* @remarks If password in @a policy_private_key or @a policy_public_key is provided, the stored key
* is additionally encrypted with it.
* @remarks Currently supported KEM types are: #CKMC_ML_KEM_768, #CKMC_ML_KEM_1024.
+ * @remarks The @a private_key_alias must be different than @a public_key_alias.
*
* @param[in] kem_type The type of KEM key to be created
* @param[in] private_key_alias The name of private key to be stored
* @remarks The supported sizes are: @c 1024, @c 2048, @c 3072 and @c 4096 bits.
* @remarks If password in the policy is provided, the key is additionally encrypted with the
* password in the policy.
+ * @remarks The @a private_key_alias must be different than @a public_key_alias.
*
* @param[in] size The size of key strength to be created
* @param[in] private_key_alias The name of private key to be stored
* @remarks The supported sizes are: @c 1024, @c 2048, @c 3072 and (Since 7.0) @c 4096 bits.
* @remarks If password in the policy is provided, the key is additionally encrypted with the
* password in the policy.
+ * @remarks The @a private_key_alias must be different than @a public_key_alias.
*
* @param[in] size The size of key strength to be created
* @param[in] private_key_alias The name of private key to be stored
* password in the policy.
* @remarks Currently supported elliptic curves of ECDSA are: #CKMC_EC_PRIME192V1, #CKMC_EC_PRIME256V1,
* #CKMC_EC_SECP384R1
+ * @remarks The @a private_key_alias must be different than @a public_key_alias.
*
* @param[in] type The type of elliptic curve of ECDSA
* @param[in] private_key_alias The name of private key to be stored
const PolicySerializable &policyPub)
{
return SerializeMessage(msgId, tryRet([&] {
- auto [dbOpPrv, digestPrv, retCodePrv] = beginSaveAndGetHash(cred, namePrv, ownerPrv);
- if (retCodePrv != CKM_API_SUCCESS)
- return retCodePrv;
-
- auto [dbOpPub, digestPub, retCodePub] = beginSaveAndGetHash(cred, namePub, ownerPub);
- if (retCodePub != CKM_API_SUCCESS)
- return retCodePub;
+ if (namePrv == namePub && ownerPrv == ownerPub)
+ ThrowErr(Exc::InputParam, "Private and public key must have different aliases.");
if (policyPrv.backend != policyPub.backend)
ThrowErr(Exc::InputParam, "Error, key pair must be supported with the same backend.");
- const std::unordered_map<AlgoType, DataType::Type> algoTypeToDataTypeConverter = {
+
static const std::unordered_map<AlgoType, DataType::Type> algoTypeToDataTypeConverter = {
{ AlgoType::RSA_GEN, DataType::Type::KEY_RSA_PRIVATE },
{ AlgoType::DSA_GEN, DataType::Type::KEY_DSA_PRIVATE },
{ AlgoType::ECDSA_GEN, DataType::Type::KEY_ECDSA_PRIVATE },
CKM::Crypto::unpack<AlgoType>(keyGenParams, ParamName::ALGO_TYPE));
if (dataTypeIt == algoTypeToDataTypeConverter.cend())
- {
ThrowErr(Exc::InputParam, "Error, key pair must be RSA or DSA or ECDSA or KEM.");
- }
Crypto::validateParams<Crypto::IsAsymGeneration>(keyGenParams, g_validators);
+ auto [dbOpPrv, digestPrv, retCodePrv] = beginSaveAndGetHash(cred, namePrv, ownerPrv);
+ if (retCodePrv != CKM_API_SUCCESS)
+ return retCodePrv;
+
+ auto [dbOpPub, digestPub, retCodePub] = beginSaveAndGetHash(cred, namePub, ownerPub);
+ if (retCodePub != CKM_API_SUCCESS)
+ return retCodePub;
+
TokenPair keys = m_decider.getStore(
dataTypeIt->second, policyPrv, policyPub, false).generateAKey(
keyGenParams,
projects / platform / core / security / key-manager.git / commitdiff