From 656a642e7cf5cecb4ff5c603a24ff337c548d9a6 Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Fri, 24 Mar 2023 16:52:05 +0100 Subject: [PATCH] Make unpack a static GStore method Needed for key wrapping. Change-Id: I1ac65d92176237d61719944f7eb1688588c67117 --- src/manager/crypto/tz-backend/store.cpp | 55 +++++++++++++++++---------------- src/manager/crypto/tz-backend/store.h | 6 ++++ 2 files changed, 34 insertions(+), 27 deletions(-) diff --git a/src/manager/crypto/tz-backend/store.cpp b/src/manager/crypto/tz-backend/store.cpp index 0847166..ff992ed 100644 --- a/src/manager/crypto/tz-backend/store.cpp +++ b/src/manager/crypto/tz-backend/store.cpp @@ -40,24 +40,6 @@ enum EncryptionScheme { PASSWORD = 1 << 0 }; -void unpack(const RawBuffer &packed, - int &scheme, - RawBuffer &data, - RawBuffer &iv, - RawBuffer &tag) -{ - MessageBuffer buffer; - buffer.Push(RawBuffer(packed)); - - buffer.Deserialize(scheme); - - if (scheme == EncryptionScheme::PASSWORD) { - buffer.Deserialize(data, iv, tag); - } else { - buffer.Deserialize(data); - } -} - RawBuffer unpackData(const RawBuffer &packed) { MessageBuffer buffer; @@ -84,15 +66,7 @@ GObjUPtr Store::getObject(const Token &token, const Password &pass) RawBuffer id; RawBuffer iv; RawBuffer tag; - unpack(token.data, scheme, id, iv, tag); - - if (scheme & EncryptionScheme::PASSWORD && pass.empty()) { - ThrowErr(Exc::Crypto::AuthenticationFailed, - "This token is protected with password and none passed"); - } else if (!(scheme & EncryptionScheme::PASSWORD) && !pass.empty()) { - ThrowErr(Exc::Crypto::AuthenticationFailed, - "This token is not protected with password but passed one"); - } + unpack(token.data, pass, scheme, id, iv, tag); if (token.dataType.isKeyPrivate() || token.dataType.isKeyPublic()) return make(scheme, std::move(id), Pwd(pass, iv, tag), token.dataType); @@ -206,6 +180,33 @@ RawBuffer Store::pack(const RawBuffer &keyId, } } +void Store::unpack(const RawBuffer &packed, + const Password& password, + int &scheme, + RawBuffer &data, + RawBuffer &iv, + RawBuffer &tag) +{ + MessageBuffer buffer; + buffer.Push(RawBuffer(packed)); + + buffer.Deserialize(scheme); + + if (scheme == EncryptionScheme::PASSWORD) { + buffer.Deserialize(data, iv, tag); + } else { + buffer.Deserialize(data); + } + + if (scheme & EncryptionScheme::PASSWORD && password.empty()) { + ThrowErr(Exc::Crypto::AuthenticationFailed, + "This token is protected with password and none passed"); + } else if (!(scheme & EncryptionScheme::PASSWORD) && !password.empty()) { + ThrowErr(Exc::Crypto::AuthenticationFailed, + "This token is not protected with password but passed one"); + } +} + } // namespace TZ } // namespace Crypto } // namespace CKM diff --git a/src/manager/crypto/tz-backend/store.h b/src/manager/crypto/tz-backend/store.h index 28b5557..d15fa09 100644 --- a/src/manager/crypto/tz-backend/store.h +++ b/src/manager/crypto/tz-backend/store.h @@ -49,6 +49,12 @@ public: const RawBuffer &iv, const RawBuffer &tag); + static void unpack(const RawBuffer &packed, + const Password& password, + int &scheme, + RawBuffer &data, + RawBuffer &iv, + RawBuffer &tag); // TODO device key ID is needed here to support importEncrypted }; -- 2.7.4