const Alias &newKeyAlias,
const Policy &newKeyPolicy);
- static ManagerShPtr create();
-
int importWrappedKey(const CryptoAlgorithm ¶ms,
const Alias &wrappingKeyAlias,
const Password &wrappingKeyPassword,
const Alias &alias,
- const RawBuffer &encryptedKey,
+ const RawBuffer &wrappedKey,
const KeyType keyType,
const Policy &policy);
KeyType &keyType,
RawBuffer &wrappedKey);
+ static ManagerShPtr create();
+
private:
std::unique_ptr<Impl> m_impl;
};
keyType,
wrappedKey));
-
-
if (ret == CKMC_ERROR_NONE) {
- ckmc_key_type_e ckmcKeyType = static_cast<ckmc_key_type_e>(keyType);
- ret = ckmc_key_new(wrappedKey.data(), wrappedKey.size(), ckmcKeyType, nullptr, &wrapped_key);
+ ckmc_key_type_e key_type = static_cast<ckmc_key_type_e>(keyType);
+ ret = ckmc_key_new(wrappedKey.data(), wrappedKey.size(), key_type, nullptr, &wrapped_key);
if (ret == CKMC_ERROR_NONE)
*ppwrapped_key = wrapped_key;
}
const Alias &wrappingKeyAlias,
const Password &wrappingKeyPassword,
const Alias &alias,
- const RawBuffer &encryptedKey,
+ const RawBuffer &wrappedKey,
const KeyType keyType,
const Policy &policy)
{
LogicCommand::IMPORT_WRAPPED_KEY,
m_storageConnection,
CryptoAlgorithmSerializable(params),
+ wrapping_helper.getName(),
+ wrapping_helper.getOwner(),
wrappingKeyPassword,
- encryptedKey,
- DataType(keyType),
- PolicySerializable(policy),
helper.getName(),
helper.getOwner(),
- wrapping_helper.getName(),
- wrapping_helper.getOwner()
- ).maybeDeserialize();
+ wrappedKey,
+ DataType(keyType),
+ PolicySerializable(policy)
+ ).maybeDeserialize();
EXCEPTION_GUARD_END
}
EXCEPTION_GUARD_END
}
-
} // namespace CKM
const Alias &wrappingKeyAlias,
const Password &wrappingKeyPassword,
const Alias &alias,
- const RawBuffer &encryptedKey,
+ const RawBuffer &wrappedKey,
const KeyType keyType,
const Policy &policy);
cAlg);
}
-int Manager::importWrappedKey(
- const CryptoAlgorithm ¶ms,
- const Alias &wrappingKeyAlias,
- const Password &wrappingKeyPassword,
- const Alias &alias,
- const RawBuffer &encryptedKey,
- const KeyType keyType,
- const Policy &policy)
-{
- return m_impl->importWrappedKey(
- params,
- wrappingKeyAlias,
- wrappingKeyPassword,
- alias,
- encryptedKey,
- keyType,
- policy
- );
-}
-
int Manager::ocspCheck(const CertificateShPtrVector &certificateChainVector,
int &ocspStatus)
{
return m_impl->deriveKey(algo, secretAlias, secretPassword, newKeyAlias, newKeyPolicy);
}
-ManagerShPtr Manager::create()
+int Manager::importWrappedKey(
+ const CryptoAlgorithm ¶ms,
+ const Alias &wrappingKeyAlias,
+ const Password &wrappingKeyPassword,
+ const Alias &alias,
+ const RawBuffer &wrappedKey,
+ const KeyType keyType,
+ const Policy &policy)
{
- try {
- return std::make_shared<Manager>();
- } catch (...) {
- LogError("Exception occured in Manager::create");
- throw;
- }
+ return m_impl->importWrappedKey(
+ params,
+ wrappingKeyAlias,
+ wrappingKeyPassword,
+ alias,
+ wrappedKey,
+ keyType,
+ policy
+ );
}
int Manager::exportWrappedKey(
);
}
+ManagerShPtr Manager::create()
+{
+ try {
+ return std::make_shared<Manager>();
+ } catch (...) {
+ LogError("Exception occured in Manager::create");
+ throw;
+ }
+}
+
} // namespace CKM
}
Token Key::unwrap(const CryptoAlgorithm ¶ms,
- const Data &encryptedKey,
+ const Data &wrappedKey,
const Password &pass,
const RawBuffer &)
{
- auto decrypted = decrypt(params, encryptedKey.data);
+ auto decrypted = decrypt(params, wrappedKey.data);
- if (!encryptedKey.type.isKey()) {
+ if (!wrappedKey.type.isKey()) {
ThrowErr(Exc::Crypto::InputParam, "Wrapped data is not a key");
}
// validate the decrypted key
- if (encryptedKey.type.isSKey()) {
+ if (wrappedKey.type.isSKey()) {
auto tmp = CKM::Key::createAES(decrypted);
if (!tmp)
ThrowErr(Exc::Crypto::InputParam, "Wrapped data is not a valid AES key");
if (!tmp)
ThrowErr(Exc::Crypto::InputParam, "Wrapped data is not a valid asymmetric key");
- if (encryptedKey.type != DataType(tmp->getType()))
+ if (wrappedKey.type != DataType(tmp->getType()))
ThrowErr(Exc::Crypto::InputParam, "Wrapped key type does not match the required one");
}
- return Token(backendId(), encryptedKey.type, Store::pack(decrypted, pass));
+ return Token(backendId(), wrappedKey.type, Store::pack(decrypted, pass));
}
RawBuffer Key::wrap(const CryptoAlgorithm ¶ms,
const Token &keyToWrap,
const Password &keyToWrapPass)
{
-
RawBuffer data = Store::unpack(keyToWrap.data, keyToWrapPass);
return encrypt(params, data);
}
ThrowErr(Exc::Crypto::OperationNotSupported);
}
-RawBuffer Cert::wrap(const CryptoAlgorithm &,
- const Token &,
- const Password &)
+RawBuffer Cert::wrap(const CryptoAlgorithm &, const Token &, const Password &)
{
ThrowErr(Exc::Crypto::OperationNotSupported);
}
using BData::BData;
Token unwrap(const CryptoAlgorithm ¶ms,
- const Data &encryptedKey,
+ const Data &wrappedKey,
const Password &pass,
const RawBuffer &hash) override;
const Name &wrappingKeyName,
const ClientId &wrappingKeyOwner,
const Password &wrappingKeyPassword,
- const Name &encryptedKeyName,
- const ClientId &encryptedKeyOwner,
- const RawBuffer &encryptedKey,
- const CKM::DataType encryptedKeyType,
- const PolicySerializable &encryptedKeyPolicy)
+ const Name &keyName,
+ const ClientId &keyOwner,
+ const RawBuffer &wrappedKey,
+ const CKM::DataType keyType,
+ const PolicySerializable &policy)
{
return SerializeMessage(msgId, tryRet([&] {
Crypto::GObjUPtr wrappingKey;
- auto [dbOp, digest, retCode] = beginSaveAndGetHash(cred, encryptedKeyName, encryptedKeyOwner);
+ auto [dbOp, digest, retCode] = beginSaveAndGetHash(cred, keyName, keyOwner);
if (retCode != CKM_API_SUCCESS)
return retCode;
return retCode;
Token token = wrappingKey->unwrap(params,
- Crypto::Data(encryptedKeyType, std::move(encryptedKey)),
- encryptedKeyPolicy.password,
+ Crypto::Data(keyType, std::move(wrappedKey)),
+ policy.password,
digest);
- dbOp.finalize(std::move(token), encryptedKeyPolicy);
+ dbOp.finalize(std::move(token), policy);
return retCode;
}));
const ClientId &newKeyOwner,
const Policy &newKeyPolicy);
+ RawBuffer importWrappedKey(
+ const Credentials &cred,
+ const int msgId,
+ const CryptoAlgorithm ¶ms,
+ const Name &wrappingKeyName,
+ const ClientId &wrappingKeyOwner,
+ const Password &wrappingKeyPassword,
+ const Name &keyName,
+ const ClientId &keyOwner,
+ const RawBuffer &wrappedKey,
+ const CKM::DataType keyType,
+ const PolicySerializable &policy);
+
RawBuffer exportWrappedKey(
const Credentials &cred,
const int msgID,
int unlockSystemDB();
- RawBuffer importWrappedKey(
- const Credentials &cred,
- const int msgId,
- const CryptoAlgorithm ¶ms,
- const Name &wrappingKeyName,
- const ClientId &wrappingKeyOwner,
- const Password &wrappingKeyPassword,
- const Name &encryptedKeyName,
- const ClientId &encryptedKeyOwner,
- const RawBuffer &encryptedKey,
- const CKM::DataType encryptedKeyType,
- const PolicySerializable &encryptedKeyPolicy);
-
private:
// select private/system database depending on asking uid and owner id.
// output: database handler for effective owner
Name wrappingKeyName;
ClientId wrappingKeyOwner;
Password wrappingKeyPassword;
- Name encryptedKeyName;
- RawBuffer encryptedKey;
- CKM::DataType encryptedKeyType;
- PolicySerializable encryptedKeyPolicy;
+ Name keyName;
+ RawBuffer wrappedKey;
+ CKM::DataType keyType;
+ PolicySerializable policy;
buffer.Deserialize(params,
+ wrappingKeyName,
+ wrappingKeyOwner,
wrappingKeyPassword,
- encryptedKey,
- encryptedKeyType,
- encryptedKeyPolicy,
- encryptedKeyName,
+ keyName,
explicitOwner,
- wrappingKeyName,
- wrappingKeyOwner);
+ wrappedKey,
+ keyType,
+ policy);
return m_logic->importWrappedKey(
cred,
wrappingKeyName,
cred.effectiveOwner(wrappingKeyOwner),
wrappingKeyPassword,
- encryptedKeyName,
+ keyName,
cred.effectiveOwner(explicitOwner),
- encryptedKey,
- encryptedKeyType,
- encryptedKeyPolicy);
+ wrappedKey,
+ keyType,
+ policy);
}
case LogicCommand::EXPORT_WRAPPED_KEY: {