${KEY_MANAGER_PATH}/crypto/sw-backend/key.cpp
${KEY_MANAGER_PATH}/crypto/sw-backend/internals.cpp
${KEY_MANAGER_PATH}/crypto/sw-backend/store.cpp
- ${KEY_MANAGER_PATH}/crypto/sw-backend/crypto-service.cpp
${KEY_MANAGER_PATH}/crypto/platform/decider.cpp
${KEY_MANAGER_PATH}/crypto/tz-backend/key.cpp
${KEY_MANAGER_PATH}/crypto/tz-backend/store.cpp
"Backend not available. BackendId: " << (int)cryptoBackend);
}
-CryptoBackend Decider::chooseCryptoBackend(DataType dataType, const Policy &policy) const {
+GStore& Decider::getStore(DataType data, bool exportable) {
+ return getStore(chooseCryptoBackend(data, exportable));
+}
+
+CryptoBackend Decider::chooseCryptoBackend(DataType dataType, bool exportable) const {
// The list of items that MUST be support by OpenSSL
if (dataType.isCertificate())
return CryptoBackend::OpenSSL;
if (dataType.isBinaryData())
return CryptoBackend::OpenSSL;
- if (policy.extractable)
+ if (exportable)
return CryptoBackend::OpenSSL;
// This is the place where we can use trust zone backend
public:
Decider();
GStore& getStore(const Token &token);
- CryptoBackend chooseCryptoBackend(DataType data, const Policy &policy) const;
+ GStore& getStore(DataType data, bool exportable);
+ CryptoBackend chooseCryptoBackend(DataType data, bool exportable) const;
virtual ~Decider(){}
protected:
+++ /dev/null
-#include <iostream>
-#include <exception>
-#include <vector>
-#include <fstream>
-#include <string.h>
-#include <memory>
-
-#include <openssl/x509_vfy.h>
-#include <openssl/evp.h>
-#include <openssl/obj_mac.h>
-#include <openssl/ec.h>
-#include <openssl/dsa.h>
-#include <openssl/dh.h>
-#include <openssl/rsa.h>
-#include <openssl/bio.h>
-#include <openssl/rand.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/x509v3.h>
-#include <openssl/obj_mac.h>
-#include <ckm/ckm-error.h>
-#include <ckm/ckm-type.h>
-#include <key-impl.h>
-#include <sw-backend/crypto-service.h>
-#include <assert.h>
-#include <dpl/log/log.h>
-
-#define OPENSSL_SUCCESS 1 // DO NOTCHANGE THIS VALUE
-#define OPENSSL_FAIL 0 // DO NOTCHANGE THIS VALUE
-
-namespace CKM {
-namespace Crypto {
-namespace SW {
-
-CryptoService::CryptoService(){
-}
-
-CryptoService::~CryptoService(){
-}
-
-int CryptoService::createKeyPairRSA(const int size, // size in bits [1024, 2048, 4096]
- KeyImpl &createdPrivateKey, // returned value
- KeyImpl &createdPublicKey) // returned value
-{
- EVP_PKEY_CTX *ctx = NULL;
- EVP_PKEY *pkey = NULL;
- EVP_PKEY *pparam = NULL;
-
- // check the parameters of functions
- if(size != 1024 && size !=2048 && size != 4096) {
- LogError("Error in RSA input size");
- ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in RSA input size");
- }
-
- // check the parameters of functions
- if(&createdPrivateKey == NULL) {
- LogError("Error in createdPrivateKey value");
- ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in createdPrivateKey value");
- }
-
- // check the parameters of functions
- if(&createdPublicKey == NULL) {
- LogError("Error in createdPrivateKey value");
- ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in createdPublicKey value");
- }
-
- Try {
- if(!(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL))) {
- LogError("Error in EVP_PKEY_CTX_new_id function !!");
- ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_new_id function !!");
- }
-
- if(EVP_PKEY_keygen_init(ctx) <= 0) {
- LogError("Error in EVP_PKEY_keygen_init function !!");
- ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_keygen_init function !!");
- }
-
- if(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx,size) <= 0) {
- LogError("Error in EVP_PKEY_CTX_set_rsa_keygen_bits function !!");
- ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_set_rsa_keygen_bits function !!");
- }
-
- if(!EVP_PKEY_keygen(ctx, &pkey)) {
- LogError("Error in EVP_PKEY_keygen function !!");
- ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_keygen function !!");
- }
- } Catch(CryptoService::Exception::opensslError) {
- if(pkey) {
- EVP_PKEY_free(pkey);
- }
-
- if(pparam) {
- EVP_PKEY_free(pparam);
- }
-
- if(ctx) {
- EVP_PKEY_CTX_free(ctx);
- }
-
- ReThrowMsg(CryptoService::Exception::opensslError,"Error in opensslError function !!");
- }
-
- KeyImpl::EvpShPtr ptr(pkey, EVP_PKEY_free); // shared ptr will free pkey
-
- createdPrivateKey = KeyImpl(ptr, KeyType::KEY_RSA_PRIVATE);
- createdPublicKey = KeyImpl(ptr, KeyType::KEY_RSA_PUBLIC);
-
- if(pparam) {
- EVP_PKEY_free(pparam);
- }
-
- if(ctx) {
- EVP_PKEY_CTX_free(ctx);
- }
-
- return CKM_CRYPTO_CREATEKEY_SUCCESS;
-}
-
-
-int CryptoService::createKeyPairDSA(const int size, // size in bits [1024, 2048, 3072, 4096]
- KeyImpl &createdPrivateKey, // returned value
- KeyImpl &createdPublicKey) // returned value
-{
- EVP_PKEY_CTX *pctx = NULL;
- EVP_PKEY_CTX *kctx = NULL;
- EVP_PKEY *pkey = NULL;
- EVP_PKEY *pparam = NULL;
-
- // check the parameters of functions
- if(size != 1024 && size !=2048 && size !=3072 && size != 4096) {
- LogError("Error in DSA input size");
- ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in DSA input size");
- }
-
- // check the parameters of functions
- if(&createdPrivateKey == NULL) {
- LogError("Error in createdPrivateKey value");
- ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in createdPrivateKey value");
- }
-
- // check the parameters of functions
- if(&createdPublicKey == NULL) {
- LogError("Error in createdPrivateKey value");
- ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in createdPublicKey value");
- }
-
- Try {
- /* Create the context for generating the parameters */
- if(!(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DSA, NULL))) {
- LogError("Error in EVP_PKEY_CTX_new_id function");
- ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_new_id function");
- }
-
- if(EVP_SUCCESS != EVP_PKEY_paramgen_init(pctx)) {
- LogError("Error in EVP_PKEY_paramgen_init function");
- ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_paramgen_init function");
- }
-
- if(EVP_SUCCESS != EVP_PKEY_CTX_set_dsa_paramgen_bits(pctx, size)) {
- LogError("Error in EVP_PKEY_CTX_set_dsa_paramgen_bits(" << size << ") function");
- ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_set_dsa_paramgen_bits(" << size << ") function");
- }
-
- /* Generate parameters */
- if(EVP_SUCCESS != EVP_PKEY_paramgen(pctx, &pparam)) {
- LogError("Error in EVP_PKEY_paramgen function");
- ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_paramgen function");
- }
-
- // Start to generate key
- if(!(kctx = EVP_PKEY_CTX_new(pparam, NULL))) {
- LogError("Error in EVP_PKEY_CTX_new function");
- ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_new function");
- }
-
- if(EVP_SUCCESS != EVP_PKEY_keygen_init(kctx)) {
- LogError("Error in EVP_PKEY_keygen_init function");
- ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_keygen_init function");
- }
-
- /* Generate the key */
- if(EVP_SUCCESS != EVP_PKEY_keygen(kctx, &pkey)) {
- LogError("Error in EVP_PKEY_keygen function");
- ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_keygen function");
- }
- }
- Catch(CryptoService::Exception::opensslError)
- {
- if(pkey) {
- EVP_PKEY_free(pkey);
- }
-
- if(pparam) {
- EVP_PKEY_free(pparam);
- }
-
- if(pctx) {
- EVP_PKEY_CTX_free(pctx);
- }
-
- if(kctx) {
- EVP_PKEY_CTX_free(kctx);
- }
-
- ReThrowMsg(CryptoService::Exception::opensslError,"Error in openssl function !!");
- }
-
- KeyImpl::EvpShPtr ptr(pkey, EVP_PKEY_free); // shared ptr will free pkey
-
- createdPrivateKey = KeyImpl(ptr, KeyType::KEY_DSA_PRIVATE);
- createdPublicKey = KeyImpl(ptr, KeyType::KEY_DSA_PUBLIC);
-
- if(pparam) {
- EVP_PKEY_free(pparam);
- }
-
- if(pctx) {
- EVP_PKEY_CTX_free(pctx);
- }
-
- if(kctx) {
- EVP_PKEY_CTX_free(kctx);
- }
-
- return CKM_CRYPTO_CREATEKEY_SUCCESS;
-}
-
-
-int CryptoService::createKeyPairECDSA(ElipticCurve type,
- KeyImpl &createdPrivateKey, // returned value
- KeyImpl &createdPublicKey) // returned value
-{
- int ecCurve = NOT_DEFINED;
- EVP_PKEY_CTX *pctx = NULL;
- EVP_PKEY_CTX *kctx = NULL;
- EVP_PKEY *pkey = NULL;
- EVP_PKEY *pparam = NULL;
-
- switch(type) {
- case ElipticCurve::prime192v1:
- ecCurve = NID_X9_62_prime192v1;
- break;
- case ElipticCurve::prime256v1:
- ecCurve = NID_X9_62_prime256v1;
- break;
- case ElipticCurve::secp384r1:
- ecCurve = NID_secp384r1;
- break;
- default:
- LogError("Error in EC type");
- ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in EC type");
- }
-
- // check the parameters of functions
- if(&createdPrivateKey == NULL) {
- LogError("Error in createdPrivateKey value");
- ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in createdPrivateKey value");
- }
-
- // check the parameters of functions
- if(&createdPublicKey == NULL) {
- LogError("Error in createdPrivateKey value");
- ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in createdPublicKey value");
- }
-
- Try {
- /* Create the context for generating the parameters */
- if(!(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL))) {
- LogError("Error in EVP_PKEY_CTX_new_id function");
- ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_new_id function");
- }
-
- if(EVP_SUCCESS != EVP_PKEY_paramgen_init(pctx)) {
- LogError("Error in EVP_PKEY_paramgen_init function");
- ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_paramgen_init function");
- }
-
- if(EVP_SUCCESS != EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ecCurve)) {
- LogError("Error in EVP_PKEY_CTX_set_ec_paramgen_curve_nid function");
- ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_set_ec_paramgen_curve_nid function");
- }
-
- /* Generate parameters */
- if(EVP_SUCCESS != EVP_PKEY_paramgen(pctx, &pparam)) {
- LogError("Error in EVP_PKEY_paramgen function");
- ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_paramgen function");
- }
-
- // Start to generate key
- if(!(kctx = EVP_PKEY_CTX_new(pparam, NULL))) {
- LogError("Error in EVP_PKEY_CTX_new function");
- ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_new function");
- }
-
- if(EVP_SUCCESS != EVP_PKEY_keygen_init(kctx)) {
- LogError("Error in EVP_PKEY_keygen_init function");
- ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_keygen_init function");
- }
-
- /* Generate the key */
- if(EVP_SUCCESS != EVP_PKEY_keygen(kctx, &pkey)) {
- LogError("Error in EVP_PKEY_keygen function");
- ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_keygen function");
- }
- } Catch(CryptoService::Exception::opensslError) {
- if(pkey) {
- EVP_PKEY_free(pkey);
- }
-
- if(pparam) {
- EVP_PKEY_free(pparam);
- }
-
- if(pctx) {
- EVP_PKEY_CTX_free(pctx);
- }
-
- if(kctx) {
- EVP_PKEY_CTX_free(kctx);
- }
-
- ReThrowMsg(CryptoService::Exception::opensslError,"Error in openssl function !!");
- }
-
- KeyImpl::EvpShPtr ptr(pkey, EVP_PKEY_free); // shared ptr will free pkey
-
- createdPrivateKey = KeyImpl(ptr, KeyType::KEY_ECDSA_PRIVATE);
- createdPublicKey = KeyImpl(ptr, KeyType::KEY_ECDSA_PUBLIC);
-
- if(pparam) {
- EVP_PKEY_free(pparam);
- }
-
- if(pctx) {
- EVP_PKEY_CTX_free(pctx);
- }
-
- if(kctx) {
- EVP_PKEY_CTX_free(kctx);
- }
-
- return CKM_CRYPTO_CREATEKEY_SUCCESS;
-}
-
-} // namespace SW
-} // namespace Crypto
-} // namespace CKM
+++ /dev/null
-#pragma once
-
-#include <iostream>
-#include <key-impl.h>
-#include <certificate-impl.h>
-#include <ckm/ckm-type.h>
-#include <vector>
-#include <openssl/evp.h>
-#include <openssl/obj_mac.h>
-#include <openssl/ec.h>
-#include <openssl/dsa.h>
-#include <openssl/dh.h>
-#include <openssl/rsa.h>
-#include <openssl/bio.h>
-#include <openssl/rand.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <dpl/exception.h>
-
-#define DEV_HW_RANDOM_FILE "/dev/hwrng"
-#define DEV_URANDOM_FILE "/dev/urandom"
-
-#define EVP_SUCCESS 1 // DO NOTCHANGE THIS VALUE
-#define EVP_FAIL 0 // DO NOTCHANGE THIS VALUE
-
-#define CKM_CRYPTO_INIT_SUCCESS 1
-#define CKM_CRYPTO_CREATEKEY_SUCCESS 2
-#define CKM_VERIFY_CHAIN_SUCCESS 5
-#define NOT_DEFINED -1
-
-namespace CKM {
-namespace Crypto {
-namespace SW {
-
- // typedef std::vector<unsigned char> RawData; this must be defined in common header.
- // This is internal api so all functions should throw exception on errors.
-class CryptoService {
-public:
- CryptoService();
- virtual ~CryptoService();
-
- class Exception {
- public:
- DECLARE_EXCEPTION_TYPE(CKM::Exception, Base)
- DECLARE_EXCEPTION_TYPE(Base, Crypto_internal);
- DECLARE_EXCEPTION_TYPE(Base, opensslError);
- };
-
- static int createKeyPairRSA(const int size, // size in bits [1024, 2048, 4096]
- KeyImpl &createdPrivateKey, // returned value ==> Key &createdPrivateKey,
- KeyImpl &createdPublicKey); // returned value ==> Key &createdPublicKey
-
- static int createKeyPairDSA(const int size, // size in bits [1024, 2048, 3072, 4096]
- KeyImpl &createdPrivateKey, // returned value ==> Key &createdPrivateKey,
- KeyImpl &createdPublicKey); // returned value ==> Key &createdPublicKey
-
- static int createKeyPairECDSA(ElipticCurve type1,
- KeyImpl &createdPrivateKey, // returned value
- KeyImpl &createdPublicKey); // returned value
-
-private:
-
-};
-
-} // namespace SW
-} // namespace Crypto
-} // namespace CKM
-
*/
#include <exception>
#include <fstream>
+#include <utility>
-#include <openssl/x509_vfy.h>
#include <openssl/evp.h>
#include <openssl/obj_mac.h>
#include <openssl/ec.h>
#include <openssl/dsa.h>
-#include <openssl/dh.h>
#include <openssl/rsa.h>
#include <openssl/bio.h>
#include <openssl/rand.h>
#include <openssl/obj_mac.h>
#include <ckm/ckm-error.h>
-#include <ckm/ckm-type.h>
-#include <key-impl.h>
#include <assert.h>
#include <dpl/log/log.h>
namespace {
typedef std::unique_ptr<EVP_MD_CTX, std::function<void(EVP_MD_CTX*)>> EvpMdCtxUPtr;
typedef std::unique_ptr<EVP_PKEY_CTX, std::function<void(EVP_PKEY_CTX*)>> EvpPkeyCtxUPtr;
+typedef std::unique_ptr<EVP_PKEY, std::function<void(EVP_PKEY*)>> EvpPkeyUPtr;
+
+typedef std::unique_ptr<BIO, std::function<void(BIO*)>> BioUniquePtr;
+typedef int(*I2D_CONV)(BIO*, EVP_PKEY*);
+CKM::RawBuffer i2d(I2D_CONV fun, EVP_PKEY* pkey) {
+ BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all);
+
+ if (NULL == pkey) {
+ LogDebug("attempt to parse an empty key!");
+ ThrowMsg(CKM::Crypto::Exception::InternalError, "attempt to parse an empty key!");
+ }
+
+ if (NULL == bio.get()) {
+ LogError("Error in memory allocation! Function: BIO_new.");
+ ThrowMsg(CKM::Crypto::Exception::InternalError, "Error in memory allocation! Function: BIO_new.");
+ }
+
+ if (1 != fun(bio.get(), pkey)) {
+ LogError("Error in conversion EVP_PKEY to DER");
+ ThrowMsg(CKM::Crypto::Exception::InternalError, "Error in conversion EVP_PKEY to DER");
+ }
+
+ CKM::RawBuffer output(8196);
+
+ int size = BIO_read(bio.get(), output.data(), output.size());
+
+ if (size <= 0) {
+ LogError("Error in BIO_read: " << size);
+ ThrowMsg(CKM::Crypto::Exception::InternalError, "Error in BIO_read: " << size);
+ }
+
+ output.resize(size);
+ return output;
+}
} // anonymous namespace
namespace CKM {
return rsa_padding;
}
-void createKeyPairRSA(const int size, // size in bits [1024, 2048, 4096]
- KeyImpl &createdPrivateKey, // returned value
- KeyImpl &createdPublicKey) // returned value
+TokenPair createKeyPairRSA(CryptoBackend backendId, const int size)
{
- EVP_PKEY_CTX *ctx = NULL;
- EVP_PKEY *pkey = NULL;
- EVP_PKEY *pparam = NULL;
+ EvpPkeyUPtr pkey;
// check the parameters of functions
- if(size != 1024 && size !=2048 && size != 4096) {
+ if(size!=1024 && size!=2048 && size!=4096) {
LogError("Error in RSA input size");
- ThrowMsg(Crypto::Exception::InternalError, "Error in RSA input size");
+ ThrowMsg(Crypto::Exception::InputParam, "Error in RSA input size");
}
- // check the parameters of functions
- if(&createdPrivateKey == NULL) {
- LogError("Error in createdPrivateKey value");
- ThrowMsg(Crypto::Exception::InternalError, "Error in createdPrivateKey value");
+ EvpPkeyCtxUPtr ctx(EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL), EVP_PKEY_CTX_free);
+ if(!ctx) {
+ LogError("Error in EVP_PKEY_CTX_new_id function !!");
+ ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_new_id function !!");
}
- // check the parameters of functions
- if(&createdPublicKey == NULL) {
- LogError("Error in createdPrivateKey value");
- ThrowMsg(Crypto::Exception::InternalError, "Error in createdPublicKey value");
+ if(EVP_PKEY_keygen_init(ctx.get()) <= 0) {
+ LogError("Error in EVP_PKEY_keygen_init function !!");
+ ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_keygen_init function !!");
}
- Try {
- if(!(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL))) {
- LogError("Error in EVP_PKEY_CTX_new_id function !!");
- ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_new_id function !!");
- }
+ if(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx.get(), size) <= 0) {
+ LogError("Error in EVP_PKEY_CTX_set_rsa_keygen_bits function !!");
+ ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_set_rsa_keygen_bits function !!");
+ }
- if(EVP_PKEY_keygen_init(ctx) <= 0) {
- LogError("Error in EVP_PKEY_keygen_init function !!");
- ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_keygen_init function !!");
- }
+ EVP_PKEY *pkeyTmp = NULL;
+ if(!EVP_PKEY_keygen(ctx.get(), &pkeyTmp)) {
+ LogError("Error in EVP_PKEY_keygen function !!");
+ ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_keygen function !!");
+ }
+ pkey = EvpPkeyUPtr(pkeyTmp, EVP_PKEY_free);
- if(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx,size) <= 0) {
- LogError("Error in EVP_PKEY_CTX_set_rsa_keygen_bits function !!");
- ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_set_rsa_keygen_bits function !!");
- }
+ return std::make_pair<Token, Token>(Token(backendId, DataType(KeyType::KEY_RSA_PRIVATE), i2d(i2d_PrivateKey_bio, pkey.get())),
+ Token(backendId, DataType(KeyType::KEY_RSA_PUBLIC), i2d(i2d_PUBKEY_bio, pkey.get())));
+}
- if(!EVP_PKEY_keygen(ctx, &pkey)) {
- LogError("Error in EVP_PKEY_keygen function !!");
- ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_keygen function !!");
- }
- } Catch(Crypto::Exception::InternalError) {
- if(pkey) {
- EVP_PKEY_free(pkey);
- }
- if(pparam) {
- EVP_PKEY_free(pparam);
- }
+TokenPair createKeyPairDSA(CryptoBackend backendId, const int size)
+{
+ EvpPkeyUPtr pkey;
+ EvpPkeyUPtr pparam;
- if(ctx) {
- EVP_PKEY_CTX_free(ctx);
- }
+ // check the parameters of functions
+ if(size!=1024 && size!=2048 && size!=3072 && size!=4096) {
+ LogError("Error in DSA input size");
+ ThrowMsg(Exception::InputParam, "Error in DSA input size");
+ }
- ReThrowMsg(Crypto::Exception::InternalError,"Error in opensslError function !!");
+ /* Create the context for generating the parameters */
+ EvpPkeyCtxUPtr pctx(EVP_PKEY_CTX_new_id(EVP_PKEY_DSA, NULL), EVP_PKEY_CTX_free);
+ if(!pctx) {
+ LogError("Error in EVP_PKEY_CTX_new_id function");
+ ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_new_id function");
}
- KeyImpl::EvpShPtr ptr(pkey, EVP_PKEY_free); // shared ptr will free pkey
+ if(EVP_SUCCESS != EVP_PKEY_paramgen_init(pctx.get())) {
+ LogError("Error in EVP_PKEY_paramgen_init function");
+ ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_paramgen_init function");
+ }
- createdPrivateKey = KeyImpl(ptr, KeyType::KEY_RSA_PRIVATE);
- createdPublicKey = KeyImpl(ptr, KeyType::KEY_RSA_PUBLIC);
+ if(EVP_SUCCESS != EVP_PKEY_CTX_set_dsa_paramgen_bits(pctx.get(), size)) {
+ LogError("Error in EVP_PKEY_CTX_set_dsa_paramgen_bits(" << size << ") function");
+ ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_set_dsa_paramgen_bits(" << size << ") function");
+ }
- if(pparam) {
- EVP_PKEY_free(pparam);
+ /* Generate parameters */
+ EVP_PKEY *pparamTmp = NULL;
+ if(EVP_SUCCESS != EVP_PKEY_paramgen(pctx.get(), &pparamTmp)) {
+ LogError("Error in EVP_PKEY_paramgen function");
+ ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_paramgen function");
}
+ pparam = EvpPkeyUPtr(pparamTmp, EVP_PKEY_free);
- if(ctx) {
- EVP_PKEY_CTX_free(ctx);
+ // Start to generate key
+ EvpPkeyCtxUPtr kctx(EVP_PKEY_CTX_new(pparam.get(), NULL), EVP_PKEY_CTX_free);
+ if(!kctx) {
+ LogError("Error in EVP_PKEY_CTX_new function");
+ ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_new function");
}
-}
+ if(EVP_SUCCESS != EVP_PKEY_keygen_init(kctx.get())) {
+ LogError("Error in EVP_PKEY_keygen_init function");
+ ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_keygen_init function");
+ }
-void createKeyPairDSA(const int size, // size in bits [1024, 2048, 3072, 4096]
- KeyImpl &createdPrivateKey, // returned value
- KeyImpl &createdPublicKey) // returned value
-{
- EVP_PKEY_CTX *pctx = NULL;
- EVP_PKEY_CTX *kctx = NULL;
- EVP_PKEY *pkey = NULL;
- EVP_PKEY *pparam = NULL;
-
- // check the parameters of functions
- if(size != 1024 && size !=2048 && size !=3072 && size != 4096) {
- LogError("Error in DSA input size");
- ThrowMsg(Exception::InternalError, "Error in DSA input size");
- }
-
- // check the parameters of functions
- if(&createdPrivateKey == NULL) {
- LogError("Error in createdPrivateKey value");
- ThrowMsg(Exception::InternalError, "Error in createdPrivateKey value");
- }
-
- // check the parameters of functions
- if(&createdPublicKey == NULL) {
- LogError("Error in createdPrivateKey value");
- ThrowMsg(Exception::InternalError, "Error in createdPublicKey value");
- }
-
- Try {
- /* Create the context for generating the parameters */
- if(!(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DSA, NULL))) {
- LogError("Error in EVP_PKEY_CTX_new_id function");
- ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_new_id function");
- }
-
- if(EVP_SUCCESS != EVP_PKEY_paramgen_init(pctx)) {
- LogError("Error in EVP_PKEY_paramgen_init function");
- ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_paramgen_init function");
- }
-
- if(EVP_SUCCESS != EVP_PKEY_CTX_set_dsa_paramgen_bits(pctx, size)) {
- LogError("Error in EVP_PKEY_CTX_set_dsa_paramgen_bits(" << size << ") function");
- ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_set_dsa_paramgen_bits(" << size << ") function");
- }
-
- /* Generate parameters */
- if(EVP_SUCCESS != EVP_PKEY_paramgen(pctx, &pparam)) {
- LogError("Error in EVP_PKEY_paramgen function");
- ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_paramgen function");
- }
-
- // Start to generate key
- if(!(kctx = EVP_PKEY_CTX_new(pparam, NULL))) {
- LogError("Error in EVP_PKEY_CTX_new function");
- ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_new function");
- }
-
- if(EVP_SUCCESS != EVP_PKEY_keygen_init(kctx)) {
- LogError("Error in EVP_PKEY_keygen_init function");
- ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_keygen_init function");
- }
-
- /* Generate the key */
- if(EVP_SUCCESS != EVP_PKEY_keygen(kctx, &pkey)) {
- LogError("Error in EVP_PKEY_keygen function");
- ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_keygen function");
- }
- }
- Catch(Crypto::Exception::InternalError)
- {
- if(pkey) {
- EVP_PKEY_free(pkey);
- }
-
- if(pparam) {
- EVP_PKEY_free(pparam);
- }
-
- if(pctx) {
- EVP_PKEY_CTX_free(pctx);
- }
-
- if(kctx) {
- EVP_PKEY_CTX_free(kctx);
- }
-
- ReThrowMsg(Crypto::Exception::InternalError,"Error in openssl function !!");
- }
-
- KeyImpl::EvpShPtr ptr(pkey, EVP_PKEY_free); // shared ptr will free pkey
-
- createdPrivateKey = KeyImpl(ptr, KeyType::KEY_DSA_PRIVATE);
- createdPublicKey = KeyImpl(ptr, KeyType::KEY_DSA_PUBLIC);
-
- if(pparam) {
- EVP_PKEY_free(pparam);
- }
-
- if(pctx) {
- EVP_PKEY_CTX_free(pctx);
- }
-
- if(kctx) {
- EVP_PKEY_CTX_free(kctx);
- }
+ /* Generate the key */
+ EVP_PKEY *pkeyTmp = NULL;
+ if(!EVP_PKEY_keygen(kctx.get(), &pkeyTmp)) {
+ LogError("Error in EVP_PKEY_keygen function !!");
+ ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_keygen function !!");
+ }
+ pkey = EvpPkeyUPtr(pkeyTmp, EVP_PKEY_free);
+
+ return std::make_pair<Token, Token>(Token(backendId, DataType(KeyType::KEY_DSA_PRIVATE), i2d(i2d_PrivateKey_bio, pkey.get())),
+ Token(backendId, DataType(KeyType::KEY_DSA_PUBLIC), i2d(i2d_PUBKEY_bio, pkey.get())));
}
-void createKeyPairECDSA(ElipticCurve type,
- KeyImpl &createdPrivateKey, // returned value
- KeyImpl &createdPublicKey) // returned value
+TokenPair createKeyPairECDSA(CryptoBackend backendId, ElipticCurve type)
{
int ecCurve = NOT_DEFINED;
- EVP_PKEY_CTX *pctx = NULL;
- EVP_PKEY_CTX *kctx = NULL;
- EVP_PKEY *pkey = NULL;
- EVP_PKEY *pparam = NULL;
+ EvpPkeyUPtr pkey;
+ EvpPkeyUPtr pparam;
switch(type) {
case ElipticCurve::prime192v1:
break;
default:
LogError("Error in EC type");
- ThrowMsg(Exception::InternalError, "Error in EC type");
+ ThrowMsg(Exception::InputParam, "Error in EC type");
}
- // check the parameters of functions
- if(&createdPrivateKey == NULL) {
- LogError("Error in createdPrivateKey value");
- ThrowMsg(Exception::InternalError, "Error in createdPrivateKey value");
+ /* Create the context for generating the parameters */
+ EvpPkeyCtxUPtr pctx(EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL), EVP_PKEY_CTX_free);
+ if(!pctx) {
+ LogError("Error in EVP_PKEY_CTX_new_id function");
+ ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_new_id function");
}
- // check the parameters of functions
- if(&createdPublicKey == NULL) {
- LogError("Error in createdPrivateKey value");
- ThrowMsg(Exception::InternalError, "Error in createdPublicKey value");
+ if(EVP_SUCCESS != EVP_PKEY_paramgen_init(pctx.get())) {
+ LogError("Error in EVP_PKEY_paramgen_init function");
+ ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_paramgen_init function");
}
- Try {
- /* Create the context for generating the parameters */
- if(!(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL))) {
- LogError("Error in EVP_PKEY_CTX_new_id function");
- ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_new_id function");
- }
-
- if(EVP_SUCCESS != EVP_PKEY_paramgen_init(pctx)) {
- LogError("Error in EVP_PKEY_paramgen_init function");
- ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_paramgen_init function");
- }
-
- if(EVP_SUCCESS != EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ecCurve)) {
- LogError("Error in EVP_PKEY_CTX_set_ec_paramgen_curve_nid function");
- ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_set_ec_paramgen_curve_nid function");
- }
-
- /* Generate parameters */
- if(EVP_SUCCESS != EVP_PKEY_paramgen(pctx, &pparam)) {
- LogError("Error in EVP_PKEY_paramgen function");
- ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_paramgen function");
- }
-
- // Start to generate key
- if(!(kctx = EVP_PKEY_CTX_new(pparam, NULL))) {
- LogError("Error in EVP_PKEY_CTX_new function");
- ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_new function");
- }
-
- if(EVP_SUCCESS != EVP_PKEY_keygen_init(kctx)) {
- LogError("Error in EVP_PKEY_keygen_init function");
- ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_keygen_init function");
- }
-
- /* Generate the key */
- if(EVP_SUCCESS != EVP_PKEY_keygen(kctx, &pkey)) {
- LogError("Error in EVP_PKEY_keygen function");
- ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_keygen function");
- }
- } Catch(Crypto::Exception::InternalError) {
- if(pkey) {
- EVP_PKEY_free(pkey);
- }
-
- if(pparam) {
- EVP_PKEY_free(pparam);
- }
-
- if(pctx) {
- EVP_PKEY_CTX_free(pctx);
- }
-
- if(kctx) {
- EVP_PKEY_CTX_free(kctx);
- }
-
- ReThrowMsg(Crypto::Exception::InternalError,"Error in openssl function !!");
+ if(EVP_SUCCESS != EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx.get(), ecCurve)) {
+ LogError("Error in EVP_PKEY_CTX_set_ec_paramgen_curve_nid function");
+ ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_set_ec_paramgen_curve_nid function");
}
- KeyImpl::EvpShPtr ptr(pkey, EVP_PKEY_free); // shared ptr will free pkey
-
- createdPrivateKey = KeyImpl(ptr, KeyType::KEY_ECDSA_PRIVATE);
- createdPublicKey = KeyImpl(ptr, KeyType::KEY_ECDSA_PUBLIC);
-
- if(pparam) {
- EVP_PKEY_free(pparam);
+ /* Generate parameters */
+ EVP_PKEY *pparamTmp = NULL;
+ if(EVP_SUCCESS != EVP_PKEY_paramgen(pctx.get(), &pparamTmp)) {
+ LogError("Error in EVP_PKEY_paramgen function");
+ ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_paramgen function");
}
+ pparam = EvpPkeyUPtr(pparamTmp, EVP_PKEY_free);
- if(pctx) {
- EVP_PKEY_CTX_free(pctx);
+ // Start to generate key
+ EvpPkeyCtxUPtr kctx(EVP_PKEY_CTX_new(pparam.get(), NULL), EVP_PKEY_CTX_free);
+ if(!kctx) {
+ LogError("Error in EVP_PKEY_CTX_new function");
+ ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_new function");
}
- if(kctx) {
- EVP_PKEY_CTX_free(kctx);
+ if(EVP_SUCCESS != EVP_PKEY_keygen_init(kctx.get())) {
+ LogError("Error in EVP_PKEY_keygen_init function");
+ ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_keygen_init function");
}
+
+ /* Generate the key */
+ EVP_PKEY *pkeyTmp = NULL;
+ if(!EVP_PKEY_keygen(kctx.get(), &pkeyTmp)) {
+ LogError("Error in EVP_PKEY_keygen function !!");
+ ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_keygen function !!");
+ }
+ pkey = EvpPkeyUPtr(pkeyTmp, EVP_PKEY_free);
+
+ return std::make_pair<Token, Token>(Token(backendId, DataType(KeyType::KEY_ECDSA_PRIVATE), i2d(i2d_PrivateKey_bio, pkey.get())),
+ Token(backendId, DataType(KeyType::KEY_ECDSA_PUBLIC), i2d(i2d_PUBKEY_bio, pkey.get())));
}
RawBuffer sign(EVP_PKEY *pkey,
#include <certificate-impl.h>
#include <ckm/ckm-type.h>
#include <openssl/evp.h>
+#include <token.h>
#define EVP_SUCCESS 1 // DO NOTCHANGE THIS VALUE
#define EVP_FAIL 0 // DO NOTCHANGE THIS VALUE
// entropy source - /dev/random,/dev/urandom(Default)
int initialize();
-void createKeyPairRSA(const int size,
- KeyImpl &createdPrivateKey,
- KeyImpl &createdPublicKey);
-
-void createKeyPairDSA(const int size,
- KeyImpl &createdPrivateKey,
- KeyImpl &createdPublicKey);
-
-void createKeyPairECDSA(ElipticCurve type1,
- KeyImpl &createdPrivateKey,
- KeyImpl &createdPublicKey);
+TokenPair createKeyPairRSA(CryptoBackend backendId, const int size);
+TokenPair createKeyPairDSA(CryptoBackend backendId, const int size);
+TokenPair createKeyPairECDSA(CryptoBackend backendId, ElipticCurve type1);
RawBuffer sign(EVP_PKEY *pkey,
const CryptoAlgorithm &alg,
"This type of data is not supported by openssl backend: " << (int)token.dataType);
}
+TokenPair Store::generateAKey(const CryptoAlgorithm &algorithm)
+{
+ AlgoType keyType = AlgoType::RSA;
+ algorithm.getParam(ParamName::ALGO_TYPE, keyType);
+
+ if(keyType == AlgoType::RSA || keyType == AlgoType::DSA)
+ {
+ int keyLength = 0;
+ if(!algorithm.getParam(ParamName::GEN_KEY_LEN, keyLength))
+ ThrowMsg(Crypto::Exception::InputParam, "Error, parameter GEN_KEY_LEN not found.");
+
+ if(keyType == AlgoType::RSA)
+ return Internals::createKeyPairRSA(m_backendId, keyLength);
+ else
+ return Internals::createKeyPairDSA(m_backendId, keyLength);
+ }
+ else if(keyType == AlgoType::ECDSA)
+ {
+ int ecType = 0;
+ if(!algorithm.getParam(ParamName::GEN_EC, ecType))
+ ThrowMsg(Crypto::Exception::InputParam, "Error, parameter GEN_EC not found.");
+
+ return Internals::createKeyPairECDSA(m_backendId, static_cast<ElipticCurve>(ecType));
+ }
+ ThrowMsg(Crypto::Exception::InputParam, "wrong key type");
+}
+
Token Store::import(DataType dataType, const RawBuffer &buffer) {
return Token(m_backendId, dataType, buffer);
}
+
+
+
+
} // namespace SW
} // namespace Crypto
} // namespace CKM
explicit Store(CryptoBackend backendId);
virtual GKeyShPtr getKey(const Token &token);
+ virtual TokenPair generateAKey(const CryptoAlgorithm &);
virtual Token import(DataType dataType, const RawBuffer &buffer);
virtual void destroy(const Token &){}
};
ThrowMsg(Exception::Base, "Trust zone backend is not implemented!");
}
+TokenPair Store::generateAKey(const CryptoAlgorithm &) {
+ LogError("Trust zone backend is not implemented!");
+ ThrowMsg(Exception::Base, "Trust zone backend is not implemented!");
+}
+
Token Store::import(DataType, const RawBuffer &) {
LogError("Trust zone backend is not implemented!");
ThrowMsg(Exception::Base, "Trust zone backend is not implemented!");
explicit Store(CryptoBackend backendId);
virtual GKeyShPtr getKey(const Token &token);
+ virtual TokenPair generateAKey(const CryptoAlgorithm &);
virtual Token import(DataType dataType, const RawBuffer &buffer);
virtual void destroy(const Token &){}
};
#include <InitialValuesFile.h>
#include <generic-backend/exception.h>
-#include <sw-backend/crypto-service.h>
namespace {
const char * const CERT_SYSTEM_DIR = "/etc/ssl/certs";
const Policy &policy) const
{
DB::Row row(name, label, static_cast<int>(policy.extractable), dataType, data, static_cast<int>(data.size()));
- row.backendId = m_decider.chooseCryptoBackend(dataType, policy);
+ row.backendId = m_decider.chooseCryptoBackend(dataType, policy.extractable);
// do not encrypt data with password during cc_mode on
if(m_accessControl.isCCMode()) {
const PolicySerializable &policyPrivate,
const PolicySerializable &policyPublic)
{
- auto &handlerPriv = selectDatabase(cred, labelPrivate);
- auto &handlerPub = selectDatabase(cred, labelPublic);
-
-
- int retCode;
- KeyImpl prv, pub;
+ CryptoAlgorithm keyGenAlgorithm;
switch(key_type)
{
case KeyType::KEY_RSA_PUBLIC:
case KeyType::KEY_RSA_PRIVATE:
- retCode = Crypto::SW::CryptoService::createKeyPairRSA(additional_param, prv, pub);
+ keyGenAlgorithm.addParam(ParamName::ALGO_TYPE, AlgoType::RSA);
+ keyGenAlgorithm.addParam(ParamName::GEN_KEY_LEN, additional_param);
break;
case KeyType::KEY_DSA_PUBLIC:
case KeyType::KEY_DSA_PRIVATE:
- retCode = Crypto::SW::CryptoService::createKeyPairDSA(additional_param, prv, pub);
+ keyGenAlgorithm.addParam(ParamName::ALGO_TYPE, AlgoType::DSA);
+ keyGenAlgorithm.addParam(ParamName::GEN_KEY_LEN, additional_param);
break;
case KeyType::KEY_ECDSA_PUBLIC:
case KeyType::KEY_ECDSA_PRIVATE:
- retCode = Crypto::SW::CryptoService::createKeyPairECDSA(static_cast<ElipticCurve>(additional_param), prv, pub);
+ keyGenAlgorithm.addParam(ParamName::ALGO_TYPE, AlgoType::ECDSA);
+ keyGenAlgorithm.addParam(ParamName::GEN_EC, additional_param);
break;
default:
+ LogError("Invalid key_type for asymetric key generation: " << (int)key_type);
return CKM_API_ERROR_INPUT_PARAM;
}
- if (CKM_CRYPTO_CREATEKEY_SUCCESS != retCode)
- {
- LogDebug("CryptoService error with code: " << retCode);
- return CKM_API_ERROR_SERVER_ERROR; // TODO error code
- }
+ auto &handlerPriv = selectDatabase(cred, labelPrivate);
+ auto &handlerPub = selectDatabase(cred, labelPublic);
+
+ bool exportable = policyPrivate.extractable || policyPublic.extractable;
+ TokenPair keys = m_decider.getStore(DataType(key_type), exportable).generateAKey(keyGenAlgorithm);
DB::Crypto::Transaction transactionPriv(&handlerPriv.database);
// in case the same database is used for private and public - the second
// transaction will not be executed
DB::Crypto::Transaction transactionPub(&handlerPub.database);
- retCode = saveDataHelper(cred,
+ int retCode = saveDataHelper(cred,
namePrivate,
labelPrivate,
- DataType(prv.getType()),
- prv.getDER(),
+ keys.first.dataType,
+ keys.first.data,
policyPrivate);
if (CKM_API_SUCCESS != retCode)
return retCode;
retCode = saveDataHelper(cred,
namePublic,
labelPublic,
- DataType(pub.getType()),
- pub.getDER(),
+ keys.second.dataType,
+ keys.second.data,
policyPublic);
if (CKM_API_SUCCESS != retCode)
return retCode;
transactionPub.commit();
transactionPriv.commit();
-
- return retCode;
+ return CKM_API_SUCCESS;
}
RawBuffer CKMLogic::createKeyPair(
labelPublic,
policyPrivate,
policyPublic);
+ } catch (const Crypto::Exception::OperationNotSupported &e) {
+ LogDebug("GStore error: operation not supported: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
+ } catch (const Crypto::Exception::InternalError & e) {
+ LogDebug("GStore key generation failed: " << e.GetMessage());
+ retCode = CKM_API_ERROR_SERVER_ERROR;
+ } catch( const Crypto::Exception::InputParam & e) {
+ LogDebug("Missing or wrong input parameters: " << e.GetMessage());
+ retCode = CKM_API_ERROR_INPUT_PARAM;
} catch (DB::Crypto::Exception::TransactionError &e) {
LogDebug("DB::Crypto error: transaction error: " << e.GetMessage());
retCode = CKM_API_ERROR_DB_ERROR;
try {
DB::Row row;
- KeyImpl key;
CryptoAlgorithm params;
params.addParam(ParamName::SV_HASH_ALGO, hash);
if (retCode == CKM_API_SUCCESS) {
retCode = m_decider.getStore(row).getKey(row)->verify(params, message, signature);
}
- } catch (const Crypto::SW::CryptoService::Exception::Crypto_internal &e) {
- LogError("KeyProvider failed with message: " << e.GetMessage());
- retCode = CKM_API_ERROR_SERVER_ERROR;
- } catch (const Crypto::SW::CryptoService::Exception::opensslError &e) {
- LogError("KeyProvider failed with message: " << e.GetMessage());
+ } catch (const Crypto::Exception::Base &e) {
+ LogError("GStore failed with error: " << e.GetMessage());
retCode = CKM_API_ERROR_SERVER_ERROR;
} catch (const KeyProvider::Exception::Base &e) {
LogError("KeyProvider failed with error: " << e.GetMessage());
projects / platform / core / security / key-manager.git / commitdiff