#include <file-system.h>
#include <ckm-logic.h>
#include <key-impl.h>
+#include <key-aes-impl.h>
#include <certificate-config.h>
#include <certificate-store.h>
#include <dirent.h>
#include <algorithm>
#include <InitialValuesFile.h>
-
+#include <sw-backend/store.h>
#include <generic-backend/exception.h>
namespace {
// verify the data integrity
if (dataType.isKey())
{
- KeyShPtr output_key = CKM::Key::create(input_data);
+ KeyShPtr output_key;
+ if(dataType.isSKey())
+ output_key = CKM::Key::createAES(input_data);
+ else
+ output_key = CKM::Key::create(input_data);
if(output_key.get() == NULL)
{
LogError("provided binary data is not valid key data");
}
+int CKMLogic::createKeyAESHelper(
+ const Credentials &cred,
+ const int size,
+ const Name &name,
+ const Label &label,
+ const PolicySerializable &policy)
+{
+ CryptoAlgorithm keyGenAlgorithm;
+ keyGenAlgorithm.addParam(ParamName::GEN_KEY_LEN, size);
+ Token key = m_decider.getStore(DataType::KEY_AES, policy.extractable).generateSKey(keyGenAlgorithm);
+
+ return saveDataHelper(cred,
+ name,
+ label,
+ DataType::KEY_AES,
+ key.data,
+ policy);
+}
+
+
int CKMLogic::createKeyPairHelper(
const Credentials &cred,
- const KeyType key_type,
- const int additional_param,
+ const CryptoAlgorithmSerializable & keyGenParams,
const Name &namePrivate,
const Label &labelPrivate,
const Name &namePublic,
const PolicySerializable &policyPrivate,
const PolicySerializable &policyPublic)
{
- CryptoAlgorithm keyGenAlgorithm;
- switch(key_type)
- {
- case KeyType::KEY_RSA_PUBLIC:
- case KeyType::KEY_RSA_PRIVATE:
- keyGenAlgorithm.addParam(ParamName::ALGO_TYPE, AlgoType::RSA_GEN);
- keyGenAlgorithm.addParam(ParamName::GEN_KEY_LEN, additional_param);
- break;
-
- case KeyType::KEY_DSA_PUBLIC:
- case KeyType::KEY_DSA_PRIVATE:
- keyGenAlgorithm.addParam(ParamName::ALGO_TYPE, AlgoType::DSA_GEN);
- keyGenAlgorithm.addParam(ParamName::GEN_KEY_LEN, additional_param);
- break;
-
- case KeyType::KEY_ECDSA_PUBLIC:
- case KeyType::KEY_ECDSA_PRIVATE:
- keyGenAlgorithm.addParam(ParamName::ALGO_TYPE, AlgoType::ECDSA_GEN);
- keyGenAlgorithm.addParam(ParamName::GEN_EC, additional_param);
- break;
-
- default:
- LogError("Invalid key_type for asymetric key generation: " << (int)key_type);
- return CKM_API_ERROR_INPUT_PARAM;
- }
-
auto &handlerPriv = selectDatabase(cred, labelPrivate);
auto &handlerPub = selectDatabase(cred, labelPublic);
+ AlgoType keyType = AlgoType::RSA_GEN;
+ if(!keyGenParams.getParam(ParamName::ALGO_TYPE, keyType))
+ ThrowMsg(Crypto::Exception::InputParam, "Error, parameter ALGO_TYPE not found.");
+ DataType dt(keyType);
+ if(!dt.isKey())
+ ThrowMsg(Crypto::Exception::InputParam, "Error, parameter ALGO_TYPE with wrong value.");
+
bool exportable = policyPrivate.extractable || policyPublic.extractable;
- TokenPair keys = m_decider.getStore(DataType(key_type), exportable).generateAKey(keyGenAlgorithm);
+ TokenPair keys = m_decider.getStore(dt, exportable).generateAKey(keyGenParams);
DB::Crypto::Transaction transactionPriv(&handlerPriv.database);
// in case the same database is used for private and public - the second
RawBuffer CKMLogic::createKeyPair(
const Credentials &cred,
- LogicCommand protocol_cmd,
int commandId,
- const int additional_param,
+ const CryptoAlgorithmSerializable & keyGenParams,
const Name &namePrivate,
const Label &labelPrivate,
const Name &namePublic,
{
int retCode = CKM_API_SUCCESS;
- KeyType key_type = KeyType::KEY_NONE;
- switch(protocol_cmd)
- {
- case LogicCommand::CREATE_KEY_PAIR_RSA:
- key_type = KeyType::KEY_RSA_PUBLIC;
- break;
- case LogicCommand::CREATE_KEY_PAIR_DSA:
- key_type = KeyType::KEY_DSA_PUBLIC;
- break;
- case LogicCommand::CREATE_KEY_PAIR_ECDSA:
- key_type = KeyType::KEY_ECDSA_PUBLIC;
- break;
- default:
- break;
- }
-
try {
retCode = createKeyPairHelper(
cred,
- key_type,
- additional_param,
+ keyGenParams,
namePrivate,
labelPrivate,
namePublic,
retCode = CKM_API_ERROR_SERVER_ERROR;
}
- return MessageBuffer::Serialize(static_cast<int>(protocol_cmd), commandId, retCode).Pop();
+ return MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_KEY_PAIR),
+ commandId, retCode).Pop();
+}
+
+RawBuffer CKMLogic::createKeyAES(
+ const Credentials &cred,
+ int commandId,
+ const int size,
+ const Name &name,
+ const Label &label,
+ const PolicySerializable &policy)
+{
+ int retCode = CKM_API_SUCCESS;
+
+ try {
+ retCode = createKeyAESHelper(cred, size, name, label, policy);
+ } catch (const Crypto::Exception::OperationNotSupported &e) {
+ LogDebug("GStore error: operation not supported: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
+ } catch (const Crypto::Exception::InternalError & e) {
+ LogDebug("GStore key generation failed: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
+ } catch( const Crypto::Exception::InputParam & e) {
+ LogDebug("Missing or wrong input parameters: " << e.GetMessage());
+ retCode = CKM_API_ERROR_INPUT_PARAM;
+ } catch (std::invalid_argument &e) {
+ LogDebug("invalid argument error: " << e.what());
+ retCode = CKM_API_ERROR_INPUT_PARAM;
+ } catch (DB::Crypto::Exception::TransactionError &e) {
+ LogDebug("DB::Crypto error: transaction error: " << e.GetMessage());
+ retCode = CKM_API_ERROR_DB_ERROR;
+ } catch (CKM::CryptoLogic::Exception::Base &e) {
+ LogDebug("CryptoLogic error: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
+ } catch (DB::Crypto::Exception::InternalError &e) {
+ LogDebug("DB::Crypto internal error: " << e.GetMessage());
+ retCode = CKM_API_ERROR_DB_ERROR;
+ } catch (const CKMLogic::Exception::DatabaseLocked &e) {
+ LogError("Error " << e.GetMessage());
+ retCode = CKM_API_ERROR_DB_LOCKED;
+ } catch (const CKM::Exception &e) {
+ LogError("CKM::Exception: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
+ }
+
+ return MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_KEY_AES),
+ commandId, retCode).Pop();
}
int CKMLogic::readCertificateHelper(