From: Maciej J. Karpiuk Date: Wed, 27 May 2015 13:01:48 +0000 (+0200) Subject: crypto-service key generation contents moved into SW backend. X-Git-Tag: accepted/tizen/mobile/20150629.000431~12 X-Git-Url: http://review.tizen.org/git/?p=platform%2Fcore%2Fsecurity%2Fkey-manager.git;a=commitdiff_plain;h=a7828fd8c2a30b7e48624e1cb3c424742cc2de7e crypto-service key generation contents moved into SW backend. Change-Id: Icf746f14b7bcbd4bc1ac847dae4de0e4ad23a194 --- diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index a114f40..1460a53 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -50,7 +50,6 @@ SET(KEY_MANAGER_SOURCES ${KEY_MANAGER_PATH}/crypto/sw-backend/key.cpp ${KEY_MANAGER_PATH}/crypto/sw-backend/internals.cpp ${KEY_MANAGER_PATH}/crypto/sw-backend/store.cpp - ${KEY_MANAGER_PATH}/crypto/sw-backend/crypto-service.cpp ${KEY_MANAGER_PATH}/crypto/platform/decider.cpp ${KEY_MANAGER_PATH}/crypto/tz-backend/key.cpp ${KEY_MANAGER_PATH}/crypto/tz-backend/store.cpp diff --git a/src/manager/crypto/platform/decider.cpp b/src/manager/crypto/platform/decider.cpp index 7a985bf..f934642 100644 --- a/src/manager/crypto/platform/decider.cpp +++ b/src/manager/crypto/platform/decider.cpp @@ -54,7 +54,11 @@ GStore& Decider::getStore(CryptoBackend cryptoBackend) { "Backend not available. BackendId: " << (int)cryptoBackend); } -CryptoBackend Decider::chooseCryptoBackend(DataType dataType, const Policy &policy) const { +GStore& Decider::getStore(DataType data, bool exportable) { + return getStore(chooseCryptoBackend(data, exportable)); +} + +CryptoBackend Decider::chooseCryptoBackend(DataType dataType, bool exportable) const { // The list of items that MUST be support by OpenSSL if (dataType.isCertificate()) return CryptoBackend::OpenSSL; @@ -62,7 +66,7 @@ CryptoBackend Decider::chooseCryptoBackend(DataType dataType, const Policy &poli if (dataType.isBinaryData()) return CryptoBackend::OpenSSL; - if (policy.extractable) + if (exportable) return CryptoBackend::OpenSSL; // This is the place where we can use trust zone backend diff --git a/src/manager/crypto/platform/decider.h b/src/manager/crypto/platform/decider.h index c14a743..95348dc 100644 --- a/src/manager/crypto/platform/decider.h +++ b/src/manager/crypto/platform/decider.h @@ -36,7 +36,8 @@ class Decider { public: Decider(); GStore& getStore(const Token &token); - CryptoBackend chooseCryptoBackend(DataType data, const Policy &policy) const; + GStore& getStore(DataType data, bool exportable); + CryptoBackend chooseCryptoBackend(DataType data, bool exportable) const; virtual ~Decider(){} protected: diff --git a/src/manager/crypto/sw-backend/crypto-service.cpp b/src/manager/crypto/sw-backend/crypto-service.cpp deleted file mode 100644 index 73b8029..0000000 --- a/src/manager/crypto/sw-backend/crypto-service.cpp +++ /dev/null @@ -1,347 +0,0 @@ -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define OPENSSL_SUCCESS 1 // DO NOTCHANGE THIS VALUE -#define OPENSSL_FAIL 0 // DO NOTCHANGE THIS VALUE - -namespace CKM { -namespace Crypto { -namespace SW { - -CryptoService::CryptoService(){ -} - -CryptoService::~CryptoService(){ -} - -int CryptoService::createKeyPairRSA(const int size, // size in bits [1024, 2048, 4096] - KeyImpl &createdPrivateKey, // returned value - KeyImpl &createdPublicKey) // returned value -{ - EVP_PKEY_CTX *ctx = NULL; - EVP_PKEY *pkey = NULL; - EVP_PKEY *pparam = NULL; - - // check the parameters of functions - if(size != 1024 && size !=2048 && size != 4096) { - LogError("Error in RSA input size"); - ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in RSA input size"); - } - - // check the parameters of functions - if(&createdPrivateKey == NULL) { - LogError("Error in createdPrivateKey value"); - ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in createdPrivateKey value"); - } - - // check the parameters of functions - if(&createdPublicKey == NULL) { - LogError("Error in createdPrivateKey value"); - ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in createdPublicKey value"); - } - - Try { - if(!(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL))) { - LogError("Error in EVP_PKEY_CTX_new_id function !!"); - ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_new_id function !!"); - } - - if(EVP_PKEY_keygen_init(ctx) <= 0) { - LogError("Error in EVP_PKEY_keygen_init function !!"); - ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_keygen_init function !!"); - } - - if(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx,size) <= 0) { - LogError("Error in EVP_PKEY_CTX_set_rsa_keygen_bits function !!"); - ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_set_rsa_keygen_bits function !!"); - } - - if(!EVP_PKEY_keygen(ctx, &pkey)) { - LogError("Error in EVP_PKEY_keygen function !!"); - ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_keygen function !!"); - } - } Catch(CryptoService::Exception::opensslError) { - if(pkey) { - EVP_PKEY_free(pkey); - } - - if(pparam) { - EVP_PKEY_free(pparam); - } - - if(ctx) { - EVP_PKEY_CTX_free(ctx); - } - - ReThrowMsg(CryptoService::Exception::opensslError,"Error in opensslError function !!"); - } - - KeyImpl::EvpShPtr ptr(pkey, EVP_PKEY_free); // shared ptr will free pkey - - createdPrivateKey = KeyImpl(ptr, KeyType::KEY_RSA_PRIVATE); - createdPublicKey = KeyImpl(ptr, KeyType::KEY_RSA_PUBLIC); - - if(pparam) { - EVP_PKEY_free(pparam); - } - - if(ctx) { - EVP_PKEY_CTX_free(ctx); - } - - return CKM_CRYPTO_CREATEKEY_SUCCESS; -} - - -int CryptoService::createKeyPairDSA(const int size, // size in bits [1024, 2048, 3072, 4096] - KeyImpl &createdPrivateKey, // returned value - KeyImpl &createdPublicKey) // returned value -{ - EVP_PKEY_CTX *pctx = NULL; - EVP_PKEY_CTX *kctx = NULL; - EVP_PKEY *pkey = NULL; - EVP_PKEY *pparam = NULL; - - // check the parameters of functions - if(size != 1024 && size !=2048 && size !=3072 && size != 4096) { - LogError("Error in DSA input size"); - ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in DSA input size"); - } - - // check the parameters of functions - if(&createdPrivateKey == NULL) { - LogError("Error in createdPrivateKey value"); - ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in createdPrivateKey value"); - } - - // check the parameters of functions - if(&createdPublicKey == NULL) { - LogError("Error in createdPrivateKey value"); - ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in createdPublicKey value"); - } - - Try { - /* Create the context for generating the parameters */ - if(!(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DSA, NULL))) { - LogError("Error in EVP_PKEY_CTX_new_id function"); - ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_new_id function"); - } - - if(EVP_SUCCESS != EVP_PKEY_paramgen_init(pctx)) { - LogError("Error in EVP_PKEY_paramgen_init function"); - ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_paramgen_init function"); - } - - if(EVP_SUCCESS != EVP_PKEY_CTX_set_dsa_paramgen_bits(pctx, size)) { - LogError("Error in EVP_PKEY_CTX_set_dsa_paramgen_bits(" << size << ") function"); - ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_set_dsa_paramgen_bits(" << size << ") function"); - } - - /* Generate parameters */ - if(EVP_SUCCESS != EVP_PKEY_paramgen(pctx, &pparam)) { - LogError("Error in EVP_PKEY_paramgen function"); - ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_paramgen function"); - } - - // Start to generate key - if(!(kctx = EVP_PKEY_CTX_new(pparam, NULL))) { - LogError("Error in EVP_PKEY_CTX_new function"); - ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_new function"); - } - - if(EVP_SUCCESS != EVP_PKEY_keygen_init(kctx)) { - LogError("Error in EVP_PKEY_keygen_init function"); - ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_keygen_init function"); - } - - /* Generate the key */ - if(EVP_SUCCESS != EVP_PKEY_keygen(kctx, &pkey)) { - LogError("Error in EVP_PKEY_keygen function"); - ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_keygen function"); - } - } - Catch(CryptoService::Exception::opensslError) - { - if(pkey) { - EVP_PKEY_free(pkey); - } - - if(pparam) { - EVP_PKEY_free(pparam); - } - - if(pctx) { - EVP_PKEY_CTX_free(pctx); - } - - if(kctx) { - EVP_PKEY_CTX_free(kctx); - } - - ReThrowMsg(CryptoService::Exception::opensslError,"Error in openssl function !!"); - } - - KeyImpl::EvpShPtr ptr(pkey, EVP_PKEY_free); // shared ptr will free pkey - - createdPrivateKey = KeyImpl(ptr, KeyType::KEY_DSA_PRIVATE); - createdPublicKey = KeyImpl(ptr, KeyType::KEY_DSA_PUBLIC); - - if(pparam) { - EVP_PKEY_free(pparam); - } - - if(pctx) { - EVP_PKEY_CTX_free(pctx); - } - - if(kctx) { - EVP_PKEY_CTX_free(kctx); - } - - return CKM_CRYPTO_CREATEKEY_SUCCESS; -} - - -int CryptoService::createKeyPairECDSA(ElipticCurve type, - KeyImpl &createdPrivateKey, // returned value - KeyImpl &createdPublicKey) // returned value -{ - int ecCurve = NOT_DEFINED; - EVP_PKEY_CTX *pctx = NULL; - EVP_PKEY_CTX *kctx = NULL; - EVP_PKEY *pkey = NULL; - EVP_PKEY *pparam = NULL; - - switch(type) { - case ElipticCurve::prime192v1: - ecCurve = NID_X9_62_prime192v1; - break; - case ElipticCurve::prime256v1: - ecCurve = NID_X9_62_prime256v1; - break; - case ElipticCurve::secp384r1: - ecCurve = NID_secp384r1; - break; - default: - LogError("Error in EC type"); - ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in EC type"); - } - - // check the parameters of functions - if(&createdPrivateKey == NULL) { - LogError("Error in createdPrivateKey value"); - ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in createdPrivateKey value"); - } - - // check the parameters of functions - if(&createdPublicKey == NULL) { - LogError("Error in createdPrivateKey value"); - ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in createdPublicKey value"); - } - - Try { - /* Create the context for generating the parameters */ - if(!(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL))) { - LogError("Error in EVP_PKEY_CTX_new_id function"); - ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_new_id function"); - } - - if(EVP_SUCCESS != EVP_PKEY_paramgen_init(pctx)) { - LogError("Error in EVP_PKEY_paramgen_init function"); - ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_paramgen_init function"); - } - - if(EVP_SUCCESS != EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ecCurve)) { - LogError("Error in EVP_PKEY_CTX_set_ec_paramgen_curve_nid function"); - ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_set_ec_paramgen_curve_nid function"); - } - - /* Generate parameters */ - if(EVP_SUCCESS != EVP_PKEY_paramgen(pctx, &pparam)) { - LogError("Error in EVP_PKEY_paramgen function"); - ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_paramgen function"); - } - - // Start to generate key - if(!(kctx = EVP_PKEY_CTX_new(pparam, NULL))) { - LogError("Error in EVP_PKEY_CTX_new function"); - ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_new function"); - } - - if(EVP_SUCCESS != EVP_PKEY_keygen_init(kctx)) { - LogError("Error in EVP_PKEY_keygen_init function"); - ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_keygen_init function"); - } - - /* Generate the key */ - if(EVP_SUCCESS != EVP_PKEY_keygen(kctx, &pkey)) { - LogError("Error in EVP_PKEY_keygen function"); - ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_keygen function"); - } - } Catch(CryptoService::Exception::opensslError) { - if(pkey) { - EVP_PKEY_free(pkey); - } - - if(pparam) { - EVP_PKEY_free(pparam); - } - - if(pctx) { - EVP_PKEY_CTX_free(pctx); - } - - if(kctx) { - EVP_PKEY_CTX_free(kctx); - } - - ReThrowMsg(CryptoService::Exception::opensslError,"Error in openssl function !!"); - } - - KeyImpl::EvpShPtr ptr(pkey, EVP_PKEY_free); // shared ptr will free pkey - - createdPrivateKey = KeyImpl(ptr, KeyType::KEY_ECDSA_PRIVATE); - createdPublicKey = KeyImpl(ptr, KeyType::KEY_ECDSA_PUBLIC); - - if(pparam) { - EVP_PKEY_free(pparam); - } - - if(pctx) { - EVP_PKEY_CTX_free(pctx); - } - - if(kctx) { - EVP_PKEY_CTX_free(kctx); - } - - return CKM_CRYPTO_CREATEKEY_SUCCESS; -} - -} // namespace SW -} // namespace Crypto -} // namespace CKM diff --git a/src/manager/crypto/sw-backend/crypto-service.h b/src/manager/crypto/sw-backend/crypto-service.h deleted file mode 100644 index ca5b14b..0000000 --- a/src/manager/crypto/sw-backend/crypto-service.h +++ /dev/null @@ -1,68 +0,0 @@ -#pragma once - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define DEV_HW_RANDOM_FILE "/dev/hwrng" -#define DEV_URANDOM_FILE "/dev/urandom" - -#define EVP_SUCCESS 1 // DO NOTCHANGE THIS VALUE -#define EVP_FAIL 0 // DO NOTCHANGE THIS VALUE - -#define CKM_CRYPTO_INIT_SUCCESS 1 -#define CKM_CRYPTO_CREATEKEY_SUCCESS 2 -#define CKM_VERIFY_CHAIN_SUCCESS 5 -#define NOT_DEFINED -1 - -namespace CKM { -namespace Crypto { -namespace SW { - - // typedef std::vector RawData; this must be defined in common header. - // This is internal api so all functions should throw exception on errors. -class CryptoService { -public: - CryptoService(); - virtual ~CryptoService(); - - class Exception { - public: - DECLARE_EXCEPTION_TYPE(CKM::Exception, Base) - DECLARE_EXCEPTION_TYPE(Base, Crypto_internal); - DECLARE_EXCEPTION_TYPE(Base, opensslError); - }; - - static int createKeyPairRSA(const int size, // size in bits [1024, 2048, 4096] - KeyImpl &createdPrivateKey, // returned value ==> Key &createdPrivateKey, - KeyImpl &createdPublicKey); // returned value ==> Key &createdPublicKey - - static int createKeyPairDSA(const int size, // size in bits [1024, 2048, 3072, 4096] - KeyImpl &createdPrivateKey, // returned value ==> Key &createdPrivateKey, - KeyImpl &createdPublicKey); // returned value ==> Key &createdPublicKey - - static int createKeyPairECDSA(ElipticCurve type1, - KeyImpl &createdPrivateKey, // returned value - KeyImpl &createdPublicKey); // returned value - -private: - -}; - -} // namespace SW -} // namespace Crypto -} // namespace CKM - diff --git a/src/manager/crypto/sw-backend/internals.cpp b/src/manager/crypto/sw-backend/internals.cpp index d121118..3af5ab4 100644 --- a/src/manager/crypto/sw-backend/internals.cpp +++ b/src/manager/crypto/sw-backend/internals.cpp @@ -20,13 +20,12 @@ */ #include #include +#include -#include #include #include #include #include -#include #include #include #include @@ -36,8 +35,6 @@ #include #include -#include -#include #include #include @@ -52,6 +49,40 @@ namespace { typedef std::unique_ptr> EvpMdCtxUPtr; typedef std::unique_ptr> EvpPkeyCtxUPtr; +typedef std::unique_ptr> EvpPkeyUPtr; + +typedef std::unique_ptr> BioUniquePtr; +typedef int(*I2D_CONV)(BIO*, EVP_PKEY*); +CKM::RawBuffer i2d(I2D_CONV fun, EVP_PKEY* pkey) { + BioUniquePtr bio(BIO_new(BIO_s_mem()), BIO_free_all); + + if (NULL == pkey) { + LogDebug("attempt to parse an empty key!"); + ThrowMsg(CKM::Crypto::Exception::InternalError, "attempt to parse an empty key!"); + } + + if (NULL == bio.get()) { + LogError("Error in memory allocation! Function: BIO_new."); + ThrowMsg(CKM::Crypto::Exception::InternalError, "Error in memory allocation! Function: BIO_new."); + } + + if (1 != fun(bio.get(), pkey)) { + LogError("Error in conversion EVP_PKEY to DER"); + ThrowMsg(CKM::Crypto::Exception::InternalError, "Error in conversion EVP_PKEY to DER"); + } + + CKM::RawBuffer output(8196); + + int size = BIO_read(bio.get(), output.data(), output.size()); + + if (size <= 0) { + LogError("Error in BIO_read: " << size); + ThrowMsg(CKM::Crypto::Exception::InternalError, "Error in BIO_read: " << size); + } + + output.resize(size); + return output; +} } // anonymous namespace namespace CKM { @@ -129,198 +160,109 @@ int getRsaPadding(const RSAPaddingAlgorithm padAlgo) { return rsa_padding; } -void createKeyPairRSA(const int size, // size in bits [1024, 2048, 4096] - KeyImpl &createdPrivateKey, // returned value - KeyImpl &createdPublicKey) // returned value +TokenPair createKeyPairRSA(CryptoBackend backendId, const int size) { - EVP_PKEY_CTX *ctx = NULL; - EVP_PKEY *pkey = NULL; - EVP_PKEY *pparam = NULL; + EvpPkeyUPtr pkey; // check the parameters of functions - if(size != 1024 && size !=2048 && size != 4096) { + if(size!=1024 && size!=2048 && size!=4096) { LogError("Error in RSA input size"); - ThrowMsg(Crypto::Exception::InternalError, "Error in RSA input size"); + ThrowMsg(Crypto::Exception::InputParam, "Error in RSA input size"); } - // check the parameters of functions - if(&createdPrivateKey == NULL) { - LogError("Error in createdPrivateKey value"); - ThrowMsg(Crypto::Exception::InternalError, "Error in createdPrivateKey value"); + EvpPkeyCtxUPtr ctx(EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL), EVP_PKEY_CTX_free); + if(!ctx) { + LogError("Error in EVP_PKEY_CTX_new_id function !!"); + ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_new_id function !!"); } - // check the parameters of functions - if(&createdPublicKey == NULL) { - LogError("Error in createdPrivateKey value"); - ThrowMsg(Crypto::Exception::InternalError, "Error in createdPublicKey value"); + if(EVP_PKEY_keygen_init(ctx.get()) <= 0) { + LogError("Error in EVP_PKEY_keygen_init function !!"); + ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_keygen_init function !!"); } - Try { - if(!(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL))) { - LogError("Error in EVP_PKEY_CTX_new_id function !!"); - ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_new_id function !!"); - } + if(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx.get(), size) <= 0) { + LogError("Error in EVP_PKEY_CTX_set_rsa_keygen_bits function !!"); + ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_set_rsa_keygen_bits function !!"); + } - if(EVP_PKEY_keygen_init(ctx) <= 0) { - LogError("Error in EVP_PKEY_keygen_init function !!"); - ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_keygen_init function !!"); - } + EVP_PKEY *pkeyTmp = NULL; + if(!EVP_PKEY_keygen(ctx.get(), &pkeyTmp)) { + LogError("Error in EVP_PKEY_keygen function !!"); + ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_keygen function !!"); + } + pkey = EvpPkeyUPtr(pkeyTmp, EVP_PKEY_free); - if(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx,size) <= 0) { - LogError("Error in EVP_PKEY_CTX_set_rsa_keygen_bits function !!"); - ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_set_rsa_keygen_bits function !!"); - } + return std::make_pair(Token(backendId, DataType(KeyType::KEY_RSA_PRIVATE), i2d(i2d_PrivateKey_bio, pkey.get())), + Token(backendId, DataType(KeyType::KEY_RSA_PUBLIC), i2d(i2d_PUBKEY_bio, pkey.get()))); +} - if(!EVP_PKEY_keygen(ctx, &pkey)) { - LogError("Error in EVP_PKEY_keygen function !!"); - ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_keygen function !!"); - } - } Catch(Crypto::Exception::InternalError) { - if(pkey) { - EVP_PKEY_free(pkey); - } - if(pparam) { - EVP_PKEY_free(pparam); - } +TokenPair createKeyPairDSA(CryptoBackend backendId, const int size) +{ + EvpPkeyUPtr pkey; + EvpPkeyUPtr pparam; - if(ctx) { - EVP_PKEY_CTX_free(ctx); - } + // check the parameters of functions + if(size!=1024 && size!=2048 && size!=3072 && size!=4096) { + LogError("Error in DSA input size"); + ThrowMsg(Exception::InputParam, "Error in DSA input size"); + } - ReThrowMsg(Crypto::Exception::InternalError,"Error in opensslError function !!"); + /* Create the context for generating the parameters */ + EvpPkeyCtxUPtr pctx(EVP_PKEY_CTX_new_id(EVP_PKEY_DSA, NULL), EVP_PKEY_CTX_free); + if(!pctx) { + LogError("Error in EVP_PKEY_CTX_new_id function"); + ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_new_id function"); } - KeyImpl::EvpShPtr ptr(pkey, EVP_PKEY_free); // shared ptr will free pkey + if(EVP_SUCCESS != EVP_PKEY_paramgen_init(pctx.get())) { + LogError("Error in EVP_PKEY_paramgen_init function"); + ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_paramgen_init function"); + } - createdPrivateKey = KeyImpl(ptr, KeyType::KEY_RSA_PRIVATE); - createdPublicKey = KeyImpl(ptr, KeyType::KEY_RSA_PUBLIC); + if(EVP_SUCCESS != EVP_PKEY_CTX_set_dsa_paramgen_bits(pctx.get(), size)) { + LogError("Error in EVP_PKEY_CTX_set_dsa_paramgen_bits(" << size << ") function"); + ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_set_dsa_paramgen_bits(" << size << ") function"); + } - if(pparam) { - EVP_PKEY_free(pparam); + /* Generate parameters */ + EVP_PKEY *pparamTmp = NULL; + if(EVP_SUCCESS != EVP_PKEY_paramgen(pctx.get(), &pparamTmp)) { + LogError("Error in EVP_PKEY_paramgen function"); + ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_paramgen function"); } + pparam = EvpPkeyUPtr(pparamTmp, EVP_PKEY_free); - if(ctx) { - EVP_PKEY_CTX_free(ctx); + // Start to generate key + EvpPkeyCtxUPtr kctx(EVP_PKEY_CTX_new(pparam.get(), NULL), EVP_PKEY_CTX_free); + if(!kctx) { + LogError("Error in EVP_PKEY_CTX_new function"); + ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_new function"); } -} + if(EVP_SUCCESS != EVP_PKEY_keygen_init(kctx.get())) { + LogError("Error in EVP_PKEY_keygen_init function"); + ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_keygen_init function"); + } -void createKeyPairDSA(const int size, // size in bits [1024, 2048, 3072, 4096] - KeyImpl &createdPrivateKey, // returned value - KeyImpl &createdPublicKey) // returned value -{ - EVP_PKEY_CTX *pctx = NULL; - EVP_PKEY_CTX *kctx = NULL; - EVP_PKEY *pkey = NULL; - EVP_PKEY *pparam = NULL; - - // check the parameters of functions - if(size != 1024 && size !=2048 && size !=3072 && size != 4096) { - LogError("Error in DSA input size"); - ThrowMsg(Exception::InternalError, "Error in DSA input size"); - } - - // check the parameters of functions - if(&createdPrivateKey == NULL) { - LogError("Error in createdPrivateKey value"); - ThrowMsg(Exception::InternalError, "Error in createdPrivateKey value"); - } - - // check the parameters of functions - if(&createdPublicKey == NULL) { - LogError("Error in createdPrivateKey value"); - ThrowMsg(Exception::InternalError, "Error in createdPublicKey value"); - } - - Try { - /* Create the context for generating the parameters */ - if(!(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DSA, NULL))) { - LogError("Error in EVP_PKEY_CTX_new_id function"); - ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_new_id function"); - } - - if(EVP_SUCCESS != EVP_PKEY_paramgen_init(pctx)) { - LogError("Error in EVP_PKEY_paramgen_init function"); - ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_paramgen_init function"); - } - - if(EVP_SUCCESS != EVP_PKEY_CTX_set_dsa_paramgen_bits(pctx, size)) { - LogError("Error in EVP_PKEY_CTX_set_dsa_paramgen_bits(" << size << ") function"); - ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_set_dsa_paramgen_bits(" << size << ") function"); - } - - /* Generate parameters */ - if(EVP_SUCCESS != EVP_PKEY_paramgen(pctx, &pparam)) { - LogError("Error in EVP_PKEY_paramgen function"); - ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_paramgen function"); - } - - // Start to generate key - if(!(kctx = EVP_PKEY_CTX_new(pparam, NULL))) { - LogError("Error in EVP_PKEY_CTX_new function"); - ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_new function"); - } - - if(EVP_SUCCESS != EVP_PKEY_keygen_init(kctx)) { - LogError("Error in EVP_PKEY_keygen_init function"); - ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_keygen_init function"); - } - - /* Generate the key */ - if(EVP_SUCCESS != EVP_PKEY_keygen(kctx, &pkey)) { - LogError("Error in EVP_PKEY_keygen function"); - ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_keygen function"); - } - } - Catch(Crypto::Exception::InternalError) - { - if(pkey) { - EVP_PKEY_free(pkey); - } - - if(pparam) { - EVP_PKEY_free(pparam); - } - - if(pctx) { - EVP_PKEY_CTX_free(pctx); - } - - if(kctx) { - EVP_PKEY_CTX_free(kctx); - } - - ReThrowMsg(Crypto::Exception::InternalError,"Error in openssl function !!"); - } - - KeyImpl::EvpShPtr ptr(pkey, EVP_PKEY_free); // shared ptr will free pkey - - createdPrivateKey = KeyImpl(ptr, KeyType::KEY_DSA_PRIVATE); - createdPublicKey = KeyImpl(ptr, KeyType::KEY_DSA_PUBLIC); - - if(pparam) { - EVP_PKEY_free(pparam); - } - - if(pctx) { - EVP_PKEY_CTX_free(pctx); - } - - if(kctx) { - EVP_PKEY_CTX_free(kctx); - } + /* Generate the key */ + EVP_PKEY *pkeyTmp = NULL; + if(!EVP_PKEY_keygen(kctx.get(), &pkeyTmp)) { + LogError("Error in EVP_PKEY_keygen function !!"); + ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_keygen function !!"); + } + pkey = EvpPkeyUPtr(pkeyTmp, EVP_PKEY_free); + + return std::make_pair(Token(backendId, DataType(KeyType::KEY_DSA_PRIVATE), i2d(i2d_PrivateKey_bio, pkey.get())), + Token(backendId, DataType(KeyType::KEY_DSA_PUBLIC), i2d(i2d_PUBKEY_bio, pkey.get()))); } -void createKeyPairECDSA(ElipticCurve type, - KeyImpl &createdPrivateKey, // returned value - KeyImpl &createdPublicKey) // returned value +TokenPair createKeyPairECDSA(CryptoBackend backendId, ElipticCurve type) { int ecCurve = NOT_DEFINED; - EVP_PKEY_CTX *pctx = NULL; - EVP_PKEY_CTX *kctx = NULL; - EVP_PKEY *pkey = NULL; - EVP_PKEY *pparam = NULL; + EvpPkeyUPtr pkey; + EvpPkeyUPtr pparam; switch(type) { case ElipticCurve::prime192v1: @@ -334,96 +276,56 @@ void createKeyPairECDSA(ElipticCurve type, break; default: LogError("Error in EC type"); - ThrowMsg(Exception::InternalError, "Error in EC type"); + ThrowMsg(Exception::InputParam, "Error in EC type"); } - // check the parameters of functions - if(&createdPrivateKey == NULL) { - LogError("Error in createdPrivateKey value"); - ThrowMsg(Exception::InternalError, "Error in createdPrivateKey value"); + /* Create the context for generating the parameters */ + EvpPkeyCtxUPtr pctx(EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL), EVP_PKEY_CTX_free); + if(!pctx) { + LogError("Error in EVP_PKEY_CTX_new_id function"); + ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_new_id function"); } - // check the parameters of functions - if(&createdPublicKey == NULL) { - LogError("Error in createdPrivateKey value"); - ThrowMsg(Exception::InternalError, "Error in createdPublicKey value"); + if(EVP_SUCCESS != EVP_PKEY_paramgen_init(pctx.get())) { + LogError("Error in EVP_PKEY_paramgen_init function"); + ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_paramgen_init function"); } - Try { - /* Create the context for generating the parameters */ - if(!(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL))) { - LogError("Error in EVP_PKEY_CTX_new_id function"); - ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_new_id function"); - } - - if(EVP_SUCCESS != EVP_PKEY_paramgen_init(pctx)) { - LogError("Error in EVP_PKEY_paramgen_init function"); - ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_paramgen_init function"); - } - - if(EVP_SUCCESS != EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ecCurve)) { - LogError("Error in EVP_PKEY_CTX_set_ec_paramgen_curve_nid function"); - ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_set_ec_paramgen_curve_nid function"); - } - - /* Generate parameters */ - if(EVP_SUCCESS != EVP_PKEY_paramgen(pctx, &pparam)) { - LogError("Error in EVP_PKEY_paramgen function"); - ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_paramgen function"); - } - - // Start to generate key - if(!(kctx = EVP_PKEY_CTX_new(pparam, NULL))) { - LogError("Error in EVP_PKEY_CTX_new function"); - ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_new function"); - } - - if(EVP_SUCCESS != EVP_PKEY_keygen_init(kctx)) { - LogError("Error in EVP_PKEY_keygen_init function"); - ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_keygen_init function"); - } - - /* Generate the key */ - if(EVP_SUCCESS != EVP_PKEY_keygen(kctx, &pkey)) { - LogError("Error in EVP_PKEY_keygen function"); - ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_keygen function"); - } - } Catch(Crypto::Exception::InternalError) { - if(pkey) { - EVP_PKEY_free(pkey); - } - - if(pparam) { - EVP_PKEY_free(pparam); - } - - if(pctx) { - EVP_PKEY_CTX_free(pctx); - } - - if(kctx) { - EVP_PKEY_CTX_free(kctx); - } - - ReThrowMsg(Crypto::Exception::InternalError,"Error in openssl function !!"); + if(EVP_SUCCESS != EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx.get(), ecCurve)) { + LogError("Error in EVP_PKEY_CTX_set_ec_paramgen_curve_nid function"); + ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_set_ec_paramgen_curve_nid function"); } - KeyImpl::EvpShPtr ptr(pkey, EVP_PKEY_free); // shared ptr will free pkey - - createdPrivateKey = KeyImpl(ptr, KeyType::KEY_ECDSA_PRIVATE); - createdPublicKey = KeyImpl(ptr, KeyType::KEY_ECDSA_PUBLIC); - - if(pparam) { - EVP_PKEY_free(pparam); + /* Generate parameters */ + EVP_PKEY *pparamTmp = NULL; + if(EVP_SUCCESS != EVP_PKEY_paramgen(pctx.get(), &pparamTmp)) { + LogError("Error in EVP_PKEY_paramgen function"); + ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_paramgen function"); } + pparam = EvpPkeyUPtr(pparamTmp, EVP_PKEY_free); - if(pctx) { - EVP_PKEY_CTX_free(pctx); + // Start to generate key + EvpPkeyCtxUPtr kctx(EVP_PKEY_CTX_new(pparam.get(), NULL), EVP_PKEY_CTX_free); + if(!kctx) { + LogError("Error in EVP_PKEY_CTX_new function"); + ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_CTX_new function"); } - if(kctx) { - EVP_PKEY_CTX_free(kctx); + if(EVP_SUCCESS != EVP_PKEY_keygen_init(kctx.get())) { + LogError("Error in EVP_PKEY_keygen_init function"); + ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_keygen_init function"); } + + /* Generate the key */ + EVP_PKEY *pkeyTmp = NULL; + if(!EVP_PKEY_keygen(kctx.get(), &pkeyTmp)) { + LogError("Error in EVP_PKEY_keygen function !!"); + ThrowMsg(Crypto::Exception::InternalError, "Error in EVP_PKEY_keygen function !!"); + } + pkey = EvpPkeyUPtr(pkeyTmp, EVP_PKEY_free); + + return std::make_pair(Token(backendId, DataType(KeyType::KEY_ECDSA_PRIVATE), i2d(i2d_PrivateKey_bio, pkey.get())), + Token(backendId, DataType(KeyType::KEY_ECDSA_PUBLIC), i2d(i2d_PUBKEY_bio, pkey.get()))); } RawBuffer sign(EVP_PKEY *pkey, diff --git a/src/manager/crypto/sw-backend/internals.h b/src/manager/crypto/sw-backend/internals.h index a53b3b4..b9366de 100644 --- a/src/manager/crypto/sw-backend/internals.h +++ b/src/manager/crypto/sw-backend/internals.h @@ -24,6 +24,7 @@ #include #include #include +#include #define EVP_SUCCESS 1 // DO NOTCHANGE THIS VALUE #define EVP_FAIL 0 // DO NOTCHANGE THIS VALUE @@ -44,17 +45,9 @@ namespace Internals { // entropy source - /dev/random,/dev/urandom(Default) int initialize(); -void createKeyPairRSA(const int size, - KeyImpl &createdPrivateKey, - KeyImpl &createdPublicKey); - -void createKeyPairDSA(const int size, - KeyImpl &createdPrivateKey, - KeyImpl &createdPublicKey); - -void createKeyPairECDSA(ElipticCurve type1, - KeyImpl &createdPrivateKey, - KeyImpl &createdPublicKey); +TokenPair createKeyPairRSA(CryptoBackend backendId, const int size); +TokenPair createKeyPairDSA(CryptoBackend backendId, const int size); +TokenPair createKeyPairECDSA(CryptoBackend backendId, ElipticCurve type1); RawBuffer sign(EVP_PKEY *pkey, const CryptoAlgorithm &alg, diff --git a/src/manager/crypto/sw-backend/store.cpp b/src/manager/crypto/sw-backend/store.cpp index 2b59a53..c1a629d 100644 --- a/src/manager/crypto/sw-backend/store.cpp +++ b/src/manager/crypto/sw-backend/store.cpp @@ -62,10 +62,41 @@ GKeyShPtr Store::getKey(const Token &token) { "This type of data is not supported by openssl backend: " << (int)token.dataType); } +TokenPair Store::generateAKey(const CryptoAlgorithm &algorithm) +{ + AlgoType keyType = AlgoType::RSA; + algorithm.getParam(ParamName::ALGO_TYPE, keyType); + + if(keyType == AlgoType::RSA || keyType == AlgoType::DSA) + { + int keyLength = 0; + if(!algorithm.getParam(ParamName::GEN_KEY_LEN, keyLength)) + ThrowMsg(Crypto::Exception::InputParam, "Error, parameter GEN_KEY_LEN not found."); + + if(keyType == AlgoType::RSA) + return Internals::createKeyPairRSA(m_backendId, keyLength); + else + return Internals::createKeyPairDSA(m_backendId, keyLength); + } + else if(keyType == AlgoType::ECDSA) + { + int ecType = 0; + if(!algorithm.getParam(ParamName::GEN_EC, ecType)) + ThrowMsg(Crypto::Exception::InputParam, "Error, parameter GEN_EC not found."); + + return Internals::createKeyPairECDSA(m_backendId, static_cast(ecType)); + } + ThrowMsg(Crypto::Exception::InputParam, "wrong key type"); +} + Token Store::import(DataType dataType, const RawBuffer &buffer) { return Token(m_backendId, dataType, buffer); } + + + + } // namespace SW } // namespace Crypto } // namespace CKM diff --git a/src/manager/crypto/sw-backend/store.h b/src/manager/crypto/sw-backend/store.h index 0eb86cc..1a4d111 100644 --- a/src/manager/crypto/sw-backend/store.h +++ b/src/manager/crypto/sw-backend/store.h @@ -32,6 +32,7 @@ public: explicit Store(CryptoBackend backendId); virtual GKeyShPtr getKey(const Token &token); + virtual TokenPair generateAKey(const CryptoAlgorithm &); virtual Token import(DataType dataType, const RawBuffer &buffer); virtual void destroy(const Token &){} }; diff --git a/src/manager/crypto/tz-backend/store.cpp b/src/manager/crypto/tz-backend/store.cpp index 0cf6ffe..481595b 100644 --- a/src/manager/crypto/tz-backend/store.cpp +++ b/src/manager/crypto/tz-backend/store.cpp @@ -37,6 +37,11 @@ GKeyShPtr Store::getKey(const Token &) { ThrowMsg(Exception::Base, "Trust zone backend is not implemented!"); } +TokenPair Store::generateAKey(const CryptoAlgorithm &) { + LogError("Trust zone backend is not implemented!"); + ThrowMsg(Exception::Base, "Trust zone backend is not implemented!"); +} + Token Store::import(DataType, const RawBuffer &) { LogError("Trust zone backend is not implemented!"); ThrowMsg(Exception::Base, "Trust zone backend is not implemented!"); diff --git a/src/manager/crypto/tz-backend/store.h b/src/manager/crypto/tz-backend/store.h index d2e29de..bbfb34e 100644 --- a/src/manager/crypto/tz-backend/store.h +++ b/src/manager/crypto/tz-backend/store.h @@ -32,6 +32,7 @@ public: explicit Store(CryptoBackend backendId); virtual GKeyShPtr getKey(const Token &token); + virtual TokenPair generateAKey(const CryptoAlgorithm &); virtual Token import(DataType dataType, const RawBuffer &buffer); virtual void destroy(const Token &){} }; diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp index 9a14ef2..d2c0a76 100644 --- a/src/manager/service/ckm-logic.cpp +++ b/src/manager/service/ckm-logic.cpp @@ -34,7 +34,6 @@ #include #include -#include namespace { const char * const CERT_SYSTEM_DIR = "/etc/ssl/certs"; @@ -437,7 +436,7 @@ DB::Row CKMLogic::createEncryptedRow( const Policy &policy) const { DB::Row row(name, label, static_cast(policy.extractable), dataType, data, static_cast(data.size())); - row.backendId = m_decider.chooseCryptoBackend(dataType, policy); + row.backendId = m_decider.chooseCryptoBackend(dataType, policy.extractable); // do not encrypt data with password during cc_mode on if(m_accessControl.isCCMode()) { @@ -1174,49 +1173,48 @@ int CKMLogic::createKeyPairHelper( const PolicySerializable &policyPrivate, const PolicySerializable &policyPublic) { - auto &handlerPriv = selectDatabase(cred, labelPrivate); - auto &handlerPub = selectDatabase(cred, labelPublic); - - - int retCode; - KeyImpl prv, pub; + CryptoAlgorithm keyGenAlgorithm; switch(key_type) { case KeyType::KEY_RSA_PUBLIC: case KeyType::KEY_RSA_PRIVATE: - retCode = Crypto::SW::CryptoService::createKeyPairRSA(additional_param, prv, pub); + keyGenAlgorithm.addParam(ParamName::ALGO_TYPE, AlgoType::RSA); + keyGenAlgorithm.addParam(ParamName::GEN_KEY_LEN, additional_param); break; case KeyType::KEY_DSA_PUBLIC: case KeyType::KEY_DSA_PRIVATE: - retCode = Crypto::SW::CryptoService::createKeyPairDSA(additional_param, prv, pub); + keyGenAlgorithm.addParam(ParamName::ALGO_TYPE, AlgoType::DSA); + keyGenAlgorithm.addParam(ParamName::GEN_KEY_LEN, additional_param); break; case KeyType::KEY_ECDSA_PUBLIC: case KeyType::KEY_ECDSA_PRIVATE: - retCode = Crypto::SW::CryptoService::createKeyPairECDSA(static_cast(additional_param), prv, pub); + keyGenAlgorithm.addParam(ParamName::ALGO_TYPE, AlgoType::ECDSA); + keyGenAlgorithm.addParam(ParamName::GEN_EC, additional_param); break; default: + LogError("Invalid key_type for asymetric key generation: " << (int)key_type); return CKM_API_ERROR_INPUT_PARAM; } - if (CKM_CRYPTO_CREATEKEY_SUCCESS != retCode) - { - LogDebug("CryptoService error with code: " << retCode); - return CKM_API_ERROR_SERVER_ERROR; // TODO error code - } + auto &handlerPriv = selectDatabase(cred, labelPrivate); + auto &handlerPub = selectDatabase(cred, labelPublic); + + bool exportable = policyPrivate.extractable || policyPublic.extractable; + TokenPair keys = m_decider.getStore(DataType(key_type), exportable).generateAKey(keyGenAlgorithm); DB::Crypto::Transaction transactionPriv(&handlerPriv.database); // in case the same database is used for private and public - the second // transaction will not be executed DB::Crypto::Transaction transactionPub(&handlerPub.database); - retCode = saveDataHelper(cred, + int retCode = saveDataHelper(cred, namePrivate, labelPrivate, - DataType(prv.getType()), - prv.getDER(), + keys.first.dataType, + keys.first.data, policyPrivate); if (CKM_API_SUCCESS != retCode) return retCode; @@ -1224,16 +1222,15 @@ int CKMLogic::createKeyPairHelper( retCode = saveDataHelper(cred, namePublic, labelPublic, - DataType(pub.getType()), - pub.getDER(), + keys.second.dataType, + keys.second.data, policyPublic); if (CKM_API_SUCCESS != retCode) return retCode; transactionPub.commit(); transactionPriv.commit(); - - return retCode; + return CKM_API_SUCCESS; } RawBuffer CKMLogic::createKeyPair( @@ -1277,6 +1274,15 @@ RawBuffer CKMLogic::createKeyPair( labelPublic, policyPrivate, policyPublic); + } catch (const Crypto::Exception::OperationNotSupported &e) { + LogDebug("GStore error: operation not supported: " << e.GetMessage()); + retCode = CKM_API_ERROR_SERVER_ERROR; + } catch (const Crypto::Exception::InternalError & e) { + LogDebug("GStore key generation failed: " << e.GetMessage()); + retCode = CKM_API_ERROR_SERVER_ERROR; + } catch( const Crypto::Exception::InputParam & e) { + LogDebug("Missing or wrong input parameters: " << e.GetMessage()); + retCode = CKM_API_ERROR_INPUT_PARAM; } catch (DB::Crypto::Exception::TransactionError &e) { LogDebug("DB::Crypto error: transaction error: " << e.GetMessage()); retCode = CKM_API_ERROR_DB_ERROR; @@ -1545,7 +1551,6 @@ RawBuffer CKMLogic::verifySignature( try { DB::Row row; - KeyImpl key; CryptoAlgorithm params; params.addParam(ParamName::SV_HASH_ALGO, hash); @@ -1562,11 +1567,8 @@ RawBuffer CKMLogic::verifySignature( if (retCode == CKM_API_SUCCESS) { retCode = m_decider.getStore(row).getKey(row)->verify(params, message, signature); } - } catch (const Crypto::SW::CryptoService::Exception::Crypto_internal &e) { - LogError("KeyProvider failed with message: " << e.GetMessage()); - retCode = CKM_API_ERROR_SERVER_ERROR; - } catch (const Crypto::SW::CryptoService::Exception::opensslError &e) { - LogError("KeyProvider failed with message: " << e.GetMessage()); + } catch (const Crypto::Exception::Base &e) { + LogError("GStore failed with error: " << e.GetMessage()); retCode = CKM_API_ERROR_SERVER_ERROR; } catch (const KeyProvider::Exception::Base &e) { LogError("KeyProvider failed with error: " << e.GetMessage());