*/
#include <dpl/serialization.h>
#include <dpl/log/log.h>
-#include <ckm/ckm-manager.h>
-#include <ckm/ckm-control.h>
#include <ckm/ckm-error.h>
#include <ckm/ckm-type.h>
#include <key-provider.h>
CKMLogic::~CKMLogic(){}
-RawBuffer CKMLogic::unlockUserKey(uid_t user, const std::string &password) {
+RawBuffer CKMLogic::unlockUserKey(uid_t user, const Password &password) {
// TODO try catch for all errors that should be supported by error code
int retCode = CKM_API_SUCCESS;
RawBuffer key = handle.keyProvider.getPureDomainKEK();
handle.database = DBCrypto(fs.getDBPath(), key);
- handle.crypto = DBCryptoModule(key);
+ handle.crypto = CryptoLogic();
// TODO wipe key
}
+ } catch (const KeyProvider::Exception::PassWordError &e) {
+ LogError("Incorrect Password " << e.GetMessage());
+ retCode = CKM_API_ERROR_AUTHENTICATION_FAILED;
} catch (const KeyProvider::Exception::Base &e) {
LogError("Error in KeyProvider " << e.GetMessage());
retCode = CKM_API_ERROR_SERVER_ERROR;
+ } catch (const CryptoLogic::Exception::Base &e) {
+ LogError("CryptoLogic error: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
+ } catch (const CKM::Exception &e) {
+ LogError("CKM::Exception: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
}
MessageBuffer response;
RawBuffer CKMLogic::changeUserPassword(
uid_t user,
- const std::string &oldPassword,
- const std::string &newPassword)
+ const Password &oldPassword,
+ const Password &newPassword)
{
int retCode = CKM_API_SUCCESS;
- // TODO try-catch
- FileSystem fs(user);
- auto wrappedDomainKEK = fs.getDomainKEK();
- if (wrappedDomainKEK.empty()) {
- retCode = CKM_API_ERROR_BAD_REQUEST;
- } else {
- wrappedDomainKEK = KeyProvider::reencrypt(wrappedDomainKEK, oldPassword, newPassword);
- fs.saveDomainKEK(wrappedDomainKEK);
+ try {
+ FileSystem fs(user);
+ auto wrappedDomainKEK = fs.getDomainKEK();
+ if (wrappedDomainKEK.empty()) {
+ retCode = CKM_API_ERROR_BAD_REQUEST;
+ } else {
+ wrappedDomainKEK = KeyProvider::reencrypt(wrappedDomainKEK, oldPassword, newPassword);
+ fs.saveDomainKEK(wrappedDomainKEK);
+ }
+ } catch (const KeyProvider::Exception::PassWordError &e) {
+ LogError("Incorrect Password " << e.GetMessage());
+ retCode = CKM_API_ERROR_AUTHENTICATION_FAILED;
+ } catch (const KeyProvider::Exception::Base &e) {
+ LogError("Error in KeyProvider " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
+ } catch (const CKM::Exception &e) {
+ LogError("CKM::Exception: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
}
+
MessageBuffer response;
Serialization::Serialize(response, retCode);
return response.Pop();
RawBuffer CKMLogic::resetUserPassword(
uid_t user,
- const std::string &newPassword)
+ const Password &newPassword)
{
int retCode = CKM_API_SUCCESS;
// TODO try-catch
DBRow row = { alias, cred.smackLabel, policy.restricted,
policy.extractable, dataType, DBCMAlgType::NONE,
- 0, RawBuffer(10, 'c'), key.size(), key };
+ 0, RawBuffer(), static_cast<int>(key.size()), key };
auto &handler = m_userDataMap[cred.uid];
DBCrypto::Transaction transaction(&handler.database);
LogDebug("No Key in database found. Generating new one for label: "
<< cred.smackLabel);
key = handler.keyProvider.generateDEK(cred.smackLabel);
+ handler.database.saveKey(cred.smackLabel, key);
} else {
+ LogDebug("Key from DB");
key = *key_optional;
}
key = handler.keyProvider.getPureDEK(key);
handler.crypto.pushKey(cred.smackLabel, key);
- handler.database.saveKey(cred.smackLabel, key);
}
handler.crypto.encryptRow(policy.password, row);
handler.database.saveDBRow(row);
} catch (const KeyProvider::Exception::Base &e) {
LogError("KeyProvider failed with message: " << e.GetMessage());
retCode = CKM_API_ERROR_SERVER_ERROR;
- } catch (const DBCryptoModule::Exception::Base &e) {
- LogError("DBCryptoModule failed with message: " << e.GetMessage());
+ } catch (const CryptoLogic::Exception::Base &e) {
+ LogError("CryptoLogic failed with message: " << e.GetMessage());
retCode = CKM_API_ERROR_SERVER_ERROR;
} catch (const DBCrypto::Exception::InternalError &e) {
LogError("DBCrypto failed with message: " << e.GetMessage());
if (0 < m_userDataMap.count(cred.uid)) {
Try {
- m_userDataMap[cred.uid].database.deleteDBRow(alias, cred.smackLabel);
+ auto erased = m_userDataMap[cred.uid].database.deleteDBRow(alias, cred.smackLabel);
+ // check if the data existed or not
+ if(!erased) {
+ LogError("No row for given alias and label");
+ retCode = CKM_API_ERROR_DB_ALIAS_UNKNOWN;
+ }
} Catch (CKM::Exception) {
LogError("Error in deleting row!");
retCode = CKM_API_ERROR_DB_ERROR;
Credentials &cred,
DBDataType dataType,
const Alias &alias,
- const std::string &password,
+ const Password &password,
DBRow &row)
{
int commandId,
DBDataType dataType,
const Alias &alias,
- const std::string &password)
+ const Password &password)
{
int retCode = CKM_API_SUCCESS;
DBRow row;
} catch (const KeyProvider::Exception::Base &e) {
LogError("KeyProvider failed with error: " << e.GetMessage());
retCode = CKM_API_ERROR_SERVER_ERROR;
- } catch (const DBCryptoModule::Exception::Base &e) {
- LogError("DBCryptoModule failed with message: " << e.GetMessage());
+ } catch (const CryptoLogic::Exception::Base &e) {
+ LogError("CryptoLogic failed with message: " << e.GetMessage());
retCode = CKM_API_ERROR_SERVER_ERROR;
} catch (const DBCrypto::Exception::Base &e) {
LogError("DBCrypto failed with message: " << e.GetMessage());
row.dataType = dataType;
}
+ if ((CKM_API_SUCCESS == retCode) && (row.exportable == 0)) {
+ row.data.clear();
+ retCode = CKM_API_ERROR_NOT_EXPORTABLE;
+ }
+
MessageBuffer response;
Serialization::Serialize(response, static_cast<int>(LogicCommand::GET));
Serialization::Serialize(response, commandId);
} catch (DBCrypto::Exception::TransactionError &e) {
LogDebug("DBCrypto error: transaction error: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
+ } catch (CKM::CryptoLogic::Exception::Base &e) {
+ LogDebug("CryptoLogic error: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
} catch (DBCrypto::Exception::InternalError &e) {
LogDebug("DBCrypto internal error: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
} catch (const DBCrypto::Exception::TransactionError &e) {
LogDebug("DBCrypto error: transaction error: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
+ } catch (const CKM::CryptoLogic::Exception::Base &e) {
+ LogDebug("CryptoLogic error: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
} catch (const DBCrypto::Exception::InternalError &e) {
LogDebug("DBCrypto internal error: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
const RawBuffer &certificate,
const AliasVector &aliasVector)
{
- (void) cred;
- (void) commandId;
- (void) certificate;
- (void) aliasVector;
+ int retCode = CKM_API_SUCCESS;
+ RawBufferVector chainRawVector;
+ try {
+ CertificateImpl cert(certificate, DataFormat::FORM_DER);
+ CertificateImplVector untrustedCertVector;
+ CertificateImplVector chainVector;
+ DBRow row;
+
+ if (cert.empty()) {
+ retCode = CKM_API_ERROR_SERVER_ERROR;
+ goto senderror;
+ }
+
+ for (auto &i: aliasVector) {
+ retCode = getDataHelper(cred, DBDataType::CERTIFICATE, i, Password(), row);
+
+ if (retCode != CKM_API_SUCCESS)
+ goto senderror;
+
+ untrustedCertVector.push_back(CertificateImpl(row.data, DataFormat::FORM_DER));
+ }
+
+ retCode = m_certStore.verifyCertificate(cert, untrustedCertVector, chainVector);
+
+ if (retCode != CKM_API_SUCCESS)
+ goto senderror;
+
+ for (auto &i: chainVector)
+ chainRawVector.push_back(i.getDER());
+
+ } catch (const CryptoLogic::Exception::Base &e) {
+ LogError("DBCyptorModule failed with message: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
+ } catch (const DBCrypto::Exception::Base &e) {
+ LogError("DBCrypto failed with message: " << e.GetMessage());
+ retCode = CKM_API_ERROR_DB_ERROR;
+ } catch (...) {
+ LogError("Unknown error.");
+ }
+senderror:
MessageBuffer response;
Serialization::Serialize(response, static_cast<int>(LogicCommand::GET_CHAIN_ALIAS));
Serialization::Serialize(response, commandId);
- Serialization::Serialize(response, static_cast<int>(CKM_API_SUCCESS));
- Serialization::Serialize(response, RawBufferVector());
+ Serialization::Serialize(response, retCode);
+ Serialization::Serialize(response, chainRawVector);
return response.Pop();
}
Credentials &cred,
int commandId,
const Alias &privateKeyAlias,
- const std::string &password, // password for private_key
+ const Password &password, // password for private_key
const RawBuffer &message,
const HashAlgorithm hash,
const RSAPaddingAlgorithm padding)
{
-
DBRow row;
CryptoService cs;
RawBuffer signature;
do {
retCode = getDataHelper(cred, DBDataType::KEY_RSA_PUBLIC, privateKeyAlias, password, row);
if (CKM_API_SUCCESS != retCode) {
- LogError("getDataHelper return error:");
+ LogError("getDataHelper return error");
break;
}
- GenericKey keyParsed(row.data, std::string());
+ GenericKey keyParsed(row.data, Password());
if (keyParsed.empty())
retCode = CKM_API_ERROR_SERVER_ERROR;
else
cs.createSignature(keyParsed, message, hash, padding, signature);
} while(0);
} catch (const KeyProvider::Exception::Base &e) {
- LogError("KeyProvider failed with error: " << e.GetMessage());
+ LogError("KeyProvider failed with message: " << e.GetMessage());
retCode = CKM_API_ERROR_SERVER_ERROR;
- } catch (const DBCryptoModule::Exception::Base &e) {
- LogError("DBCryptoModule failed with message: " << e.GetMessage());
+ } catch (const CryptoLogic::Exception::Base &e) {
+ LogError("CryptoLogic failed with message: " << e.GetMessage());
retCode = CKM_API_ERROR_SERVER_ERROR;
} catch (const DBCrypto::Exception::Base &e) {
LogError("DBCrypto failed with message: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
+ } catch (const CKM::Exception &e) {
+ LogError("Unknown CKM::Exception: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
}
MessageBuffer response;
Credentials &cred,
int commandId,
const Alias &publicKeyOrCertAlias,
- const std::string &password, // password for public_key (optional)
+ const Password &password, // password for public_key (optional)
const RawBuffer &message,
const RawBuffer &signature,
const HashAlgorithm hash,
} catch (const KeyProvider::Exception::Base &e) {
LogError("KeyProvider failed with error: " << e.GetMessage());
retCode = CKM_API_ERROR_SERVER_ERROR;
- } catch (const DBCryptoModule::Exception::Base &e) {
- LogError("DBCryptoModule failed with message: " << e.GetMessage());
+ } catch (const CryptoLogic::Exception::Base &e) {
+ LogError("CryptoLogic failed with message: " << e.GetMessage());
retCode = CKM_API_ERROR_SERVER_ERROR;
} catch (const DBCrypto::Exception::Base &e) {
LogError("DBCrypto failed with message: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
+ } catch (const CKM::Exception &e) {
+ LogError("Unknown CKM::Exception: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
}
MessageBuffer response;