| // Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "chaps/chaps_adaptor.h" |
| |
| #include <base/files/file_path.h> |
| #include <base/files/file_util.h> |
| #include <base/logging.h> |
| #include <base/strings/string_number_conversions.h> |
| #include <base/synchronization/lock.h> |
| #include <dbus/object_path.h> |
| |
| #include "chaps/chaps.h" |
| #include "chaps/chaps_interface.h" |
| #include "chaps/chaps_utility.h" |
| #include "chaps/dbus_bindings/constants.h" |
| #include "chaps/token_manager_interface.h" |
| |
| using base::AutoLock; |
| using base::FilePath; |
| using base::Lock; |
| using brillo::SecureBlob; |
| using std::string; |
| using std::vector; |
| |
| namespace chaps { |
| |
| ChapsAdaptor::ChapsAdaptor(scoped_refptr<dbus::Bus> bus, |
| Lock* lock, |
| ChapsInterface* service, |
| TokenManagerInterface* token_manager) |
| : dbus_object_(nullptr, bus, dbus::ObjectPath(kChapsServicePath)), |
| lock_(lock), |
| service_(service), |
| token_manager_(token_manager) {} |
| |
| ChapsAdaptor::~ChapsAdaptor() {} |
| |
| void ChapsAdaptor::RegisterAsync( |
| const brillo::dbus_utils::AsyncEventSequencer::CompletionAction& cb) { |
| brillo::dbus_utils::DBusInterface* interface = |
| dbus_object_.AddOrGetInterface(kChapsInterface); |
| interface->AddSimpleMethodHandler(kOpenIsolateMethod, base::Unretained(this), |
| &ChapsAdaptor::OpenIsolate); |
| interface->AddSimpleMethodHandler(kCloseIsolateMethod, base::Unretained(this), |
| &ChapsAdaptor::CloseIsolate); |
| interface->AddSimpleMethodHandler(kLoadTokenMethod, base::Unretained(this), |
| &ChapsAdaptor::LoadToken); |
| interface->AddSimpleMethodHandler(kUnloadTokenMethod, base::Unretained(this), |
| &ChapsAdaptor::UnloadToken); |
| interface->AddSimpleMethodHandler(kChangeTokenAuthDataMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::ChangeTokenAuthData); |
| interface->AddSimpleMethodHandler(kGetTokenPathMethod, base::Unretained(this), |
| &ChapsAdaptor::GetTokenPath); |
| interface->AddSimpleMethodHandler(kSetLogLevelMethod, base::Unretained(this), |
| &ChapsAdaptor::SetLogLevel); |
| interface->AddSimpleMethodHandler(kGetSlotListMethod, base::Unretained(this), |
| &ChapsAdaptor::GetSlotList); |
| interface->AddSimpleMethodHandler(kGetSlotInfoMethod, base::Unretained(this), |
| &ChapsAdaptor::GetSlotInfo); |
| interface->AddSimpleMethodHandler(kGetTokenInfoMethod, base::Unretained(this), |
| &ChapsAdaptor::GetTokenInfo); |
| interface->AddSimpleMethodHandler(kGetMechanismListMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::GetMechanismList); |
| interface->AddSimpleMethodHandler(kGetMechanismInfoMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::GetMechanismInfo); |
| interface->AddSimpleMethodHandler(kInitTokenMethod, base::Unretained(this), |
| &ChapsAdaptor::InitToken); |
| interface->AddSimpleMethodHandler(kInitPINMethod, base::Unretained(this), |
| &ChapsAdaptor::InitPIN); |
| interface->AddSimpleMethodHandler(kSetPINMethod, base::Unretained(this), |
| &ChapsAdaptor::SetPIN); |
| interface->AddSimpleMethodHandler(kOpenSessionMethod, base::Unretained(this), |
| &ChapsAdaptor::OpenSession); |
| interface->AddSimpleMethodHandler(kCloseSessionMethod, base::Unretained(this), |
| &ChapsAdaptor::CloseSession); |
| interface->AddSimpleMethodHandler(kGetSessionInfoMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::GetSessionInfo); |
| interface->AddSimpleMethodHandler(kGetOperationStateMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::GetOperationState); |
| interface->AddSimpleMethodHandler(kSetOperationStateMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::SetOperationState); |
| interface->AddSimpleMethodHandler(kLoginMethod, base::Unretained(this), |
| &ChapsAdaptor::Login); |
| interface->AddSimpleMethodHandler(kLogoutMethod, base::Unretained(this), |
| &ChapsAdaptor::Logout); |
| interface->AddSimpleMethodHandler(kCreateObjectMethod, base::Unretained(this), |
| &ChapsAdaptor::CreateObject); |
| interface->AddSimpleMethodHandler(kCopyObjectMethod, base::Unretained(this), |
| &ChapsAdaptor::CopyObject); |
| interface->AddSimpleMethodHandler(kDestroyObjectMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::DestroyObject); |
| interface->AddSimpleMethodHandler(kGetObjectSizeMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::GetObjectSize); |
| interface->AddSimpleMethodHandler(kGetAttributeValueMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::GetAttributeValue); |
| interface->AddSimpleMethodHandler(kSetAttributeValueMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::SetAttributeValue); |
| interface->AddSimpleMethodHandler(kFindObjectsInitMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::FindObjectsInit); |
| interface->AddSimpleMethodHandler(kFindObjectsMethod, base::Unretained(this), |
| &ChapsAdaptor::FindObjects); |
| interface->AddSimpleMethodHandler(kFindObjectsFinalMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::FindObjectsFinal); |
| interface->AddSimpleMethodHandler(kEncryptInitMethod, base::Unretained(this), |
| &ChapsAdaptor::EncryptInit); |
| interface->AddSimpleMethodHandler(kEncryptMethod, base::Unretained(this), |
| &ChapsAdaptor::Encrypt); |
| interface->AddSimpleMethodHandler(kEncryptUpdateMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::EncryptUpdate); |
| interface->AddSimpleMethodHandler(kEncryptFinalMethod, base::Unretained(this), |
| &ChapsAdaptor::EncryptFinal); |
| interface->AddSimpleMethodHandler(kEncryptCancelMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::EncryptCancel); |
| interface->AddSimpleMethodHandler(kDecryptInitMethod, base::Unretained(this), |
| &ChapsAdaptor::DecryptInit); |
| interface->AddSimpleMethodHandler(kDecryptMethod, base::Unretained(this), |
| &ChapsAdaptor::Decrypt); |
| interface->AddSimpleMethodHandler(kDecryptUpdateMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::DecryptUpdate); |
| interface->AddSimpleMethodHandler(kDecryptFinalMethod, base::Unretained(this), |
| &ChapsAdaptor::DecryptFinal); |
| interface->AddSimpleMethodHandler(kDecryptCancelMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::DecryptCancel); |
| interface->AddSimpleMethodHandler(kDigestInitMethod, base::Unretained(this), |
| &ChapsAdaptor::DigestInit); |
| interface->AddSimpleMethodHandler(kDigestMethod, base::Unretained(this), |
| &ChapsAdaptor::Digest); |
| interface->AddSimpleMethodHandler(kDigestUpdateMethod, base::Unretained(this), |
| &ChapsAdaptor::DigestUpdate); |
| interface->AddSimpleMethodHandler(kDigestKeyMethod, base::Unretained(this), |
| &ChapsAdaptor::DigestKey); |
| interface->AddSimpleMethodHandler(kDigestFinalMethod, base::Unretained(this), |
| &ChapsAdaptor::DigestFinal); |
| interface->AddSimpleMethodHandler(kDigestCancelMethod, base::Unretained(this), |
| &ChapsAdaptor::DigestCancel); |
| interface->AddSimpleMethodHandler(kSignInitMethod, base::Unretained(this), |
| &ChapsAdaptor::SignInit); |
| interface->AddSimpleMethodHandler(kSignMethod, base::Unretained(this), |
| &ChapsAdaptor::Sign); |
| interface->AddSimpleMethodHandler(kSignUpdateMethod, base::Unretained(this), |
| &ChapsAdaptor::SignUpdate); |
| interface->AddSimpleMethodHandler(kSignFinalMethod, base::Unretained(this), |
| &ChapsAdaptor::SignFinal); |
| interface->AddSimpleMethodHandler(kSignCancelMethod, base::Unretained(this), |
| &ChapsAdaptor::SignCancel); |
| interface->AddSimpleMethodHandler(kSignRecoverInitMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::SignRecoverInit); |
| interface->AddSimpleMethodHandler(kSignRecoverMethod, base::Unretained(this), |
| &ChapsAdaptor::SignRecover); |
| interface->AddSimpleMethodHandler(kVerifyInitMethod, base::Unretained(this), |
| &ChapsAdaptor::VerifyInit); |
| interface->AddSimpleMethodHandler(kVerifyMethod, base::Unretained(this), |
| &ChapsAdaptor::Verify); |
| interface->AddSimpleMethodHandler(kVerifyUpdateMethod, base::Unretained(this), |
| &ChapsAdaptor::VerifyUpdate); |
| interface->AddSimpleMethodHandler(kVerifyFinalMethod, base::Unretained(this), |
| &ChapsAdaptor::VerifyFinal); |
| interface->AddSimpleMethodHandler(kVerifyCancelMethod, base::Unretained(this), |
| &ChapsAdaptor::VerifyCancel); |
| interface->AddSimpleMethodHandler(kVerifyRecoverInitMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::VerifyRecoverInit); |
| interface->AddSimpleMethodHandler(kVerifyRecoverMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::VerifyRecover); |
| interface->AddSimpleMethodHandler(kDigestEncryptUpdateMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::DigestEncryptUpdate); |
| interface->AddSimpleMethodHandler(kDecryptDigestUpdateMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::DecryptDigestUpdate); |
| interface->AddSimpleMethodHandler(kSignEncryptUpdateMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::SignEncryptUpdate); |
| interface->AddSimpleMethodHandler(kDecryptVerifyUpdateMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::DecryptVerifyUpdate); |
| interface->AddSimpleMethodHandler(kGenerateKeyMethod, base::Unretained(this), |
| &ChapsAdaptor::GenerateKey); |
| interface->AddSimpleMethodHandler(kGenerateKeyPairMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::GenerateKeyPair); |
| interface->AddSimpleMethodHandler(kWrapKeyMethod, base::Unretained(this), |
| &ChapsAdaptor::WrapKey); |
| interface->AddSimpleMethodHandler(kUnwrapKeyMethod, base::Unretained(this), |
| &ChapsAdaptor::UnwrapKey); |
| interface->AddSimpleMethodHandler(kDeriveKeyMethod, base::Unretained(this), |
| &ChapsAdaptor::DeriveKey); |
| interface->AddSimpleMethodHandler(kSeedRandomMethod, base::Unretained(this), |
| &ChapsAdaptor::SeedRandom); |
| interface->AddSimpleMethodHandler(kGenerateRandomMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::GenerateRandom); |
| dbus_object_.RegisterAsync(cb); |
| } |
| |
| void ChapsAdaptor::OpenIsolate( |
| const brillo::SecureVector& isolate_credential_in, |
| brillo::SecureVector* isolate_credential_out, |
| bool* new_isolate_created, |
| bool* result) { |
| VLOG(1) << "CALL: " << __func__; |
| *result = false; |
| SecureBlob isolate_credential(isolate_credential_in.begin(), |
| isolate_credential_in.end()); |
| if (token_manager_) |
| *result = |
| token_manager_->OpenIsolate(&isolate_credential, new_isolate_created); |
| isolate_credential_out->swap(isolate_credential); |
| } |
| |
| void ChapsAdaptor::CloseIsolate( |
| const brillo::SecureVector& isolate_credential) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| if (token_manager_) |
| token_manager_->CloseIsolate(isolate_credential_blob); |
| } |
| |
| void ChapsAdaptor::LoadToken(const brillo::SecureVector& isolate_credential, |
| const string& path, |
| const brillo::SecureVector& auth_data, |
| const string& label, |
| uint64_t* slot_id, |
| bool* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| SecureBlob auth_data_blob(auth_data.begin(), auth_data.end()); |
| if (token_manager_) |
| *result = token_manager_->LoadToken(isolate_credential_blob, FilePath(path), |
| auth_data_blob, label, |
| PreservedValue<uint64_t, int>(slot_id)); |
| } |
| |
| void ChapsAdaptor::UnloadToken(const brillo::SecureVector& isolate_credential, |
| const string& path) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| if (token_manager_) |
| token_manager_->UnloadToken(isolate_credential_blob, FilePath(path)); |
| } |
| |
| void ChapsAdaptor::ChangeTokenAuthData( |
| const string& path, |
| const brillo::SecureVector& old_auth_data, |
| const brillo::SecureVector& new_auth_data) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| if (token_manager_) |
| token_manager_->ChangeTokenAuthData( |
| FilePath(path), SecureBlob(old_auth_data.begin(), old_auth_data.end()), |
| SecureBlob(new_auth_data.begin(), new_auth_data.end())); |
| } |
| |
| void ChapsAdaptor::GetTokenPath(const brillo::SecureVector& isolate_credential, |
| uint64_t slot_id, |
| std::string* path, |
| bool* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| if (token_manager_) { |
| FilePath tmp; |
| *result = |
| token_manager_->GetTokenPath(isolate_credential_blob, slot_id, &tmp); |
| *path = tmp.value(); |
| } |
| } |
| |
| void ChapsAdaptor::SetLogLevel(const int32_t& level) { |
| logging::SetMinLogLevel(level); |
| string level_str = base::NumberToString(level); |
| int writeResult = base::WriteFile(FilePath(kPersistentLogLevelPath), |
| level_str.data(), level_str.length()); |
| VLOG_IF(2, writeResult < 0) << "Failed to save loglevel to file."; |
| } |
| |
| void ChapsAdaptor::GetSlotList(const brillo::SecureVector& isolate_credential, |
| bool token_present, |
| vector<uint64_t>* slot_list, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "token_present=" << token_present; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = |
| service_->GetSlotList(isolate_credential_blob, token_present, slot_list); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "slot_list=" << PrintIntVector(*slot_list); |
| } |
| |
| void ChapsAdaptor::GetSlotInfo(const brillo::SecureVector& isolate_credential, |
| uint64_t slot_id, |
| SlotInfo* slot_info, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "slot_id=" << slot_id; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = service_->GetSlotInfo(isolate_credential_blob, slot_id, slot_info); |
| VLOG_IF(2, *result == CKR_OK) |
| << "OUT: " |
| << "slot_description=" << slot_info->slot_description(); |
| } |
| |
| void ChapsAdaptor::GetTokenInfo(const brillo::SecureVector& isolate_credential, |
| uint64_t slot_id, |
| TokenInfo* token_info, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "slot_id=" << slot_id; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = |
| service_->GetTokenInfo(isolate_credential_blob, slot_id, token_info); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "label=" << token_info->label(); |
| } |
| |
| void ChapsAdaptor::GetMechanismList( |
| const brillo::SecureVector& isolate_credential, |
| uint64_t slot_id, |
| vector<uint64_t>* mechanism_list, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "slot_id=" << slot_id; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = service_->GetMechanismList(isolate_credential_blob, slot_id, |
| mechanism_list); |
| VLOG_IF(2, *result == CKR_OK) |
| << "OUT: " |
| << "mechanism_list=" << PrintIntVector(*mechanism_list); |
| } |
| |
| void ChapsAdaptor::GetMechanismInfo( |
| const brillo::SecureVector& isolate_credential, |
| uint64_t slot_id, |
| uint64_t mechanism_type, |
| MechanismInfo* mechanism_info, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "slot_id=" << slot_id; |
| VLOG(2) << "IN: " |
| << "mechanism_type=" << mechanism_type; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = service_->GetMechanismInfo(isolate_credential_blob, slot_id, |
| mechanism_type, mechanism_info); |
| VLOG_IF(2, *result == CKR_OK) |
| << "OUT: " |
| << "min_key_size=" << mechanism_info->min_key_size(); |
| VLOG_IF(2, *result == CKR_OK) |
| << "OUT: " |
| << "max_key_size=" << mechanism_info->max_key_size(); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "flags=" << mechanism_info->flags(); |
| } |
| |
| uint32_t ChapsAdaptor::InitToken(const brillo::SecureVector& isolate_credential, |
| uint64_t slot_id, |
| bool use_null_pin, |
| const string& optional_so_pin, |
| const vector<uint8_t>& new_token_label) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "slot_id=" << slot_id; |
| VLOG(2) << "IN: " |
| << "new_token_label=" << ConvertByteVectorToString(new_token_label); |
| const string* tmp_pin = use_null_pin ? NULL : &optional_so_pin; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| return service_->InitToken(isolate_credential_blob, slot_id, tmp_pin, |
| new_token_label); |
| } |
| |
| uint32_t ChapsAdaptor::InitPIN(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| bool use_null_pin, |
| const string& optional_user_pin) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "use_null_pin=" << use_null_pin; |
| const string* tmp_pin = use_null_pin ? NULL : &optional_user_pin; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| return service_->InitPIN(isolate_credential_blob, session_id, tmp_pin); |
| } |
| |
| uint32_t ChapsAdaptor::SetPIN(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| bool use_null_old_pin, |
| const string& optional_old_pin, |
| bool use_null_new_pin, |
| const string& optional_new_pin) { |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "use_null_old_pin=" << use_null_old_pin; |
| VLOG(2) << "IN: " |
| << "use_null_new_pin=" << use_null_new_pin; |
| const string* tmp_old_pin = use_null_old_pin ? NULL : &optional_old_pin; |
| const string* tmp_new_pin = use_null_new_pin ? NULL : &optional_new_pin; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| return service_->SetPIN(isolate_credential_blob, session_id, tmp_old_pin, |
| tmp_new_pin); |
| } |
| |
| void ChapsAdaptor::OpenSession(const brillo::SecureVector& isolate_credential, |
| uint64_t slot_id, |
| uint64_t flags, |
| uint64_t* session_id, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "slot_id=" << slot_id; |
| VLOG(2) << "IN: " |
| << "flags=" << flags; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = service_->OpenSession(isolate_credential_blob, slot_id, flags, |
| session_id); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "session_id=" << session_id; |
| } |
| |
| uint32_t ChapsAdaptor::CloseSession( |
| const brillo::SecureVector& isolate_credential, uint64_t session_id) { |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| return service_->CloseSession(isolate_credential_blob, session_id); |
| } |
| |
| void ChapsAdaptor::GetSessionInfo( |
| const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| SessionInfo* session_info, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = service_->GetSessionInfo(isolate_credential_blob, session_id, |
| session_info); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "slot_id=" << session_info->slot_id(); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "state=" << session_info->state(); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "flags=" << session_info->flags(); |
| VLOG_IF(2, *result == CKR_OK) |
| << "OUT: " |
| << "device_error=" << session_info->device_error(); |
| } |
| |
| void ChapsAdaptor::GetOperationState( |
| const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| vector<uint8_t>* operation_state, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = service_->GetOperationState(isolate_credential_blob, session_id, |
| operation_state); |
| } |
| |
| uint32_t ChapsAdaptor::SetOperationState( |
| const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& operation_state, |
| uint64_t encryption_key_handle, |
| uint64_t authentication_key_handle) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| return service_->SetOperationState(isolate_credential_blob, session_id, |
| operation_state, encryption_key_handle, |
| authentication_key_handle); |
| } |
| |
| uint32_t ChapsAdaptor::Login(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| uint64_t user_type, |
| bool use_null_pin, |
| const string& optional_pin) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "user_type=" << user_type; |
| VLOG(2) << "IN: " |
| << "use_null_pin=" << use_null_pin; |
| const string* pin = use_null_pin ? NULL : &optional_pin; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| return service_->Login(isolate_credential_blob, session_id, user_type, pin); |
| } |
| |
| uint32_t ChapsAdaptor::Logout(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| return service_->Logout(isolate_credential_blob, session_id); |
| } |
| |
| void ChapsAdaptor::CreateObject(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& attributes, |
| uint64_t* new_object_handle, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "attributes=" << PrintAttributes(attributes, true); |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = service_->CreateObject(isolate_credential_blob, session_id, |
| attributes, new_object_handle); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "new_object_handle=" << new_object_handle; |
| } |
| |
| void ChapsAdaptor::CopyObject(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| uint64_t object_handle, |
| const vector<uint8_t>& attributes, |
| uint64_t* new_object_handle, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "object_handle=" << object_handle; |
| VLOG(2) << "IN: " |
| << "attributes=" << PrintAttributes(attributes, true); |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = service_->CopyObject(isolate_credential_blob, session_id, |
| object_handle, attributes, new_object_handle); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "new_object_handle=" << new_object_handle; |
| } |
| |
| uint32_t ChapsAdaptor::DestroyObject( |
| const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| uint64_t object_handle) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "object_handle=" << object_handle; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| return service_->DestroyObject(isolate_credential_blob, session_id, |
| object_handle); |
| } |
| |
| void ChapsAdaptor::GetObjectSize(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| uint64_t object_handle, |
| uint64_t* object_size, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "object_handle=" << object_handle; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = service_->GetObjectSize(isolate_credential_blob, session_id, |
| object_handle, object_size); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "object_size=" << object_size; |
| } |
| |
| void ChapsAdaptor::GetAttributeValue( |
| const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| uint64_t object_handle, |
| const vector<uint8_t>& attributes_in, |
| vector<uint8_t>* attributes_out, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "object_handle=" << object_handle; |
| VLOG(2) << "IN: " |
| << "attributes_in=" << PrintAttributes(attributes_in, false); |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = |
| service_->GetAttributeValue(isolate_credential_blob, session_id, |
| object_handle, attributes_in, attributes_out); |
| VLOG_IF(2, *result == CKR_OK || *result == CKR_ATTRIBUTE_TYPE_INVALID) |
| << "OUT: " |
| << "attributes_out=" << PrintAttributes(*attributes_out, true); |
| } |
| |
| uint32_t ChapsAdaptor::SetAttributeValue( |
| const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| uint64_t object_handle, |
| const vector<uint8_t>& attributes) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "object_handle=" << object_handle; |
| VLOG(2) << "IN: " |
| << "attributes=" << PrintAttributes(attributes, true); |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| return service_->SetAttributeValue(isolate_credential_blob, session_id, |
| object_handle, attributes); |
| } |
| |
| uint32_t ChapsAdaptor::FindObjectsInit( |
| const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& attributes) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "attributes=" << PrintAttributes(attributes, true); |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| return service_->FindObjectsInit(isolate_credential_blob, session_id, |
| attributes); |
| } |
| |
| void ChapsAdaptor::FindObjects(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| uint64_t max_object_count, |
| vector<uint64_t>* object_list, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "max_object_count=" << max_object_count; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = service_->FindObjects(isolate_credential_blob, session_id, |
| max_object_count, object_list); |
| VLOG_IF(2, *result == CKR_OK) |
| << "OUT: " |
| << "object_list=" << PrintIntVector(*object_list); |
| } |
| |
| uint32_t ChapsAdaptor::FindObjectsFinal( |
| const brillo::SecureVector& isolate_credential, uint64_t session_id) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| return service_->FindObjectsFinal(isolate_credential_blob, session_id); |
| } |
| |
| uint32_t ChapsAdaptor::EncryptInit( |
| const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| uint64_t key_handle) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "mechanism_type=" << mechanism_type; |
| VLOG(2) << "IN: " |
| << "mechanism_parameter=" << PrintIntVector(mechanism_parameter); |
| VLOG(2) << "IN: " |
| << "key_handle=" << key_handle; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| return service_->EncryptInit(isolate_credential_blob, session_id, |
| mechanism_type, mechanism_parameter, key_handle); |
| } |
| |
| void ChapsAdaptor::Encrypt(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = service_->Encrypt(isolate_credential_blob, session_id, data_in, |
| max_out_length, actual_out_length, data_out); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "actual_out_length=" << actual_out_length; |
| } |
| |
| void ChapsAdaptor::EncryptUpdate(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = |
| service_->EncryptUpdate(isolate_credential_blob, session_id, data_in, |
| max_out_length, actual_out_length, data_out); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "actual_out_length=" << actual_out_length; |
| } |
| |
| void ChapsAdaptor::EncryptFinal(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = service_->EncryptFinal(isolate_credential_blob, session_id, |
| max_out_length, actual_out_length, data_out); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "actual_out_length=" << actual_out_length; |
| } |
| |
| void ChapsAdaptor::EncryptCancel(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| service_->EncryptCancel(isolate_credential_blob, session_id); |
| } |
| |
| uint32_t ChapsAdaptor::DecryptInit( |
| const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| uint64_t key_handle) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "mechanism_type=" << mechanism_type; |
| VLOG(2) << "IN: " |
| << "mechanism_parameter=" << PrintIntVector(mechanism_parameter); |
| VLOG(2) << "IN: " |
| << "key_handle=" << key_handle; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| return service_->DecryptInit(isolate_credential_blob, session_id, |
| mechanism_type, mechanism_parameter, key_handle); |
| } |
| |
| void ChapsAdaptor::Decrypt(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = service_->Decrypt(isolate_credential_blob, session_id, data_in, |
| max_out_length, actual_out_length, data_out); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "actual_out_length=" << actual_out_length; |
| } |
| |
| void ChapsAdaptor::DecryptUpdate(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = |
| service_->DecryptUpdate(isolate_credential_blob, session_id, data_in, |
| max_out_length, actual_out_length, data_out); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "actual_out_length=" << actual_out_length; |
| } |
| |
| void ChapsAdaptor::DecryptFinal(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = service_->DecryptFinal(isolate_credential_blob, session_id, |
| max_out_length, actual_out_length, data_out); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "actual_out_length=" << actual_out_length; |
| } |
| |
| void ChapsAdaptor::DecryptCancel(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| service_->DecryptCancel(isolate_credential_blob, session_id); |
| } |
| |
| uint32_t ChapsAdaptor::DigestInit( |
| const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "mechanism_type=" << mechanism_type; |
| VLOG(2) << "IN: " |
| << "mechanism_parameter=" << PrintIntVector(mechanism_parameter); |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| return service_->DigestInit(isolate_credential_blob, session_id, |
| mechanism_type, mechanism_parameter); |
| } |
| |
| void ChapsAdaptor::Digest(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* digest, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = service_->Digest(isolate_credential_blob, session_id, data_in, |
| max_out_length, actual_out_length, digest); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "actual_out_length=" << actual_out_length; |
| } |
| |
| uint32_t ChapsAdaptor::DigestUpdate( |
| const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| return service_->DigestUpdate(isolate_credential_blob, session_id, data_in); |
| } |
| |
| uint32_t ChapsAdaptor::DigestKey(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| uint64_t key_handle) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "key_handle=" << key_handle; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| return service_->DigestKey(isolate_credential_blob, session_id, key_handle); |
| } |
| |
| void ChapsAdaptor::DigestFinal(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* digest, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = service_->DigestFinal(isolate_credential_blob, session_id, |
| max_out_length, actual_out_length, digest); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "actual_out_length=" << actual_out_length; |
| } |
| |
| void ChapsAdaptor::DigestCancel(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| service_->DigestCancel(isolate_credential_blob, session_id); |
| } |
| |
| uint32_t ChapsAdaptor::SignInit(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| uint64_t key_handle) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "mechanism_type=" << mechanism_type; |
| VLOG(2) << "IN: " |
| << "mechanism_parameter=" << PrintIntVector(mechanism_parameter); |
| VLOG(2) << "IN: " |
| << "key_handle=" << key_handle; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| return service_->SignInit(isolate_credential_blob, session_id, mechanism_type, |
| mechanism_parameter, key_handle); |
| } |
| |
| void ChapsAdaptor::Sign(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* signature, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = service_->Sign(isolate_credential_blob, session_id, data, |
| max_out_length, actual_out_length, signature); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "actual_out_length=" << actual_out_length; |
| } |
| |
| uint32_t ChapsAdaptor::SignUpdate( |
| const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_part) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| return service_->SignUpdate(isolate_credential_blob, session_id, data_part); |
| } |
| |
| void ChapsAdaptor::SignFinal(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* signature, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = service_->SignFinal(isolate_credential_blob, session_id, |
| max_out_length, actual_out_length, signature); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "actual_out_length=" << actual_out_length; |
| } |
| |
| void ChapsAdaptor::SignCancel(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| service_->SignCancel(isolate_credential_blob, session_id); |
| } |
| |
| uint32_t ChapsAdaptor::SignRecoverInit( |
| const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| uint64_t key_handle) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "mechanism_type=" << mechanism_type; |
| VLOG(2) << "IN: " |
| << "mechanism_parameter=" << PrintIntVector(mechanism_parameter); |
| VLOG(2) << "IN: " |
| << "key_handle=" << key_handle; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| return service_->SignRecoverInit(isolate_credential_blob, session_id, |
| mechanism_type, mechanism_parameter, |
| key_handle); |
| } |
| |
| void ChapsAdaptor::SignRecover(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* signature, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = service_->SignRecover(isolate_credential_blob, session_id, data, |
| max_out_length, actual_out_length, signature); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "actual_out_length=" << actual_out_length; |
| } |
| |
| uint32_t ChapsAdaptor::VerifyInit( |
| const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| uint64_t key_handle) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "mechanism_type=" << mechanism_type; |
| VLOG(2) << "IN: " |
| << "mechanism_parameter=" << PrintIntVector(mechanism_parameter); |
| VLOG(2) << "IN: " |
| << "key_handle=" << key_handle; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| return service_->VerifyInit(isolate_credential_blob, session_id, |
| mechanism_type, mechanism_parameter, key_handle); |
| } |
| |
| uint32_t ChapsAdaptor::Verify(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data, |
| const vector<uint8_t>& signature) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| return service_->Verify(isolate_credential_blob, session_id, data, signature); |
| } |
| |
| uint32_t ChapsAdaptor::VerifyUpdate( |
| const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_part) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| return service_->VerifyUpdate(isolate_credential_blob, session_id, data_part); |
| } |
| |
| uint32_t ChapsAdaptor::VerifyFinal( |
| const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& signature) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| return service_->VerifyFinal(isolate_credential_blob, session_id, signature); |
| } |
| |
| void ChapsAdaptor::VerifyCancel(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| service_->VerifyCancel(isolate_credential_blob, session_id); |
| } |
| |
| uint32_t ChapsAdaptor::VerifyRecoverInit( |
| const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| uint64_t key_handle) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "mechanism_type=" << mechanism_type; |
| VLOG(2) << "IN: " |
| << "mechanism_parameter=" << PrintIntVector(mechanism_parameter); |
| VLOG(2) << "IN: " |
| << "key_handle=" << key_handle; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| return service_->VerifyRecoverInit(isolate_credential_blob, session_id, |
| mechanism_type, mechanism_parameter, |
| key_handle); |
| } |
| |
| void ChapsAdaptor::VerifyRecover(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& signature, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = |
| service_->VerifyRecover(isolate_credential_blob, session_id, signature, |
| max_out_length, actual_out_length, data); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "actual_out_length=" << actual_out_length; |
| } |
| |
| void ChapsAdaptor::DigestEncryptUpdate( |
| const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = service_->DigestEncryptUpdate(isolate_credential_blob, session_id, |
| data_in, max_out_length, |
| actual_out_length, data_out); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "actual_out_length=" << actual_out_length; |
| } |
| |
| void ChapsAdaptor::DecryptDigestUpdate( |
| const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = service_->DecryptDigestUpdate(isolate_credential_blob, session_id, |
| data_in, max_out_length, |
| actual_out_length, data_out); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "actual_out_length=" << actual_out_length; |
| } |
| |
| void ChapsAdaptor::SignEncryptUpdate( |
| const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = |
| service_->SignEncryptUpdate(isolate_credential_blob, session_id, data_in, |
| max_out_length, actual_out_length, data_out); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "actual_out_length=" << actual_out_length; |
| } |
| |
| void ChapsAdaptor::DecryptVerifyUpdate( |
| const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = service_->DecryptVerifyUpdate(isolate_credential_blob, session_id, |
| data_in, max_out_length, |
| actual_out_length, data_out); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "actual_out_length=" << actual_out_length; |
| } |
| |
| void ChapsAdaptor::GenerateKey(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| const vector<uint8_t>& attributes, |
| uint64_t* key_handle, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "mechanism_type=" << mechanism_type; |
| VLOG(2) << "IN: " |
| << "mechanism_parameter=" << PrintIntVector(mechanism_parameter); |
| VLOG(2) << "IN: " |
| << "attributes=" << PrintAttributes(attributes, true); |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = |
| service_->GenerateKey(isolate_credential_blob, session_id, mechanism_type, |
| mechanism_parameter, attributes, key_handle); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "key_handle=" << key_handle; |
| } |
| |
| void ChapsAdaptor::GenerateKeyPair( |
| const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| const vector<uint8_t>& public_attributes, |
| const vector<uint8_t>& private_attributes, |
| uint64_t* public_key_handle, |
| uint64_t* private_key_handle, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "mechanism_type=" << mechanism_type; |
| VLOG(2) << "IN: " |
| << "mechanism_parameter=" << PrintIntVector(mechanism_parameter); |
| VLOG(2) << "IN: " |
| << "public_attributes=" << PrintAttributes(public_attributes, true); |
| VLOG(2) << "IN: " |
| << "private_attributes=" << PrintAttributes(private_attributes, true); |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = service_->GenerateKeyPair(isolate_credential_blob, session_id, |
| mechanism_type, mechanism_parameter, |
| public_attributes, private_attributes, |
| public_key_handle, private_key_handle); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "public_key_handle=" << public_key_handle; |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "private_key_handle=" << private_key_handle; |
| } |
| |
| void ChapsAdaptor::WrapKey(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| uint64_t wrapping_key_handle, |
| uint64_t key_handle, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* wrapped_key, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "mechanism_type=" << mechanism_type; |
| VLOG(2) << "IN: " |
| << "mechanism_parameter=" << PrintIntVector(mechanism_parameter); |
| VLOG(2) << "IN: " |
| << "wrapping_key_handle=" << wrapping_key_handle; |
| VLOG(2) << "IN: " |
| << "key_handle=" << key_handle; |
| VLOG(2) << "IN: " |
| << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = |
| service_->WrapKey(isolate_credential_blob, session_id, mechanism_type, |
| mechanism_parameter, wrapping_key_handle, key_handle, |
| max_out_length, actual_out_length, wrapped_key); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "actual_out_length=" << actual_out_length; |
| } |
| |
| void ChapsAdaptor::UnwrapKey(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| uint64_t wrapping_key_handle, |
| const vector<uint8_t>& wrapped_key, |
| const vector<uint8_t>& attributes, |
| uint64_t* key_handle, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "mechanism_type=" << mechanism_type; |
| VLOG(2) << "IN: " |
| << "mechanism_parameter=" << PrintIntVector(mechanism_parameter); |
| VLOG(2) << "IN: " |
| << "wrapping_key_handle=" << wrapping_key_handle; |
| VLOG(2) << "IN: " |
| << "attributes=" << PrintAttributes(attributes, true); |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = service_->UnwrapKey( |
| isolate_credential_blob, session_id, mechanism_type, mechanism_parameter, |
| wrapping_key_handle, wrapped_key, attributes, key_handle); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "key_handle=" << key_handle; |
| } |
| |
| void ChapsAdaptor::DeriveKey(const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| uint64_t base_key_handle, |
| const vector<uint8_t>& attributes, |
| uint64_t* key_handle, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "mechanism_type=" << mechanism_type; |
| VLOG(2) << "IN: " |
| << "mechanism_parameter=" << PrintIntVector(mechanism_parameter); |
| VLOG(2) << "IN: " |
| << "base_key_handle=" << base_key_handle; |
| VLOG(2) << "IN: " |
| << "attributes=" << PrintAttributes(attributes, true); |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = service_->DeriveKey(isolate_credential_blob, session_id, |
| mechanism_type, mechanism_parameter, |
| base_key_handle, attributes, key_handle); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " |
| << "key_handle=" << key_handle; |
| } |
| |
| uint32_t ChapsAdaptor::SeedRandom( |
| const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& seed) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "num_bytes=" << seed.size(); |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| return service_->SeedRandom(isolate_credential_blob, session_id, seed); |
| } |
| |
| void ChapsAdaptor::GenerateRandom( |
| const brillo::SecureVector& isolate_credential, |
| uint64_t session_id, |
| uint64_t num_bytes, |
| vector<uint8_t>* random_data, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " |
| << "session_id=" << session_id; |
| VLOG(2) << "IN: " |
| << "num_bytes=" << num_bytes; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| |
| *result = service_->GenerateRandom(isolate_credential_blob, session_id, |
| num_bytes, random_data); |
| } |
| |
| } // namespace chaps |