projects / platform / core / security / key-manager.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c5c4f68)
Use new exception types in KeyProvider class. 49/41349/3
authorBartlomiej Grzelewski <b.grzelewski@samsung.com>
Fri, 12 Jun 2015 13:32:28 +0000 (15:32 +0200)
committerKrzysztof Jackiewicz <k.jackiewicz@samsung.com>
Fri, 26 Jun 2015 11:25:03 +0000 (04:25 -0700)
This commit also removed exception throw in object destructor.

Change-Id: I55f58bd5e63261632404557f60caa7f0af393714

src/manager/service/ckm-logic.cpp patch | blob | history
src/manager/service/key-provider.cpp patch | blob | history
src/manager/service/key-provider.h patch | blob | history
tests/main.cpp patch | blob | history
tests/test-key-provider.cpp patch | blob | history

diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp
index a2c3e45..7ec4213 100644 (file)
--- a/src/manager/service/ckm-logic.cpp
+++ b/src/manager/service/ckm-logic.cpp
@@ -162,12 +162,6 @@ int CKMLogic::unlockDatabase(uid_t user, const Password & password)
                 handle.database.deleteKey(appSmackLabel);
             }
         }
-    } catch (const KeyProvider::Exception::PassWordError &e) {
-        LogError("Incorrect Password " << e.GetMessage());
-        retCode = CKM_API_ERROR_AUTHENTICATION_FAILED;
-    } catch (const KeyProvider::Exception::Base &e) {
-        LogError("Error in KeyProvider " << e.GetMessage());
-        retCode = CKM_API_ERROR_SERVER_ERROR;
     } catch (const Exc::Exception &e) {
         retCode = e.error();
     } catch (const CKM::Exception &e) {
@@ -283,12 +277,6 @@ RawBuffer CKMLogic::changeUserPassword(
     try
     {
         retCode = changeUserPasswordHelper(user, oldPassword, newPassword);
-    } catch (const KeyProvider::Exception::PassWordError &e) {
-        LogError("Incorrect Password " << e.GetMessage());
-        retCode = CKM_API_ERROR_AUTHENTICATION_FAILED;
-    } catch (const KeyProvider::Exception::Base &e) {
-        LogError("Error in KeyProvider " << e.GetMessage());
-        retCode = CKM_API_ERROR_SERVER_ERROR;
     } catch (const Exc::Exception &e) {
         retCode = e.error();
     } catch (const CKM::Exception &e) {
@@ -500,9 +488,6 @@ int CKMLogic::verifyAndSaveDataHelper(
         {
             retCode = saveDataHelper(cred, name, label, dataType, binaryData, policy);
         }
-    } catch (const KeyProvider::Exception::Base &e) {
-        LogError("KeyProvider failed with message: " << e.GetMessage());
-        retCode = CKM_API_ERROR_SERVER_ERROR;
     } catch (const DB::Crypto::Exception::InternalError &e) {
         LogError("DB::Crypto failed with message: " << e.GetMessage());
         retCode = CKM_API_ERROR_DB_ERROR;
@@ -592,9 +577,8 @@ RawBuffer CKMLogic::savePKCS12(
     int retCode = CKM_API_ERROR_UNKNOWN;
     try {
         retCode = saveDataHelper(cred, name, label, pkcs, keyPolicy, certPolicy);
-    } catch (const KeyProvider::Exception::Base &e) {
-        LogError("KeyProvider failed with message: " << e.GetMessage());
-        retCode = CKM_API_ERROR_SERVER_ERROR;
+    } catch (const Exc::Exception &e) {
+        retCode = e.error();
     } catch (const DB::Crypto::Exception::InternalError &e) {
         LogError("DB::Crypto failed with message: " << e.GetMessage());
         retCode = CKM_API_ERROR_DB_ERROR;
@@ -876,9 +860,6 @@ RawBuffer CKMLogic::getData(
 
     try {
         retCode = readDataHelper(true, cred, dataType, name, label, password, row);
-    } catch (const KeyProvider::Exception::Base &e) {
-        LogError("KeyProvider failed with error: " << e.GetMessage());
-        retCode = CKM_API_ERROR_SERVER_ERROR;
     } catch (const DB::Crypto::Exception::Base &e) {
         LogError("DB::Crypto failed with message: " << e.GetMessage());
         retCode = CKM_API_ERROR_DB_ERROR;
@@ -964,10 +945,6 @@ RawBuffer CKMLogic::getPKCS12(
         // prepare response
         if(retCode == CKM_API_SUCCESS)
             output = PKCS12Serializable(privKey, cert, caChain);
-
-    } catch (const KeyProvider::Exception::Base &e) {
-        LogError("KeyProvider failed with error: " << e.GetMessage());
-        retCode = CKM_API_ERROR_SERVER_ERROR;
     } catch (const DB::Crypto::Exception::Base &e) {
         LogError("DB::Crypto failed with message: " << e.GetMessage());
         retCode = CKM_API_ERROR_DB_ERROR;
@@ -1470,9 +1447,6 @@ RawBuffer CKMLogic::createSignature(
         if(retCode == CKM_API_SUCCESS) {
             signature = m_decider.getStore(row).getKey(row)->sign(cryptoAlg, message);
         }
-    } catch (const KeyProvider::Exception::Base &e) {
-        LogError("KeyProvider failed with message: " << e.GetMessage());
-        retCode = CKM_API_ERROR_SERVER_ERROR;
     } catch (const DB::Crypto::Exception::Base &e) {
         LogError("DB::Crypto failed with message: " << e.GetMessage());
         retCode = CKM_API_ERROR_DB_ERROR;
@@ -1523,9 +1497,6 @@ RawBuffer CKMLogic::verifySignature(
         }
     } catch (const Exc::Exception &e) {
         retCode = e.error();
-    } catch (const KeyProvider::Exception::Base &e) {
-        LogError("KeyProvider failed with error: " << e.GetMessage());
-        retCode = CKM_API_ERROR_SERVER_ERROR;
     } catch (const DB::Crypto::Exception::Base &e) {
         LogError("DB::Crypto failed with message: " << e.GetMessage());
         retCode = CKM_API_ERROR_DB_ERROR;
diff --git a/src/manager/service/key-provider.cpp b/src/manager/service/key-provider.cpp
index 48db9c0..23ca201 100644 (file)
--- a/src/manager/service/key-provider.cpp
+++ b/src/manager/service/key-provider.cpp
@@ -1,3 +1,4 @@
+#include <exception.h>
 #include <key-provider.h>
 #include <dpl/log/log.h>
 
@@ -100,14 +101,11 @@ KeyAndInfoContainer::~KeyAndInfoContainer()
 {
     // overwrite key
     char *ptr = reinterpret_cast<char*>(keyAndInfo);
-    for (size_t size = 0; size < sizeof(KeyAndInfo); ++size)
-        ptr[size] = 0;
+    memset(ptr, 0, sizeof(KeyAndInfo));
     // verification
     for (size_t size = 0; size < sizeof(KeyAndInfo); ++size) {
-        if (0 != ptr[size]) {
-            delete keyAndInfo;
-            ThrowMsg(Exception::Base, "KeyAndInfo in KeyAndInfoContainer "
-                "was not destroyed!");
+        if (ptr[size]) {
+            LogError("Write momory error! Memory used by key was not owerwritten.");
         }
     }
     delete keyAndInfo;
@@ -127,12 +125,12 @@ KeyProvider::KeyProvider(
     , m_isInitialized(true)
 {
     if (!m_isInitialized) {
-        ThrowMsg(Exception::InitFailed, "Object not initialized!. Should not happened");
+        ThrowErr(Exc::InternalError, "Object not initialized!. Should not happened");
     }
     if (domainKEKInWrapForm.size() != sizeof(WrappedKeyAndInfo)) {
         LogError("input size:" << domainKEKInWrapForm.size()
             << " Expected: " << sizeof(WrappedKeyAndInfo));
-        ThrowMsg(Exception::InputParamError, "buffer doesn't have proper size to store WrappedKeyAndInfo in KeyProvider Constructor");
+        ThrowErr(Exc::InternalError, "buffer doesn't have proper size to store WrappedKeyAndInfo in KeyProvider Constructor");
     }
 
     WrappedKeyAndInfoContainer wkmcDKEK = WrappedKeyAndInfoContainer(domainKEKInWrapForm.data());
@@ -154,7 +152,7 @@ KeyProvider::KeyProvider(
         PKEK1)) {
 
         delete[] concat_user_pass;
-        ThrowMsg(Exception::OpensslEngineError, "OPENSSL_ENGINE_ERROR");
+        ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR");
     }
 
     delete[] concat_user_pass;
@@ -169,7 +167,7 @@ KeyProvider::KeyProvider(
         wkmcDKEK.getWrappedKeyAndInfo().keyInfo.iv,
         m_kmcDKEK->getKeyAndInfo().key))) {
 
-        ThrowMsg(Exception::PassWordError, "VerifyDomainKEK failed in KeyProvider Constructor");
+        ThrowErr(Exc::AuthenticationFailed, "VerifyDomainKEK failed in KeyProvider Constructor");
     }
 
     m_kmcDKEK->setKeyInfo(&(wkmcDKEK.getWrappedKeyAndInfo().keyInfo));
@@ -205,7 +203,7 @@ bool KeyProvider::isInitialized()
 RawBuffer KeyProvider::getPureDomainKEK()
 {
     if (!m_isInitialized) {
-        ThrowMsg(Exception::InitFailed, "Object not initialized!");
+        ThrowErr(Exc::InternalError, "Object not initialized!");
     }
 
     // TODO secure
@@ -215,7 +213,7 @@ RawBuffer KeyProvider::getPureDomainKEK()
 RawBuffer KeyProvider::getWrappedDomainKEK(const Password &password)
 {
     if (!m_isInitialized) {
-        ThrowMsg(Exception::InitFailed, "Object not initialized!");
+        ThrowErr(Exc::InternalError, "Object not initialized!");
     }
 
     WrappedKeyAndInfoContainer wkmcDKEK = WrappedKeyAndInfoContainer();
@@ -237,7 +235,7 @@ RawBuffer KeyProvider::getWrappedDomainKEK(const Password &password)
         PKEK1)) {
 
         delete[] concat_user_pass;
-        ThrowMsg(Exception::OpensslEngineError, "OPENSSL_ENGINE_ERROR");
+        ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR");
     }
 
     delete[] concat_user_pass;
@@ -254,7 +252,7 @@ RawBuffer KeyProvider::getWrappedDomainKEK(const Password &password)
         wkmcDKEK.getWrappedKeyAndInfo().wrappedKey,
         wkmcDKEK.getWrappedKeyAndInfo().keyInfo.tag))) {
 
-        ThrowMsg(Exception::InitFailed, "WrapDKEK Failed in KeyProvider::getDomainKEK");
+        ThrowErr(Exc::InternalError, "WrapDKEK Failed in KeyProvider::getDomainKEK");
     }
 
     wkmcDKEK.setKeyInfoKeyLength((unsigned int)wrappedKeyLength);
@@ -267,13 +265,13 @@ RawBuffer KeyProvider::getWrappedDomainKEK(const Password &password)
 RawBuffer KeyProvider::getPureDEK(const RawBuffer &DEKInWrapForm)
 {
     if (!m_isInitialized) {
-        ThrowMsg(Exception::InitFailed, "Object not initialized!");
+        ThrowErr(Exc::InternalError, "Object not initialized!");
     }
 
     if (DEKInWrapForm.size() != sizeof(WrappedKeyAndInfo)){
         LogError("input size:" << DEKInWrapForm.size()
                   << " Expected: " << sizeof(WrappedKeyAndInfo));
-        ThrowMsg(Exception::InputParamError,
+        ThrowErr(Exc::InternalError,
                 "buffer doesn't have proper size to store "
                 "WrappedKeyAndInfo in KeyProvider::getPureDEK");
     }
@@ -293,7 +291,7 @@ RawBuffer KeyProvider::getPureDEK(const RawBuffer &DEKInWrapForm)
         MAX_KEY_SIZE,
         PKEK2)) {
 
-        ThrowMsg(Exception::OpensslEngineError, "OPENSSL_ENGINE_ERROR");
+        ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR");
     }
 
     if (0 > (keyLength = decryptAes256Gcm(
@@ -304,7 +302,7 @@ RawBuffer KeyProvider::getPureDEK(const RawBuffer &DEKInWrapForm)
         wkmcDEK.getWrappedKeyAndInfo().keyInfo.iv,
         kmcDEK.getKeyAndInfo().key))) {
 
-        ThrowMsg(Exception::UnwrapFailed,
+        ThrowErr(Exc::InternalError,
             "UnwrapDEK Failed in KeyProvider::getPureDEK");
     }
 
@@ -319,8 +317,7 @@ RawBuffer KeyProvider::getPureDEK(const RawBuffer &DEKInWrapForm)
 RawBuffer KeyProvider::generateDEK(const std::string &smackLabel)
 {
     if (!m_isInitialized) {
-        ThrowMsg(Exception::InitFailed,
-                "Object not initialized!");
+        ThrowErr(Exc::InternalError, "Object not initialized!");
     }
 
     WrappedKeyAndInfoContainer wkmcDEK = WrappedKeyAndInfoContainer();
@@ -336,7 +333,7 @@ RawBuffer KeyProvider::generateDEK(const std::string &smackLabel)
     if (!RAND_bytes(key, m_kmcDKEK->getKeyAndInfo().keyInfo.keyLength) ||
         !RAND_bytes(wkmcDEK.getWrappedKeyAndInfo().keyInfo.iv, MAX_IV_SIZE)) {
 
-        ThrowMsg(Exception::OpensslEngineError, "OPENSSL_ENGINE_ERROR");
+        ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR");
     }
 
     if (!PKCS5_PBKDF2_HMAC_SHA1(
@@ -348,7 +345,7 @@ RawBuffer KeyProvider::generateDEK(const std::string &smackLabel)
         MAX_KEY_SIZE,
         PKEK2)) {
 
-        ThrowMsg(Exception::OpensslEngineError, "OPENSSL_ENGINE_ERROR");
+        ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR");
     }
 
     int wrappedKeyLength;
@@ -361,8 +358,7 @@ RawBuffer KeyProvider::generateDEK(const std::string &smackLabel)
         wkmcDEK.getWrappedKeyAndInfo().wrappedKey,
         wkmcDEK.getWrappedKeyAndInfo().keyInfo.tag))) {
 
-        ThrowMsg(Exception::GenFailed,
-            "GenerateDEK Failed in KeyProvider::generateDEK");
+        ThrowErr(Exc::InternalError, "GenerateDEK Failed in KeyProvider::generateDEK");
     }
 
     wkmcDEK.setKeyInfoKeyLength((unsigned int)wrappedKeyLength);
@@ -381,7 +377,7 @@ RawBuffer KeyProvider::reencrypt(
     if (domainKEKInWrapForm.size() != sizeof(WrappedKeyAndInfo)) {
         LogError("input size:" << domainKEKInWrapForm.size()
                   << " Expected: " << sizeof(WrappedKeyAndInfo));
-        ThrowMsg(Exception::InputParamError,
+        ThrowErr(Exc::InternalError,
                 "buffer doesn't have proper size to store "
                 "WrappedKeyAndInfo in KeyProvider::reencrypt");
     }
@@ -409,7 +405,7 @@ RawBuffer KeyProvider::reencrypt(
         PKEK1)) {
 
         delete[] concat_user_pass;
-        ThrowMsg(Exception::OpensslEngineError, "OPENSSL_ENGINE_ERROR");
+        ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR");
     }
     delete[] concat_user_pass;
 
@@ -421,8 +417,7 @@ RawBuffer KeyProvider::reencrypt(
         wkmcOldDKEK.getWrappedKeyAndInfo().keyInfo.iv,
         kmcDKEK.getKeyAndInfo().key))) {
 
-        ThrowMsg(Exception::PassWordError,
-            "Incorrect Old Password ");
+        ThrowErr(Exc::AuthenticationFailed, "Incorrect Old Password ");
     }
 
     kmcDKEK.setKeyInfo(&(wkmcOldDKEK.getWrappedKeyAndInfo().keyInfo));
@@ -442,7 +437,7 @@ RawBuffer KeyProvider::reencrypt(
         PKEK1)) {
 
         delete[] concat_user_pass;
-        ThrowMsg(Exception::OpensslEngineError, "OPENSSL_ENGINE_ERROR");
+        ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR");
     }
 
     delete[] concat_user_pass;
@@ -458,8 +453,7 @@ RawBuffer KeyProvider::reencrypt(
         wkmcNewDKEK.getWrappedKeyAndInfo().wrappedKey,
         wkmcNewDKEK.getWrappedKeyAndInfo().keyInfo.tag))) {
 
-        ThrowMsg(Exception::UnwrapFailed,
-            "UpdateDomainKEK in KeyProvider::reencrypt Failed");
+        ThrowErr(Exc::InternalError, "UpdateDomainKEK in KeyProvider::reencrypt Failed");
     }
 
     wkmcNewDKEK.setKeyInfoKeyLength((unsigned int)wrappedKeyLength);
@@ -479,7 +473,7 @@ RawBuffer KeyProvider::generateDomainKEK(
     if (!RAND_bytes(wkmcDKEK.getWrappedKeyAndInfo().keyInfo.salt, MAX_SALT_SIZE) ||
         !RAND_bytes(key, MAX_KEY_SIZE) ||
         !RAND_bytes(wkmcDKEK.getWrappedKeyAndInfo().keyInfo.iv, MAX_IV_SIZE))
-        ThrowMsg(Exception::OpensslEngineError, "OPENSSL_ENGINE_ERROR");
+        ThrowErr(Exc::InternalError, "OPENSSL_ENGINE_ERROR");
 
     int wrappedKeyLength;
     char *concat_user_pass = NULL;
@@ -494,7 +488,7 @@ RawBuffer KeyProvider::generateDomainKEK(
         PKEK1)) {
 
         delete[] concat_user_pass;
-        ThrowMsg(Exception::OpensslEngineError, "OPENSSL_ENGINED_ERROR");
+        ThrowErr(Exc::InternalError, "OPENSSL_ENGINED_ERROR");
     }
 
     delete[] concat_user_pass;
@@ -507,7 +501,7 @@ RawBuffer KeyProvider::generateDomainKEK(
         wkmcDKEK.getWrappedKeyAndInfo().wrappedKey,
         wkmcDKEK.getWrappedKeyAndInfo().keyInfo.tag))) {
 
-        ThrowMsg(Exception::GenFailed,
+        ThrowErr(Exc::InternalError,
             "GenerateDomainKEK Failed in KeyProvider::generateDomainKEK");
     }
 
diff --git a/src/manager/service/key-provider.h b/src/manager/service/key-provider.h
index a386652..918a622 100644 (file)
--- a/src/manager/service/key-provider.h
+++ b/src/manager/service/key-provider.h
@@ -9,7 +9,6 @@
 #include <memory>
 
 #include <ckm/ckm-type.h>
-#include <dpl/exception.h>
 
 #ifndef SUCCESS
 #define SUCCESS               0
@@ -82,10 +81,6 @@ private:
 
 class KeyAndInfoContainer{
 public:
-    class Exception{
-    public:
-        DECLARE_EXCEPTION_TYPE(CKM::Exception, Base)
-    };
     KeyAndInfoContainer();
     KeyAndInfoContainer(const unsigned char*);
     KeyAndInfo& getKeyAndInfo();
@@ -100,18 +95,6 @@ private:
 // This is internal api so all functions should throw exception on errors.
 class KeyProvider {
 public:
-    class Exception {
-    public:
-        DECLARE_EXCEPTION_TYPE(CKM::Exception, Base)
-        DECLARE_EXCEPTION_TYPE(Base, InitFailed)
-        DECLARE_EXCEPTION_TYPE(Base, GenFailed)
-        DECLARE_EXCEPTION_TYPE(Base, WrapFailed)
-        DECLARE_EXCEPTION_TYPE(Base, UnwrapFailed)
-        DECLARE_EXCEPTION_TYPE(Base, PassWordError)
-        DECLARE_EXCEPTION_TYPE(Base, InputParamError)
-        DECLARE_EXCEPTION_TYPE(Base, OpensslEngineError)
-    };
-
     // To store in std containers
     KeyProvider();
     // In constructor you must check if SKMM is initialized. On error -> exception
diff --git a/tests/main.cpp b/tests/main.cpp
index 0a47fd8..efaf1be 100644 (file)
--- a/tests/main.cpp
+++ b/tests/main.cpp
@@ -28,6 +28,8 @@
 #include <dpl/log/log.h>
 #include <log-setup.h>
 
+#include <exception.h>
+
 struct TestConfig {
     TestConfig() {
         boost::unit_test::unit_test_log.set_threshold_level( boost::unit_test::log_test_units);
@@ -42,17 +44,17 @@ bool isLibInitialized = false;
 
 struct KeyProviderLib {
     KeyProviderLib() {
-        Try {
+        try {
             CKM::KeyProvider::initializeLibrary();
             isLibInitialized = true;
-        }
-        Catch (CKM::Exception) {
+        } catch (const CKM::Exc::Exception &) {
             std::cout << "Library initialization failed!" << std::endl;
         }
     }
     ~KeyProviderLib() {
-        Try { CKM::KeyProvider::closeLibrary(); }
-        Catch (CKM::Exception) {
+        try {
+            CKM::KeyProvider::closeLibrary();
+        } catch (const CKM::Exc::Exception &) {
             std::cout << "Library deinitialization failed!" << std::endl;
         }
     }
diff --git a/tests/test-key-provider.cpp b/tests/test-key-provider.cpp
index 433e8ec..92f7e07 100644 (file)
--- a/tests/test-key-provider.cpp
+++ b/tests/test-key-provider.cpp
@@ -1,5 +1,6 @@
 #define BOOST_TEST_MODULE KEY_MANAGER_TEST
 #include <boost/test/unit_test.hpp>
+#include <exception.h>
 #include <key-provider.h>
 #include <test_common.h>
 #include <iostream>
@@ -36,7 +37,7 @@ BOOST_AUTO_TEST_CASE(KeyDomainKekInvalidPassword){
     BOOST_REQUIRE_NO_THROW(rb_test =
             CKM::KeyProvider::generateDomainKEK(USERNAME_LONG, PASSWORD));
     BOOST_REQUIRE_THROW(keyProvider = CKM::KeyProvider(rb_test, INCORRECT_PASSWORD),
-            CKM::KeyProvider::Exception::PassWordError);
+            CKM::Exc::AuthenticationFailed);
     BOOST_REQUIRE_MESSAGE(!keyProvider.isInitialized(),
             "KeyProvider not created, but initialized");
 }
@@ -114,7 +115,7 @@ BOOST_AUTO_TEST_CASE(KeyReencrypt_incorrect_password){
     BOOST_REQUIRE_NO_THROW(rb_test =
             CKM::KeyProvider::generateDomainKEK(USERNAME_LONG, PASSWORD));
     BOOST_REQUIRE_THROW((rb_test = CKM::KeyProvider::reencrypt(rb_test, INCORRECT_PASSWORD,
-            NEW_PASSWORD)), CKM::KeyProvider::Exception::PassWordError);
+            NEW_PASSWORD)), CKM::Exc::AuthenticationFailed);
 }
 
 BOOST_AUTO_TEST_CASE(KeyGetPureDEK_after_reencrypt){
Domain: Security / Utilities;