Fix createSignature/verify signature module.

* Fix implementation of ErrorToString.
* Fix protocol implementation in ckm-logic.
* Fix implementation of CryptoModule.

Change-Id: Ifd60709829ffe433bd982819a32dcac8223d07f2

diff --git a/src/manager/client/client-error.cpp b/src/manager/client/client-error.cpp
index 663ac6b..a618b5e 100644 (file)
--- a/src/manager/client/client-error.cpp
+++ b/src/manager/client/client-error.cpp
@@ -42,6 +42,7 @@ const char * ErrorToString(int error) {
         ERRORDESCRIBE(CKM_API_ERROR_DB_ERROR);
         ERRORDESCRIBE(CKM_API_ERROR_DB_ALIAS_EXISTS);
         ERRORDESCRIBE(CKM_API_ERROR_DB_ALIAS_UNKNOWN);
+        ERRORDESCRIBE(CKM_API_ERROR_VERIFICATION_FAILED);
         ERRORDESCRIBE(CKM_API_ERROR_UNKNOWN);
     default:
         return "Error not defined";

diff --git a/src/manager/client/client-manager-impl.cpp b/src/manager/client/client-manager-impl.cpp
index 8eb3049..60e5b7e 100644 (file)
--- a/src/manager/client/client-manager-impl.cpp
+++ b/src/manager/client/client-manager-impl.cpp
@@ -536,9 +536,12 @@ int Manager::ManagerImpl::createSignature(
 
         Deserialization::Deserialize(recv, command);
         Deserialization::Deserialize(recv, counter);
+        Deserialization::Deserialize(recv, retCode);
         Deserialization::Deserialize(recv, signature);
 
-        if ((command != static_cast<int>(LogicCommand::CREATE_SIGNATURE)) || (counter != my_counter)) {
+        if ((command != static_cast<int>(LogicCommand::CREATE_SIGNATURE))
+            || (counter != my_counter))
+        {
             return CKM_API_ERROR_UNKNOWN;
         }
 
@@ -582,8 +585,11 @@ int Manager::ManagerImpl::verifySignature(
 
         Deserialization::Deserialize(recv, command);
         Deserialization::Deserialize(recv, counter);
+        Deserialization::Deserialize(recv, retCode);
 
-        if ((command != static_cast<int>(LogicCommand::VERIFY_SIGNATURE)) || (counter != my_counter)) {
+        if ((command != static_cast<int>(LogicCommand::VERIFY_SIGNATURE))
+            || (counter != my_counter))
+        {
             return CKM_API_ERROR_UNKNOWN;
         }
 

diff --git a/src/manager/service/CryptoService.cpp b/src/manager/service/CryptoService.cpp
index 852d4a5..a3b5b54 100755 (executable)
--- a/src/manager/service/CryptoService.cpp
+++ b/src/manager/service/CryptoService.cpp
@@ -3,6 +3,8 @@
 #include <vector>
 #include <fstream>
 #include <string.h>
+#include <memory>
+
 #include <openssl/x509_vfy.h>
 #include <openssl/evp.h>
 #include <openssl/obj_mac.h>
@@ -16,6 +18,7 @@
 #include <openssl/err.h>
 #include <openssl/x509v3.h>
 #include <openssl/obj_mac.h>
+#include <ckm/ckm-error.h>
 #include <ckm/ckm-type.h>
 #include <generic-key.h>
 #include <CryptoService.h>
@@ -403,15 +406,15 @@ int CryptoService::verifySignature(const GenericKey &publicKey,
                const RawBuffer &message,
                const RawBuffer &signature,
                const HashAlgorithm hashAlgo,
-               const RSAPaddingAlgorithm padAlgo){
-
-       EVP_MD_CTX *mdctx = NULL;
-       EVP_PKEY_CTX *pctx;
+               const RSAPaddingAlgorithm padAlgo)
+{
+       EVP_PKEY_CTX *pctx = NULL;
        int rsa_padding = NOT_DEFINED;
        const EVP_MD *md_algo;
-       RawBuffer data;
+    int retCode = CKM_API_ERROR_VERIFICATION_FAILED;
+    std::unique_ptr<EVP_MD_CTX, std::function<void(EVP_MD_CTX*)>> mdctx(nullptr, EVP_MD_CTX_destroy);
 
-       if(&publicKey == NULL) {
+    if(&publicKey == NULL) {
                LogError("Error in publicKey value");
                ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in publicKey value");
        }
@@ -463,61 +466,45 @@ int CryptoService::verifySignature(const GenericKey &publicKey,
                }
        }
 
-       Try {
-               auto public_pkey = publicKey.getEvpShPtr();
-
-               if (NULL == public_pkey.get()) {
-                       LogError("Error in getEvpShPtr function");
-                       ThrowMsg(CryptoService::Exception::opensslError, "Error in getEvpShPtr function");
-               }
+    auto public_pkey = publicKey.getEvpShPtr();
 
-               char msg[message.size()];
-               memcpy(msg, message.data(),message.size());
-
-               unsigned char sig[signature.size()];
-               memcpy(sig, signature.data(),signature.size());
-
-
-               /* Create the Message Digest Context */
-               if(!(mdctx = EVP_MD_CTX_create())) {
-                       LogError("Error in EVP_MD_CTX_create function");
-                       ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_MD_CTX_create function");
-               }
+    if (NULL == public_pkey.get()) {
+        LogError("Error in getEvpShPtr function");
+        ThrowMsg(CryptoService::Exception::opensslError, "Error in getEvpShPtr function");
+    }
 
-               if(EVP_SUCCESS != EVP_DigestVerifyInit(mdctx, &pctx, md_algo, NULL, public_pkey.get())) {
-                       LogError("Error in EVP_DigestVerifyInit function");
-                       ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_DigestVerifyInit function");
-               }
+    /* Create the Message Digest Context */
+    mdctx.reset(EVP_MD_CTX_create());
 
-               if(publicKey.getType()==KeyType::KEY_RSA_PUBLIC) {
-                       if(EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding))  {
-                               LogError("Error in EVP_PKEY_CTX_set_rsa_padding function");
-                               ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_set_rsa_padding function");
-                       }
-               }
+    if(!(mdctx.get())) {
+        LogError("Error in EVP_MD_CTX_create function");
+        ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_MD_CTX_create function");
+    }
 
-               if(EVP_SUCCESS != EVP_DigestVerifyUpdate(mdctx, msg, message.size()) ) {
-                       LogError("Error in EVP_DigestVerifyUpdate function");
-                       ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_DigestVerifyUpdate function");
-               }
+    if(EVP_SUCCESS != EVP_DigestVerifyInit(mdctx.get(), &pctx, md_algo, NULL, public_pkey.get())) {
+        LogError("Error in EVP_DigestVerifyInit function");
+        ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_DigestVerifyInit function");
+    }
 
-               if(EVP_SUCCESS != EVP_DigestVerifyFinal(mdctx, sig, signature.size()) ) {
-                       LogError("Error in EVP_DigestVerifyFinal function");
-                       ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_DigestVerifyFinal function");
-               }
-       } Catch(CryptoService::Exception::opensslError) {
-               if(mdctx != NULL) {
-                       EVP_MD_CTX_destroy(mdctx);
-               }
+    if(publicKey.getType()==KeyType::KEY_RSA_PUBLIC) {
+        if(EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding))  {
+            LogError("Error in EVP_PKEY_CTX_set_rsa_padding function");
+            ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_set_rsa_padding function");
+        }
+    }
 
-               ReThrowMsg(CryptoService::Exception::opensslError,"Error in openssl function !!");
-       }
+    if(EVP_SUCCESS != EVP_DigestVerifyUpdate(mdctx.get(), message.data(), message.size()) ) {
+        LogError("Error in EVP_DigestVerifyUpdate function");
+        ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_DigestVerifyUpdate function");
+    }
 
-       if(mdctx != NULL) {
-               EVP_MD_CTX_destroy(mdctx);
-       }
+    if(EVP_SUCCESS == EVP_DigestVerifyFinal(mdctx.get(), const_cast<unsigned char*>(signature.data()), signature.size()) ) {
+        retCode = CKM_API_SUCCESS;
+    } else {
+        LogError("Error in EVP_DigestVerifyFinal function");
+    }
 
-       return CKM_VERIFY_SIGNATURE_SUCCESS;
+       return retCode;
 }
 
 

diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp
index 36da549..aa76b3b 100644 (file)
--- a/src/manager/service/ckm-logic.cpp
+++ b/src/manager/service/ckm-logic.cpp
@@ -446,7 +446,7 @@ RawBuffer CKMLogic::createKeyPairRSA(
     Serialization::Serialize(response, static_cast<int>(LogicCommand::CREATE_KEY_PAIR_RSA));
     Serialization::Serialize(response, commandId);
     Serialization::Serialize(response, retCode);
- 
+
     return response.Pop();
 }
 
@@ -507,7 +507,7 @@ RawBuffer CKMLogic::createKeyPairECDSA(
     const PolicySerializable &policyPublic)
 {
     int retCode = CKM_API_SUCCESS;
-    
+
     try {
         retCode = createKeyPairECDSAHelper(
                         cred,
@@ -531,7 +531,7 @@ RawBuffer CKMLogic::createKeyPairECDSA(
     Serialization::Serialize(response, static_cast<int>(LogicCommand::CREATE_KEY_PAIR_RSA));
     Serialization::Serialize(response, commandId);
     Serialization::Serialize(response, retCode);
- 
+
     return response.Pop();
 }
 
@@ -594,17 +594,29 @@ RawBuffer CKMLogic::createSignature(
         const std::string &password,           // password for private_key
         const RawBuffer &message,
         const HashAlgorithm hash,
-        const RSAPaddingAlgorithm padding,
-        RawBuffer &signature)
+        const RSAPaddingAlgorithm padding)
 {
 
     DBRow row;
     CryptoService cs;
+    RawBuffer signature;
 
     int retCode = CKM_API_SUCCESS;
 
     try {
-        retCode = getDataHelper(cred, DBDataType::KEY_RSA_PUBLIC, privateKeyAlias, password, row);
+        do {
+            retCode = getDataHelper(cred, DBDataType::KEY_RSA_PUBLIC, privateKeyAlias, password, row);
+            if (CKM_API_SUCCESS != retCode) {
+                LogError("getDataHelper return error:");
+                break;
+            }
+
+            GenericKey keyParsed(row.data, std::string());
+            if (keyParsed.empty())
+                retCode = CKM_API_ERROR_SERVER_ERROR;
+            else
+                cs.createSignature(keyParsed, message, hash, padding, signature);
+        } while(0);
     } catch (const KeyProvider::Exception::Base &e) {
         LogError("KeyProvider failed with error: " << e.GetMessage());
         retCode = CKM_API_ERROR_SERVER_ERROR;
@@ -616,16 +628,6 @@ RawBuffer CKMLogic::createSignature(
         retCode = CKM_API_ERROR_DB_ERROR;
     }
 
-    if (CKM_API_SUCCESS != retCode) {
-        row.data.clear();
-        row.dataType = DBDataType::KEY_RSA_PUBLIC;
-    }
-    GenericKey keyParsed(row.data, password);
-    if (keyParsed.empty())
-        retCode = CKM_API_ERROR_AUTHENTICATION_FAILED;
-    else
-        retCode = cs.createSignature(keyParsed, message, hash, padding, signature);
-
     MessageBuffer response;
     Serialization::Serialize(response, static_cast<int>(LogicCommand::CREATE_SIGNATURE));
     Serialization::Serialize(response, commandId);
@@ -648,9 +650,29 @@ RawBuffer CKMLogic::verifySignature(
     DBRow row;
     CryptoService cs;
 
-    int retCode = CKM_API_SUCCESS;
+    int retCode = CKM_API_ERROR_VERIFICATION_FAILED;
     try {
-        retCode = getDataHelper(cred, DBDataType::KEY_RSA_PUBLIC, publicKeyOrCertAlias, password, row);
+        do {
+            retCode = getDataHelper(cred, DBDataType::KEY_RSA_PUBLIC, publicKeyOrCertAlias, password, row);
+
+            if (retCode != CKM_API_SUCCESS) {
+                break;
+            }
+
+            GenericKey keyParsed(row.data, std::string());
+            if (keyParsed.empty()) {
+                retCode = CKM_API_ERROR_SERVER_ERROR;
+                break;
+            }
+
+            retCode = cs.verifySignature(keyParsed, message, signature, hash, padding);
+        } while(0);
+    } catch (const CryptoService::Exception::Crypto_internal &e) {
+        LogError("KeyProvider failed with message: " << e.GetMessage());
+        retCode = CKM_API_ERROR_SERVER_ERROR;
+    } catch (const CryptoService::Exception::opensslError &e) {
+        LogError("KeyProvider failed with message: " << e.GetMessage());
+        retCode = CKM_API_ERROR_SERVER_ERROR;
     } catch (const KeyProvider::Exception::Base &e) {
         LogError("KeyProvider failed with error: " << e.GetMessage());
         retCode = CKM_API_ERROR_SERVER_ERROR;
@@ -662,26 +684,6 @@ RawBuffer CKMLogic::verifySignature(
         retCode = CKM_API_ERROR_DB_ERROR;
     }
 
-    if (CKM_API_SUCCESS != retCode) {
-        row.data.clear();
-        row.dataType = DBDataType::KEY_RSA_PUBLIC;
-    }
-    GenericKey keyParsed(row.data, password);
-    if (keyParsed.empty())
-        retCode = CKM_API_ERROR_AUTHENTICATION_FAILED;
-    else
-        try {
-          retCode = cs.verifySignature(keyParsed, message, signature, hash, padding);
-        }
-        catch (const CryptoService::Exception::Crypto_internal &e) {
-          LogError("KeyProvider failed with message: " << e.GetMessage());
-          retCode = CKM_API_ERROR_SERVER_ERROR;
-        }
-        catch (const CryptoService::Exception::opensslError &e) {
-          LogError("KeyProvider failed with message: " << e.GetMessage());
-          retCode = CKM_API_ERROR_SERVER_ERROR;
-        }
-
     MessageBuffer response;
     Serialization::Serialize(response, static_cast<int>(LogicCommand::VERIFY_SIGNATURE));
     Serialization::Serialize(response, commandId);

diff --git a/src/manager/service/ckm-logic.h b/src/manager/service/ckm-logic.h
index c64c55c..59f02a0 100644 (file)
--- a/src/manager/service/ckm-logic.h
+++ b/src/manager/service/ckm-logic.h
@@ -128,8 +128,7 @@ public:
         const std::string &password,           // password for private_key
         const RawBuffer &message,
         const HashAlgorithm hash,
-        const RSAPaddingAlgorithm padding,
-        RawBuffer &signature);
+        const RSAPaddingAlgorithm padding);
 
     RawBuffer verifySignature(
         Credentials &cred,

diff --git a/src/manager/service/ckm-service.cpp b/src/manager/service/ckm-service.cpp
index c335848..dbc73c9 100644 (file)
--- a/src/manager/service/ckm-service.cpp
+++ b/src/manager/service/ckm-service.cpp
@@ -268,16 +268,12 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){
             Alias privateKeyAlias;
             std::string password;        // password for private_key
             RawBuffer message;
-            //HashAlgorithm hash;
-            //RSAPaddingAlgorithm padding
             int padding, hash;
-            RawBuffer signature;
             Deserialization::Deserialize(buffer, privateKeyAlias);
             Deserialization::Deserialize(buffer, password);
             Deserialization::Deserialize(buffer, message);
             Deserialization::Deserialize(buffer, hash);
             Deserialization::Deserialize(buffer, padding);
-            Deserialization::Deserialize(buffer, signature);
 
             return m_logic->createSignature(
                   cred,
@@ -286,9 +282,7 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){
                   password,           // password for private_key
                   message,
                   static_cast<HashAlgorithm>(hash),
-                  static_cast<RSAPaddingAlgorithm>(padding),
-                  signature);
-
+                  static_cast<RSAPaddingAlgorithm>(padding));
         }
         case LogicCommand::VERIFY_SIGNATURE:
         {