Implementation of CKMLogic::createPairKeyRSA.
Replace KeyImpl with GenericKey class.
Change-Id: I24d2c89c3df702666b0b82ba2894ed6313e6393b
};
// Internal types
-class KeyImpl;
+class GenericKey;
class CertificateImpl;
} // namespace CKM
KeyType getType() const;
int getSize() const;
ElipticCurve getCurve() const;
- RawBuffer getKey() const;
- KeyImpl* getImpl() const;
+ RawBuffer getDER() const;
+ GenericKey* getImpl() const;
private:
- std::shared_ptr<KeyImpl> m_impl;
+ std::shared_ptr<GenericKey> m_impl;
};
class Certificate {
${COMMON_PATH}/common/message-buffer.cpp
${COMMON_PATH}/common/smack-check.cpp
${COMMON_PATH}/common/certificate-impl.cpp
- ${COMMON_PATH}/common/key-impl.cpp
${COMMON_PATH}/dpl/log/src/abstract_log_provider.cpp
${COMMON_PATH}/dpl/log/src/dlog_log_provider.cpp
${COMMON_PATH}/dpl/log/src/log.cpp
* limitations under the License
*
*
- * @file client-key-impl.h
+ * @file client-certificate.h
* @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
* @version 1.0
* @brief Certificate class implementation.
namespace {
-const int POLL_TIMEOUT = 4000;
+const int POLL_TIMEOUT = 8000;
void centKeyClientEnableLogSystem(void) {
CKM::Singleton<CKM::Log::LogSystem>::Instance().SetTag("CENT_KEY_CLIENT");
#include <ckm/ckm-type.h>
#include <ckm/key-manager.h>
-#include <key-impl.h>
+#include <dpl/log/log.h>
+
+#include <key-rsa.h>
namespace CKM {
Key::Key()
- : m_impl(new KeyImpl())
+ : m_impl(NULL)
{}
Key::Key(
const RawBuffer &rawData,
KeyType type,
const std::string &password)
- : m_impl(new KeyImpl(rawData, type, password))
-{}
+{
+ switch (type) {
+ case KeyType::KEY_RSA_PRIVATE:
+ m_impl.reset(new KeyRSAPrivate(rawData, password));
+ break;
+ case KeyType::KEY_RSA_PUBLIC:
+ m_impl.reset(new KeyRSAPublic(rawData, password));
+ break;
+ default:
+ LogError("Key Type not implemented");
+ }
+}
Key::Key(const Key &second) {
m_impl = second.m_impl;
return *this;
}
-Key::~Key(){
-}
+Key::~Key(){}
bool Key::empty() const {
if (m_impl)
return KeyType::KEY_NONE;
}
-RawBuffer Key::getKey() const {
+RawBuffer Key::getDER() const {
if (m_impl)
- return m_impl->getKey();
+ return m_impl->getDER();
return RawBuffer();
}
-KeyImpl* Key::getImpl() const {
+GenericKey* Key::getImpl() const {
if (m_impl)
return m_impl.get();
return NULL;
#include <client-manager-impl.h>
#include <client-common.h>
-#include <key-impl.h>
#include <message-buffer.h>
#include <protocols.h>
}
int Manager::ManagerImpl::saveKey(const Alias &alias, const Key &key, const Policy &policy) {
- return saveBinaryData(alias, toDBDataType(key.getType()), key.getKey(), policy);
+ return saveBinaryData(alias, toDBDataType(key.getType()), key.getDER(), policy);
}
int Manager::ManagerImpl::saveCertificate(
* limitations under the License
*
*
- * @file client-key-impl.h
+ * @file generic-key.h
* @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
* @version 1.0
* @brief Key implementation.
namespace CKM {
-class KeyImpl
-{
+class GenericKey {
public:
- KeyImpl();
- KeyImpl(const RawBuffer &data, KeyType type, const std::string &password);
- KeyImpl(const KeyImpl &);
- KeyImpl(KeyImpl &&);
- KeyImpl& operator=(const KeyImpl &);
- KeyImpl& operator=(KeyImpl &&);
+ virtual KeyType getType() const = 0;
+ virtual RawBuffer getDER() const = 0;
+ virtual EVP_PKEY* getEVPKEY() const = 0;
- KeyType getType() const {
- return m_type;
- }
-
- RawBuffer getKey() const {
- return m_key;
- }
-
- bool empty() const {
- return (m_type == KeyType::KEY_NONE) || m_key.empty();
- }
-
- virtual ~KeyImpl();
-private:
- KeyType m_type;
- RawBuffer m_key;
+ virtual bool empty() const = 0;
+ virtual ~GenericKey(){}
};
} // namespace CKM
--- /dev/null
+#pragma once
+
+#include <memory>
+
+#include <openssl/pem.h>
+#include <openssl/rsa.h>
+#include <openssl/bio.h>
+
+#include <generic-key.h>
+
+namespace CKM {
+
+class KeyECDSA : public GenericKey {
+public:
+ KeyECDSA()
+ : m_ecdsa(NULL)
+ {}
+
+ KeyECDSA(void *ecdsa)
+ : m_ecdsa(ecdsa)
+ {}
+
+ virtual bool empty() const {
+ return m_ecdsa == NULL;
+ }
+
+ virtual ~KeyECDSA() {
+ free(m_ecdsa);
+ }
+
+ EVP_PKEY *getEVPKEY() const {
+ return NULL;
+ }
+
+protected:
+ void *m_ecdsa;
+};
+
+
+class KeyECDSAPublic : public KeyECDSA {
+public:
+ KeyECDSAPublic(){}
+
+ KeyECDSAPublic(void *ecdsa)
+ : KeyECDSA(ecdsa)
+ {}
+
+ KeyECDSAPublic(const RawBuffer &data, const std::string &password)
+ {
+ (void) data;
+ (void) password;
+ }
+
+ KeyECDSAPublic(const KeyECDSAPublic &second)
+ : KeyECDSA(second.m_ecdsa)
+ {}
+
+ KeyECDSAPublic(KeyECDSAPublic &&second) {
+ (void) second;
+ }
+
+ KeyECDSAPublic& operator=(const KeyECDSAPublic &second) {
+ (void) second;
+ return *this;
+ }
+
+ KeyECDSAPublic& operator=(KeyECDSAPublic &&second) {
+ (void) second;
+ return *this;
+ }
+
+ virtual RawBuffer getDER() const {
+ return RawBuffer();
+ }
+
+ virtual KeyType getType() const {
+ return KeyType::KEY_ECDSA_PUBLIC;
+ }
+};
+
+class KeyECDSAPrivate : public KeyECDSA {
+public:
+ KeyECDSAPrivate(){}
+
+ KeyECDSAPrivate(void *ecdsa)
+ : KeyECDSA(ecdsa)
+ {}
+
+ KeyECDSAPrivate(const KeyECDSAPrivate &second)
+ : KeyECDSA(second.m_ecdsa)
+ {}
+
+ KeyECDSAPrivate(KeyECDSAPrivate &&second) {
+ (void) second;
+ }
+
+ KeyECDSAPrivate(const RawBuffer &data, const std::string &password)
+ {
+ (void) data;
+ (void) password;
+ }
+
+ KeyECDSAPrivate& operator=(const KeyECDSAPrivate &second) {
+ (void) second;
+ return *this;
+ }
+
+ KeyECDSAPrivate& operator=(KeyECDSAPrivate &&second) {
+ (void) second;
+ return *this;
+ }
+
+ virtual RawBuffer getDER() const {
+ return RawBuffer();
+ }
+
+ virtual KeyType getType() const {
+ return KeyType::KEY_ECDSA_PRIVATE;
+ }
+
+};
+
+} // namespace CKM
+
+++ /dev/null
-/* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- *
- *
- * @file client-echo.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief Key implementation.
- */
-#include <memory>
-
-#include <openssl/bio.h>
-#include <openssl/pem.h>
-
-#include <key-impl.h>
-
-namespace {
-
-const char PEM_FIRST_CHAR = '-';
-typedef std::unique_ptr<BIO, std::function<void(BIO*)>> BioUniquePtr;
-
-} // namespace anonymous
-
-namespace CKM {
-
-KeyImpl::KeyImpl()
- : m_type(KeyType::KEY_NONE)
-{}
-
-KeyImpl::KeyImpl(const KeyImpl &second)
- : m_type(second.m_type)
- , m_key(second.m_key)
-{}
-
-KeyImpl::KeyImpl(KeyImpl &&second)
- : m_type(second.m_type)
- , m_key(std::move(second.m_key))
-{}
-
-KeyImpl& KeyImpl::operator=(const KeyImpl &second) {
- m_type = second.m_type;
- m_key = second.m_key;
- return *this;
-}
-
-KeyImpl& KeyImpl::operator=(KeyImpl &&second) {
- m_type = std::move(second.m_type);
- m_key = std::move(second.m_key);
- return *this;
-}
-
-KeyImpl::KeyImpl(const RawBuffer &data, KeyType type, const std::string &password)
- : m_type(KeyType::KEY_NONE)
-{
- int ret = 0;
- RSA *rsa = NULL;
- char *pass = NULL;
- std::string passtmp(password);
-
- if (!passtmp.empty()) {
- pass = const_cast<char *>(passtmp.c_str());
- }
-
- if (data[0] == PEM_FIRST_CHAR && type == KeyType::KEY_RSA_PUBLIC) {
- BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all);
- if (NULL == bio.get())
- return;
- BIO_write(bio.get(), data.data(), data.size());
- rsa = PEM_read_bio_RSA_PUBKEY(bio.get(), NULL, NULL, pass);
- } else if (data[0] == PEM_FIRST_CHAR && type == KeyType::KEY_RSA_PRIVATE) {
- BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all);
- if (NULL == bio.get())
- return;
- BIO_write(bio.get(), data.data(), data.size());
- rsa = PEM_read_bio_RSAPrivateKey(bio.get(), NULL, NULL, pass);
- } else if (type == KeyType::KEY_RSA_PUBLIC) {
- // First we will try to read der file
- const unsigned char *p = static_cast<const unsigned char*>(data.data());
- rsa = d2i_RSA_PUBKEY(NULL, &p, data.size());
- if (rsa == NULL) {
- // This is internal der format used by openssl?
- BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all);
- BIO_write(bio.get(), data.data(), data.size());
- rsa = d2i_RSAPublicKey_bio(bio.get(), NULL);
- }
- } else if (type == KeyType::KEY_RSA_PRIVATE) {
- BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all);
- if (NULL == bio.get())
- return;
- BIO_write(bio.get(), data.data(), data.size());
- rsa = d2i_RSAPrivateKey_bio(bio.get(), NULL);
- } else {
- return;
- }
-
- if (!rsa)
- return;
-
- BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all);
-
- if (NULL == bio.get())
- return;
-
- if (type == KeyType::KEY_RSA_PUBLIC) {
- ret = i2d_RSAPublicKey_bio(bio.get(), rsa);
- } else {
- ret = i2d_RSAPrivateKey_bio(bio.get(), rsa);
- }
-
- if (ret == 0)
- return;
-
- m_key.resize(data.size());
- ret = BIO_read(bio.get(), m_key.data(), m_key.size());
- if (ret <= 0) {
- m_key.clear();
- return;
- }
-
- m_key.resize(ret);
- m_type = type;
-}
-
-KeyImpl::~KeyImpl(){}
-
-} // namespace CKM
-
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Contact: Bumjin Im <bj.im@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ *
+ * @file key-rsa.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief Implementation of keys.
+ */
+
+// TODO move function definition from header
+
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Contact: Bumjin Im <bj.im@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ *
+ * @file key-rsa.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief Implementation of keys.
+ */
+#pragma once
+
+#include <memory>
+
+#include <openssl/pem.h>
+#include <openssl/rsa.h>
+#include <openssl/bio.h>
+
+#include <generic-key.h>
+
+namespace {
+
+const char PEM_FIRST_CHAR = '-';
+typedef std::unique_ptr<BIO, std::function<void(BIO*)>> BioUniquePtr;
+
+} // namespace anonymous
+
+namespace CKM {
+
+class KeyRSA : public GenericKey {
+public:
+ typedef int(*I2D_FUNCTION_PTR)(BIO*, RSA*);
+
+ static RSA* RSA_dup(RSA *rsa) {
+ if (rsa)
+ RSA_up_ref(rsa);
+ return rsa;
+ }
+
+ KeyRSA(RSA *rsa)
+ : m_rsa(RSA_dup(rsa))
+ {}
+
+ KeyRSA()
+ : m_rsa(NULL)
+ {}
+
+ virtual bool empty() const {
+ return m_rsa == NULL;
+ }
+
+ virtual ~KeyRSA() {
+ RSA_free(m_rsa);
+ }
+
+ virtual RawBuffer extractDER(I2D_FUNCTION_PTR ptr) const {
+ if (NULL == m_rsa)
+ return RawBuffer();
+
+ BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all);
+
+ if (NULL == bio.get())
+ return RawBuffer();
+
+ if (0 == ptr(bio.get(), m_rsa))
+ return RawBuffer();
+
+ RawBuffer out(8192);
+
+ int ret = BIO_read(bio.get(), out.data(), out.size());
+ if (ret <= 0) {
+ return RawBuffer();
+ }
+
+ out.resize(ret);
+ return out;
+ }
+
+ EVP_PKEY *getEVPKEY() const {
+ if (m_rsa == NULL)
+ return NULL;
+ EVP_PKEY *pkey = EVP_PKEY_new();
+ EVP_PKEY_assign_RSA(pkey, m_rsa);
+ return pkey;
+ }
+
+ RSA *getRSA() {
+ return m_rsa;
+ }
+
+protected:
+ RSA *m_rsa;
+};
+
+
+class KeyRSAPublic : public KeyRSA {
+public:
+ KeyRSAPublic(){}
+
+ KeyRSAPublic(RSA *rsa)
+ : KeyRSA(rsa)
+ {}
+
+ KeyRSAPublic(const RawBuffer &data, const std::string &password)
+ {
+ char *pass = NULL;
+ std::string passtmp(password);
+
+ if (!passtmp.empty()) {
+ pass = const_cast<char*>(passtmp.c_str());
+ }
+
+ if (data[0] == PEM_FIRST_CHAR) {
+ BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all);
+ if (NULL == bio.get())
+ return;
+ BIO_write(bio.get(), data.data(), data.size());
+ m_rsa = PEM_read_bio_RSA_PUBKEY(bio.get(), NULL, NULL, pass);
+ } else {
+ // First we will try to read der file
+ const unsigned char *p = static_cast<const unsigned char*>(data.data());
+ m_rsa = d2i_RSA_PUBKEY(NULL, &p, data.size());
+ if (m_rsa == NULL) {
+ // This is internal der format used by openssl?
+ BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all);
+ BIO_write(bio.get(), data.data(), data.size());
+ m_rsa = d2i_RSAPublicKey_bio(bio.get(), NULL);
+ }
+ }
+ }
+
+ KeyRSAPublic(const KeyRSAPublic &second)
+ : KeyRSA(second.m_rsa)
+ {}
+
+ KeyRSAPublic(KeyRSAPublic &&second) {
+ m_rsa = second.m_rsa;
+ second.m_rsa = NULL;
+ }
+
+ KeyRSAPublic& operator=(const KeyRSAPublic &second) {
+ if (this == &second)
+ return *this;
+ RSA_free(m_rsa);
+ m_rsa = RSA_dup(second.m_rsa);
+ return *this;
+ }
+
+ KeyRSAPublic& operator=(KeyRSAPublic &&second) {
+ if (this == &second)
+ return *this;
+ m_rsa = second.m_rsa;
+ second.m_rsa = NULL;
+ return *this;
+ }
+
+ virtual RawBuffer getDER() const {
+ return extractDER(i2d_RSAPublicKey_bio);
+ }
+
+ virtual KeyType getType() const {
+ return KeyType::KEY_RSA_PUBLIC;
+ }
+};
+
+class KeyRSAPrivate : public KeyRSA {
+public:
+ KeyRSAPrivate(){}
+
+ KeyRSAPrivate(RSA *rsa)
+ : KeyRSA(rsa)
+ {}
+
+ KeyRSAPrivate(const KeyRSAPrivate &second)
+ : KeyRSA(second.m_rsa)
+ {}
+
+ KeyRSAPrivate(KeyRSAPrivate &&second) {
+ m_rsa = second.m_rsa;
+ second.m_rsa = NULL;
+ }
+
+ KeyRSAPrivate(const RawBuffer &data, const std::string &password)
+ {
+ char *pass = NULL;
+ std::string passtmp(password);
+
+ if (!passtmp.empty()) {
+ pass = const_cast<char*>(passtmp.c_str());
+ }
+
+ if (data[0] == PEM_FIRST_CHAR) {
+ BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all);
+ if (NULL == bio.get())
+ return;
+ BIO_write(bio.get(), data.data(), data.size());
+ m_rsa = PEM_read_bio_RSAPrivateKey(bio.get(), NULL, NULL, pass);
+ } else {
+ BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all);
+ if (NULL == bio.get())
+ return;
+ BIO_write(bio.get(), data.data(), data.size());
+ m_rsa = d2i_RSAPrivateKey_bio(bio.get(), NULL);
+ }
+ }
+
+ KeyRSAPrivate& operator=(const KeyRSAPrivate &second) {
+ if (this == &second)
+ return *this;
+ RSA_free(m_rsa);
+ m_rsa = RSA_dup(second.m_rsa);
+ return *this;
+ }
+
+ KeyRSAPrivate& operator=(KeyRSAPrivate &&second) {
+ if (this == &second)
+ return *this;
+ RSA_free(m_rsa);
+ m_rsa = second.m_rsa;
+ second.m_rsa = NULL;
+ return *this;
+ }
+
+ virtual RawBuffer getDER() const {
+ return extractDER(i2d_RSAPrivateKey_bio);
+ }
+
+ virtual KeyType getType() const {
+ return KeyType::KEY_RSA_PRIVATE;
+ }
+
+};
+
+} // namespace CKM
+
switch(key) {
case KeyType::KEY_RSA_PUBLIC: return DBDataType::KEY_RSA_PUBLIC;
case KeyType::KEY_RSA_PRIVATE: return DBDataType::KEY_RSA_PRIVATE;
+ case KeyType::KEY_ECDSA_PUBLIC: return DBDataType::KEY_ECDSA_PUBLIC;
+ case KeyType::KEY_ECDSA_PRIVATE: return DBDataType::KEY_ECDSA_PRIVATE;
+ case KeyType::KEY_AES: return DBDataType::KEY_AES;
default:
// TODO
throw 1;
-
}
}
#include <ckm-service.h>
#include <key-provider.h>
+#include <CryptoService.h>
IMPLEMENT_SAFE_SINGLETON(CKM::Log::LogSystem);
OPENSSL_config(NULL);
CKM::KeyProvider::initializeLibrary();
+ CKM::CryptoService::initialize();
{
LogInfo("Start!");
#include <openssl/x509v3.h>
#include <openssl/obj_mac.h>
#include <ckm/ckm-type.h>
-#include <key-impl.h>
+#include <key-rsa.h>
+#include <key-ecdsa.h>
#include <CryptoService.h>
#include <key-manager-util.h>
+#include <dpl/log/log.h>
+
#define OPENSSL_SUCCESS 1 // DO NOTCHANGE THIS VALUE
#define OPENSSL_FAIL 0 // DO NOTCHANGE THIS VALUE
}
// The returned (EVP_PKEY *) should be freed like this [if(pkey) EVP_PKEY_free(pkey);] after use.
-void to_string_rsa_private_key(RSA *pkey, unsigned char **derPrivateKey, int *length) {
- unsigned char *ucTmp;
- *length = i2d_RSAPrivateKey(pkey, NULL);
- *derPrivateKey = (unsigned char *)malloc(*length);
- ucTmp = *derPrivateKey;
- i2d_RSAPrivateKey(pkey, &ucTmp);
-}
-
-void to_string_rsa_public_key(RSA *pkey, unsigned char **derPublicKey, int *length) {
- unsigned char *ucTmp;
- *length = i2d_RSA_PUBKEY(pkey, NULL);
- *derPublicKey = (unsigned char *)malloc(*length);
- ucTmp = *derPublicKey;
- i2d_RSA_PUBKEY(pkey, &ucTmp);
-}
-
-void to_string_ec_private_key(EC_KEY *pkey, unsigned char **derPrivateKey, int *length) {
- unsigned char *ucTmp;
- *length = i2d_ECPrivateKey(pkey, NULL);
- *derPrivateKey = (unsigned char *)malloc(*length);
- ucTmp = *derPrivateKey;
- i2d_ECPrivateKey(pkey, &ucTmp);
-}
-
-void to_string_ec_public_key(EC_KEY *pkey, unsigned char **derPublicKey, int *length) {
- unsigned char *ucTmp; //RawData test;
- *length = i2d_EC_PUBKEY(pkey, NULL);
- *derPublicKey = (unsigned char *)malloc(*length);
- ucTmp = *derPublicKey;
- i2d_EC_PUBKEY(pkey, &ucTmp);
-}
+//void to_string_rsa_private_key(RSA *pkey, unsigned char **derPrivateKey, int *length) {
+// unsigned char *ucTmp;
+// *length = i2d_RSAPrivateKey(pkey, NULL);
+// *derPrivateKey = (unsigned char *)malloc(*length);
+// ucTmp = *derPrivateKey;
+// i2d_RSAPrivateKey(pkey, &ucTmp);
+//}
+
+//void to_string_rsa_public_key(RSA *pkey, unsigned char **derPublicKey, int *length) {
+// unsigned char *ucTmp;
+// *length = i2d_RSA_PUBKEY(pkey, NULL);
+// *derPublicKey = (unsigned char *)malloc(*length);
+// ucTmp = *derPublicKey;
+// i2d_RSA_PUBKEY(pkey, &ucTmp);
+//}
+
+//void to_string_ec_private_key(EC_KEY *pkey, unsigned char **derPrivateKey, int *length) {
+// unsigned char *ucTmp;
+// *length = i2d_ECPrivateKey(pkey, NULL);
+// *derPrivateKey = (unsigned char *)malloc(*length);
+// ucTmp = *derPrivateKey;
+// i2d_ECPrivateKey(pkey, &ucTmp);
+//}
+//
+//void to_string_ec_public_key(EC_KEY *pkey, unsigned char **derPublicKey, int *length) {
+// unsigned char *ucTmp; //RawData test;
+// *length = i2d_EC_PUBKEY(pkey, NULL);
+// *derPublicKey = (unsigned char *)malloc(*length);
+// ucTmp = *derPublicKey;
+// i2d_EC_PUBKEY(pkey, &ucTmp);
+//}
// The returned (EVP_PKEY *) should be freed like this [if(pkey) EVP_PKEY_free(pkey);] after use.
-EVP_PKEY *to_pkey_rsa_public_key(const unsigned char *derPublicKey, int length) {
- EVP_PKEY *pkey = EVP_PKEY_new();
- RSA *rsa;
-
- BIO *bio = BIO_new(BIO_s_mem());
- BIO_write(bio, derPublicKey, length);
- rsa = d2i_RSA_PUBKEY_bio(bio, NULL);
- BIO_free_all(bio);
- EVP_PKEY_set1_RSA(pkey,rsa);
-
- return pkey;
-}
+//EVP_PKEY *to_pkey_rsa_public_key(const unsigned char *derPublicKey, int length) {
+// EVP_PKEY *pkey = EVP_PKEY_new();
+// RSA *rsa;
+//
+// BIO *bio = BIO_new(BIO_s_mem());
+// BIO_write(bio, derPublicKey, length);
+// rsa = d2i_RSA_PUBKEY_bio(bio, NULL);
+// BIO_free_all(bio);
+// EVP_PKEY_set1_RSA(pkey,rsa);
+//
+// return pkey;
+//}
// The returned (EVP_PKEY *) should be freed like this [if(pkey) EVP_PKEY_free(pkey);] after use.
-EVP_PKEY *to_pkey_rsa_private_key(const unsigned char *derPrivateKey, int length) {
- EVP_PKEY *pkey = EVP_PKEY_new();
- RSA *rsa;
-
- BIO *bio = BIO_new(BIO_s_mem());
- BIO_write(bio, derPrivateKey, length);
- rsa = d2i_RSAPrivateKey_bio(bio, NULL);
- BIO_free_all(bio);
- EVP_PKEY_set1_RSA(pkey,rsa);
-
- return pkey;
-}
+//EVP_PKEY *to_pkey_rsa_private_key(const unsigned char *derPrivateKey, int length) {
+// EVP_PKEY *pkey = EVP_PKEY_new();
+// RSA *rsa;
+//
+// BIO *bio = BIO_new(BIO_s_mem());
+// BIO_write(bio, derPrivateKey, length);
+// rsa = d2i_RSAPrivateKey_bio(bio, NULL);
+// BIO_free_all(bio);
+// EVP_PKEY_set1_RSA(pkey,rsa);
+//
+// return pkey;
+//}
// The returned (EVP_PKEY *) should be freed like this [if(pkey) EVP_PKEY_free(pkey);] after use.
EVP_PKEY *to_pkey_ec_public_key(const unsigned char *derPublicKey, int length) {
return pkey;
}
-int CryptoService::initalize() {
+int CryptoService::initialize() {
int mode, ret, rc;
// try to initialize using ERR_load_crypto_strings and OpenSSL_add_all_algorithms
}
int CryptoService::createKeyPairRSA(const int size, // size in bits [1024, 2048, 4096]
- KeyImpl &createdPrivateKey, // returned value
- KeyImpl &createdPublicKey) // returned value
+ KeyRSAPrivate &createdPrivateKey, // returned value
+ KeyRSAPublic &createdPublicKey) // returned value
{
EVP_PKEY_CTX *ctx = NULL;
EVP_PKEY *pkey = NULL;
- unsigned char *derPrivateKey = NULL, *derPublicKey = NULL;
- int priKeyLength, pubKeyLength;
RawBuffer priKey_tmp, pubKey_tmp;
const std::string null_password;
EVP_PKEY_CTX_new(pparam, NULL);
EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
- if(!ctx) {
+ LogDebug("Generating RSA key pair start.");
+
+ if(!ctx) {
return CKM_CRYPTO_CTX_ERROR;
}
return CKM_CRYPTO_PKEYGEN_ERROR;
}
- // convert to rsa key
- RSA *rsa_key = EVP_PKEY_get1_RSA(pkey);
-
- // Extract private and public key
- to_string_rsa_private_key(rsa_key, &derPrivateKey, &priKeyLength);
- to_string_rsa_public_key(rsa_key, &derPublicKey, &pubKeyLength);
+ LogDebug("Generating RSA key pair end.");
- // Key copy to vector structure
- priKey_tmp.assign(derPrivateKey, derPrivateKey+priKeyLength);
- pubKey_tmp.assign(derPublicKey, derPublicKey+pubKeyLength);
-
- // Create two keys
- KeyImpl privateKey(priKey_tmp, KeyType::KEY_RSA_PRIVATE, null_password);
- KeyImpl Publickey(pubKey_tmp, KeyType::KEY_RSA_PUBLIC, null_password);
+ // convert to rsa key
+ RSA *rsa_key = EVP_PKEY_get1_RSA(pkey);
- // Two made key copy to reference structure
- createdPrivateKey = privateKey;
- createdPublicKey = Publickey;
+ createdPrivateKey = KeyRSAPrivate(rsa_key);
+ createdPublicKey = KeyRSAPublic(rsa_key);
- RawBuffer data;
- data = privateKey.getKey();
-
- if(derPrivateKey)
- free(derPrivateKey);
- if(derPublicKey)
- free(derPublicKey);
if(pkey)
EVP_PKEY_free(pkey);
if(ctx)
}
int CryptoService::createKeyPairECDSA(ElipticCurve type,
- KeyImpl &createdPrivateKey, // returned value
- KeyImpl &createdPublicKey) // returned value
+ KeyECDSAPrivate &createdPrivateKey, // returned value
+ KeyECDSAPublic &createdPublicKey) // returned value
{
- unsigned char *derPrivateKey = NULL, *derPublicKey = NULL;
- int priKeyLength, pubKeyLength;
int ecCurve = -1;
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY_CTX *kctx = NULL;
// convert to rsa key
EC_KEY *ec_key = EVP_PKEY_get1_EC_KEY(pkey);
- // Extract private and public key
- to_string_ec_private_key(ec_key, &derPrivateKey, &priKeyLength);
- to_string_ec_public_key(ec_key, &derPublicKey, &pubKeyLength);
-
- // Key copy to vector structure
- priKey_tmp.assign(derPrivateKey, derPrivateKey+priKeyLength);
- pubKey_tmp.assign(derPublicKey, derPublicKey+pubKeyLength);
+ createdPrivateKey = KeyECDSAPrivate(ec_key);
+ createdPublicKey = KeyECDSAPublic(ec_key);
- // Create two keys
-
- //Key(const RawBuffer &rawData, KeyType type, const std::string &password = std::string());
-
- KeyImpl privateKey(priKey_tmp, KeyType::KEY_ECDSA_PRIVATE, NULL);
- KeyImpl Publickey(pubKey_tmp, KeyType::KEY_ECDSA_PUBLIC, NULL);
-
- // Two made key copy to reference structure
- // To operate this function, client-key-impl should be modified
-
- createdPrivateKey = privateKey;
- createdPublicKey = Publickey;
-
- if(derPrivateKey)
- free(derPrivateKey);
- if(derPublicKey)
- free(derPublicKey);
if(pkey)
EVP_PKEY_free(pkey);
if(pparam)
return CKM_CRYPTO_CREATEKEY_SUCCESS;
}
-int CryptoService::createSignature(const KeyImpl &privateKey,
+int CryptoService::createSignature(const GenericKey &privateKey,
const RawBuffer &message,
const HashAlgorithm hashAlgo,
const RSAPaddingAlgorithm padAlgo,
default:
return CKM_CRYPTO_NOT_SUPPORT_ALGO_ERROR;
}
+ } else if (privateKey.getType() != KeyType::KEY_ECDSA_PRIVATE) {
+ return CKM_CRYPTO_NOT_SUPPORT_KEY_TYPE;
+ }
- data = privateKey.getKey();
- unsigned char derPrivateKey[data.size()];
- memcpy(derPrivateKey, data.data(),data.size());
- private_pkey = to_pkey_rsa_private_key(derPrivateKey, data.size());
- } else if(privateKey.getType()==KeyType::KEY_ECDSA_PRIVATE) {
- data = privateKey.getKey();
- unsigned char derPrivateKey[data.size()];
- memcpy(derPrivateKey, data.data(),data.size());
- private_pkey = to_pkey_ec_private_key(derPrivateKey, data.size());
- } else {
- return CKM_CRYPTO_NOT_SUPPORT_KEY_TYPE;
- }
+ private_pkey = privateKey.getEVPKEY();
// Create the Message Digest Context
if(!(mdctx = EVP_MD_CTX_create())) {
}
if(EVP_SUCCESS != EVP_DigestSignInit(mdctx, &pctx, md_algo, NULL, private_pkey)) {
if(mdctx) EVP_MD_CTX_destroy(mdctx);
+ if(private_pkey) EVP_PKEY_free(private_pkey);
return CKM_SIG_GEN_ERROR;
}
if(privateKey.getType()==KeyType::KEY_RSA_PRIVATE) {
if(EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding)) {
if(mdctx) EVP_MD_CTX_destroy(mdctx);
+ if(private_pkey) EVP_PKEY_free(private_pkey);
return CKM_SIG_GEN_ERROR;
}
}
memcpy(msg, message.data(),message.size());
if(EVP_SUCCESS != EVP_DigestSignUpdate(mdctx, msg, message.size())) {
if(mdctx) EVP_MD_CTX_destroy(mdctx);
+ if(private_pkey) EVP_PKEY_free(private_pkey);
return CKM_SIG_GEN_ERROR;
}
size_t slen;
if(EVP_SUCCESS != EVP_DigestSignFinal(mdctx, NULL, &slen)) {
if(mdctx) EVP_MD_CTX_destroy(mdctx);
+ if(private_pkey) EVP_PKEY_free(private_pkey);
return CKM_SIG_GEN_ERROR;
}
/* Allocate memory for the signature based on size in slen */
/* Obtain the signature */
if(EVP_SUCCESS != EVP_DigestSignFinal(mdctx, sig, &slen)) {
if(mdctx) EVP_MD_CTX_destroy(mdctx);
+ if(private_pkey) EVP_PKEY_free(private_pkey);
return CKM_SIG_GEN_ERROR;
}
/* Success */
ret = EVP_SUCCESS;
if(mdctx) EVP_MD_CTX_destroy(mdctx);
+ if(private_pkey) EVP_PKEY_free(private_pkey);
return ret;
}
-int CryptoService::verifySignature(const KeyImpl &publicKey,
+int CryptoService::verifySignature(const GenericKey &publicKey,
const RawBuffer &message,
const RawBuffer &signature,
const HashAlgorithm hashAlgo,
return CKM_CRYPTO_NOT_SUPPORT_ALGO_ERROR;
}
- data = publicKey.getKey();
- unsigned char derPublicKey[data.size()];
- memcpy(derPublicKey, data.data(),data.size());
- public_pkey = to_pkey_rsa_public_key(derPublicKey, data.size());
- } else if(publicKey.getType()==KeyType::KEY_ECDSA_PUBLIC) {
- data = publicKey.getKey();
- unsigned char derPublicKey[data.size()];
- memcpy(derPublicKey, data.data(),data.size());
- public_pkey = to_pkey_ec_public_key(derPublicKey, data.size());
- } else {
+ } else if(publicKey.getType() != KeyType::KEY_ECDSA_PUBLIC) {
return CKM_CRYPTO_NOT_SUPPORT_KEY_TYPE;
}
+ public_pkey = publicKey.getEVPKEY();
+
+ if (NULL == public_pkey)
+ return CKM_CRYPTO_PKEYSET_ERROR;
+
char msg[message.size()];
memcpy(msg, message.data(),message.size());
/* Create the Message Digest Context */
if(!(mdctx = EVP_MD_CTX_create())) {
+ if (public_pkey) EVP_PKEY_free(public_pkey);
return CKM_SIG_VERIFY_OPER_ERROR;
}
if(EVP_SUCCESS != EVP_DigestVerifyInit(mdctx, &pctx, md_algo, NULL, public_pkey)) {
if(mdctx) EVP_MD_CTX_destroy(mdctx);
+ if (public_pkey) EVP_PKEY_free(public_pkey);
return CKM_SIG_VERIFY_OPER_ERROR;
}
if(publicKey.getType()==KeyType::KEY_RSA_PUBLIC) {
if(EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding)) {
if(mdctx) EVP_MD_CTX_destroy(mdctx);
+ if (public_pkey) EVP_PKEY_free(public_pkey);
return CKM_SIG_VERIFY_OPER_ERROR;
}
}
if(EVP_SUCCESS != EVP_DigestVerifyUpdate(mdctx, msg, message.size()) ) {
if(mdctx) EVP_MD_CTX_destroy(mdctx);
+ if (public_pkey) EVP_PKEY_free(public_pkey);
return CKM_SIG_VERIFY_OPER_ERROR;
}
if(EVP_SUCCESS != EVP_DigestVerifyFinal(mdctx, sig, signature.size()) ) {
if(mdctx) EVP_MD_CTX_destroy(mdctx);
+ if (public_pkey) EVP_PKEY_free(public_pkey);
return CKM_SIG_VERIFY_OPER_ERROR;
}
ret = EVP_SUCCESS;
if(mdctx) EVP_MD_CTX_destroy(mdctx);
+ if (public_pkey) EVP_PKEY_free(public_pkey);
return ret;
}
#include <iostream>
-#include <key-impl.h>
+#include <key-rsa.h>
+#include <key-ecdsa.h>
#include <certificate-impl.h>
#include <ckm/ckm-type.h>
#include <string.h>
// And system certificates are loaded in the memory during initialization.
// FIPS_MODE - ON, OFF(Default)
// antropy source - /dev/random,/dev/urandom(Default)
- static int initalize();
+ static int initialize();
int createKeyPairRSA(const int size, // size in bits [1024, 2048, 4096]
- KeyImpl &createdPrivateKey, // returned value ==> Key &createdPrivateKey,
- KeyImpl &createdPublicKey); // returned value ==> Key &createdPublicKey
+ KeyRSAPrivate &createdPrivateKey, // returned value ==> Key &createdPrivateKey,
+ KeyRSAPublic &createdPublicKey); // returned value ==> Key &createdPublicKey
int createKeyPairECDSA(ElipticCurve type1,
- KeyImpl &createdPrivateKey, // returned value
- KeyImpl &createdPublicKey); // returned value
+ KeyECDSAPrivate &createdPrivateKey, // returned value
+ KeyECDSAPublic &createdPublicKey); // returned value
- int createSignature(const KeyImpl &privateKey,
+ int createSignature(const GenericKey &privateKey,
const RawBuffer &message,
const HashAlgorithm hashAlgo,
const RSAPaddingAlgorithm padAlgo,
RawBuffer &signature);
- int verifySignature(const KeyImpl &publicKey,
+ int verifySignature(const GenericKey &publicKey,
const RawBuffer &message,
const RawBuffer &signature,
const HashAlgorithm hashAlgo,
#include <ckm/ckm-type.h>
#include <key-provider.h>
#include <file-system.h>
-
+#include <CryptoService.h>
#include <ckm-logic.h>
+#include <key-rsa.h>
namespace CKM {
return response.Pop();
}
+int CKMLogic::createKeyPairRSAHelper(
+ Credentials &cred,
+ int size,
+ const Alias &aliasPrivate,
+ const Alias &aliasPublic,
+ const PolicySerializable &policyPrivate,
+ const PolicySerializable &policyPublic)
+{
+ if (0 >= m_userDataMap.count(cred.uid))
+ return KEY_MANAGER_API_ERROR_DB_LOCKED;
+
+ auto &handler = m_userDataMap[cred.uid];
+ KeyRSAPrivate prv;
+ KeyRSAPublic pub;
+ CryptoService cr;
+ int retCode;
+
+ if (CKM_CRYPTO_CREATEKEY_SUCCESS != (retCode = cr.createKeyPairRSA(size, prv, pub))) {
+ LogError("CryptoService failed with code: " << retCode);
+ return KEY_MANAGER_API_ERROR_SERVER_ERROR; // TODO error code
+ }
+
+ retCode = saveDataHelper(cred,
+ toDBDataType(prv.getType()),
+ aliasPrivate,
+ prv.getDER(),
+ policyPrivate);
+
+ if (KEY_MANAGER_API_SUCCESS != retCode)
+ return retCode;
+
+ retCode = saveDataHelper(cred,
+ toDBDataType(pub.getType()),
+ aliasPublic,
+ pub.getDER(),
+ policyPublic);
+
+ if (KEY_MANAGER_API_SUCCESS != retCode) {
+ handler.database.deleteDBRow(aliasPrivate, cred.smackLabel);
+ }
+
+ return retCode;
+}
+
RawBuffer CKMLogic::createKeyPairRSA(
Credentials &cred,
int commandId,
int size,
- const Alias &privateKeyAlias,
- const Alias &publicKeyAlias,
- PolicySerializable policyPrivateKey,
- PolicySerializable policyPublicKey)
+ const Alias &aliasPrivate,
+ const Alias &aliasPublic,
+ const PolicySerializable &policyPrivate,
+ const PolicySerializable &policyPublic)
{
- (void)cred;
- (void)size;
- (void)privateKeyAlias;
- (void)publicKeyAlias,
- (void)policyPrivateKey;
- (void)policyPublicKey;
+ int retCode = createKeyPairRSAHelper(
+ cred,
+ size,
+ aliasPrivate,
+ aliasPublic,
+ policyPrivate,
+ policyPublic);
+
MessageBuffer response;
Serialization::Serialize(response, static_cast<int>(LogicCommand::CREATE_KEY_PAIR_RSA));
Serialization::Serialize(response, commandId);
- Serialization::Serialize(response, static_cast<int>(KEY_MANAGER_API_SUCCESS));
+ Serialization::Serialize(response, retCode);
return response.Pop();
}
Credentials &cred,
int commandId,
int type,
- const Alias &privateKeyAlias,
- const Alias &publicKeyAlias,
- PolicySerializable policyPrivateKey,
- PolicySerializable policyPublicKey)
+ const Alias &aliasPrivate,
+ const Alias &aliasPublic,
+ const PolicySerializable &policyPrivate,
+ const PolicySerializable &policyPublic)
{
(void)cred;
(void)type;
- (void)privateKeyAlias;
- (void)publicKeyAlias,
- (void)policyPrivateKey;
- (void)policyPublicKey;
-
+ (void)aliasPrivate;
+ (void)aliasPublic;
+ (void)policyPrivate;
+ (void)policyPublic;
+
MessageBuffer response;
Serialization::Serialize(response, static_cast<int>(LogicCommand::CREATE_KEY_PAIR_RSA));
Serialization::Serialize(response, commandId);
Credentials &cred,
int commandId,
int size,
- const Alias &privateKeyAlias,
- const Alias &publicKeyAlias,
- PolicySerializable policyPrivateKey,
- PolicySerializable policyPublicKey);
+ const Alias &aliasPrivate,
+ const Alias &alaisPublic,
+ const PolicySerializable &policyPrivate,
+ const PolicySerializable &policyPublic);
RawBuffer createKeyPairECDSA(
Credentials &cred,
int commandId,
int type,
- const Alias &privateKeyAlias,
- const Alias &publicKeyAlias,
- PolicySerializable policyPrivateKey,
- PolicySerializable policyPublicKey);
+ const Alias &aliasPrivate,
+ const Alias &aliasPublic,
+ const PolicySerializable &policyPrivate,
+ const PolicySerializable &policyPublic);
private:
int saveDataHelper(
const std::string &password,
DBRow &row);
+ int createKeyPairRSAHelper(
+ Credentials &cred,
+ int size,
+ const Alias &aliasPrivate,
+ const Alias &aliasPublic,
+ const PolicySerializable &policyPrivate,
+ const PolicySerializable &policyPublic);
+
std::map<uid_t, UserData> m_userDataMap;
};
#include <ckm-service.h>
#include <ckm-logic.h>
-#include <key-impl.h>
namespace {
const CKM::InterfaceID SOCKET_ID_CONTROL = 0;
Deserialization::Deserialize(buffer, size);
Deserialization::Deserialize(buffer, policyPrivateKey);
Deserialization::Deserialize(buffer, policyPublicKey);
+ Deserialization::Deserialize(buffer, privateKeyAlias);
+ Deserialization::Deserialize(buffer, publicKeyAlias);
return m_logic->createKeyPairRSA(
cred,
commandId,
Deserialization::Deserialize(buffer, type);
Deserialization::Deserialize(buffer, policyPrivateKey);
Deserialization::Deserialize(buffer, policyPublicKey);
+ Deserialization::Deserialize(buffer, privateKeyAlias);
+ Deserialization::Deserialize(buffer, publicKeyAlias);
return m_logic->createKeyPairECDSA(
cred,
commandId,
projects / platform / core / security / key-manager.git / commitdiff