#include <generic-key.h>
#include <CryptoService.h>
#include <key-manager-util.h>
-
+#include <assert.h>
#include <dpl/log/log.h>
#define OPENSSL_SUCCESS 1 // DO NOTCHANGE THIS VALUE
}
int CryptoService::initialize() {
- int mode, ret, rc;
+ int mode = 0;
+ int rc = 0;
+ int hw_ret = 0, u_ret = 0;
// try to initialize using ERR_load_crypto_strings and OpenSSL_add_all_algorithms
ERR_load_crypto_strings();
// turn on FIPS_mode
mode = FIPS_mode();
- if(mode == 0)
- {
+ if(mode == 0) {
rc = FIPS_mode_set(1);
if(rc == 0) {
- return CKM_CRYPTO_INIT_ERROR;
+ LogError("Error in FIPS_mode_set function");
+ ThrowMsg(Exception::Base, "Error in FIPS_mode_set function");
}
-
- return CKM_CRYPTO_INIT_ERROR;
}
// initialize entropy
- ret = RAND_load_file(DEV_RANDOM_FILE, 32);
+ hw_ret = RAND_load_file(DEV_HW_RANDOM_FILE, 32);
- if(ret != 32) {
- return CKM_CRYPTO_INIT_ERROR;
+ if(hw_ret != 32) {
+ u_ret= RAND_load_file(DEV_URANDOM_FILE, 32);
+ if(u_ret != 32) {
+ LogError("Error in RAND_load_file function");
+ ThrowMsg(Exception::Base, "Error in RAND_load_file function");
+ }
}
return CKM_CRYPTO_INIT_SUCCESS;
#pragma once
#include <iostream>
-
#include <generic-key.h>
#include <certificate-impl.h>
#include <ckm/ckm-type.h>
#include <openssl/rand.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
+#include <dpl/exception.h>
-#define DEV_RANDOM_FILE "/dev/random"
+#define DEV_HW_RANDOM_FILE "/dev/hwrng"
+#define DEV_URANDOM_FILE "/dev/urandom"
#define EVP_SUCCESS 1 // DO NOTCHANGE THIS VALUE
#define EVP_FAIL 0 // DO NOTCHANGE THIS VALUE
CryptoService();
virtual ~CryptoService();
+ class Exception {
+ public:
+ DECLARE_EXCEPTION_TYPE(CKM::Exception, Base)
+ };
+
// During initialization, FIPS_MODE and the antropy source are set.
// And system certificates are loaded in the memory during initialization.
// FIPS_MODE - ON, OFF(Default)