From 85841ebd72c1b00be105d078d3c6b79d4bfe9cfb Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Thu, 18 Jun 2015 16:24:20 +0200 Subject: [PATCH] Encryption service calls proper encryption/decryption methods [Feature] Encryption srevice development [Solution] After key is retrieved it is used to perform encryption/decryption of data and return the result to the client. [Verification] Run ckm-tests --group=CKM_ENCRYPTION_DECRYPTION. TED_1250_gcm_aad may fail. Change-Id: Iaff45ac05df0470eabf3164c6fb427c68c9ef1a5 --- src/manager/crypto/generic-backend/gkey.h | 1 + src/manager/service/ckm-logic.cpp | 3 --- src/manager/service/encryption-logic.cpp | 17 ++++++++++++++--- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/src/manager/crypto/generic-backend/gkey.h b/src/manager/crypto/generic-backend/gkey.h index 530842d..b06926d 100644 --- a/src/manager/crypto/generic-backend/gkey.h +++ b/src/manager/crypto/generic-backend/gkey.h @@ -57,6 +57,7 @@ public: }; typedef std::unique_ptr GKeyUPtr; +typedef std::shared_ptr GKeyShPtr; } // namespace Crypto } // namespace CKM diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp index 35e9613..a173cd7 100644 --- a/src/manager/service/ckm-logic.cpp +++ b/src/manager/service/ckm-logic.cpp @@ -517,9 +517,6 @@ int CKMLogic::getKeyForService( if (retCode == CKM_API_SUCCESS) key = m_decider.getStore(row).getKey(row); return retCode; - } catch (const KeyProvider::Exception::Base &e) { - LogError("KeyProvider failed with error: " << e.GetMessage()); - return CKM_API_ERROR_SERVER_ERROR; } catch (const DB::Crypto::Exception::Base &e) { LogError("DB::Crypto failed with message: " << e.GetMessage()); return CKM_API_ERROR_DB_ERROR; diff --git a/src/manager/service/encryption-logic.cpp b/src/manager/service/encryption-logic.cpp index 2fd733c..a2bad2b 100644 --- a/src/manager/service/encryption-logic.cpp +++ b/src/manager/service/encryption-logic.cpp @@ -74,9 +74,20 @@ void EncryptionLogic::KeyRetrieved(MsgKeyResponse response) return; } - // TODO encrypt/decrypt - LogError("Encryption/decryption not yet supported"); - m_service.RespondToClient(req, CKM_API_ERROR_SERVER_ERROR); + // encrypt/decrypt + try { + RawBuffer output; + if (req.command == EncryptionCommand::ENCRYPT) + output = response.key->encrypt(req.cas, req.input); + else + output = response.key->decrypt(req.cas, req.input); + m_service.RespondToClient(req, CKM_API_SUCCESS, output); + } catch (const Exc::Exception& ex) { + m_service.RespondToClient(req, ex.error()); + } catch (...) { + LogError("Uncaught exception from encrypt/decrypt."); + m_service.RespondToClient(req, CKM_API_ERROR_SERVER_ERROR); + } } } /* namespace CKM */ -- 2.7.4