#include <message-buffer.h>
#include <protocols.h>
#include <key-impl.h>
+#include <key-aes-impl.h>
#include <certificate-impl.h>
namespace CKM {
} // namespace anonymous
ManagerImpl::ManagerImpl()
- : m_counter(0), m_storageConnection(SERVICE_SOCKET_CKM_STORAGE), m_ocspConnection(SERVICE_SOCKET_OCSP)
+ : m_counter(0),
+ m_storageConnection(SERVICE_SOCKET_CKM_STORAGE),
+ m_ocspConnection(SERVICE_SOCKET_OCSP),
+ m_encryptionConnection(SERVICE_SOCKET_ENCRYPTION)
{
initCryptoLib();
}
int ManagerImpl::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs)
{
+ return getPKCS12(alias, Password(), Password(), pkcs);
+}
+
+int ManagerImpl::getPKCS12(const Alias &alias, const Password &keyPass, const Password &certPass, PKCS12ShPtr &pkcs)
+{
if (alias.empty())
return CKM_API_ERROR_INPUT_PARAM;
auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_PKCS12),
my_counter,
helper.getName(),
- helper.getLabel());
+ helper.getLabel(),
+ keyPass,
+ certPass);
int retCode = m_storageConnection.processRequest(send.Pop(), recv);
if (CKM_API_SUCCESS != retCode)
if (retCode != CKM_API_SUCCESS)
return retCode;
- KeyShPtr keyParsed(new KeyImpl(rawData));
+ KeyShPtr keyParsed;
+ if(DataType::KEY_AES == recvDataType)
+ keyParsed = KeyShPtr(new KeyAESImpl(rawData));
+ else
+ keyParsed = KeyShPtr(new KeyImpl(rawData));
if (keyParsed->empty()) {
LogDebug("Key empty - failed to parse!");
return this->createKeyPair(CKM::KeyType::KEY_ECDSA_PUBLIC, static_cast<int>(type), privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
}
+int ManagerImpl::createKeyAES(
+ const int size,
+ const Alias &keyAlias,
+ const Policy &policyKey)
+{
+ // proceed with sending request
+ int my_counter = ++m_counter;
+
+ return try_catch([&] {
+
+ MessageBuffer recv;
+ AliasSupport aliasHelper(keyAlias);
+ auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_KEY_AES),
+ my_counter,
+ static_cast<int>(size),
+ PolicySerializable(policyKey),
+ aliasHelper.getName(),
+ aliasHelper.getLabel());
+
+ int retCode = m_storageConnection.processRequest(send.Pop(), recv);
+ if (CKM_API_SUCCESS != retCode)
+ return retCode;
+
+ int command;
+ int counter;
+ recv.Deserialize(command, counter, retCode);
+ if (counter != my_counter) {
+ return CKM_API_ERROR_UNKNOWN;
+ }
+
+ return retCode;
+ });
+}
+
+
int ManagerImpl::createKeyPair(
const KeyType key_type,
const int additional_param,
const Policy &policyPublicKey)
{
// input type check
- LogicCommand cmd_type;
+ CryptoAlgorithm keyGenAlgorithm;
switch(key_type)
{
case KeyType::KEY_RSA_PUBLIC:
case KeyType::KEY_RSA_PRIVATE:
- cmd_type = LogicCommand::CREATE_KEY_PAIR_RSA;
+ keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_GEN);
+ keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
break;
case KeyType::KEY_DSA_PUBLIC:
case KeyType::KEY_DSA_PRIVATE:
- cmd_type = LogicCommand::CREATE_KEY_PAIR_DSA;
+ keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::DSA_GEN);
+ keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
break;
case KeyType::KEY_ECDSA_PUBLIC:
case KeyType::KEY_ECDSA_PRIVATE:
- cmd_type = LogicCommand::CREATE_KEY_PAIR_ECDSA;
+ keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::ECDSA_GEN);
+ keyGenAlgorithm.setParam(ParamName::GEN_EC, additional_param);
break;
default:
MessageBuffer recv;
AliasSupport privateHelper(privateKeyAlias);
AliasSupport publicHelper(publicKeyAlias);
- auto send = MessageBuffer::Serialize(static_cast<int>(cmd_type),
+ auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_KEY_PAIR),
my_counter,
- static_cast<int>(additional_param),
+ CryptoAlgorithmSerializable(keyGenAlgorithm),
PolicySerializable(policyPrivateKey),
PolicySerializable(policyPublicKey),
privateHelper.getName(),
RawBufferVector rawCertChain;
for (auto &e: certChain) {
+ if (!e || e->empty()) {
+ LogError("Empty certificate");
+ return CKM_API_ERROR_INPUT_PARAM;
+ }
rawCertChain.push_back(e->getDER());
}
});
}
+int ManagerImpl::crypt(EncryptionCommand command,
+ const CryptoAlgorithm &algo,
+ const Alias &keyAlias,
+ const Password &password,
+ const RawBuffer& input,
+ RawBuffer& output)
+{
+ int my_counter = ++m_counter;
+
+ return try_catch([&] {
+ MessageBuffer recv;
+ AliasSupport helper(keyAlias);
+ CryptoAlgorithmSerializable cas(algo);
+ auto send = MessageBuffer::Serialize(static_cast<int>(command),
+ my_counter,
+ cas,
+ helper.getName(),
+ helper.getLabel(),
+ password,
+ input);
+
+ int retCode = m_encryptionConnection.processRequest(send.Pop(), recv);
+ if (CKM_API_SUCCESS != retCode)
+ return retCode;
+
+ int command;
+ int counter;
+ recv.Deserialize(command, counter, retCode, output);
+
+ if (my_counter != counter) {
+ return CKM_API_ERROR_UNKNOWN;
+ }
+
+ return retCode;
+ });
+}
+
+int ManagerImpl::encrypt(const CryptoAlgorithm &algo,
+ const Alias &keyAlias,
+ const Password &password,
+ const RawBuffer& plain,
+ RawBuffer& encrypted)
+{
+ return crypt(EncryptionCommand::ENCRYPT, algo, keyAlias, password, plain, encrypted);
+}
+
+int ManagerImpl::decrypt(const CryptoAlgorithm &algo,
+ const Alias &keyAlias,
+ const Password &password,
+ const RawBuffer& encrypted,
+ RawBuffer& decrypted)
+{
+ return crypt(EncryptionCommand::DECRYPT, algo, keyAlias, password, encrypted, decrypted);
+}
+
ManagerShPtr Manager::create() {
try {
return std::make_shared<ManagerImpl>();