#include <protocols.h>
#include <dpl/serialization.h>
+#include <ckm/ckm-type.h>
namespace CKM {
char const * const SERVICE_SOCKET_CKM_CONTROL = "/tmp/.central-key-manager-api-control.sock";
char const * const SERVICE_SOCKET_CKM_STORAGE = "/tmp/.central-key-manager-api-storage.sock";
char const * const SERVICE_SOCKET_OCSP = "/tmp/.central-key-manager-api-ocsp.sock";
+char const * const SERVICE_SOCKET_ENCRYPTION = "/tmp/.central-key-manager-api-encryption.sock";
+char const * const LABEL_NAME_SEPARATOR = " ";
+char const * const LABEL_SYSTEM_DB = "/";
-DBDataType toDBDataType(KeyType key) {
- switch(key) {
- case KeyType::KEY_RSA_PUBLIC: return DBDataType::KEY_RSA_PUBLIC;
- case KeyType::KEY_RSA_PRIVATE: return DBDataType::KEY_RSA_PRIVATE;
- case KeyType::KEY_DSA_PUBLIC: return DBDataType::KEY_DSA_PUBLIC;
- case KeyType::KEY_DSA_PRIVATE: return DBDataType::KEY_DSA_PRIVATE;
- case KeyType::KEY_ECDSA_PUBLIC: return DBDataType::KEY_ECDSA_PUBLIC;
- case KeyType::KEY_ECDSA_PRIVATE: return DBDataType::KEY_ECDSA_PRIVATE;
- case KeyType::KEY_AES: return DBDataType::KEY_AES;
- default:
- // TODO
- throw 1;
+
+PKCS12Serializable::PKCS12Serializable() {}
+PKCS12Serializable::PKCS12Serializable(const PKCS12 &pkcs)
+ : PKCS12Impl(pkcs)
+{}
+
+PKCS12Serializable::PKCS12Serializable(IStream &stream)
+{
+ // key
+ size_t numKeys;
+ Deserialization::Deserialize(stream, numKeys);
+ if(numKeys > 0) {
+ int keyType;
+ RawBuffer keyData;
+ Deserialization::Deserialize(stream, keyType);
+ Deserialization::Deserialize(stream, keyData);
+ m_pkey = CKM::Key::create(keyData);
}
-}
-KeyType toKeyType(DBDataType dbtype) {
- switch(dbtype) {
- case DBDataType::KEY_RSA_PUBLIC: return KeyType::KEY_RSA_PUBLIC;
- case DBDataType::KEY_RSA_PRIVATE: return KeyType::KEY_RSA_PRIVATE;
- case DBDataType::KEY_DSA_PUBLIC: return KeyType::KEY_DSA_PUBLIC;
- case DBDataType::KEY_DSA_PRIVATE: return KeyType::KEY_DSA_PRIVATE;
- case DBDataType::KEY_ECDSA_PRIVATE: return KeyType::KEY_ECDSA_PRIVATE;
- case DBDataType::KEY_ECDSA_PUBLIC: return KeyType::KEY_ECDSA_PUBLIC;
- case DBDataType::KEY_AES: return KeyType::KEY_AES;
- default:
- // TODO
- throw 1;
+ // cert
+ size_t numCerts;
+ Deserialization::Deserialize(stream, numCerts);
+ if(numCerts > 0) {
+ RawBuffer certData;
+ Deserialization::Deserialize(stream, certData);
+ m_cert = CKM::Certificate::create(certData, DataFormat::FORM_DER);
}
-}
-const char* toDBAccessRight(AccessRight access_right_type) {
- switch(access_right_type) {
- case AccessRight::AR_READ: return "R";
- case AccessRight::AR_READ_REMOVE: return "RD";
- default:
- // TODO
- throw 1;
+ // CA chain
+ size_t num_CA;
+ Deserialization::Deserialize(stream, num_CA);
+ for(size_t i=0; i<num_CA; i++)
+ {
+ RawBuffer CAcertData;
+ Deserialization::Deserialize(stream, CAcertData);
+ m_ca.push_back(CKM::Certificate::create(CAcertData, DataFormat::FORM_DER));
}
}
+PKCS12Serializable::PKCS12Serializable(const KeyShPtr &privKey, const CertificateShPtr &cert, const CertificateShPtrVector &chainCerts)
+{
+ m_pkey = privKey;
+ m_cert = cert;
+ m_ca = chainCerts;
+}
-PolicySerializable::PolicySerializable()
-{}
+void PKCS12Serializable::Serialize(IStream &stream) const
+{
+ // key
+ Key *keyPtr = getKey().get();
+ bool isAnyKeyPresent = (getKey().get()!=NULL);
+ // logics if PKCS is correct or not is on the service side.
+ // sending number of keys and certificates to allow proper parsing on the service side.
+ // (what if no key or cert present? attempt to deserialize a not present key/cert would
+ // throw an error and close the connection).
+ Serialization::Serialize(stream, static_cast<size_t>(isAnyKeyPresent?1:0));
+ if(keyPtr) {
+ Serialization::Serialize(stream, DataType(keyPtr->getType()));
+ Serialization::Serialize(stream, keyPtr->getDER());
+ }
-PolicySerializable::PolicySerializable(const Policy &policy)
- : Policy(policy)
-{}
+ bool isAnyCertPresent = (getCertificate().get()!=NULL);
+ Serialization::Serialize(stream, static_cast<size_t>(isAnyCertPresent?1:0));
+ if(isAnyCertPresent) {
+ Serialization::Serialize(stream, getCertificate().get()->getDER());
+ }
-PolicySerializable::PolicySerializable(IStream &stream) {
- Deserialization::Deserialize(stream, password);
- Deserialization::Deserialize(stream, extractable);
+ // CA chain
+ Serialization::Serialize(stream, getCaCertificateShPtrVector().size());
+ for(auto it : getCaCertificateShPtrVector())
+ Serialization::Serialize(stream, it->getDER());
+};
+
+
+CryptoAlgorithmSerializable::CryptoAlgorithmSerializable() {}
+CryptoAlgorithmSerializable::CryptoAlgorithmSerializable(const CryptoAlgorithm &algo) :
+ CryptoAlgorithm(algo)
+{
}
-void PolicySerializable::Serialize(IStream &stream) const {
- Serialization::Serialize(stream, password);
- Serialization::Serialize(stream, extractable);
+CryptoAlgorithmSerializable::CryptoAlgorithmSerializable(IStream &stream)
+{
+ size_t plen = 0;
+ Deserializer<size_t>::Deserialize(stream, plen);
+ while(plen) {
+ ParamName name;
+ uint64_t integer;
+ RawBuffer buffer;
+ int tmpName;
+ Deserializer<int>::Deserialize(stream, tmpName);
+ name = static_cast<ParamName>(tmpName);
+ switch (name) {
+ case ParamName::ED_IV:
+ case ParamName::ED_AAD:
+ case ParamName::ED_LABEL:
+ Deserializer<RawBuffer>::Deserialize(stream, buffer);
+ setParam(name, buffer);
+ break;
+
+ case ParamName::ALGO_TYPE:
+ case ParamName::ED_CTR_LEN:
+ case ParamName::ED_TAG_LEN:
+ case ParamName::GEN_KEY_LEN:
+ case ParamName::GEN_EC:
+ case ParamName::SV_HASH_ALGO:
+ case ParamName::SV_RSA_PADDING:
+ Deserializer<uint64_t>::Deserialize(stream, integer);
+ setParam(name, integer);
+ break;
+
+ default:
+ ThrowMsg(UnsupportedParam, "Unsupported param name");
+ }
+ plen--;
+ }
+}
+
+void CryptoAlgorithmSerializable::Serialize(IStream &stream) const
+{
+ Serializer<size_t>::Serialize(stream, m_params.size());
+ for(const auto& it : m_params) {
+ Serializer<int>::Serialize(stream, static_cast<int>(it.first));
+ uint64_t integer;
+ RawBuffer buffer;
+ if (it.second->getInt(integer))
+ Serializer<uint64_t>::Serialize(stream, integer);
+ else if (it.second->getBuffer(buffer))
+ Serializer<RawBuffer>::Serialize(stream, buffer);
+ else
+ ThrowMsg(UnsupportedParam, "Unsupported param type");
+ }
+
}
} // namespace CKM
projects / platform / core / security / key-manager.git / blobdiff