class Key {
public:
Key();
- Key(const RawBuffer &rawData, KeyType type, const std::string &password = std::string()); // Import key
+ Key(const RawBuffer &rawData,
+ const std::string &password = std::string(),
+ KeyType type = KeyType::KEY_NONE); // Import key
Key(const Key &key);
Key& operator=(const Key &key);
virtual ~Key();
${COMMON_PATH}/common/message-buffer.cpp
${COMMON_PATH}/common/smack-check.cpp
${COMMON_PATH}/common/certificate-impl.cpp
+ ${COMMON_PATH}/common/generic-key.cpp
${COMMON_PATH}/dpl/log/src/abstract_log_provider.cpp
${COMMON_PATH}/dpl/log/src/dlog_log_provider.cpp
${COMMON_PATH}/dpl/log/src/log.cpp
#include <dpl/log/log.h>
-#include <key-rsa.h>
+#include <generic-key.h>
namespace CKM {
Key::Key(
const RawBuffer &rawData,
- KeyType type,
- const std::string &password)
+ const std::string &password,
+ KeyType type)
{
- switch (type) {
- case KeyType::KEY_RSA_PRIVATE:
- m_impl.reset(new KeyRSAPrivate(rawData, password));
- break;
- case KeyType::KEY_RSA_PUBLIC:
- m_impl.reset(new KeyRSAPublic(rawData, password));
- break;
- default:
- LogError("Key Type not implemented");
- }
+ (void)type;
+ m_impl.reset(new GenericKey(rawData, password));
}
Key::Key(const Key &second) {
* @brief Manager implementation.
*/
#include <dpl/serialization.h>
+#include <dpl/log/log.h>
#include <client-manager-impl.h>
#include <client-common.h>
if (retCode != KEY_MANAGER_API_SUCCESS)
return retCode;
- Key keyParsed(rawData, toKeyType(recvDataType));
+ Key keyParsed(rawData);
- if (keyParsed.empty())
+ if (keyParsed.empty()) {
+ LogDebug("Key empty - failed to parse!");
return KEY_MANAGER_API_ERROR_BAD_RESPONSE;
+ }
key = keyParsed;
--- /dev/null
+/* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ *
+ * @file generic-key.cpp
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief Key implementation.
+ */
+#include <string.h>
+
+#include <functional>
+#include <memory>
+#include <sstream>
+#include <ios>
+
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include <openssl/x509.h>
+
+#include <dpl/log/log.h>
+
+#include <ckm/ckm-type.h>
+#include <generic-key.h>
+
+namespace CKM {
+namespace {
+
+//void printDER(const RawBuffer &key) {
+// std::stringstream ss;
+// for (auto &e : key) {
+// ss << std::hex << " " << (int)e;
+// }
+// ss << std::dec;
+// LogError(ss.str());
+//}
+
+typedef std::unique_ptr<BIO, std::function<void(BIO*)>> BioUniquePtr;
+
+int passcb(char *buff, int size, int rwflag, void *userdata) {
+ (void) rwflag;
+ std::string *ptr = static_cast<std::string*>(userdata);
+ if (ptr == NULL)
+ return 0;
+ if (ptr->empty())
+ return 0;
+ if (static_cast<int>(ptr->size()) > size)
+ return 0;
+ memcpy(buff, ptr->c_str(), ptr->size());
+ return ptr->size();
+}
+
+typedef int(*I2D_CONV)(BIO*, EVP_PKEY*);
+
+CKM::RawBuffer i2d(I2D_CONV fun, EVP_PKEY* pkey) {
+ BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all);
+
+ if (NULL == pkey) {
+ LogDebug("You are trying to read empty key!");
+ return RawBuffer();
+ }
+
+ if (NULL == bio.get()) {
+ LogError("Error in memory allocation! Function: BIO_new.");
+ return RawBuffer();
+ }
+
+ if (1 != fun(bio.get(), pkey)) {
+ LogError("Error in conversion EVP_PKEY to der");
+ return RawBuffer();
+ }
+
+ CKM::RawBuffer output(8196);
+
+ int size = BIO_read(bio.get(), output.data(), output.size());
+
+ if (size <= 0) {
+ LogError("Error in BIO_read: " << size);
+ return RawBuffer();
+ }
+
+ output.resize(size);
+ return output;
+}
+
+} // anonymous namespace
+
+GenericKey::GenericKey()
+ : m_pkey(NULL, EVP_PKEY_free)
+ , m_type(KeyType::KEY_NONE)
+{}
+
+GenericKey::GenericKey(const GenericKey &second) {
+ m_pkey = second.m_pkey;
+ m_type = second.m_type;
+}
+
+GenericKey::GenericKey(const RawBuffer &buf, const std::string &pass)
+ : m_pkey(NULL, EVP_PKEY_free)
+ , m_type(KeyType::KEY_NONE)
+{
+ bool isPrivate = false;
+ EVP_PKEY *pkey = NULL;
+ BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all);
+
+ LogDebug("Start to parse key:");
+// printDER(buf);
+
+ if (buf[0] != '-') {
+ BIO_write(bio.get(), buf.data(), buf.size());
+ pkey = d2i_PUBKEY_bio(bio.get(), NULL);
+ isPrivate = false;
+ LogDebug("Trying d2i_PUBKEY_bio Status: " << (void*)pkey);
+ }
+
+ if (!pkey && buf[0] != '-') {
+ BIO_reset(bio.get());
+ BIO_write(bio.get(), buf.data(), buf.size());
+ pkey = d2i_PrivateKey_bio(bio.get(), NULL);
+ isPrivate = true;
+ LogDebug("Trying d2i_PrivateKey_bio Status: " << (void*)pkey);
+ }
+
+ if (!pkey && buf[0] == '-') {
+ BIO_reset(bio.get());
+ BIO_write(bio.get(), buf.data(), buf.size());
+ pkey = PEM_read_bio_PUBKEY(bio.get(), NULL, passcb, const_cast<std::string*>(&pass));
+ isPrivate = false;
+ LogDebug("PEM_read_bio_PUBKEY Status: " << (void*)pkey);
+ }
+
+ if (!pkey && buf[0] == '-') {
+ BIO_reset(bio.get());
+ BIO_write(bio.get(), buf.data(), buf.size());
+ pkey = PEM_read_bio_PrivateKey(bio.get(), NULL, passcb, const_cast<std::string*>(&pass));
+ isPrivate = true;
+ LogDebug("PEM_read_bio_PrivateKey Status: " << (void*)pkey);
+ }
+
+ if (!pkey) {
+ LogError("Failed to parse key");
+ return;
+ }
+
+ m_pkey.reset(pkey, EVP_PKEY_free);
+
+ int type = EVP_PKEY_type(pkey->type);
+
+ if (type == EVP_PKEY_RSA) {
+ m_type = isPrivate ? KeyType::KEY_RSA_PRIVATE : KeyType::KEY_RSA_PUBLIC;
+ }
+
+ if (type == EVP_PKEY_EC) {
+ m_type = isPrivate ? KeyType::KEY_ECDSA_PRIVATE : KeyType::KEY_ECDSA_PUBLIC;
+ }
+ LogDebug("KeyType is: " << (int)m_type << " isPrivate: " << isPrivate);
+}
+
+GenericKey::GenericKey(EvpShPtr pkey, KeyType type)
+ : m_pkey(pkey)
+ , m_type(type)
+{
+ if (type == KeyType::KEY_RSA_PRIVATE || type == KeyType::KEY_RSA_PUBLIC)
+ if (EVP_PKEY_RSA != EVP_PKEY_type(pkey->type)) {
+ m_pkey.reset();
+ m_type = KeyType::KEY_NONE;
+ }
+ if (type == KeyType::KEY_ECDSA_PRIVATE || type == KeyType::KEY_ECDSA_PUBLIC)
+ if (EVP_PKEY_EC != EVP_PKEY_type(pkey->type)) {
+ m_pkey.reset();
+ m_type = KeyType::KEY_NONE;
+ }
+}
+
+bool GenericKey::empty() const {
+ return m_pkey.get() == NULL;
+}
+
+GenericKey::EvpShPtr GenericKey::getEvpShPtr() const {
+ return m_pkey;
+}
+
+KeyType GenericKey::getType() const {
+ return m_type;
+}
+
+RawBuffer GenericKey::getDERPRV() const {
+ return i2d(i2d_PrivateKey_bio, m_pkey.get());
+}
+
+RawBuffer GenericKey::getDERPUB() const {
+ return i2d(i2d_PUBKEY_bio, m_pkey.get());
+}
+
+RawBuffer GenericKey::getDER() const {
+ if (m_type == KeyType::KEY_ECDSA_PRIVATE || m_type == KeyType::KEY_RSA_PRIVATE) {
+ return getDERPRV();
+ } else if (m_type == KeyType::KEY_RSA_PUBLIC || m_type == KeyType::KEY_ECDSA_PUBLIC) {
+ return getDERPUB();
+ }
+ return RawBuffer();
+
+// RawBuffer output;
+// if (m_type == KeyType::KEY_ECDSA_PRIVATE || m_type == KeyType::KEY_RSA_PRIVATE) {
+// output = getDERPRV();
+// } else if (m_type == KeyType::KEY_RSA_PUBLIC || m_type == KeyType::KEY_ECDSA_PUBLIC) {
+// output = getDERPUB();
+// }
+// LogError("Key::getDER");
+// printDER(output);
+// return output;
+}
+
+} // namespace CKM
+
*/
#pragma once
+#include <memory>
+
#include <ckm/ckm-type.h>
+#include <openssl/evp.h>
namespace CKM {
class GenericKey {
public:
- virtual KeyType getType() const = 0;
- virtual RawBuffer getDER() const = 0;
- virtual EVP_PKEY* getEVPKEY() const = 0;
+ typedef std::shared_ptr<EVP_PKEY> EvpShPtr;
+
+ GenericKey();
+ GenericKey(const GenericKey &second);
+ GenericKey(const RawBuffer& buffer, const std::string &pass);
+ GenericKey(EvpShPtr pkey, KeyType type);
+
+ virtual KeyType getType() const;
+ virtual RawBuffer getDER() const;
+ virtual RawBuffer getDERPUB() const;
+ virtual RawBuffer getDERPRV() const;
+ virtual EvpShPtr getEvpShPtr() const;
- virtual bool empty() const = 0;
+ virtual bool empty() const;
virtual ~GenericKey(){}
+protected:
+ EvpShPtr m_pkey;
+ KeyType m_type;
};
} // namespace CKM
+++ /dev/null
-#pragma once
-
-#include <memory>
-
-#include <openssl/pem.h>
-#include <openssl/rsa.h>
-#include <openssl/bio.h>
-
-#include <generic-key.h>
-
-namespace CKM {
-
-class KeyECDSA : public GenericKey {
-public:
- KeyECDSA()
- : m_ecdsa(NULL)
- {}
-
- KeyECDSA(void *ecdsa)
- : m_ecdsa(ecdsa)
- {}
-
- virtual bool empty() const {
- return m_ecdsa == NULL;
- }
-
- virtual ~KeyECDSA() {
- free(m_ecdsa);
- }
-
- EVP_PKEY *getEVPKEY() const {
- return NULL;
- }
-
-protected:
- void *m_ecdsa;
-};
-
-
-class KeyECDSAPublic : public KeyECDSA {
-public:
- KeyECDSAPublic(){}
-
- KeyECDSAPublic(void *ecdsa)
- : KeyECDSA(ecdsa)
- {}
-
- KeyECDSAPublic(const RawBuffer &data, const std::string &password)
- {
- (void) data;
- (void) password;
- }
-
- KeyECDSAPublic(const KeyECDSAPublic &second)
- : KeyECDSA(second.m_ecdsa)
- {}
-
- KeyECDSAPublic(KeyECDSAPublic &&second) {
- (void) second;
- }
-
- KeyECDSAPublic& operator=(const KeyECDSAPublic &second) {
- (void) second;
- return *this;
- }
-
- KeyECDSAPublic& operator=(KeyECDSAPublic &&second) {
- (void) second;
- return *this;
- }
-
- virtual RawBuffer getDER() const {
- return RawBuffer();
- }
-
- virtual KeyType getType() const {
- return KeyType::KEY_ECDSA_PUBLIC;
- }
-};
-
-class KeyECDSAPrivate : public KeyECDSA {
-public:
- KeyECDSAPrivate(){}
-
- KeyECDSAPrivate(void *ecdsa)
- : KeyECDSA(ecdsa)
- {}
-
- KeyECDSAPrivate(const KeyECDSAPrivate &second)
- : KeyECDSA(second.m_ecdsa)
- {}
-
- KeyECDSAPrivate(KeyECDSAPrivate &&second) {
- (void) second;
- }
-
- KeyECDSAPrivate(const RawBuffer &data, const std::string &password)
- {
- (void) data;
- (void) password;
- }
-
- KeyECDSAPrivate& operator=(const KeyECDSAPrivate &second) {
- (void) second;
- return *this;
- }
-
- KeyECDSAPrivate& operator=(KeyECDSAPrivate &&second) {
- (void) second;
- return *this;
- }
-
- virtual RawBuffer getDER() const {
- return RawBuffer();
- }
-
- virtual KeyType getType() const {
- return KeyType::KEY_ECDSA_PRIVATE;
- }
-
-};
-
-} // namespace CKM
-
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Bumjin Im <bj.im@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- *
- *
- * @file key-rsa.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief Implementation of keys.
- */
-
-// TODO move function definition from header
-
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Bumjin Im <bj.im@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- *
- *
- * @file key-rsa.h
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief Implementation of keys.
- */
-#pragma once
-
-#include <memory>
-
-#include <openssl/pem.h>
-#include <openssl/rsa.h>
-#include <openssl/bio.h>
-
-#include <generic-key.h>
-
-namespace {
-
-const char PEM_FIRST_CHAR = '-';
-typedef std::unique_ptr<BIO, std::function<void(BIO*)>> BioUniquePtr;
-
-} // namespace anonymous
-
-namespace CKM {
-
-class KeyRSA : public GenericKey {
-public:
- typedef int(*I2D_FUNCTION_PTR)(BIO*, RSA*);
-
- static RSA* RSA_dup(RSA *rsa) {
- if (rsa)
- RSA_up_ref(rsa);
- return rsa;
- }
-
- KeyRSA(RSA *rsa)
- : m_rsa(RSA_dup(rsa))
- {}
-
- KeyRSA()
- : m_rsa(NULL)
- {}
-
- virtual bool empty() const {
- return m_rsa == NULL;
- }
-
- virtual ~KeyRSA() {
- RSA_free(m_rsa);
- }
-
- virtual RawBuffer extractDER(I2D_FUNCTION_PTR ptr) const {
- if (NULL == m_rsa)
- return RawBuffer();
-
- BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all);
-
- if (NULL == bio.get())
- return RawBuffer();
-
- if (0 == ptr(bio.get(), m_rsa))
- return RawBuffer();
-
- RawBuffer out(8192);
-
- int ret = BIO_read(bio.get(), out.data(), out.size());
- if (ret <= 0) {
- return RawBuffer();
- }
-
- out.resize(ret);
- return out;
- }
-
- EVP_PKEY *getEVPKEY() const {
- if (m_rsa == NULL)
- return NULL;
- EVP_PKEY *pkey = EVP_PKEY_new();
- EVP_PKEY_assign_RSA(pkey, m_rsa);
- return pkey;
- }
-
- RSA *getRSA() {
- return m_rsa;
- }
-
-protected:
- RSA *m_rsa;
-};
-
-
-class KeyRSAPublic : public KeyRSA {
-public:
- KeyRSAPublic(){}
-
- KeyRSAPublic(RSA *rsa)
- : KeyRSA(rsa)
- {}
-
- KeyRSAPublic(const RawBuffer &data, const std::string &password)
- {
- char *pass = NULL;
- std::string passtmp(password);
-
- if (!passtmp.empty()) {
- pass = const_cast<char*>(passtmp.c_str());
- }
-
- if (data[0] == PEM_FIRST_CHAR) {
- BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all);
- if (NULL == bio.get())
- return;
- BIO_write(bio.get(), data.data(), data.size());
- m_rsa = PEM_read_bio_RSA_PUBKEY(bio.get(), NULL, NULL, pass);
- } else {
- // First we will try to read der file
- const unsigned char *p = static_cast<const unsigned char*>(data.data());
- m_rsa = d2i_RSA_PUBKEY(NULL, &p, data.size());
- if (m_rsa == NULL) {
- // This is internal der format used by openssl?
- BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all);
- BIO_write(bio.get(), data.data(), data.size());
- m_rsa = d2i_RSAPublicKey_bio(bio.get(), NULL);
- }
- }
- }
-
- KeyRSAPublic(const KeyRSAPublic &second)
- : KeyRSA(second.m_rsa)
- {}
-
- KeyRSAPublic(KeyRSAPublic &&second) {
- m_rsa = second.m_rsa;
- second.m_rsa = NULL;
- }
-
- KeyRSAPublic& operator=(const KeyRSAPublic &second) {
- if (this == &second)
- return *this;
- RSA_free(m_rsa);
- m_rsa = RSA_dup(second.m_rsa);
- return *this;
- }
-
- KeyRSAPublic& operator=(KeyRSAPublic &&second) {
- if (this == &second)
- return *this;
- m_rsa = second.m_rsa;
- second.m_rsa = NULL;
- return *this;
- }
-
- virtual RawBuffer getDER() const {
- return extractDER(i2d_RSAPublicKey_bio);
- }
-
- virtual KeyType getType() const {
- return KeyType::KEY_RSA_PUBLIC;
- }
-};
-
-class KeyRSAPrivate : public KeyRSA {
-public:
- KeyRSAPrivate(){}
-
- KeyRSAPrivate(RSA *rsa)
- : KeyRSA(rsa)
- {}
-
- KeyRSAPrivate(const KeyRSAPrivate &second)
- : KeyRSA(second.m_rsa)
- {}
-
- KeyRSAPrivate(KeyRSAPrivate &&second) {
- m_rsa = second.m_rsa;
- second.m_rsa = NULL;
- }
-
- KeyRSAPrivate(const RawBuffer &data, const std::string &password)
- {
- char *pass = NULL;
- std::string passtmp(password);
-
- if (!passtmp.empty()) {
- pass = const_cast<char*>(passtmp.c_str());
- }
-
- if (data[0] == PEM_FIRST_CHAR) {
- BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all);
- if (NULL == bio.get())
- return;
- BIO_write(bio.get(), data.data(), data.size());
- m_rsa = PEM_read_bio_RSAPrivateKey(bio.get(), NULL, NULL, pass);
- } else {
- BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all);
- if (NULL == bio.get())
- return;
- BIO_write(bio.get(), data.data(), data.size());
- m_rsa = d2i_RSAPrivateKey_bio(bio.get(), NULL);
- }
- }
-
- KeyRSAPrivate& operator=(const KeyRSAPrivate &second) {
- if (this == &second)
- return *this;
- RSA_free(m_rsa);
- m_rsa = RSA_dup(second.m_rsa);
- return *this;
- }
-
- KeyRSAPrivate& operator=(KeyRSAPrivate &&second) {
- if (this == &second)
- return *this;
- RSA_free(m_rsa);
- m_rsa = second.m_rsa;
- second.m_rsa = NULL;
- return *this;
- }
-
- virtual RawBuffer getDER() const {
- return extractDER(i2d_RSAPrivateKey_bio);
- }
-
- virtual KeyType getType() const {
- return KeyType::KEY_RSA_PRIVATE;
- }
-
-};
-
-} // namespace CKM
-
switch(dbtype) {
case DBDataType::KEY_RSA_PUBLIC: return KeyType::KEY_RSA_PUBLIC;
case DBDataType::KEY_RSA_PRIVATE: return KeyType::KEY_RSA_PRIVATE;
+ case DBDataType::KEY_ECDSA_PRIVATE: return KeyType::KEY_ECDSA_PRIVATE;
+ case DBDataType::KEY_ECDSA_PUBLIC: return KeyType::KEY_ECDSA_PUBLIC;
default:
// TODO
throw 1;
#include <openssl/x509v3.h>
#include <openssl/obj_mac.h>
#include <ckm/ckm-type.h>
-#include <key-rsa.h>
-#include <key-ecdsa.h>
+#include <generic-key.h>
#include <CryptoService.h>
#include <key-manager-util.h>
}
int CryptoService::createKeyPairRSA(const int size, // size in bits [1024, 2048, 4096]
- KeyRSAPrivate &createdPrivateKey, // returned value
- KeyRSAPublic &createdPublicKey) // returned value
+ GenericKey &createdPrivateKey, // returned value
+ GenericKey &createdPublicKey) // returned value
{
EVP_PKEY_CTX *ctx = NULL;
EVP_PKEY *pkey = NULL;
LogDebug("Generating RSA key pair end.");
- // convert to rsa key
- RSA *rsa_key = EVP_PKEY_get1_RSA(pkey);
+ GenericKey::EvpShPtr ptr(pkey, EVP_PKEY_free); // shared ptr will free pkey
- createdPrivateKey = KeyRSAPrivate(rsa_key);
- createdPublicKey = KeyRSAPublic(rsa_key);
+ createdPrivateKey = GenericKey(ptr, KeyType::KEY_RSA_PRIVATE);
+ createdPublicKey = GenericKey(ptr, KeyType::KEY_RSA_PUBLIC);
- if(pkey)
- EVP_PKEY_free(pkey);
if(ctx)
EVP_PKEY_CTX_free(ctx);
}
int CryptoService::createKeyPairECDSA(ElipticCurve type,
- KeyECDSAPrivate &createdPrivateKey, // returned value
- KeyECDSAPublic &createdPublicKey) // returned value
+ GenericKey &createdPrivateKey, // returned value
+ GenericKey &createdPublicKey) // returned value
{
int ecCurve = -1;
EVP_PKEY_CTX *pctx = NULL;
if(kctx) EVP_PKEY_CTX_free(kctx);
}
- // convert to rsa key
- EC_KEY *ec_key = EVP_PKEY_get1_EC_KEY(pkey);
+ GenericKey::EvpShPtr ptr(pkey, EVP_PKEY_free); // shared ptr will free pkey
- createdPrivateKey = KeyECDSAPrivate(ec_key);
- createdPublicKey = KeyECDSAPublic(ec_key);
+ createdPrivateKey = GenericKey(ptr, KeyType::KEY_ECDSA_PRIVATE);
+ createdPublicKey = GenericKey(ptr, KeyType::KEY_ECDSA_PUBLIC);
- if(pkey)
- EVP_PKEY_free(pkey);
if(pparam)
EVP_PKEY_free(pparam);
if(pctx)
EVP_PKEY_CTX *pctx;
int ret = EVP_FAIL;
int rsa_padding = -1;
- EVP_PKEY *private_pkey;
RawBuffer data;
const EVP_MD *md_algo;
return CKM_CRYPTO_NOT_SUPPORT_KEY_TYPE;
}
- private_pkey = privateKey.getEVPKEY();
+ auto shrPKey = privateKey.getEvpShPtr();
+
+ if (NULL == shrPKey.get())
+ return CKM_CRYPTO_PKEYSET_ERROR;
// Create the Message Digest Context
if(!(mdctx = EVP_MD_CTX_create())) {
return CKM_SIG_GEN_ERROR;
}
- if(EVP_SUCCESS != EVP_DigestSignInit(mdctx, &pctx, md_algo, NULL, private_pkey)) {
+ if(EVP_SUCCESS != EVP_DigestSignInit(mdctx, &pctx, md_algo, NULL, shrPKey.get())) {
if(mdctx) EVP_MD_CTX_destroy(mdctx);
- if(private_pkey) EVP_PKEY_free(private_pkey);
return CKM_SIG_GEN_ERROR;
}
if(privateKey.getType()==KeyType::KEY_RSA_PRIVATE) {
if(EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding)) {
if(mdctx) EVP_MD_CTX_destroy(mdctx);
- if(private_pkey) EVP_PKEY_free(private_pkey);
return CKM_SIG_GEN_ERROR;
}
}
memcpy(msg, message.data(),message.size());
if(EVP_SUCCESS != EVP_DigestSignUpdate(mdctx, msg, message.size())) {
if(mdctx) EVP_MD_CTX_destroy(mdctx);
- if(private_pkey) EVP_PKEY_free(private_pkey);
return CKM_SIG_GEN_ERROR;
}
size_t slen;
if(EVP_SUCCESS != EVP_DigestSignFinal(mdctx, NULL, &slen)) {
if(mdctx) EVP_MD_CTX_destroy(mdctx);
- if(private_pkey) EVP_PKEY_free(private_pkey);
return CKM_SIG_GEN_ERROR;
}
/* Allocate memory for the signature based on size in slen */
/* Obtain the signature */
if(EVP_SUCCESS != EVP_DigestSignFinal(mdctx, sig, &slen)) {
if(mdctx) EVP_MD_CTX_destroy(mdctx);
- if(private_pkey) EVP_PKEY_free(private_pkey);
return CKM_SIG_GEN_ERROR;
}
/* Success */
ret = EVP_SUCCESS;
if(mdctx) EVP_MD_CTX_destroy(mdctx);
- if(private_pkey) EVP_PKEY_free(private_pkey);
return ret;
}
int ret = EVP_FAIL;
int rsa_padding = -1;
const EVP_MD *md_algo;
- EVP_PKEY *public_pkey;
RawBuffer data;
switch(hashAlgo) {
return CKM_CRYPTO_NOT_SUPPORT_KEY_TYPE;
}
- public_pkey = publicKey.getEVPKEY();
+ auto public_pkey = publicKey.getEvpShPtr();
- if (NULL == public_pkey)
+ if (NULL == public_pkey.get())
return CKM_CRYPTO_PKEYSET_ERROR;
char msg[message.size()];
/* Create the Message Digest Context */
if(!(mdctx = EVP_MD_CTX_create())) {
- if (public_pkey) EVP_PKEY_free(public_pkey);
return CKM_SIG_VERIFY_OPER_ERROR;
}
- if(EVP_SUCCESS != EVP_DigestVerifyInit(mdctx, &pctx, md_algo, NULL, public_pkey)) {
+ if(EVP_SUCCESS != EVP_DigestVerifyInit(mdctx, &pctx, md_algo, NULL, public_pkey.get())) {
if(mdctx) EVP_MD_CTX_destroy(mdctx);
- if (public_pkey) EVP_PKEY_free(public_pkey);
return CKM_SIG_VERIFY_OPER_ERROR;
}
if(publicKey.getType()==KeyType::KEY_RSA_PUBLIC) {
if(EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding)) {
if(mdctx) EVP_MD_CTX_destroy(mdctx);
- if (public_pkey) EVP_PKEY_free(public_pkey);
return CKM_SIG_VERIFY_OPER_ERROR;
}
}
if(EVP_SUCCESS != EVP_DigestVerifyUpdate(mdctx, msg, message.size()) ) {
if(mdctx) EVP_MD_CTX_destroy(mdctx);
- if (public_pkey) EVP_PKEY_free(public_pkey);
return CKM_SIG_VERIFY_OPER_ERROR;
}
if(EVP_SUCCESS != EVP_DigestVerifyFinal(mdctx, sig, signature.size()) ) {
if(mdctx) EVP_MD_CTX_destroy(mdctx);
- if (public_pkey) EVP_PKEY_free(public_pkey);
return CKM_SIG_VERIFY_OPER_ERROR;
}
ret = EVP_SUCCESS;
if(mdctx) EVP_MD_CTX_destroy(mdctx);
- if (public_pkey) EVP_PKEY_free(public_pkey);
return ret;
}
#include <iostream>
-#include <key-rsa.h>
-#include <key-ecdsa.h>
+#include <generic-key.h>
#include <certificate-impl.h>
#include <ckm/ckm-type.h>
#include <string.h>
static int initialize();
int createKeyPairRSA(const int size, // size in bits [1024, 2048, 4096]
- KeyRSAPrivate &createdPrivateKey, // returned value ==> Key &createdPrivateKey,
- KeyRSAPublic &createdPublicKey); // returned value ==> Key &createdPublicKey
+ GenericKey &createdPrivateKey, // returned value ==> Key &createdPrivateKey,
+ GenericKey &createdPublicKey); // returned value ==> Key &createdPublicKey
int createKeyPairECDSA(ElipticCurve type1,
- KeyECDSAPrivate &createdPrivateKey, // returned value
- KeyECDSAPublic &createdPublicKey); // returned value
+ GenericKey &createdPrivateKey, // returned value
+ GenericKey &createdPublicKey); // returned value
int createSignature(const GenericKey &privateKey,
const RawBuffer &message,
#include <file-system.h>
#include <CryptoService.h>
#include <ckm-logic.h>
-#include <key-rsa.h>
+#include <generic-key.h>
namespace CKM {
}
handler.crypto.decryptRow(password, row);
+ LogError("Datatype: " << (int) row.dataType);
+
return KEY_MANAGER_API_SUCCESS;
}
row.dataType = dataType;
}
+ LogError("Sending dataType: " << (int)row.dataType);
+
MessageBuffer response;
Serialization::Serialize(response, static_cast<int>(LogicCommand::GET));
Serialization::Serialize(response, commandId);
return KEY_MANAGER_API_ERROR_DB_LOCKED;
auto &handler = m_userDataMap[cred.uid];
- KeyRSAPrivate prv;
- KeyRSAPublic pub;
+ GenericKey prv, pub;
CryptoService cr;
int retCode;
return response.Pop();
}
+int CKMLogic::createKeyPairECDSAHelper(
+ Credentials &cred,
+ int type,
+ const Alias &aliasPrivate,
+ const Alias &aliasPublic,
+ const PolicySerializable &policyPrivate,
+ const PolicySerializable &policyPublic)
+{
+ if (0 >= m_userDataMap.count(cred.uid))
+ return KEY_MANAGER_API_ERROR_DB_LOCKED;
+
+ auto &handler = m_userDataMap[cred.uid];
+ GenericKey prv, pub;
+ CryptoService cr;
+ int retCode;
+
+ if (CKM_CRYPTO_CREATEKEY_SUCCESS != (retCode = cr.createKeyPairECDSA(
+ static_cast<ElipticCurve>(type), prv, pub)))
+ {
+ LogError("CryptoService failed with code: " << retCode);
+ return KEY_MANAGER_API_ERROR_SERVER_ERROR; // TODO error code
+ }
+
+ retCode = saveDataHelper(cred,
+ toDBDataType(prv.getType()),
+ aliasPrivate,
+ prv.getDER(),
+ policyPrivate);
+
+ if (KEY_MANAGER_API_SUCCESS != retCode)
+ return retCode;
+
+ retCode = saveDataHelper(cred,
+ toDBDataType(pub.getType()),
+ aliasPublic,
+ pub.getDER(),
+ policyPublic);
+
+ if (KEY_MANAGER_API_SUCCESS != retCode) {
+ handler.database.deleteDBRow(aliasPrivate, cred.smackLabel);
+ }
+
+ return retCode;
+}
+
RawBuffer CKMLogic::createKeyPairECDSA(
Credentials &cred,
int commandId,
const PolicySerializable &policyPrivate,
const PolicySerializable &policyPublic)
{
- (void)cred;
- (void)type;
- (void)aliasPrivate;
- (void)aliasPublic;
- (void)policyPrivate;
- (void)policyPublic;
+ int retCode = createKeyPairECDSAHelper(
+ cred,
+ type,
+ aliasPrivate,
+ aliasPublic,
+ policyPrivate,
+ policyPublic);
MessageBuffer response;
Serialization::Serialize(response, static_cast<int>(LogicCommand::CREATE_KEY_PAIR_RSA));
Serialization::Serialize(response, commandId);
- Serialization::Serialize(response, static_cast<int>(KEY_MANAGER_API_SUCCESS));
+ Serialization::Serialize(response, retCode);
return response.Pop();
}
const PolicySerializable &policyPrivate,
const PolicySerializable &policyPublic);
+ int createKeyPairECDSAHelper(
+ Credentials &cred,
+ int type,
+ const Alias &aliasPrivate,
+ const Alias &aliasPublic,
+ const PolicySerializable &policyPrivate,
+ const PolicySerializable &policyPublic);
+
std::map<uid_t, UserData> m_userDataMap;
};
projects / platform / core / security / key-manager.git / commitdiff