diff options
| author | Maciej J. Karpiuk <m.karpiuk2@samsung.com> | 2015-06-03 09:14:16 +0200 |
|---|---|---|
| committer | Bartlomiej Grzelewski <b.grzelewski@samsung.com> | 2015-06-10 15:54:04 +0200 |
| commit | 05f39b404b29c1471c8f7d3477548c86699f3456 (patch) | |
| tree | 6708d01641f3f7fad39727eaaa94ab41f1216014 | |
| parent | 50759ee25cd172d7abd2180095c355e2ebea67bd (diff) | |
| download | key-manager-05f39b404b29c1471c8f7d3477548c86699f3456.tar.gz key-manager-05f39b404b29c1471c8f7d3477548c86699f3456.tar.bz2 key-manager-05f39b404b29c1471c8f7d3477548c86699f3456.zip | |
AES: add generation, save, get support.
[Verification] a copule of AES tests added along other key types tests:
https://review.tizen.org/gerrit/#/c/38195/
Change-Id: If6508811f874d438551a9d528b17d5719adc8ed0
21 files changed, 364 insertions, 21 deletions
diff --git a/src/include/ckm/ckm-key.h b/src/include/ckm/ckm-key.h index 718f3823..02522cc0 100644 --- a/src/include/ckm/ckm-key.h +++ b/src/include/ckm/ckm-key.h @@ -33,13 +33,15 @@ public: virtual bool empty() const = 0; virtual KeyType getType() const = 0; virtual int getSize() const = 0; - virtual ElipticCurve getCurve() const = 0; virtual RawBuffer getDER() const = 0; virtual ~Key(){} static KeyShPtr create( const RawBuffer &rawBuffer, const Password &password = Password()); + + static KeyShPtr createAES( + const RawBuffer &rawBuffer); }; } // namespace CKM diff --git a/src/include/ckm/ckm-manager-async.h b/src/include/ckm/ckm-manager-async.h index 9a743f5a..fca4408a 100644 --- a/src/include/ckm/ckm-manager-async.h +++ b/src/include/ckm/ckm-manager-async.h @@ -64,6 +64,7 @@ public: virtual void ReceivedCertificateAliasVector(AliasVector &&) {} virtual void ReceivedDataAliasVector(AliasVector &&) {} + virtual void ReceivedCreateKeyAES() {} virtual void ReceivedCreateKeyPair() {} virtual void ReceivedGetCertificateChain(CertificateShPtrVector &&) {} @@ -144,7 +145,7 @@ public: const Policy& policyPublicKey = Policy()); void createKeyAES( const ObserverPtr& observer, - int size, + int sizeBits, const Alias &keyAlias, const Policy &policyKey = Policy()); diff --git a/src/manager/CMakeLists.txt b/src/manager/CMakeLists.txt index 1d6501b0..3b8c28d5 100644 --- a/src/manager/CMakeLists.txt +++ b/src/manager/CMakeLists.txt @@ -21,6 +21,7 @@ SET(COMMON_SOURCES ${COMMON_PATH}/common/message-buffer.cpp ${COMMON_PATH}/common/certificate-impl.cpp ${COMMON_PATH}/common/key-impl.cpp + ${COMMON_PATH}/common/key-aes-impl.cpp ${COMMON_PATH}/common/pkcs12-impl.cpp ${COMMON_PATH}/common/log-setup.cpp ${COMMON_PATH}/dpl/log/src/abstract_log_provider.cpp diff --git a/src/manager/client-async/client-manager-async-impl.cpp b/src/manager/client-async/client-manager-async-impl.cpp index 3056ab7e..036fb8ce 100644 --- a/src/manager/client-async/client-manager-async-impl.cpp +++ b/src/manager/client-async/client-manager-async-impl.cpp @@ -351,6 +351,29 @@ void ManagerAsync::Impl::createKeyPair(const ManagerAsync::ObserverPtr& observer }, [&observer](int error){ observer->ReceivedError(error); } ); } +void ManagerAsync::Impl::createKeyAES(const ManagerAsync::ObserverPtr& observer, + const size_t size, + const Alias &keyAlias, + const Policy &policyKey) +{ + observerCheck(observer); + if (keyAlias.empty()) { + observer->ReceivedError(CKM_API_ERROR_INPUT_PARAM); + return; + } + + try_catch_async([&] { + AliasSupport aliasHelper(keyAlias); + sendToStorage(observer, + static_cast<int>(LogicCommand::CREATE_KEY_AES), + m_counter, + static_cast<int>(size), + PolicySerializable(policyKey), + aliasHelper.getName(), + aliasHelper.getLabel()); + }, [&observer](int error){ observer->ReceivedError(error); } ); +} + void ManagerAsync::Impl::observerCheck(const ManagerAsync::ObserverPtr& observer) { if(!observer) diff --git a/src/manager/client-async/client-manager-async-impl.h b/src/manager/client-async/client-manager-async-impl.h index 4046a1d9..d6bf0cf9 100644 --- a/src/manager/client-async/client-manager-async-impl.h +++ b/src/manager/client-async/client-manager-async-impl.h @@ -123,6 +123,12 @@ public: const Policy &policyPrivateKey, const Policy &policyPublicKey); + void createKeyAES( + const ManagerAsync::ObserverPtr& observer, + const size_t size, + const Alias &keyAlias, + const Policy &policyKey); + template <typename T> void getCertChain( const ManagerAsync::ObserverPtr& observer, diff --git a/src/manager/client-async/client-manager-async.cpp b/src/manager/client-async/client-manager-async.cpp index 8d507237..d97cfd92 100644 --- a/src/manager/client-async/client-manager-async.cpp +++ b/src/manager/client-async/client-manager-async.cpp @@ -184,11 +184,15 @@ void ManagerAsync::createKeyPairECDSA(const ObserverPtr& observer, policyPublicKey); } -void ManagerAsync::createKeyAES(const ObserverPtr& /*observer*/, - int /*size*/, - const Alias &/*keyAlias*/, - const Policy &/*policyKey*/) +void ManagerAsync::createKeyAES(const ObserverPtr& observer, + int size, + const Alias &keyAlias, + const Policy &policyKey) { + m_impl->createKeyAES(observer, + size, + keyAlias, + policyKey); } void ManagerAsync::getCertificateChain(const ObserverPtr& observer, diff --git a/src/manager/client-async/storage-receiver.cpp b/src/manager/client-async/storage-receiver.cpp index a04dcba9..17f86241 100644 --- a/src/manager/client-async/storage-receiver.cpp +++ b/src/manager/client-async/storage-receiver.cpp @@ -71,6 +71,9 @@ void StorageReceiver::parseResponse() case LogicCommand::REMOVE: parseRemoveCommand(); break; + case LogicCommand::CREATE_KEY_AES: + parseRetCode(&ManagerAsync::Observer::ReceivedCreateKeyAES); + break; case LogicCommand::CREATE_KEY_PAIR: parseRetCode(&ManagerAsync::Observer::ReceivedCreateKeyPair); break; diff --git a/src/manager/client-capi/ckmc-manager.cpp b/src/manager/client-capi/ckmc-manager.cpp index 6f6078de..d9719431 100644 --- a/src/manager/client-capi/ckmc-manager.cpp +++ b/src/manager/client-capi/ckmc-manager.cpp @@ -168,11 +168,19 @@ int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s p CKM::Alias ckmAlias(alias); if(key.raw_key == NULL || key.key_size <= 0) { - return CKMC_ERROR_INVALID_PARAMETER; + return CKMC_ERROR_INVALID_PARAMETER; } CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size); - CKM::KeyShPtr ckmKey = CKM::Key::create(buffer, _tostring(key.password)); + CKM::KeyShPtr ckmKey; + if(key.key_type == CKMC_KEY_AES) + { + if(key.password) + return CKMC_ERROR_INVALID_PARAMETER; + ckmKey = CKM::Key::createAES(buffer); + } + else + ckmKey = CKM::Key::create(buffer, _tostring(key.password)); if(ckmKey.get() == NULL) { return CKMC_ERROR_INVALID_FORMAT; } @@ -602,11 +610,20 @@ int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type, } KEY_MANAGER_CAPI -int ckmc_create_key_aes(const size_t /*size*/, - const char */*key_alias*/, - const ckmc_policy_s /*key_policy*/) +int ckmc_create_key_aes(const size_t size, + const char *key_alias, + const ckmc_policy_s key_policy) { - return 0; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + + if(key_alias == NULL) + return CKMC_ERROR_INVALID_PARAMETER; + + CKM::Alias ckmKeyAlias(key_alias); + CKM::Policy ckmKeyPolicy(_tostring(key_policy.password), key_policy.extractable); + + int ret = mgr->createKeyAES(size, ckmKeyAlias, ckmKeyPolicy); + return to_ckmc_error(ret); } KEY_MANAGER_CAPI diff --git a/src/manager/client/client-manager-impl.cpp b/src/manager/client/client-manager-impl.cpp index 41383bf4..e6a7f4bf 100644 --- a/src/manager/client/client-manager-impl.cpp +++ b/src/manager/client/client-manager-impl.cpp @@ -29,6 +29,7 @@ #include <message-buffer.h> #include <protocols.h> #include <key-impl.h> +#include <key-aes-impl.h> #include <certificate-impl.h> namespace CKM { @@ -322,7 +323,11 @@ int ManagerImpl::getKey(const Alias &alias, const Password &password, KeyShPtr & if (retCode != CKM_API_SUCCESS) return retCode; - KeyShPtr keyParsed(new KeyImpl(rawData)); + KeyShPtr keyParsed; + if(DataType::KEY_AES == recvDataType) + keyParsed = KeyShPtr(new KeyAESImpl(rawData)); + else + keyParsed = KeyShPtr(new KeyImpl(rawData)); if (keyParsed->empty()) { LogDebug("Key empty - failed to parse!"); @@ -457,11 +462,37 @@ int ManagerImpl::createKeyPairECDSA( } int ManagerImpl::createKeyAES( - const int /*size*/, - const Alias &/*keyAlias*/, - const Policy &/*policyKey*/) + const int size, + const Alias &keyAlias, + const Policy &policyKey) { - return 0; + // proceed with sending request + int my_counter = ++m_counter; + + return try_catch([&] { + + MessageBuffer recv; + AliasSupport aliasHelper(keyAlias); + auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_KEY_AES), + my_counter, + static_cast<int>(size), + PolicySerializable(policyKey), + aliasHelper.getName(), + aliasHelper.getLabel()); + + int retCode = m_storageConnection.processRequest(send.Pop(), recv); + if (CKM_API_SUCCESS != retCode) + return retCode; + + int command; + int counter; + recv.Deserialize(command, counter, retCode); + if (counter != my_counter) { + return CKM_API_ERROR_UNKNOWN; + } + + return retCode; + }); } diff --git a/src/manager/common/data-type.cpp b/src/manager/common/data-type.cpp index 54efcd14..e8cfb84b 100644 --- a/src/manager/common/data-type.cpp +++ b/src/manager/common/data-type.cpp @@ -98,6 +98,10 @@ bool DataType::isKey() const { return false; } +bool DataType::isSKey() const { + return (KEY_AES == m_dataType); +} + bool DataType::isChainCert() const { if (DB_CHAIN_FIRST <= m_dataType && DB_CHAIN_LAST >= m_dataType) return true; diff --git a/src/manager/common/data-type.h b/src/manager/common/data-type.h index b331d51b..b3026bb5 100644 --- a/src/manager/common/data-type.h +++ b/src/manager/common/data-type.h @@ -85,6 +85,7 @@ public: bool operator==(const DataType &second) const; bool isKey() const; + bool isSKey() const; bool isChainCert() const; bool isKeyPrivate() const; bool isKeyPublic() const; diff --git a/src/manager/common/key-aes-impl.cpp b/src/manager/common/key-aes-impl.cpp new file mode 100644 index 00000000..10dba10a --- /dev/null +++ b/src/manager/common/key-aes-impl.cpp @@ -0,0 +1,75 @@ +/* Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + * + * + * @file key-aes-impl.cpp + * @author Maciej Karpiuk (m.karpiuk2@samsung.com) + * @version 1.0 + * @brief AES key implementation. + */ +#include <dpl/log/log.h> +#include <ckm/ckm-type.h> +#include <key-aes-impl.h> + +namespace CKM { + +KeyAESImpl::KeyAESImpl(const RawBuffer &buf) : m_key(buf) +{ + // buf stores bytes -> compare the bit sizes + switch(buf.size() * 8) + { + case 128: + case 192: + case 256: + break; + + default: + throw std::invalid_argument("invalid AES key size"); + } +} + +bool KeyAESImpl::empty() const { + return (getSize() == 0); +} + +KeyType KeyAESImpl::getType() const { + return KeyType::KEY_AES; +} + +RawBuffer KeyAESImpl::getDER() const { + return m_key; +} + +int KeyAESImpl::getSize() const { + return m_key.size(); +} + +KeyShPtr Key::createAES(const RawBuffer &raw) { + try { + KeyShPtr output = std::make_shared<KeyAESImpl>(raw); + if (output->empty()) + output.reset(); + return output; + } catch (const std::bad_alloc &) { + LogDebug("Bad alloc during KeyAESImpl creation"); + } catch (const std::invalid_argument &e) { + LogDebug(e.what()); + } catch (...) { + LogError("Critical error: Unknown exception was caught during KeyAESImpl creation"); + } + return KeyShPtr(); +} + +} // namespace CKM + diff --git a/src/manager/common/key-aes-impl.h b/src/manager/common/key-aes-impl.h new file mode 100644 index 00000000..946a9842 --- /dev/null +++ b/src/manager/common/key-aes-impl.h @@ -0,0 +1,42 @@ +/* Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + * + * + * @file key-aes-impl.h + * @author Maciej Karpiuk (m.karpiuk2@samsung.com) + * @version 1.0 + * @brief AES key. + */ +#pragma once + +#include <ckm/ckm-type.h> +#include <ckm/ckm-key.h> +#include <symbol-visibility.h> + +namespace CKM { + +class COMMON_API KeyAESImpl : public Key { +public: + explicit KeyAESImpl(const RawBuffer& buffer); + + virtual KeyType getType() const; + virtual RawBuffer getDER() const; + virtual int getSize() const; + virtual bool empty() const; + +protected: + CKM::RawBuffer m_key; +}; + +} // namespace CKM diff --git a/src/manager/common/protocols.h b/src/manager/common/protocols.h index b136064c..4f0fd2c4 100644 --- a/src/manager/common/protocols.h +++ b/src/manager/common/protocols.h @@ -57,6 +57,7 @@ enum class LogicCommand : int { GET_LIST, SAVE, REMOVE, + CREATE_KEY_AES, CREATE_KEY_PAIR, GET_CHAIN_CERT, GET_CHAIN_ALIAS, diff --git a/src/manager/crypto/sw-backend/internals.cpp b/src/manager/crypto/sw-backend/internals.cpp index 3af5ab4d..9fe6c3da 100644 --- a/src/manager/crypto/sw-backend/internals.cpp +++ b/src/manager/crypto/sw-backend/internals.cpp @@ -206,7 +206,7 @@ TokenPair createKeyPairDSA(CryptoBackend backendId, const int size) // check the parameters of functions if(size!=1024 && size!=2048 && size!=3072 && size!=4096) { LogError("Error in DSA input size"); - ThrowMsg(Exception::InputParam, "Error in DSA input size"); + ThrowMsg(Crypto::Exception::InputParam, "Error in DSA input size"); } /* Create the context for generating the parameters */ @@ -276,7 +276,7 @@ TokenPair createKeyPairECDSA(CryptoBackend backendId, ElipticCurve type) break; default: LogError("Error in EC type"); - ThrowMsg(Exception::InputParam, "Error in EC type"); + ThrowMsg(Crypto::Exception::InputParam, "Error in EC type"); } /* Create the context for generating the parameters */ @@ -328,6 +328,24 @@ TokenPair createKeyPairECDSA(CryptoBackend backendId, ElipticCurve type) Token(backendId, DataType(KeyType::KEY_ECDSA_PUBLIC), i2d(i2d_PUBKEY_bio, pkey.get()))); } +Token createKeyAES(CryptoBackend backendId, const int sizeBits) +{ + // check the parameters of functions + if(sizeBits!=128 && sizeBits!=192 && sizeBits!=256) { + LogError("Error in AES input size"); + ThrowMsg(Crypto::Exception::InputParam, "Error in AES input size"); + } + + uint8_t key[32]; + int sizeBytes = sizeBits/8; + if (!RAND_bytes(key, sizeBytes)) { + LogError("Error in AES key generation"); + ThrowMsg(Crypto::Exception::InternalError, "Error in AES key generation"); + } + + return Token(backendId, DataType(KeyType::KEY_AES), CKM::RawBuffer(key, key+sizeBytes)); +} + RawBuffer sign(EVP_PKEY *pkey, const CryptoAlgorithm &alg, const RawBuffer &message) diff --git a/src/manager/crypto/sw-backend/internals.h b/src/manager/crypto/sw-backend/internals.h index b9366dee..4db7eff6 100644 --- a/src/manager/crypto/sw-backend/internals.h +++ b/src/manager/crypto/sw-backend/internals.h @@ -48,6 +48,7 @@ int initialize(); TokenPair createKeyPairRSA(CryptoBackend backendId, const int size); TokenPair createKeyPairDSA(CryptoBackend backendId, const int size); TokenPair createKeyPairECDSA(CryptoBackend backendId, ElipticCurve type1); +Token createKeyAES(CryptoBackend backendId, const int sizeBits); RawBuffer sign(EVP_PKEY *pkey, const CryptoAlgorithm &alg, diff --git a/src/manager/crypto/sw-backend/store.cpp b/src/manager/crypto/sw-backend/store.cpp index 2ed63af4..a3fd0021 100644 --- a/src/manager/crypto/sw-backend/store.cpp +++ b/src/manager/crypto/sw-backend/store.cpp @@ -89,6 +89,15 @@ TokenPair Store::generateAKey(const CryptoAlgorithm &algorithm) ThrowMsg(Crypto::Exception::InputParam, "wrong key type"); } +Token Store::generateSKey(const CryptoAlgorithm &algorithm) +{ + int keyLength = 0; + if(!algorithm.getParam(ParamName::GEN_KEY_LEN, keyLength)) + ThrowMsg(Crypto::Exception::InputParam, "Error, parameter GEN_KEY_LEN not found."); + + return Internals::createKeyAES(m_backendId, keyLength); +} + Token Store::import(DataType dataType, const RawBuffer &buffer) { return Token(m_backendId, dataType, buffer); } diff --git a/src/manager/crypto/sw-backend/store.h b/src/manager/crypto/sw-backend/store.h index 1a4d111f..09350e8b 100644 --- a/src/manager/crypto/sw-backend/store.h +++ b/src/manager/crypto/sw-backend/store.h @@ -33,6 +33,7 @@ public: virtual GKeyShPtr getKey(const Token &token); virtual TokenPair generateAKey(const CryptoAlgorithm &); + virtual Token generateSKey(const CryptoAlgorithm &); virtual Token import(DataType dataType, const RawBuffer &buffer); virtual void destroy(const Token &){} }; diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp index 8b0e4330..01549330 100644 --- a/src/manager/service/ckm-logic.cpp +++ b/src/manager/service/ckm-logic.cpp @@ -27,12 +27,13 @@ #include <file-system.h> #include <ckm-logic.h> #include <key-impl.h> +#include <key-aes-impl.h> #include <certificate-config.h> #include <certificate-store.h> #include <dirent.h> #include <algorithm> #include <InitialValuesFile.h> - +#include <sw-backend/store.h> #include <generic-backend/exception.h> namespace { @@ -460,7 +461,11 @@ int CKMLogic::toBinaryData(DataType dataType, // verify the data integrity if (dataType.isKey()) { - KeyShPtr output_key = CKM::Key::create(input_data); + KeyShPtr output_key; + if(dataType.isSKey()) + output_key = CKM::Key::createAES(input_data); + else + output_key = CKM::Key::create(input_data); if(output_key.get() == NULL) { LogError("provided binary data is not valid key data"); @@ -1162,6 +1167,26 @@ int CKMLogic::saveDataHelper( } +int CKMLogic::createKeyAESHelper( + const Credentials &cred, + const int size, + const Name &name, + const Label &label, + const PolicySerializable &policy) +{ + CryptoAlgorithm keyGenAlgorithm; + keyGenAlgorithm.addParam(ParamName::GEN_KEY_LEN, size); + Token key = m_decider.getStore(DataType::KEY_AES, policy.extractable).generateSKey(keyGenAlgorithm); + + return saveDataHelper(cred, + name, + label, + DataType::KEY_AES, + key.data, + policy); +} + + int CKMLogic::createKeyPairHelper( const Credentials &cred, const CryptoAlgorithmSerializable & keyGenParams, @@ -1266,6 +1291,51 @@ RawBuffer CKMLogic::createKeyPair( commandId, retCode).Pop(); } +RawBuffer CKMLogic::createKeyAES( + const Credentials &cred, + int commandId, + const int size, + const Name &name, + const Label &label, + const PolicySerializable &policy) +{ + int retCode = CKM_API_SUCCESS; + + try { + retCode = createKeyAESHelper(cred, size, name, label, policy); + } catch (const Crypto::Exception::OperationNotSupported &e) { + LogDebug("GStore error: operation not supported: " << e.GetMessage()); + retCode = CKM_API_ERROR_SERVER_ERROR; + } catch (const Crypto::Exception::InternalError & e) { + LogDebug("GStore key generation failed: " << e.GetMessage()); + retCode = CKM_API_ERROR_SERVER_ERROR; + } catch( const Crypto::Exception::InputParam & e) { + LogDebug("Missing or wrong input parameters: " << e.GetMessage()); + retCode = CKM_API_ERROR_INPUT_PARAM; + } catch (std::invalid_argument &e) { + LogDebug("invalid argument error: " << e.what()); + retCode = CKM_API_ERROR_INPUT_PARAM; + } catch (DB::Crypto::Exception::TransactionError &e) { + LogDebug("DB::Crypto error: transaction error: " << e.GetMessage()); + retCode = CKM_API_ERROR_DB_ERROR; + } catch (CKM::CryptoLogic::Exception::Base &e) { + LogDebug("CryptoLogic error: " << e.GetMessage()); + retCode = CKM_API_ERROR_SERVER_ERROR; + } catch (DB::Crypto::Exception::InternalError &e) { + LogDebug("DB::Crypto internal error: " << e.GetMessage()); + retCode = CKM_API_ERROR_DB_ERROR; + } catch (const CKMLogic::Exception::DatabaseLocked &e) { + LogError("Error " << e.GetMessage()); + retCode = CKM_API_ERROR_DB_LOCKED; + } catch (const CKM::Exception &e) { + LogError("CKM::Exception: " << e.GetMessage()); + retCode = CKM_API_ERROR_SERVER_ERROR; + } + + return MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_KEY_AES), + commandId, retCode).Pop(); +} + int CKMLogic::readCertificateHelper( const Credentials &cred, const LabelNameVector &labelNameVector, diff --git a/src/manager/service/ckm-logic.h b/src/manager/service/ckm-logic.h index 3c889c22..c09b97e6 100644 --- a/src/manager/service/ckm-logic.h +++ b/src/manager/service/ckm-logic.h @@ -136,6 +136,14 @@ public: const PolicySerializable &policyPrivate, const PolicySerializable &policyPublic); + RawBuffer createKeyAES( + const Credentials &cred, + int commandId, + const int size, + const Name &name, + const Label &label, + const PolicySerializable &policy); + RawBuffer getCertificateChain( const Credentials &cred, int commandId, @@ -321,6 +329,13 @@ private: const Password &password, DB::RowVector &rows); + int createKeyAESHelper( + const Credentials &cred, + const int size, + const Name &name, + const Label &label, + const PolicySerializable &policy); + int createKeyPairHelper( const Credentials &cred, const CryptoAlgorithmSerializable & keyGenParams, diff --git a/src/manager/service/ckm-service.cpp b/src/manager/service/ckm-service.cpp index febbf7f2..235fe477 100644 --- a/src/manager/service/ckm-service.cpp +++ b/src/manager/service/ckm-service.cpp @@ -235,6 +235,24 @@ RawBuffer CKMService::ProcessStorage(Credentials &cred, MessageBuffer &buffer) msgID, DataType(tmpDataType)); } + case LogicCommand::CREATE_KEY_AES: + { + int size = 0; + Name keyName; + Label keyLabel; + PolicySerializable policyKey; + buffer.Deserialize(size, + policyKey, + keyName, + keyLabel); + return m_logic->createKeyAES( + cred, + msgID, + size, + keyName, + keyLabel, + policyKey); + } case LogicCommand::CREATE_KEY_PAIR: { CryptoAlgorithmSerializable keyGenAlgorithm; |