()) {
+ keyType = KeyType::KEY_RSA_PRIVATE;
+ } else {
+ return CKM_API_ERROR_INVALID_FORMAT;
+ }
+
+ return retCode;
+
+ EXCEPTION_GUARD_END
+}
+
+int Manager::Impl::initializeCipher(
+ const CryptoAlgorithm ¶ms,
+ const Alias &keyAlias,
+ const Password &keyPassword,
+ bool encrypt,
+ int &requestId)
+{
+ EXCEPTION_GUARD_START_CPPAPI
+
+ AliasSupport helper(keyAlias);
+
+ return Request(*this,
+ EncryptionCommand::INITIALIZE_CIPHER,
+ m_encryptionConnection,
+ requestId,
+ CryptoAlgorithmSerializable(params),
+ helper.getName(),
+ helper.getOwner(),
+ keyPassword,
+ encrypt
+ ).maybeDeserialize(requestId);
+
+ EXCEPTION_GUARD_END
+}
+
+int Manager::Impl::updateCipher(int requestId, const RawBuffer &in, RawBuffer &out)
+{
+ EXCEPTION_GUARD_START_CPPAPI
+
+ return Request(*this,
+ EncryptionCommand::UPDATE_CIPHER,
+ m_encryptionConnection,
+ requestId,
+ in
+ ).maybeDeserialize(out);
+
+ EXCEPTION_GUARD_END
+}
+
+int Manager::Impl::finalizeCipher(int requestId, const RawBuffer &in, RawBuffer &out)
+{
+ EXCEPTION_GUARD_START_CPPAPI
+
+ return Request(*this,
+ EncryptionCommand::FINALIZE_CIPHER,
+ m_encryptionConnection,
+ requestId,
+ in
+ ).maybeDeserialize(out);
+
+ EXCEPTION_GUARD_END
+}
+
+int Manager::Impl::getBackendInfo(BackendId backend, BackendInfo& info)
+{
+ EXCEPTION_GUARD_START_CPPAPI
+
+ BackendInfoSerializable bis(info);
+ return Request(*this,
+ LogicCommand::GET_BACKEND_INFO,
+ m_storageConnection,
+ backend
+ ).maybeDeserialize(bis);
+
+ EXCEPTION_GUARD_END
+}
+
+} // namespace CKM