* Fix implementation of ErrorToString.
* Fix protocol implementation in ckm-logic.
* Fix implementation of CryptoModule.
Change-Id: Ifd60709829ffe433bd982819a32dcac8223d07f2
ERRORDESCRIBE(CKM_API_ERROR_DB_ERROR);
ERRORDESCRIBE(CKM_API_ERROR_DB_ALIAS_EXISTS);
ERRORDESCRIBE(CKM_API_ERROR_DB_ALIAS_UNKNOWN);
+ ERRORDESCRIBE(CKM_API_ERROR_VERIFICATION_FAILED);
ERRORDESCRIBE(CKM_API_ERROR_UNKNOWN);
default:
return "Error not defined";
Deserialization::Deserialize(recv, command);
Deserialization::Deserialize(recv, counter);
+ Deserialization::Deserialize(recv, retCode);
Deserialization::Deserialize(recv, signature);
- if ((command != static_cast<int>(LogicCommand::CREATE_SIGNATURE)) || (counter != my_counter)) {
+ if ((command != static_cast<int>(LogicCommand::CREATE_SIGNATURE))
+ || (counter != my_counter))
+ {
return CKM_API_ERROR_UNKNOWN;
}
Deserialization::Deserialize(recv, command);
Deserialization::Deserialize(recv, counter);
+ Deserialization::Deserialize(recv, retCode);
- if ((command != static_cast<int>(LogicCommand::VERIFY_SIGNATURE)) || (counter != my_counter)) {
+ if ((command != static_cast<int>(LogicCommand::VERIFY_SIGNATURE))
+ || (counter != my_counter))
+ {
return CKM_API_ERROR_UNKNOWN;
}
#include <vector>
#include <fstream>
#include <string.h>
+#include <memory>
+
#include <openssl/x509_vfy.h>
#include <openssl/evp.h>
#include <openssl/obj_mac.h>
#include <openssl/err.h>
#include <openssl/x509v3.h>
#include <openssl/obj_mac.h>
+#include <ckm/ckm-error.h>
#include <ckm/ckm-type.h>
#include <generic-key.h>
#include <CryptoService.h>
const RawBuffer &message,
const RawBuffer &signature,
const HashAlgorithm hashAlgo,
- const RSAPaddingAlgorithm padAlgo){
-
- EVP_MD_CTX *mdctx = NULL;
- EVP_PKEY_CTX *pctx;
+ const RSAPaddingAlgorithm padAlgo)
+{
+ EVP_PKEY_CTX *pctx = NULL;
int rsa_padding = NOT_DEFINED;
const EVP_MD *md_algo;
- RawBuffer data;
+ int retCode = CKM_API_ERROR_VERIFICATION_FAILED;
+ std::unique_ptr<EVP_MD_CTX, std::function<void(EVP_MD_CTX*)>> mdctx(nullptr, EVP_MD_CTX_destroy);
- if(&publicKey == NULL) {
+ if(&publicKey == NULL) {
LogError("Error in publicKey value");
ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in publicKey value");
}
}
}
- Try {
- auto public_pkey = publicKey.getEvpShPtr();
-
- if (NULL == public_pkey.get()) {
- LogError("Error in getEvpShPtr function");
- ThrowMsg(CryptoService::Exception::opensslError, "Error in getEvpShPtr function");
- }
+ auto public_pkey = publicKey.getEvpShPtr();
- char msg[message.size()];
- memcpy(msg, message.data(),message.size());
-
- unsigned char sig[signature.size()];
- memcpy(sig, signature.data(),signature.size());
-
-
- /* Create the Message Digest Context */
- if(!(mdctx = EVP_MD_CTX_create())) {
- LogError("Error in EVP_MD_CTX_create function");
- ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_MD_CTX_create function");
- }
+ if (NULL == public_pkey.get()) {
+ LogError("Error in getEvpShPtr function");
+ ThrowMsg(CryptoService::Exception::opensslError, "Error in getEvpShPtr function");
+ }
- if(EVP_SUCCESS != EVP_DigestVerifyInit(mdctx, &pctx, md_algo, NULL, public_pkey.get())) {
- LogError("Error in EVP_DigestVerifyInit function");
- ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_DigestVerifyInit function");
- }
+ /* Create the Message Digest Context */
+ mdctx.reset(EVP_MD_CTX_create());
- if(publicKey.getType()==KeyType::KEY_RSA_PUBLIC) {
- if(EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding)) {
- LogError("Error in EVP_PKEY_CTX_set_rsa_padding function");
- ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_set_rsa_padding function");
- }
- }
+ if(!(mdctx.get())) {
+ LogError("Error in EVP_MD_CTX_create function");
+ ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_MD_CTX_create function");
+ }
- if(EVP_SUCCESS != EVP_DigestVerifyUpdate(mdctx, msg, message.size()) ) {
- LogError("Error in EVP_DigestVerifyUpdate function");
- ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_DigestVerifyUpdate function");
- }
+ if(EVP_SUCCESS != EVP_DigestVerifyInit(mdctx.get(), &pctx, md_algo, NULL, public_pkey.get())) {
+ LogError("Error in EVP_DigestVerifyInit function");
+ ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_DigestVerifyInit function");
+ }
- if(EVP_SUCCESS != EVP_DigestVerifyFinal(mdctx, sig, signature.size()) ) {
- LogError("Error in EVP_DigestVerifyFinal function");
- ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_DigestVerifyFinal function");
- }
- } Catch(CryptoService::Exception::opensslError) {
- if(mdctx != NULL) {
- EVP_MD_CTX_destroy(mdctx);
- }
+ if(publicKey.getType()==KeyType::KEY_RSA_PUBLIC) {
+ if(EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding)) {
+ LogError("Error in EVP_PKEY_CTX_set_rsa_padding function");
+ ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_set_rsa_padding function");
+ }
+ }
- ReThrowMsg(CryptoService::Exception::opensslError,"Error in openssl function !!");
- }
+ if(EVP_SUCCESS != EVP_DigestVerifyUpdate(mdctx.get(), message.data(), message.size()) ) {
+ LogError("Error in EVP_DigestVerifyUpdate function");
+ ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_DigestVerifyUpdate function");
+ }
- if(mdctx != NULL) {
- EVP_MD_CTX_destroy(mdctx);
- }
+ if(EVP_SUCCESS == EVP_DigestVerifyFinal(mdctx.get(), const_cast<unsigned char*>(signature.data()), signature.size()) ) {
+ retCode = CKM_API_SUCCESS;
+ } else {
+ LogError("Error in EVP_DigestVerifyFinal function");
+ }
- return CKM_VERIFY_SIGNATURE_SUCCESS;
+ return retCode;
}
Serialization::Serialize(response, static_cast<int>(LogicCommand::CREATE_KEY_PAIR_RSA));
Serialization::Serialize(response, commandId);
Serialization::Serialize(response, retCode);
-
+
return response.Pop();
}
const PolicySerializable &policyPublic)
{
int retCode = CKM_API_SUCCESS;
-
+
try {
retCode = createKeyPairECDSAHelper(
cred,
Serialization::Serialize(response, static_cast<int>(LogicCommand::CREATE_KEY_PAIR_RSA));
Serialization::Serialize(response, commandId);
Serialization::Serialize(response, retCode);
-
+
return response.Pop();
}
const std::string &password, // password for private_key
const RawBuffer &message,
const HashAlgorithm hash,
- const RSAPaddingAlgorithm padding,
- RawBuffer &signature)
+ const RSAPaddingAlgorithm padding)
{
DBRow row;
CryptoService cs;
+ RawBuffer signature;
int retCode = CKM_API_SUCCESS;
try {
- retCode = getDataHelper(cred, DBDataType::KEY_RSA_PUBLIC, privateKeyAlias, password, row);
+ do {
+ retCode = getDataHelper(cred, DBDataType::KEY_RSA_PUBLIC, privateKeyAlias, password, row);
+ if (CKM_API_SUCCESS != retCode) {
+ LogError("getDataHelper return error:");
+ break;
+ }
+
+ GenericKey keyParsed(row.data, std::string());
+ if (keyParsed.empty())
+ retCode = CKM_API_ERROR_SERVER_ERROR;
+ else
+ cs.createSignature(keyParsed, message, hash, padding, signature);
+ } while(0);
} catch (const KeyProvider::Exception::Base &e) {
LogError("KeyProvider failed with error: " << e.GetMessage());
retCode = CKM_API_ERROR_SERVER_ERROR;
retCode = CKM_API_ERROR_DB_ERROR;
}
- if (CKM_API_SUCCESS != retCode) {
- row.data.clear();
- row.dataType = DBDataType::KEY_RSA_PUBLIC;
- }
- GenericKey keyParsed(row.data, password);
- if (keyParsed.empty())
- retCode = CKM_API_ERROR_AUTHENTICATION_FAILED;
- else
- retCode = cs.createSignature(keyParsed, message, hash, padding, signature);
-
MessageBuffer response;
Serialization::Serialize(response, static_cast<int>(LogicCommand::CREATE_SIGNATURE));
Serialization::Serialize(response, commandId);
DBRow row;
CryptoService cs;
- int retCode = CKM_API_SUCCESS;
+ int retCode = CKM_API_ERROR_VERIFICATION_FAILED;
try {
- retCode = getDataHelper(cred, DBDataType::KEY_RSA_PUBLIC, publicKeyOrCertAlias, password, row);
+ do {
+ retCode = getDataHelper(cred, DBDataType::KEY_RSA_PUBLIC, publicKeyOrCertAlias, password, row);
+
+ if (retCode != CKM_API_SUCCESS) {
+ break;
+ }
+
+ GenericKey keyParsed(row.data, std::string());
+ if (keyParsed.empty()) {
+ retCode = CKM_API_ERROR_SERVER_ERROR;
+ break;
+ }
+
+ retCode = cs.verifySignature(keyParsed, message, signature, hash, padding);
+ } while(0);
+ } catch (const CryptoService::Exception::Crypto_internal &e) {
+ LogError("KeyProvider failed with message: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
+ } catch (const CryptoService::Exception::opensslError &e) {
+ LogError("KeyProvider failed with message: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
} catch (const KeyProvider::Exception::Base &e) {
LogError("KeyProvider failed with error: " << e.GetMessage());
retCode = CKM_API_ERROR_SERVER_ERROR;
retCode = CKM_API_ERROR_DB_ERROR;
}
- if (CKM_API_SUCCESS != retCode) {
- row.data.clear();
- row.dataType = DBDataType::KEY_RSA_PUBLIC;
- }
- GenericKey keyParsed(row.data, password);
- if (keyParsed.empty())
- retCode = CKM_API_ERROR_AUTHENTICATION_FAILED;
- else
- try {
- retCode = cs.verifySignature(keyParsed, message, signature, hash, padding);
- }
- catch (const CryptoService::Exception::Crypto_internal &e) {
- LogError("KeyProvider failed with message: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
- }
- catch (const CryptoService::Exception::opensslError &e) {
- LogError("KeyProvider failed with message: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
- }
-
MessageBuffer response;
Serialization::Serialize(response, static_cast<int>(LogicCommand::VERIFY_SIGNATURE));
Serialization::Serialize(response, commandId);
const std::string &password, // password for private_key
const RawBuffer &message,
const HashAlgorithm hash,
- const RSAPaddingAlgorithm padding,
- RawBuffer &signature);
+ const RSAPaddingAlgorithm padding);
RawBuffer verifySignature(
Credentials &cred,
Alias privateKeyAlias;
std::string password; // password for private_key
RawBuffer message;
- //HashAlgorithm hash;
- //RSAPaddingAlgorithm padding
int padding, hash;
- RawBuffer signature;
Deserialization::Deserialize(buffer, privateKeyAlias);
Deserialization::Deserialize(buffer, password);
Deserialization::Deserialize(buffer, message);
Deserialization::Deserialize(buffer, hash);
Deserialization::Deserialize(buffer, padding);
- Deserialization::Deserialize(buffer, signature);
return m_logic->createSignature(
cred,
password, // password for private_key
message,
static_cast<HashAlgorithm>(hash),
- static_cast<RSAPaddingAlgorithm>(padding),
- signature);
-
+ static_cast<RSAPaddingAlgorithm>(padding));
}
case LogicCommand::VERIFY_SIGNATURE:
{