projects / platform / core / security / key-manager.git / blob
? search:


da199d71bb05bb639dedf88c6778d3be7892930a
[platform/core/security/key-manager.git] / src / manager / client / client-manager-impl.cpp
1 /* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
2  *
3  *  Licensed under the Apache License, Version 2.0 (the "License");
4  *  you may not use this file except in compliance with the License.
5  *  You may obtain a copy of the License at
6  *
7  *      http://www.apache.org/licenses/LICENSE-2.0
8  *
9  *  Unless required by applicable law or agreed to in writing, software
10  *  distributed under the License is distributed on an "AS IS" BASIS,
11  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  *  See the License for the specific language governing permissions and
13  *  limitations under the License
14  *
15  *
16  * @file        client-manager-impl.cpp
17  * @author      Bartlomiej Grzelewski (b.grzelewski@samsung.com)
18  * @version     1.0
19  * @brief       Manager implementation.
20  */
21 #include <openssl/evp.h>
22
23 #include <dpl/serialization.h>
24 #include <dpl/log/log.h>
25
26 #include <crypto-init.h>
27 #include <client-manager-impl.h>
28 #include <client-common.h>
29 #include <message-buffer.h>
30 #include <protocols.h>
31 #include <key-impl.h>
32 #include <key-aes-impl.h>
33 #include <certificate-impl.h>
34
35 namespace CKM {
36
37 namespace {
38 template <class T>
39 int getCertChain(
40     ServiceConnection & serviceConnection,
41     LogicCommand command,
42     int counter,
43     const CertificateShPtr &certificate,
44     const T &untrustedVector,
45     const T &trustedVector,
46     bool useTrustedSystemCertificates,
47     CertificateShPtrVector &certificateChainVector)
48 {
49     return try_catch([&] {
50
51         MessageBuffer recv;
52         auto send = MessageBuffer::Serialize(static_cast<int>(command),
53                                              counter,
54                                              certificate->getDER(),
55                                              untrustedVector,
56                                              trustedVector,
57                                              useTrustedSystemCertificates);
58
59         int retCode = serviceConnection.processRequest(send.Pop(), recv);
60         if (CKM_API_SUCCESS != retCode)
61             return retCode;
62
63         int retCommand;
64         int retCounter;
65         RawBufferVector rawBufferVector;
66         recv.Deserialize(retCommand, retCounter, retCode, rawBufferVector);
67
68         if ((counter != retCounter) || (static_cast<int>(command) != retCommand)) {
69             return CKM_API_ERROR_UNKNOWN;
70         }
71
72         if (retCode != CKM_API_SUCCESS) {
73             return retCode;
74         }
75
76         for (auto &e: rawBufferVector) {
77             CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
78             if (cert->empty())
79                 return CKM_API_ERROR_BAD_RESPONSE;
80             certificateChainVector.push_back(cert);
81         }
82
83         return retCode;
84     });
85 }
86
87 } // namespace anonymous
88
89 Manager::Impl::Impl()
90   : m_counter(0),
91     m_storageConnection(SERVICE_SOCKET_CKM_STORAGE),
92     m_ocspConnection(SERVICE_SOCKET_OCSP),
93     m_encryptionConnection(SERVICE_SOCKET_ENCRYPTION)
94 {
95     initOpenSslOnce();
96 }
97
98
99 int Manager::Impl::saveBinaryData(
100     const Alias &alias,
101     DataType dataType,
102     const RawBuffer &rawData,
103     const Policy &policy)
104 {
105     int my_counter = ++m_counter;
106
107     return try_catch([&] {
108         if (alias.empty() || rawData.empty())
109             return CKM_API_ERROR_INPUT_PARAM;
110
111         MessageBuffer recv;
112         AliasSupport helper(alias);
113         auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SAVE),
114                                              my_counter,
115                                              static_cast<int>(dataType),
116                                              helper.getName(),
117                                              helper.getLabel(),
118                                              rawData,
119                                              PolicySerializable(policy));
120
121         int retCode = m_storageConnection.processRequest(send.Pop(), recv);
122         if (CKM_API_SUCCESS != retCode)
123             return retCode;
124
125         int command;
126         int counter;
127         int opType;
128         recv.Deserialize(command, counter, retCode, opType);
129
130         if (counter != my_counter)
131             return CKM_API_ERROR_UNKNOWN;
132
133         return retCode;
134     });
135 }
136
137 int Manager::Impl::saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) {
138     if (key.get() == NULL)
139         return CKM_API_ERROR_INPUT_PARAM;
140     Try {
141         return saveBinaryData(alias, DataType(key->getType()), key->getDER(), policy);
142     } Catch (DataType::Exception::Base) {
143         LogError("Error in key conversion. Could not convert KeyType::NONE to DBDataType!");
144     }
145     return CKM_API_ERROR_INPUT_PARAM;
146 }
147
148 int Manager::Impl::saveCertificate(
149     const Alias &alias,
150     const CertificateShPtr &cert,
151     const Policy &policy)
152 {
153     if (cert.get() == NULL)
154         return CKM_API_ERROR_INPUT_PARAM;
155     return saveBinaryData(alias, DataType::CERTIFICATE, cert->getDER(), policy);
156 }
157
158 int Manager::Impl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy) {
159     if (!policy.extractable)
160         return CKM_API_ERROR_INPUT_PARAM;
161     return saveBinaryData(alias, DataType::BINARY_DATA, rawData, policy);
162 }
163
164
165 int Manager::Impl::savePKCS12(
166     const Alias & alias,
167     const PKCS12ShPtr &pkcs,
168     const Policy &keyPolicy,
169     const Policy &certPolicy)
170 {
171     if (alias.empty() || pkcs.get()==NULL)
172         return CKM_API_ERROR_INPUT_PARAM;
173
174     int my_counter = ++m_counter;
175
176     return try_catch([&] {
177         MessageBuffer recv;
178         AliasSupport helper(alias);
179         auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SAVE_PKCS12),
180                                              my_counter,
181                                              helper.getName(),
182                                              helper.getLabel(),
183                                              PKCS12Serializable(*pkcs.get()),
184                                              PolicySerializable(keyPolicy),
185                                              PolicySerializable(certPolicy));
186
187         int retCode = m_storageConnection.processRequest(send.Pop(), recv);
188         if (CKM_API_SUCCESS != retCode)
189             return retCode;
190
191         int command;
192         int counter;
193         recv.Deserialize(command, counter, retCode);
194
195         if (counter != my_counter)
196             return CKM_API_ERROR_UNKNOWN;
197
198         return retCode;
199     });
200 }
201
202 int Manager::Impl::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs)
203 {
204     return getPKCS12(alias, Password(), Password(), pkcs);
205 }
206
207 int Manager::Impl::getPKCS12(const Alias &alias, const Password &keyPass, const Password &certPass, PKCS12ShPtr &pkcs)
208 {
209     if (alias.empty())
210         return CKM_API_ERROR_INPUT_PARAM;
211
212     int my_counter = ++m_counter;
213
214     return try_catch([&] {
215         MessageBuffer recv;
216         AliasSupport helper(alias);
217         auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_PKCS12),
218                                              my_counter,
219                                              helper.getName(),
220                                              helper.getLabel(),
221                                              keyPass,
222                                              certPass);
223
224         int retCode = m_storageConnection.processRequest(send.Pop(), recv);
225         if (CKM_API_SUCCESS != retCode)
226             return retCode;
227
228         int command;
229         int counter;
230         PKCS12Serializable gotPkcs;
231         recv.Deserialize(command, counter, retCode, gotPkcs);
232
233         if (counter != my_counter)
234             return CKM_API_ERROR_UNKNOWN;
235
236         pkcs = std::make_shared<PKCS12Impl>(std::move(gotPkcs));
237
238         return retCode;
239     });
240 }
241
242
243 int Manager::Impl::removeAlias(const Alias &alias)
244 {
245     if (alias.empty())
246         return CKM_API_ERROR_INPUT_PARAM;
247
248     int my_counter = ++m_counter;
249
250     return try_catch([&] {
251         MessageBuffer recv;
252         AliasSupport helper(alias);
253         auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::REMOVE),
254                                              my_counter,
255                                              helper.getName(),
256                                              helper.getLabel());
257
258         int retCode = m_storageConnection.processRequest(send.Pop(), recv);
259         if (CKM_API_SUCCESS != retCode)
260             return retCode;
261
262         int command;
263         int counter;
264         recv.Deserialize(command, counter, retCode);
265
266         if (counter != my_counter)
267             return CKM_API_ERROR_UNKNOWN;
268
269         return retCode;
270     });
271 }
272
273 int Manager::Impl::getBinaryData(
274     const Alias &alias,
275     DataType sendDataType,
276     const Password &password,
277     DataType &recvDataType,
278     RawBuffer &rawData)
279 {
280     if (alias.empty())
281         return CKM_API_ERROR_INPUT_PARAM;
282
283     int my_counter = ++m_counter;
284
285     return try_catch([&] {
286         MessageBuffer recv;
287         AliasSupport helper(alias);
288         auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET),
289                                              my_counter,
290                                              static_cast<int>(sendDataType),
291                                              helper.getName(),
292                                              helper.getLabel(),
293                                              password);
294
295         int retCode = m_storageConnection.processRequest(send.Pop(), recv);
296         if (CKM_API_SUCCESS != retCode)
297             return retCode;
298
299         int command;
300         int counter;
301         int tmpDataType;
302         recv.Deserialize(command, counter, retCode, tmpDataType, rawData);
303         recvDataType = DataType(tmpDataType);
304
305         if (counter != my_counter)
306             return CKM_API_ERROR_UNKNOWN;
307
308         return retCode;
309     });
310 }
311
312 int Manager::Impl::getKey(const Alias &alias, const Password &password, KeyShPtr &key) {
313     DataType recvDataType;
314     RawBuffer rawData;
315
316     int retCode = getBinaryData(
317         alias,
318         DataType::KEY_RSA_PUBLIC,
319         password,
320         recvDataType,
321         rawData);
322
323     if (retCode != CKM_API_SUCCESS)
324         return retCode;
325
326     KeyShPtr keyParsed;
327     if(DataType::KEY_AES == recvDataType)
328         keyParsed = KeyShPtr(new KeyAESImpl(rawData));
329     else
330         keyParsed = KeyShPtr(new KeyImpl(rawData));
331
332     if (keyParsed->empty()) {
333         LogDebug("Key empty - failed to parse!");
334         return CKM_API_ERROR_BAD_RESPONSE;
335     }
336
337     key = keyParsed;
338
339     return CKM_API_SUCCESS;
340 }
341
342 int Manager::Impl::getCertificate(const Alias &alias, const Password &password, CertificateShPtr &cert)
343 {
344     DataType recvDataType;
345     RawBuffer rawData;
346
347     int retCode = getBinaryData(
348         alias,
349         DataType::CERTIFICATE,
350         password,
351         recvDataType,
352         rawData);
353
354     if (retCode != CKM_API_SUCCESS)
355         return retCode;
356
357     if (recvDataType != DataType::CERTIFICATE)
358         return CKM_API_ERROR_BAD_RESPONSE;
359
360     CertificateShPtr certParsed(new CertificateImpl(rawData, DataFormat::FORM_DER));
361
362     if (certParsed->empty())
363         return CKM_API_ERROR_BAD_RESPONSE;
364
365     cert = certParsed;
366
367     return CKM_API_SUCCESS;
368 }
369
370 int Manager::Impl::getData(const Alias &alias, const Password &password, RawBuffer &rawData)
371 {
372     DataType recvDataType = DataType::BINARY_DATA;
373
374     int retCode = getBinaryData(
375         alias,
376         DataType::BINARY_DATA,
377         password,
378         recvDataType,
379         rawData);
380
381     if (retCode != CKM_API_SUCCESS)
382         return retCode;
383
384     if (recvDataType != DataType::BINARY_DATA)
385         return CKM_API_ERROR_BAD_RESPONSE;
386
387     return CKM_API_SUCCESS;
388 }
389
390 int Manager::Impl::getBinaryDataAliasVector(DataType dataType, AliasVector &aliasVector)
391 {
392     int my_counter = ++m_counter;
393
394     return try_catch([&] {
395         MessageBuffer recv;
396         auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_LIST),
397                                              my_counter,
398                                              static_cast<int>(dataType));
399
400         int retCode = m_storageConnection.processRequest(send.Pop(), recv);
401         if (CKM_API_SUCCESS != retCode)
402             return retCode;
403
404         int command;
405         int counter;
406         int tmpDataType;
407         LabelNameVector labelNameVector;
408         recv.Deserialize(command, counter, retCode, tmpDataType, labelNameVector);
409         if ((command != static_cast<int>(LogicCommand::GET_LIST)) || (counter != my_counter)) {
410             return CKM_API_ERROR_UNKNOWN;
411         }
412
413         for(const auto &it : labelNameVector)
414             aliasVector.push_back( AliasSupport::merge(it.first, it.second) );
415
416         return retCode;
417     });
418 }
419
420 int Manager::Impl::getKeyAliasVector(AliasVector &aliasVector) {
421     // in fact datatype has no meaning here - if not certificate or binary data
422     // then manager decides to list all between DB_KEY_FIRST and DB_KEY_LAST
423     return getBinaryDataAliasVector(DataType::DB_KEY_LAST, aliasVector);
424 }
425
426 int Manager::Impl::getCertificateAliasVector(AliasVector &aliasVector) {
427     return getBinaryDataAliasVector(DataType::CERTIFICATE, aliasVector);
428 }
429
430 int Manager::Impl::getDataAliasVector(AliasVector &aliasVector) {
431     return getBinaryDataAliasVector(DataType::BINARY_DATA, aliasVector);
432 }
433
434 int Manager::Impl::createKeyPairRSA(
435     const int size,
436     const Alias &privateKeyAlias,
437     const Alias &publicKeyAlias,
438     const Policy &policyPrivateKey,
439     const Policy &policyPublicKey)
440 {
441     return this->createKeyPair(CKM::KeyType::KEY_RSA_PUBLIC, size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
442 }
443
444 int Manager::Impl::createKeyPairDSA(
445     const int size,
446     const Alias &privateKeyAlias,
447     const Alias &publicKeyAlias,
448     const Policy &policyPrivateKey,
449     const Policy &policyPublicKey)
450 {
451     return this->createKeyPair(CKM::KeyType::KEY_DSA_PUBLIC, size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
452 }
453
454 int Manager::Impl::createKeyPairECDSA(
455     ElipticCurve type,
456     const Alias &privateKeyAlias,
457     const Alias &publicKeyAlias,
458     const Policy &policyPrivateKey,
459     const Policy &policyPublicKey)
460 {
461     return this->createKeyPair(CKM::KeyType::KEY_ECDSA_PUBLIC, static_cast<int>(type), privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
462 }
463
464 int Manager::Impl::createKeyAES(
465     const int size,
466     const Alias &keyAlias,
467     const Policy &policyKey)
468 {
469     // proceed with sending request
470     int my_counter = ++m_counter;
471
472     return try_catch([&] {
473
474         MessageBuffer recv;
475         AliasSupport aliasHelper(keyAlias);
476         auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_KEY_AES),
477                                              my_counter,
478                                              static_cast<int>(size),
479                                              PolicySerializable(policyKey),
480                                              aliasHelper.getName(),
481                                              aliasHelper.getLabel());
482
483         int retCode = m_storageConnection.processRequest(send.Pop(), recv);
484         if (CKM_API_SUCCESS != retCode)
485             return retCode;
486
487         int command;
488         int counter;
489         recv.Deserialize(command, counter, retCode);
490         if (counter != my_counter) {
491             return CKM_API_ERROR_UNKNOWN;
492         }
493
494         return retCode;
495     });
496 }
497
498
499 int Manager::Impl::createKeyPair(
500     const KeyType key_type,
501     const int     additional_param,
502     const Alias  &privateKeyAlias,
503     const Alias  &publicKeyAlias,
504     const Policy &policyPrivateKey,
505     const Policy &policyPublicKey)
506 {
507     // input type check
508     CryptoAlgorithm keyGenAlgorithm;
509     switch(key_type)
510     {
511         case KeyType::KEY_RSA_PUBLIC:
512         case KeyType::KEY_RSA_PRIVATE:
513             keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_GEN);
514             keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
515             break;
516
517         case KeyType::KEY_DSA_PUBLIC:
518         case KeyType::KEY_DSA_PRIVATE:
519             keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::DSA_GEN);
520             keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
521             break;
522
523         case KeyType::KEY_ECDSA_PUBLIC:
524         case KeyType::KEY_ECDSA_PRIVATE:
525             keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::ECDSA_GEN);
526             keyGenAlgorithm.setParam(ParamName::GEN_EC, additional_param);
527             break;
528
529         default:
530             return CKM_API_ERROR_INPUT_PARAM;
531     }
532
533     // proceed with sending request
534     int my_counter = ++m_counter;
535
536     return try_catch([&] {
537
538         MessageBuffer recv;
539         AliasSupport privateHelper(privateKeyAlias);
540         AliasSupport publicHelper(publicKeyAlias);
541         auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_KEY_PAIR),
542                                              my_counter,
543                                              CryptoAlgorithmSerializable(keyGenAlgorithm),
544                                              PolicySerializable(policyPrivateKey),
545                                              PolicySerializable(policyPublicKey),
546                                              privateHelper.getName(),
547                                              privateHelper.getLabel(),
548                                              publicHelper.getName(),
549                                              publicHelper.getLabel());
550
551         int retCode = m_storageConnection.processRequest(send.Pop(), recv);
552         if (CKM_API_SUCCESS != retCode)
553             return retCode;
554
555         int command;
556         int counter;
557         recv.Deserialize(command, counter, retCode);
558         if (counter != my_counter) {
559             return CKM_API_ERROR_UNKNOWN;
560         }
561
562         return retCode;
563     });
564 }
565
566 int Manager::Impl::getCertificateChain(
567     const CertificateShPtr &certificate,
568     const CertificateShPtrVector &untrustedCertificates,
569     const CertificateShPtrVector &trustedCertificates,
570     bool useTrustedSystemCertificates,
571     CertificateShPtrVector &certificateChainVector)
572 {
573     RawBufferVector untrustedVector;
574     RawBufferVector trustedVector;
575
576     if(!certificate || certificate->empty())
577         return CKM_API_ERROR_INPUT_PARAM;
578
579     for (auto &e: untrustedCertificates) {
580         untrustedVector.push_back(e->getDER());
581     }
582     for (auto &e: trustedCertificates) {
583         trustedVector.push_back(e->getDER());
584     }
585
586     return getCertChain(
587             m_storageConnection,
588             LogicCommand::GET_CHAIN_CERT,
589             ++m_counter,
590             certificate,
591             untrustedVector,
592             trustedVector,
593             useTrustedSystemCertificates,
594             certificateChainVector);
595 }
596
597 int Manager::Impl::getCertificateChain(
598     const CertificateShPtr &certificate,
599     const AliasVector &untrustedCertificates,
600     const AliasVector &trustedCertificates,
601     bool useTrustedSystemCertificates,
602     CertificateShPtrVector &certificateChainVector)
603 {
604     LabelNameVector untrustedVector;
605     LabelNameVector trustedVector;
606
607     if(!certificate || certificate->empty())
608         return CKM_API_ERROR_INPUT_PARAM;
609
610     for (auto &e: untrustedCertificates) {
611         AliasSupport helper(e);
612         untrustedVector.push_back(std::make_pair(helper.getLabel(), helper.getName()));
613     }
614     for (auto &e: trustedCertificates) {
615         AliasSupport helper(e);
616         trustedVector.push_back(std::make_pair(helper.getLabel(), helper.getName()));
617     }
618
619     return getCertChain(
620             m_storageConnection,
621             LogicCommand::GET_CHAIN_ALIAS,
622             ++m_counter,
623             certificate,
624             untrustedVector,
625             trustedVector,
626             useTrustedSystemCertificates,
627             certificateChainVector);
628 }
629
630 int Manager::Impl::createSignature(
631     const Alias &privateKeyAlias,
632     const Password &password,           // password for private_key
633     const RawBuffer &message,
634     const HashAlgorithm hash,
635     const RSAPaddingAlgorithm padding,
636     RawBuffer &signature)
637 {
638     int my_counter = ++m_counter;
639
640     return try_catch([&] {
641
642         MessageBuffer recv;
643         AliasSupport helper(privateKeyAlias);
644         auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_SIGNATURE),
645                                              my_counter,
646                                              helper.getName(),
647                                              helper.getLabel(),
648                                              password,
649                                              message,
650                                              static_cast<int>(hash),
651                                              static_cast<int>(padding));
652
653         int retCode = m_storageConnection.processRequest(send.Pop(), recv);
654         if (CKM_API_SUCCESS != retCode)
655             return retCode;
656
657         int command;
658         int counter;
659         recv.Deserialize(command, counter, retCode, signature);
660
661         if ((command != static_cast<int>(LogicCommand::CREATE_SIGNATURE))
662             || (counter != my_counter))
663         {
664             return CKM_API_ERROR_UNKNOWN;
665         }
666
667         return retCode;
668     });
669 }
670
671 int Manager::Impl::verifySignature(
672     const Alias &publicKeyOrCertAlias,
673     const Password &password,           // password for public_key (optional)
674     const RawBuffer &message,
675     const RawBuffer &signature,
676     const HashAlgorithm hash,
677     const RSAPaddingAlgorithm padding)
678 {
679     int my_counter = ++m_counter;
680
681     return try_catch([&] {
682         MessageBuffer recv;
683         AliasSupport helper(publicKeyOrCertAlias);
684         auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::VERIFY_SIGNATURE),
685                                              my_counter,
686                                              helper.getName(),
687                                              helper.getLabel(),
688                                              password,
689                                              message,
690                                              signature,
691                                              static_cast<int>(hash),
692                                              static_cast<int>(padding));
693
694         int retCode = m_storageConnection.processRequest(send.Pop(), recv);
695         if (CKM_API_SUCCESS != retCode)
696             return retCode;
697
698         int command;
699         int counter;
700         recv.Deserialize(command, counter, retCode);
701
702         if ((command != static_cast<int>(LogicCommand::VERIFY_SIGNATURE))
703             || (counter != my_counter))
704         {
705             return CKM_API_ERROR_UNKNOWN;
706         }
707
708         return retCode;
709     });
710 }
711
712 int Manager::Impl::ocspCheck(const CertificateShPtrVector &certChain, int &ocspStatus)
713 {
714     return try_catch([&] {
715         int my_counter = ++m_counter;
716         MessageBuffer recv;
717
718         RawBufferVector rawCertChain;
719         for (auto &e: certChain) {
720             if (!e || e->empty()) {
721                 LogError("Empty certificate");
722                 return CKM_API_ERROR_INPUT_PARAM;
723             }
724             rawCertChain.push_back(e->getDER());
725         }
726
727         auto send = MessageBuffer::Serialize(my_counter, rawCertChain);
728
729         int retCode = m_ocspConnection.processRequest(send.Pop(), recv);
730         if (CKM_API_SUCCESS != retCode)
731             return retCode;
732
733         int counter;
734         recv.Deserialize(counter, retCode, ocspStatus);
735
736         if (my_counter != counter) {
737             return CKM_API_ERROR_UNKNOWN;
738         }
739
740         return retCode;
741     });
742 }
743
744 int Manager::Impl::setPermission(const Alias &alias,
745                                const Label &accessor,
746                                PermissionMask permissionMask)
747 {
748     int my_counter = ++m_counter;
749
750     return try_catch([&] {
751         MessageBuffer recv;
752         AliasSupport helper(alias);
753         auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SET_PERMISSION),
754                                              my_counter,
755                                              helper.getName(),
756                                              helper.getLabel(),
757                                              accessor,
758                                              permissionMask);
759
760         int retCode = m_storageConnection.processRequest(send.Pop(), recv);
761         if (CKM_API_SUCCESS != retCode)
762             return retCode;
763
764         int command;
765         int counter;
766         recv.Deserialize(command, counter, retCode);
767
768         if (my_counter != counter) {
769             return CKM_API_ERROR_UNKNOWN;
770         }
771
772         return retCode;
773     });
774 }
775
776 int Manager::Impl::crypt(EncryptionCommand command,
777           const CryptoAlgorithm &algo,
778           const Alias &keyAlias,
779           const Password &password,
780           const RawBuffer& input,
781           RawBuffer& output)
782 {
783     int my_counter = ++m_counter;
784
785     return try_catch([&] {
786         MessageBuffer recv;
787         AliasSupport helper(keyAlias);
788         CryptoAlgorithmSerializable cas(algo);
789         auto send = MessageBuffer::Serialize(static_cast<int>(command),
790                                              my_counter,
791                                              cas,
792                                              helper.getName(),
793                                              helper.getLabel(),
794                                              password,
795                                              input);
796
797         int retCode = m_encryptionConnection.processRequest(send.Pop(), recv);
798         if (CKM_API_SUCCESS != retCode)
799             return retCode;
800
801         int command;
802         int counter;
803         recv.Deserialize(command, counter, retCode, output);
804
805         if (my_counter != counter) {
806             return CKM_API_ERROR_UNKNOWN;
807         }
808
809         return retCode;
810     });
811 }
812
813 int Manager::Impl::encrypt(const CryptoAlgorithm &algo,
814             const Alias &keyAlias,
815             const Password &password,
816             const RawBuffer& plain,
817             RawBuffer& encrypted)
818 {
819     return crypt(EncryptionCommand::ENCRYPT, algo, keyAlias, password, plain, encrypted);
820 }
821
822 int Manager::Impl::decrypt(const CryptoAlgorithm &algo,
823                          const Alias &keyAlias,
824                          const Password &password,
825                          const RawBuffer& encrypted,
826                          RawBuffer& decrypted)
827 {
828     return crypt(EncryptionCommand::DECRYPT, algo, keyAlias, password, encrypted, decrypted);
829 }
830
831 } // namespace CKM
Domain: Security / Utilities;