virtual bool empty() const = 0;
virtual KeyType getType() const = 0;
virtual int getSize() const = 0;
- virtual ElipticCurve getCurve() const = 0;
virtual RawBuffer getDER() const = 0;
virtual ~Key(){}
static KeyShPtr create(
const RawBuffer &rawBuffer,
const Password &password = Password());
+
+ static KeyShPtr createAES(
+ const RawBuffer &rawBuffer);
};
} // namespace CKM
virtual void ReceivedCertificateAliasVector(AliasVector &&) {}
virtual void ReceivedDataAliasVector(AliasVector &&) {}
+ virtual void ReceivedCreateKeyAES() {}
virtual void ReceivedCreateKeyPair() {}
virtual void ReceivedGetCertificateChain(CertificateShPtrVector &&) {}
const Policy& policyPublicKey = Policy());
void createKeyAES(
const ObserverPtr& observer,
- int size,
+ int sizeBits,
const Alias &keyAlias,
const Policy &policyKey = Policy());
${COMMON_PATH}/common/message-buffer.cpp
${COMMON_PATH}/common/certificate-impl.cpp
${COMMON_PATH}/common/key-impl.cpp
+ ${COMMON_PATH}/common/key-aes-impl.cpp
${COMMON_PATH}/common/pkcs12-impl.cpp
${COMMON_PATH}/common/log-setup.cpp
${COMMON_PATH}/dpl/log/src/abstract_log_provider.cpp
}, [&observer](int error){ observer->ReceivedError(error); } );
}
+void ManagerAsync::Impl::createKeyAES(const ManagerAsync::ObserverPtr& observer,
+ const size_t size,
+ const Alias &keyAlias,
+ const Policy &policyKey)
+{
+ observerCheck(observer);
+ if (keyAlias.empty()) {
+ observer->ReceivedError(CKM_API_ERROR_INPUT_PARAM);
+ return;
+ }
+
+ try_catch_async([&] {
+ AliasSupport aliasHelper(keyAlias);
+ sendToStorage(observer,
+ static_cast<int>(LogicCommand::CREATE_KEY_AES),
+ m_counter,
+ static_cast<int>(size),
+ PolicySerializable(policyKey),
+ aliasHelper.getName(),
+ aliasHelper.getLabel());
+ }, [&observer](int error){ observer->ReceivedError(error); } );
+}
+
void ManagerAsync::Impl::observerCheck(const ManagerAsync::ObserverPtr& observer)
{
if(!observer)
const Policy &policyPrivateKey,
const Policy &policyPublicKey);
+ void createKeyAES(
+ const ManagerAsync::ObserverPtr& observer,
+ const size_t size,
+ const Alias &keyAlias,
+ const Policy &policyKey);
+
template <typename T>
void getCertChain(
const ManagerAsync::ObserverPtr& observer,
policyPublicKey);
}
-void ManagerAsync::createKeyAES(const ObserverPtr& /*observer*/,
- int /*size*/,
- const Alias &/*keyAlias*/,
- const Policy &/*policyKey*/)
+void ManagerAsync::createKeyAES(const ObserverPtr& observer,
+ int size,
+ const Alias &keyAlias,
+ const Policy &policyKey)
{
+ m_impl->createKeyAES(observer,
+ size,
+ keyAlias,
+ policyKey);
}
void ManagerAsync::getCertificateChain(const ObserverPtr& observer,
case LogicCommand::REMOVE:
parseRemoveCommand();
break;
+ case LogicCommand::CREATE_KEY_AES:
+ parseRetCode(&ManagerAsync::Observer::ReceivedCreateKeyAES);
+ break;
case LogicCommand::CREATE_KEY_PAIR:
parseRetCode(&ManagerAsync::Observer::ReceivedCreateKeyPair);
break;
CKM::Alias ckmAlias(alias);
if(key.raw_key == NULL || key.key_size <= 0) {
- return CKMC_ERROR_INVALID_PARAMETER;
+ return CKMC_ERROR_INVALID_PARAMETER;
}
CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size);
- CKM::KeyShPtr ckmKey = CKM::Key::create(buffer, _tostring(key.password));
+ CKM::KeyShPtr ckmKey;
+ if(key.key_type == CKMC_KEY_AES)
+ {
+ if(key.password)
+ return CKMC_ERROR_INVALID_PARAMETER;
+ ckmKey = CKM::Key::createAES(buffer);
+ }
+ else
+ ckmKey = CKM::Key::create(buffer, _tostring(key.password));
if(ckmKey.get() == NULL) {
return CKMC_ERROR_INVALID_FORMAT;
}
}
KEY_MANAGER_CAPI
-int ckmc_create_key_aes(const size_t /*size*/,
- const char */*key_alias*/,
- const ckmc_policy_s /*key_policy*/)
+int ckmc_create_key_aes(const size_t size,
+ const char *key_alias,
+ const ckmc_policy_s key_policy)
{
- return 0;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+
+ if(key_alias == NULL)
+ return CKMC_ERROR_INVALID_PARAMETER;
+
+ CKM::Alias ckmKeyAlias(key_alias);
+ CKM::Policy ckmKeyPolicy(_tostring(key_policy.password), key_policy.extractable);
+
+ int ret = mgr->createKeyAES(size, ckmKeyAlias, ckmKeyPolicy);
+ return to_ckmc_error(ret);
}
KEY_MANAGER_CAPI
#include <message-buffer.h>
#include <protocols.h>
#include <key-impl.h>
+#include <key-aes-impl.h>
#include <certificate-impl.h>
namespace CKM {
if (retCode != CKM_API_SUCCESS)
return retCode;
- KeyShPtr keyParsed(new KeyImpl(rawData));
+ KeyShPtr keyParsed;
+ if(DataType::KEY_AES == recvDataType)
+ keyParsed = KeyShPtr(new KeyAESImpl(rawData));
+ else
+ keyParsed = KeyShPtr(new KeyImpl(rawData));
if (keyParsed->empty()) {
LogDebug("Key empty - failed to parse!");
}
int ManagerImpl::createKeyAES(
- const int /*size*/,
- const Alias &/*keyAlias*/,
- const Policy &/*policyKey*/)
+ const int size,
+ const Alias &keyAlias,
+ const Policy &policyKey)
{
- return 0;
+ // proceed with sending request
+ int my_counter = ++m_counter;
+
+ return try_catch([&] {
+
+ MessageBuffer recv;
+ AliasSupport aliasHelper(keyAlias);
+ auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_KEY_AES),
+ my_counter,
+ static_cast<int>(size),
+ PolicySerializable(policyKey),
+ aliasHelper.getName(),
+ aliasHelper.getLabel());
+
+ int retCode = m_storageConnection.processRequest(send.Pop(), recv);
+ if (CKM_API_SUCCESS != retCode)
+ return retCode;
+
+ int command;
+ int counter;
+ recv.Deserialize(command, counter, retCode);
+ if (counter != my_counter) {
+ return CKM_API_ERROR_UNKNOWN;
+ }
+
+ return retCode;
+ });
}
return false;
}
+bool DataType::isSKey() const {
+ return (KEY_AES == m_dataType);
+}
+
bool DataType::isChainCert() const {
if (DB_CHAIN_FIRST <= m_dataType && DB_CHAIN_LAST >= m_dataType)
return true;
bool operator==(const DataType &second) const;
bool isKey() const;
+ bool isSKey() const;
bool isChainCert() const;
bool isKeyPrivate() const;
bool isKeyPublic() const;
--- /dev/null
+/* Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ *
+ * @file key-aes-impl.cpp
+ * @author Maciej Karpiuk (m.karpiuk2@samsung.com)
+ * @version 1.0
+ * @brief AES key implementation.
+ */
+#include <dpl/log/log.h>
+#include <ckm/ckm-type.h>
+#include <key-aes-impl.h>
+
+namespace CKM {
+
+KeyAESImpl::KeyAESImpl(const RawBuffer &buf) : m_key(buf)
+{
+ // buf stores bytes -> compare the bit sizes
+ switch(buf.size() * 8)
+ {
+ case 128:
+ case 192:
+ case 256:
+ break;
+
+ default:
+ throw std::invalid_argument("invalid AES key size");
+ }
+}
+
+bool KeyAESImpl::empty() const {
+ return (getSize() == 0);
+}
+
+KeyType KeyAESImpl::getType() const {
+ return KeyType::KEY_AES;
+}
+
+RawBuffer KeyAESImpl::getDER() const {
+ return m_key;
+}
+
+int KeyAESImpl::getSize() const {
+ return m_key.size();
+}
+
+KeyShPtr Key::createAES(const RawBuffer &raw) {
+ try {
+ KeyShPtr output = std::make_shared<KeyAESImpl>(raw);
+ if (output->empty())
+ output.reset();
+ return output;
+ } catch (const std::bad_alloc &) {
+ LogDebug("Bad alloc during KeyAESImpl creation");
+ } catch (const std::invalid_argument &e) {
+ LogDebug(e.what());
+ } catch (...) {
+ LogError("Critical error: Unknown exception was caught during KeyAESImpl creation");
+ }
+ return KeyShPtr();
+}
+
+} // namespace CKM
+
--- /dev/null
+/* Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ *
+ * @file key-aes-impl.h
+ * @author Maciej Karpiuk (m.karpiuk2@samsung.com)
+ * @version 1.0
+ * @brief AES key.
+ */
+#pragma once
+
+#include <ckm/ckm-type.h>
+#include <ckm/ckm-key.h>
+#include <symbol-visibility.h>
+
+namespace CKM {
+
+class COMMON_API KeyAESImpl : public Key {
+public:
+ explicit KeyAESImpl(const RawBuffer& buffer);
+
+ virtual KeyType getType() const;
+ virtual RawBuffer getDER() const;
+ virtual int getSize() const;
+ virtual bool empty() const;
+
+protected:
+ CKM::RawBuffer m_key;
+};
+
+} // namespace CKM
GET_LIST,
SAVE,
REMOVE,
+ CREATE_KEY_AES,
CREATE_KEY_PAIR,
GET_CHAIN_CERT,
GET_CHAIN_ALIAS,
// check the parameters of functions
if(size!=1024 && size!=2048 && size!=3072 && size!=4096) {
LogError("Error in DSA input size");
- ThrowMsg(Exception::InputParam, "Error in DSA input size");
+ ThrowMsg(Crypto::Exception::InputParam, "Error in DSA input size");
}
/* Create the context for generating the parameters */
break;
default:
LogError("Error in EC type");
- ThrowMsg(Exception::InputParam, "Error in EC type");
+ ThrowMsg(Crypto::Exception::InputParam, "Error in EC type");
}
/* Create the context for generating the parameters */
Token(backendId, DataType(KeyType::KEY_ECDSA_PUBLIC), i2d(i2d_PUBKEY_bio, pkey.get())));
}
+Token createKeyAES(CryptoBackend backendId, const int sizeBits)
+{
+ // check the parameters of functions
+ if(sizeBits!=128 && sizeBits!=192 && sizeBits!=256) {
+ LogError("Error in AES input size");
+ ThrowMsg(Crypto::Exception::InputParam, "Error in AES input size");
+ }
+
+ uint8_t key[32];
+ int sizeBytes = sizeBits/8;
+ if (!RAND_bytes(key, sizeBytes)) {
+ LogError("Error in AES key generation");
+ ThrowMsg(Crypto::Exception::InternalError, "Error in AES key generation");
+ }
+
+ return Token(backendId, DataType(KeyType::KEY_AES), CKM::RawBuffer(key, key+sizeBytes));
+}
+
RawBuffer sign(EVP_PKEY *pkey,
const CryptoAlgorithm &alg,
const RawBuffer &message)
TokenPair createKeyPairRSA(CryptoBackend backendId, const int size);
TokenPair createKeyPairDSA(CryptoBackend backendId, const int size);
TokenPair createKeyPairECDSA(CryptoBackend backendId, ElipticCurve type1);
+Token createKeyAES(CryptoBackend backendId, const int sizeBits);
RawBuffer sign(EVP_PKEY *pkey,
const CryptoAlgorithm &alg,
ThrowMsg(Crypto::Exception::InputParam, "wrong key type");
}
+Token Store::generateSKey(const CryptoAlgorithm &algorithm)
+{
+ int keyLength = 0;
+ if(!algorithm.getParam(ParamName::GEN_KEY_LEN, keyLength))
+ ThrowMsg(Crypto::Exception::InputParam, "Error, parameter GEN_KEY_LEN not found.");
+
+ return Internals::createKeyAES(m_backendId, keyLength);
+}
+
Token Store::import(DataType dataType, const RawBuffer &buffer) {
return Token(m_backendId, dataType, buffer);
}
virtual GKeyShPtr getKey(const Token &token);
virtual TokenPair generateAKey(const CryptoAlgorithm &);
+ virtual Token generateSKey(const CryptoAlgorithm &);
virtual Token import(DataType dataType, const RawBuffer &buffer);
virtual void destroy(const Token &){}
};
#include <file-system.h>
#include <ckm-logic.h>
#include <key-impl.h>
+#include <key-aes-impl.h>
#include <certificate-config.h>
#include <certificate-store.h>
#include <dirent.h>
#include <algorithm>
#include <InitialValuesFile.h>
-
+#include <sw-backend/store.h>
#include <generic-backend/exception.h>
namespace {
// verify the data integrity
if (dataType.isKey())
{
- KeyShPtr output_key = CKM::Key::create(input_data);
+ KeyShPtr output_key;
+ if(dataType.isSKey())
+ output_key = CKM::Key::createAES(input_data);
+ else
+ output_key = CKM::Key::create(input_data);
if(output_key.get() == NULL)
{
LogError("provided binary data is not valid key data");
}
+int CKMLogic::createKeyAESHelper(
+ const Credentials &cred,
+ const int size,
+ const Name &name,
+ const Label &label,
+ const PolicySerializable &policy)
+{
+ CryptoAlgorithm keyGenAlgorithm;
+ keyGenAlgorithm.addParam(ParamName::GEN_KEY_LEN, size);
+ Token key = m_decider.getStore(DataType::KEY_AES, policy.extractable).generateSKey(keyGenAlgorithm);
+
+ return saveDataHelper(cred,
+ name,
+ label,
+ DataType::KEY_AES,
+ key.data,
+ policy);
+}
+
+
int CKMLogic::createKeyPairHelper(
const Credentials &cred,
const CryptoAlgorithmSerializable & keyGenParams,
commandId, retCode).Pop();
}
+RawBuffer CKMLogic::createKeyAES(
+ const Credentials &cred,
+ int commandId,
+ const int size,
+ const Name &name,
+ const Label &label,
+ const PolicySerializable &policy)
+{
+ int retCode = CKM_API_SUCCESS;
+
+ try {
+ retCode = createKeyAESHelper(cred, size, name, label, policy);
+ } catch (const Crypto::Exception::OperationNotSupported &e) {
+ LogDebug("GStore error: operation not supported: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
+ } catch (const Crypto::Exception::InternalError & e) {
+ LogDebug("GStore key generation failed: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
+ } catch( const Crypto::Exception::InputParam & e) {
+ LogDebug("Missing or wrong input parameters: " << e.GetMessage());
+ retCode = CKM_API_ERROR_INPUT_PARAM;
+ } catch (std::invalid_argument &e) {
+ LogDebug("invalid argument error: " << e.what());
+ retCode = CKM_API_ERROR_INPUT_PARAM;
+ } catch (DB::Crypto::Exception::TransactionError &e) {
+ LogDebug("DB::Crypto error: transaction error: " << e.GetMessage());
+ retCode = CKM_API_ERROR_DB_ERROR;
+ } catch (CKM::CryptoLogic::Exception::Base &e) {
+ LogDebug("CryptoLogic error: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
+ } catch (DB::Crypto::Exception::InternalError &e) {
+ LogDebug("DB::Crypto internal error: " << e.GetMessage());
+ retCode = CKM_API_ERROR_DB_ERROR;
+ } catch (const CKMLogic::Exception::DatabaseLocked &e) {
+ LogError("Error " << e.GetMessage());
+ retCode = CKM_API_ERROR_DB_LOCKED;
+ } catch (const CKM::Exception &e) {
+ LogError("CKM::Exception: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
+ }
+
+ return MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_KEY_AES),
+ commandId, retCode).Pop();
+}
+
int CKMLogic::readCertificateHelper(
const Credentials &cred,
const LabelNameVector &labelNameVector,
const PolicySerializable &policyPrivate,
const PolicySerializable &policyPublic);
+ RawBuffer createKeyAES(
+ const Credentials &cred,
+ int commandId,
+ const int size,
+ const Name &name,
+ const Label &label,
+ const PolicySerializable &policy);
+
RawBuffer getCertificateChain(
const Credentials &cred,
int commandId,
const Password &password,
DB::RowVector &rows);
+ int createKeyAESHelper(
+ const Credentials &cred,
+ const int size,
+ const Name &name,
+ const Label &label,
+ const PolicySerializable &policy);
+
int createKeyPairHelper(
const Credentials &cred,
const CryptoAlgorithmSerializable & keyGenParams,
msgID,
DataType(tmpDataType));
}
+ case LogicCommand::CREATE_KEY_AES:
+ {
+ int size = 0;
+ Name keyName;
+ Label keyLabel;
+ PolicySerializable policyKey;
+ buffer.Deserialize(size,
+ policyKey,
+ keyName,
+ keyLabel);
+ return m_logic->createKeyAES(
+ cred,
+ msgID,
+ size,
+ keyName,
+ keyLabel,
+ policyKey);
+ }
case LogicCommand::CREATE_KEY_PAIR:
{
CryptoAlgorithmSerializable keyGenAlgorithm;
projects / platform / core / security / key-manager.git / commitdiff