CKMLogic::~CKMLogic(){}
-SafeBuffer CKMLogic::unlockUserKey(uid_t user, const std::string &password) {
+RawBuffer CKMLogic::unlockUserKey(uid_t user, const Password &password) {
// TODO try catch for all errors that should be supported by error code
int retCode = CKM_API_SUCCESS;
handle.keyProvider = KeyProvider(wrappedDomainKEK, password);
- SafeBuffer key = handle.keyProvider.getPureDomainKEK();
+ RawBuffer key = handle.keyProvider.getPureDomainKEK();
handle.database = DBCrypto(fs.getDBPath(), key);
handle.crypto = CryptoLogic();
// TODO wipe key
return response.Pop();
}
-SafeBuffer CKMLogic::lockUserKey(uid_t user) {
+RawBuffer CKMLogic::lockUserKey(uid_t user) {
int retCode = CKM_API_SUCCESS;
// TODO try catch for all errors that should be supported by error code
m_userDataMap.erase(user);
return response.Pop();
}
-SafeBuffer CKMLogic::removeUserData(uid_t user) {
+RawBuffer CKMLogic::removeUserData(uid_t user) {
int retCode = CKM_API_SUCCESS;
// TODO try catch for all errors that should be supported by error code
m_userDataMap.erase(user);
return response.Pop();
}
-SafeBuffer CKMLogic::changeUserPassword(
+RawBuffer CKMLogic::changeUserPassword(
uid_t user,
- const std::string &oldPassword,
- const std::string &newPassword)
+ const Password &oldPassword,
+ const Password &newPassword)
{
int retCode = CKM_API_SUCCESS;
try {
return response.Pop();
}
-SafeBuffer CKMLogic::resetUserPassword(
+RawBuffer CKMLogic::resetUserPassword(
uid_t user,
- const std::string &newPassword)
+ const Password &newPassword)
{
int retCode = CKM_API_SUCCESS;
// TODO try-catch
Credentials &cred,
DBDataType dataType,
const Alias &alias,
- const SafeBuffer &key,
+ const RawBuffer &key,
const PolicySerializable &policy)
{
if (0 == m_userDataMap.count(cred.uid))
DBRow row = { alias, cred.smackLabel, policy.restricted,
policy.extractable, dataType, DBCMAlgType::NONE,
- 0, SafeBuffer(), static_cast<int>(key.size()), key };
+ 0, RawBuffer(), static_cast<int>(key.size()), key };
auto &handler = m_userDataMap[cred.uid];
DBCrypto::Transaction transaction(&handler.database);
if (!handler.crypto.haveKey(cred.smackLabel)) {
- SafeBuffer key;
+ RawBuffer key;
auto key_optional = handler.database.getKey(cred.smackLabel);
if(!key_optional) {
LogDebug("No Key in database found. Generating new one for label: "
return CKM_API_SUCCESS;
}
-SafeBuffer CKMLogic::saveData(
+RawBuffer CKMLogic::saveData(
Credentials &cred,
int commandId,
DBDataType dataType,
const Alias &alias,
- const SafeBuffer &key,
+ const RawBuffer &key,
const PolicySerializable &policy)
{
int retCode = CKM_API_SUCCESS;
return response.Pop();
}
-SafeBuffer CKMLogic::removeData(
+RawBuffer CKMLogic::removeData(
Credentials &cred,
int commandId,
DBDataType dataType,
int retCode = CKM_API_SUCCESS;
if (0 < m_userDataMap.count(cred.uid)) {
- // check if the data exists or not
- DBCrypto::DBRowOptional row_optional;
- if (dataType == DBDataType::CERTIFICATE || dataType == DBDataType::BINARY_DATA) {
- row_optional = m_userDataMap[cred.uid].database.getDBRow(alias, cred.smackLabel, dataType);
- } else if ((static_cast<int>(dataType) >= static_cast<int>(DBDataType::DB_KEY_FIRST))
- && (static_cast<int>(dataType) <= static_cast<int>(DBDataType::DB_KEY_LAST)))
- {
- row_optional = m_userDataMap[cred.uid].database.getKeyDBRow(alias, cred.smackLabel);
- } else {
- LogError("Unknown type of requested data" << (int)dataType);
- retCode = CKM_API_ERROR_BAD_REQUEST;
- }
- if(!row_optional) {
- LogError("No row for given alias, label and type");
- retCode = CKM_API_ERROR_DB_ALIAS_UNKNOWN;
- }
-
- // remove if the data exists
- if(retCode == CKM_API_SUCCESS) {
- Try {
- m_userDataMap[cred.uid].database.deleteDBRow(alias, cred.smackLabel);
- } Catch (CKM::Exception) {
- LogError("Error in deleting row!");
- retCode = CKM_API_ERROR_DB_ERROR;
+ Try {
+ auto erased = m_userDataMap[cred.uid].database.deleteDBRow(alias, cred.smackLabel);
+ // check if the data existed or not
+ if(!erased) {
+ LogError("No row for given alias and label");
+ retCode = CKM_API_ERROR_DB_ALIAS_UNKNOWN;
}
+ } Catch (CKM::Exception) {
+ LogError("Error in deleting row!");
+ retCode = CKM_API_ERROR_DB_ERROR;
}
} else {
retCode = CKM_API_ERROR_DB_LOCKED;
Credentials &cred,
DBDataType dataType,
const Alias &alias,
- const std::string &password,
+ const Password &password,
DBRow &row)
{
}
if (!handler.crypto.haveKey(row.smackLabel)) {
- SafeBuffer key;
+ RawBuffer key;
auto key_optional = handler.database.getKey(row.smackLabel);
if(!key_optional) {
LogError("No key for given label in database");
return CKM_API_SUCCESS;
}
-SafeBuffer CKMLogic::getData(
+RawBuffer CKMLogic::getData(
Credentials &cred,
int commandId,
DBDataType dataType,
const Alias &alias,
- const std::string &password)
+ const Password &password)
{
int retCode = CKM_API_SUCCESS;
DBRow row;
row.dataType = dataType;
}
+ if ((CKM_API_SUCCESS == retCode) && (row.exportable == 0)) {
+ row.data.clear();
+ retCode = CKM_API_ERROR_NOT_EXPORTABLE;
+ }
+
MessageBuffer response;
Serialization::Serialize(response, static_cast<int>(LogicCommand::GET));
Serialization::Serialize(response, commandId);
return response.Pop();
}
-SafeBuffer CKMLogic::getDataList(
+RawBuffer CKMLogic::getDataList(
Credentials &cred,
int commandId,
DBDataType dataType)
retCode = saveDataHelper(cred,
toDBDataType(prv.getType()),
aliasPrivate,
- prv.getDERSB(),
+ prv.getDER(),
policyPrivate);
if (CKM_API_SUCCESS != retCode)
retCode = saveDataHelper(cred,
toDBDataType(pub.getType()),
aliasPublic,
- pub.getDERSB(),
+ pub.getDER(),
policyPublic);
if (CKM_API_SUCCESS != retCode)
return retCode;
}
-SafeBuffer CKMLogic::createKeyPairRSA(
+RawBuffer CKMLogic::createKeyPairRSA(
Credentials &cred,
int commandId,
int size,
retCode = saveDataHelper(cred,
toDBDataType(prv.getType()),
aliasPrivate,
- prv.getDERSB(),
+ prv.getDER(),
policyPrivate);
if (CKM_API_SUCCESS != retCode)
retCode = saveDataHelper(cred,
toDBDataType(pub.getType()),
aliasPublic,
- pub.getDERSB(),
+ pub.getDER(),
policyPublic);
if (CKM_API_SUCCESS != retCode)
return retCode;
}
-SafeBuffer CKMLogic::createKeyPairECDSA(
+RawBuffer CKMLogic::createKeyPairECDSA(
Credentials &cred,
int commandId,
int type,
return response.Pop();
}
-SafeBuffer CKMLogic::getCertificateChain(
+RawBuffer CKMLogic::getCertificateChain(
Credentials &cred,
int commandId,
- const SafeBuffer &certificate,
- const SafeBufferVector &untrustedRawCertVector)
+ const RawBuffer &certificate,
+ const RawBufferVector &untrustedRawCertVector)
{
(void)cred;
CertificateImpl cert(certificate, DataFormat::FORM_DER);
CertificateImplVector untrustedCertVector;
CertificateImplVector chainVector;
- SafeBufferVector chainRawVector;
+ RawBufferVector chainRawVector;
for (auto &e: untrustedRawCertVector)
untrustedCertVector.push_back(CertificateImpl(e, DataFormat::FORM_DER));
if (retCode == CKM_API_SUCCESS) {
for (auto &e : chainVector)
- chainRawVector.push_back(e.getDERSB());
+ chainRawVector.push_back(e.getDER());
}
MessageBuffer response;
return response.Pop();
}
-SafeBuffer CKMLogic::getCertificateChain(
+RawBuffer CKMLogic::getCertificateChain(
Credentials &cred,
int commandId,
- const SafeBuffer &certificate,
+ const RawBuffer &certificate,
const AliasVector &aliasVector)
{
int retCode = CKM_API_SUCCESS;
- SafeBufferVector chainRawVector;
+ RawBufferVector chainRawVector;
try {
CertificateImpl cert(certificate, DataFormat::FORM_DER);
CertificateImplVector untrustedCertVector;
}
for (auto &i: aliasVector) {
- retCode = getDataHelper(cred, DBDataType::CERTIFICATE, i, std::string(), row);
+ retCode = getDataHelper(cred, DBDataType::CERTIFICATE, i, Password(), row);
if (retCode != CKM_API_SUCCESS)
goto senderror;
goto senderror;
for (auto &i: chainVector)
- chainRawVector.push_back(i.getDERSB());
+ chainRawVector.push_back(i.getDER());
} catch (const CryptoLogic::Exception::Base &e) {
LogError("DBCyptorModule failed with message: " << e.GetMessage());
return response.Pop();
}
-SafeBuffer CKMLogic::createSignature(
+RawBuffer CKMLogic::createSignature(
Credentials &cred,
int commandId,
const Alias &privateKeyAlias,
- const std::string &password, // password for private_key
- const SafeBuffer &message,
+ const Password &password, // password for private_key
+ const RawBuffer &message,
const HashAlgorithm hash,
const RSAPaddingAlgorithm padding)
{
DBRow row;
CryptoService cs;
- SafeBuffer signature;
+ RawBuffer signature;
int retCode = CKM_API_SUCCESS;
break;
}
- GenericKey keyParsed(row.data, std::string());
+ GenericKey keyParsed(row.data, Password());
if (keyParsed.empty())
retCode = CKM_API_ERROR_SERVER_ERROR;
else
return response.Pop();
}
-SafeBuffer CKMLogic::verifySignature(
+RawBuffer CKMLogic::verifySignature(
Credentials &cred,
int commandId,
const Alias &publicKeyOrCertAlias,
- const std::string &password, // password for public_key (optional)
- const SafeBuffer &message,
- const SafeBuffer &signature,
+ const Password &password, // password for public_key (optional)
+ const RawBuffer &message,
+ const RawBuffer &signature,
const HashAlgorithm hash,
const RSAPaddingAlgorithm padding)
{
projects / platform / core / security / key-manager.git / blobdiff