| // Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "chaps/chaps_proxy.h" |
| |
| #include <utility> |
| |
| #include <base/logging.h> |
| #include <base/macros.h> |
| #include <base/memory/ptr_util.h> |
| #include <base/memory/ref_counted.h> |
| #include <brillo/dbus/dbus_method_invoker.h> |
| #include <dbus/message.h> |
| #include <dbus/object_path.h> |
| |
| #include "chaps/chaps.h" |
| #include "chaps/chaps_utility.h" |
| #include "chaps/dbus/dbus_proxy_wrapper.h" |
| #include "chaps/dbus/scoped_bus.h" |
| #include "chaps/dbus_bindings/constants.h" |
| #include "chaps/isolate.h" |
| #include "pkcs11/cryptoki.h" |
| |
| using base::AutoLock; |
| using brillo::SecureBlob; |
| using brillo::dbus_utils::ExtractMethodCallResults; |
| using std::string; |
| using std::vector; |
| |
| namespace { |
| |
| const char kDBusThreadName[] = "chaps_dbus_client_thread"; |
| |
| // These methods are equivalent to static_casting the blob to |
| // a regular std::vector since this is just an upcast. The reason why |
| // we use them is that the libbrillo D-Bus bindings rely on template |
| // argument type deduction to figure out which MessageReader and |
| // MessageWriter methods need to be called to marshal and unmarshal |
| // data into D-Bus messages, and SecureBlob has no specializations |
| // there. |
| inline const brillo::SecureVector AsVector(const SecureBlob& blob) { |
| return blob; |
| } |
| |
| inline brillo::SecureVector* AsVector(SecureBlob* blob) { |
| return blob; |
| } |
| |
| // We need to be able to shadow AtExitManagers because we don't know if the |
| // caller has an AtExitManager already or not (on Chrome it might, but on Linux |
| // it probably won't). |
| class ProxyAtExitManager : public base::AtExitManager { |
| public: |
| ProxyAtExitManager() : AtExitManager(true) {} |
| |
| private: |
| DISALLOW_COPY_AND_ASSIGN(ProxyAtExitManager); |
| }; |
| |
| } // namespace |
| |
| namespace chaps { |
| |
| // Below is the real implementation. |
| |
| ChapsProxyImpl::ChapsProxyImpl(std::unique_ptr<base::AtExitManager> at_exit, |
| std::unique_ptr<base::Thread> dbus_thread, |
| scoped_refptr<DBusProxyWrapper> proxy) |
| : at_exit_(std::move(at_exit)), |
| dbus_thread_(std::move(dbus_thread)), |
| proxy_(proxy) {} |
| |
| ChapsProxyImpl::~ChapsProxyImpl() {} |
| |
| // static |
| std::unique_ptr<ChapsProxyImpl> ChapsProxyImpl::Create(bool shadow_at_exit) { |
| std::unique_ptr<base::AtExitManager> at_exit; |
| if (shadow_at_exit) { |
| at_exit = std::make_unique<ProxyAtExitManager>(); |
| } |
| |
| base::Thread::Options options(base::MessagePumpType::IO, 0); |
| auto dbus_thread = std::make_unique<base::Thread>(kDBusThreadName); |
| dbus_thread->StartWithOptions(options); |
| |
| scoped_refptr<ProxyWrapperConstructionTask> task( |
| new ProxyWrapperConstructionTask); |
| scoped_refptr<DBusProxyWrapper> proxy = |
| task->ConstructProxyWrapper(dbus_thread->task_runner()); |
| if (!proxy) |
| return nullptr; |
| |
| VLOG(1) << "Chaps proxy initialized (" << kChapsServicePath << ")."; |
| return base::WrapUnique( |
| new ChapsProxyImpl(std::move(at_exit), std::move(dbus_thread), proxy)); |
| } |
| |
| bool ChapsProxyImpl::OpenIsolate(SecureBlob* isolate_credential, |
| bool* new_isolate_created) { |
| bool result = false; |
| SecureBlob isolate_credential_in; |
| SecureBlob isolate_credential_out; |
| isolate_credential_in.swap(*isolate_credential); |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kOpenIsolateMethod, AsVector(isolate_credential_in)); |
| if (resp && ExtractMethodCallResults(resp.get(), nullptr, |
| AsVector(&isolate_credential_out), |
| new_isolate_created, &result)) |
| isolate_credential->swap(isolate_credential_out); |
| return result; |
| } |
| |
| void ChapsProxyImpl::CloseIsolate(const SecureBlob& isolate_credential) { |
| proxy_->CallMethod(kCloseIsolateMethod, AsVector(isolate_credential)); |
| } |
| |
| bool ChapsProxyImpl::LoadToken(const SecureBlob& isolate_credential, |
| const string& path, |
| const SecureBlob& auth_data, |
| const string& label, |
| uint64_t* slot_id) { |
| bool result = false; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kLoadTokenMethod, AsVector(isolate_credential), path, |
| AsVector(auth_data), label); |
| return resp && |
| ExtractMethodCallResults(resp.get(), nullptr, slot_id, &result) && |
| result; |
| } |
| |
| void ChapsProxyImpl::UnloadToken(const SecureBlob& isolate_credential, |
| const string& path) { |
| proxy_->CallMethod(kUnloadTokenMethod, AsVector(isolate_credential), path); |
| } |
| |
| void ChapsProxyImpl::ChangeTokenAuthData( |
| const string& path, |
| const brillo::SecureBlob& old_auth_data, |
| const brillo::SecureBlob& new_auth_data) { |
| proxy_->CallMethod(kChangeTokenAuthDataMethod, path, AsVector(old_auth_data), |
| AsVector(new_auth_data)); |
| } |
| |
| bool ChapsProxyImpl::GetTokenPath(const SecureBlob& isolate_credential, |
| uint64_t slot_id, |
| string* path) { |
| bool result = false; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kGetTokenPathMethod, AsVector(isolate_credential), slot_id); |
| return resp && ExtractMethodCallResults(resp.get(), nullptr, path, &result) && |
| result; |
| } |
| |
| void ChapsProxyImpl::SetLogLevel(const int32_t& level) { |
| proxy_->CallMethod(kSetLogLevelMethod, level); |
| } |
| |
| uint32_t ChapsProxyImpl::GetSlotList(const SecureBlob& isolate_credential, |
| bool token_present, |
| vector<uint64_t>* slot_list) { |
| LOG_CK_RV_AND_RETURN_IF(!slot_list, CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kGetSlotListMethod, AsVector(isolate_credential), token_present); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, slot_list, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::GetSlotInfo(const SecureBlob& isolate_credential, |
| uint64_t slot_id, |
| SlotInfo* slot_info) { |
| LOG_CK_RV_AND_RETURN_IF(!slot_info, CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kGetSlotInfoMethod, AsVector(isolate_credential), slot_id); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, slot_info, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::GetTokenInfo(const SecureBlob& isolate_credential, |
| uint64_t slot_id, |
| TokenInfo* token_info) { |
| LOG_CK_RV_AND_RETURN_IF(!token_info, CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kGetTokenInfoMethod, AsVector(isolate_credential), slot_id); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, token_info, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::GetMechanismList(const SecureBlob& isolate_credential, |
| uint64_t slot_id, |
| vector<uint64_t>* mechanism_list) { |
| LOG_CK_RV_AND_RETURN_IF(!mechanism_list, CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kGetMechanismListMethod, AsVector(isolate_credential), slot_id); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, mechanism_list, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::GetMechanismInfo(const SecureBlob& isolate_credential, |
| uint64_t slot_id, |
| uint64_t mechanism_type, |
| MechanismInfo* mechanism_info) { |
| LOG_CK_RV_AND_RETURN_IF(!mechanism_info, CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kGetMechanismInfoMethod, AsVector(isolate_credential), |
| slot_id, mechanism_type); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, mechanism_info, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::InitToken(const SecureBlob& isolate_credential, |
| uint64_t slot_id, |
| const string* so_pin, |
| const vector<uint8_t>& label) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| string tmp_pin; |
| if (so_pin) |
| tmp_pin = *so_pin; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kInitTokenMethod, AsVector(isolate_credential), |
| slot_id, (so_pin == nullptr), tmp_pin, label); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::InitPIN(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const string* pin) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| string tmp_pin; |
| if (pin) |
| tmp_pin = *pin; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kInitPINMethod, AsVector(isolate_credential), |
| session_id, (pin == nullptr), tmp_pin); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::SetPIN(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const string* old_pin, |
| const string* new_pin) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| string tmp_old_pin; |
| if (old_pin) |
| tmp_old_pin = *old_pin; |
| string tmp_new_pin; |
| if (new_pin) |
| tmp_new_pin = *new_pin; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kSetPINMethod, AsVector(isolate_credential), session_id, |
| (old_pin == nullptr), tmp_old_pin, (new_pin == nullptr), tmp_new_pin); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::OpenSession(const SecureBlob& isolate_credential, |
| uint64_t slot_id, |
| uint64_t flags, |
| uint64_t* session_id) { |
| LOG_CK_RV_AND_RETURN_IF(!session_id, CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kOpenSessionMethod, AsVector(isolate_credential), slot_id, flags); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, session_id, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::CloseSession(const SecureBlob& isolate_credential, |
| uint64_t session_id) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kCloseSessionMethod, AsVector(isolate_credential), session_id); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::GetSessionInfo(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| SessionInfo* session_info) { |
| LOG_CK_RV_AND_RETURN_IF(!session_info, CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kGetSessionInfoMethod, AsVector(isolate_credential), session_id); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, session_info, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::GetOperationState(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| vector<uint8_t>* operation_state) { |
| LOG_CK_RV_AND_RETURN_IF(!operation_state, CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kGetOperationStateMethod, AsVector(isolate_credential), session_id); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, operation_state, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::SetOperationState( |
| const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& operation_state, |
| uint64_t encryption_key_handle, |
| uint64_t authentication_key_handle) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kSetOperationStateMethod, AsVector(isolate_credential), session_id, |
| operation_state, encryption_key_handle, authentication_key_handle); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::Login(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t user_type, |
| const string* pin) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| string tmp_pin; |
| if (pin) |
| tmp_pin = *pin; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kLoginMethod, AsVector(isolate_credential), session_id, |
| user_type, (pin == nullptr), tmp_pin); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::Logout(const SecureBlob& isolate_credential, |
| uint64_t session_id) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kLogoutMethod, AsVector(isolate_credential), session_id); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::CreateObject(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& attributes, |
| uint64_t* new_object_handle) { |
| LOG_CK_RV_AND_RETURN_IF(!new_object_handle, CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kCreateObjectMethod, AsVector(isolate_credential), |
| session_id, attributes); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, new_object_handle, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::CopyObject(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t object_handle, |
| const vector<uint8_t>& attributes, |
| uint64_t* new_object_handle) { |
| LOG_CK_RV_AND_RETURN_IF(!new_object_handle, CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kCopyObjectMethod, AsVector(isolate_credential), |
| session_id, object_handle, attributes); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, new_object_handle, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::DestroyObject(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t object_handle) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kDestroyObjectMethod, AsVector(isolate_credential), |
| session_id, object_handle); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::GetObjectSize(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t object_handle, |
| uint64_t* object_size) { |
| LOG_CK_RV_AND_RETURN_IF(!object_size, CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kGetObjectSizeMethod, AsVector(isolate_credential), |
| session_id, object_handle); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, object_size, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::GetAttributeValue(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t object_handle, |
| const vector<uint8_t>& attributes_in, |
| vector<uint8_t>* attributes_out) { |
| LOG_CK_RV_AND_RETURN_IF(!attributes_out, CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kGetAttributeValueMethod, AsVector(isolate_credential), |
| session_id, object_handle, attributes_in); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, attributes_out, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::SetAttributeValue(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t object_handle, |
| const vector<uint8_t>& attributes) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kSetAttributeValueMethod, AsVector(isolate_credential), |
| session_id, object_handle, attributes); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::FindObjectsInit(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& attributes) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kFindObjectsInitMethod, AsVector(isolate_credential), |
| session_id, attributes); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::FindObjects(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t max_object_count, |
| vector<uint64_t>* object_list) { |
| if (!object_list || object_list->size() > 0) |
| LOG_CK_RV_AND_RETURN(CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kFindObjectsMethod, AsVector(isolate_credential), |
| session_id, max_object_count); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, object_list, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::FindObjectsFinal(const SecureBlob& isolate_credential, |
| uint64_t session_id) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kFindObjectsFinalMethod, AsVector(isolate_credential), session_id); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::EncryptInit(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| uint64_t key_handle) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kEncryptInitMethod, AsVector(isolate_credential), session_id, |
| mechanism_type, mechanism_parameter, key_handle); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::Encrypt(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out) { |
| LOG_CK_RV_AND_RETURN_IF(!actual_out_length || !data_out, CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kEncryptMethod, AsVector(isolate_credential), |
| session_id, data_in, max_out_length); |
| if (resp) { |
| ExtractMethodCallResults(resp.get(), nullptr, actual_out_length, data_out, |
| &result); |
| } |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::EncryptUpdate(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out) { |
| LOG_CK_RV_AND_RETURN_IF(!actual_out_length || !data_out, CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kEncryptUpdateMethod, AsVector(isolate_credential), |
| session_id, data_in, max_out_length); |
| if (resp) { |
| ExtractMethodCallResults(resp.get(), nullptr, actual_out_length, data_out, |
| &result); |
| } |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::EncryptFinal(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out) { |
| LOG_CK_RV_AND_RETURN_IF(!actual_out_length || !data_out, CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kEncryptFinalMethod, AsVector(isolate_credential), |
| session_id, max_out_length); |
| if (resp) { |
| ExtractMethodCallResults(resp.get(), nullptr, actual_out_length, data_out, |
| &result); |
| } |
| return result; |
| } |
| |
| void ChapsProxyImpl::EncryptCancel(const SecureBlob& isolate_credential, |
| uint64_t session_id) { |
| proxy_->CallMethod(kEncryptCancelMethod, AsVector(isolate_credential), |
| session_id); |
| } |
| |
| uint32_t ChapsProxyImpl::DecryptInit(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| uint64_t key_handle) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kDecryptInitMethod, AsVector(isolate_credential), session_id, |
| mechanism_type, mechanism_parameter, key_handle); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::Decrypt(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out) { |
| LOG_CK_RV_AND_RETURN_IF(!actual_out_length || !data_out, CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kDecryptMethod, AsVector(isolate_credential), |
| session_id, data_in, max_out_length); |
| if (resp) { |
| ExtractMethodCallResults(resp.get(), nullptr, actual_out_length, data_out, |
| &result); |
| } |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::DecryptUpdate(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out) { |
| LOG_CK_RV_AND_RETURN_IF(!actual_out_length || !data_out, CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kDecryptUpdateMethod, AsVector(isolate_credential), |
| session_id, data_in, max_out_length); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, actual_out_length, data_out, |
| &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::DecryptFinal(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out) { |
| LOG_CK_RV_AND_RETURN_IF(!actual_out_length || !data_out, CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kDecryptFinalMethod, AsVector(isolate_credential), |
| session_id, max_out_length); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, actual_out_length, data_out, |
| &result); |
| return result; |
| } |
| |
| void ChapsProxyImpl::DecryptCancel(const SecureBlob& isolate_credential, |
| uint64_t session_id) { |
| proxy_->CallMethod(kDecryptCancelMethod, AsVector(isolate_credential), |
| session_id); |
| } |
| |
| uint32_t ChapsProxyImpl::DigestInit( |
| const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kDigestInitMethod, AsVector(isolate_credential), |
| session_id, mechanism_type, mechanism_parameter); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::Digest(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* digest) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kDigestMethod, AsVector(isolate_credential), |
| session_id, data_in, max_out_length); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, actual_out_length, digest, |
| &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::DigestUpdate(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kDigestUpdateMethod, AsVector(isolate_credential), session_id, data_in); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::DigestKey(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t key_handle) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kDigestKeyMethod, AsVector(isolate_credential), session_id, key_handle); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::DigestFinal(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* digest) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kDigestFinalMethod, AsVector(isolate_credential), |
| session_id, max_out_length); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, actual_out_length, digest, |
| &result); |
| return result; |
| } |
| |
| void ChapsProxyImpl::DigestCancel(const SecureBlob& isolate_credential, |
| uint64_t session_id) { |
| proxy_->CallMethod(kDigestCancelMethod, AsVector(isolate_credential), |
| session_id); |
| } |
| |
| uint32_t ChapsProxyImpl::SignInit(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| uint64_t key_handle) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kSignInitMethod, AsVector(isolate_credential), session_id, mechanism_type, |
| mechanism_parameter, key_handle); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::Sign(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* signature) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kSignMethod, AsVector(isolate_credential), session_id, |
| data, max_out_length); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, actual_out_length, signature, |
| &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::SignUpdate(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_part) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kSignUpdateMethod, AsVector(isolate_credential), session_id, data_part); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::SignFinal(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* signature) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kSignFinalMethod, AsVector(isolate_credential), |
| session_id, max_out_length); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, actual_out_length, signature, |
| &result); |
| return result; |
| } |
| |
| void ChapsProxyImpl::SignCancel(const SecureBlob& isolate_credential, |
| uint64_t session_id) { |
| proxy_->CallMethod(kSignCancelMethod, AsVector(isolate_credential), |
| session_id); |
| } |
| |
| uint32_t ChapsProxyImpl::SignRecoverInit( |
| const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| uint64_t key_handle) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kSignRecoverInitMethod, AsVector(isolate_credential), session_id, |
| mechanism_type, mechanism_parameter, key_handle); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::SignRecover(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* signature) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kSignRecoverMethod, AsVector(isolate_credential), |
| session_id, data, max_out_length); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, actual_out_length, signature, |
| &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::VerifyInit(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| uint64_t key_handle) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kVerifyInitMethod, AsVector(isolate_credential), session_id, |
| mechanism_type, mechanism_parameter, key_handle); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::Verify(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data, |
| const vector<uint8_t>& signature) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kVerifyMethod, AsVector(isolate_credential), session_id, data, signature); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::VerifyUpdate(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_part) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kVerifyUpdateMethod, AsVector(isolate_credential), session_id, data_part); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::VerifyFinal(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& signature) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kVerifyUpdateMethod, AsVector(isolate_credential), session_id, signature); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, &result); |
| return result; |
| } |
| |
| void ChapsProxyImpl::VerifyCancel(const SecureBlob& isolate_credential, |
| uint64_t session_id) { |
| proxy_->CallMethod(kVerifyCancelMethod, AsVector(isolate_credential), |
| session_id); |
| } |
| |
| uint32_t ChapsProxyImpl::VerifyRecoverInit( |
| const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| uint64_t key_handle) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kVerifyRecoverInitMethod, AsVector(isolate_credential), session_id, |
| mechanism_type, mechanism_parameter, key_handle); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::VerifyRecover(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& signature, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data) { |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kVerifyRecoverMethod, AsVector(isolate_credential), |
| session_id, signature, max_out_length); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, actual_out_length, data, |
| &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::DigestEncryptUpdate( |
| const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out) { |
| LOG_CK_RV_AND_RETURN_IF(!actual_out_length || !data_out, CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kDigestEncryptUpdateMethod, AsVector(isolate_credential), session_id, |
| data_in, max_out_length); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, actual_out_length, data_out, |
| &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::DecryptDigestUpdate( |
| const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out) { |
| LOG_CK_RV_AND_RETURN_IF(!actual_out_length || !data_out, CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kDecryptDigestUpdateMethod, AsVector(isolate_credential), session_id, |
| data_in, max_out_length); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, actual_out_length, data_out, |
| &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::SignEncryptUpdate(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out) { |
| LOG_CK_RV_AND_RETURN_IF(!actual_out_length || !data_out, CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kSignEncryptUpdateMethod, AsVector(isolate_credential), |
| session_id, data_in, max_out_length); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, actual_out_length, data_out, |
| &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::DecryptVerifyUpdate( |
| const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out) { |
| LOG_CK_RV_AND_RETURN_IF(!actual_out_length || !data_out, CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kDecryptVerifyUpdateMethod, AsVector(isolate_credential), session_id, |
| data_in, max_out_length); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, actual_out_length, data_out, |
| &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::GenerateKey(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| const vector<uint8_t>& attributes, |
| uint64_t* key_handle) { |
| LOG_CK_RV_AND_RETURN_IF(!key_handle, CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kGenerateKeyMethod, AsVector(isolate_credential), session_id, |
| mechanism_type, mechanism_parameter, attributes); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, key_handle, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::GenerateKeyPair( |
| const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| const vector<uint8_t>& public_attributes, |
| const vector<uint8_t>& private_attributes, |
| uint64_t* public_key_handle, |
| uint64_t* private_key_handle) { |
| LOG_CK_RV_AND_RETURN_IF(!public_key_handle || !private_key_handle, |
| CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kGenerateKeyPairMethod, AsVector(isolate_credential), |
| session_id, mechanism_type, mechanism_parameter, |
| public_attributes, private_attributes); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, public_key_handle, |
| private_key_handle, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::WrapKey(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| uint64_t wrapping_key_handle, |
| uint64_t key_handle, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* wrapped_key) { |
| LOG_CK_RV_AND_RETURN_IF(!actual_out_length || !wrapped_key, |
| CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kWrapKeyMethod, AsVector(isolate_credential), session_id, mechanism_type, |
| mechanism_parameter, wrapping_key_handle, key_handle, max_out_length); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, actual_out_length, |
| wrapped_key, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::UnwrapKey(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| uint64_t wrapping_key_handle, |
| const vector<uint8_t>& wrapped_key, |
| const vector<uint8_t>& attributes, |
| uint64_t* key_handle) { |
| LOG_CK_RV_AND_RETURN_IF(!key_handle, CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kUnwrapKeyMethod, AsVector(isolate_credential), |
| session_id, mechanism_type, mechanism_parameter, |
| wrapping_key_handle, wrapped_key, attributes); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, key_handle, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::DeriveKey(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| uint64_t base_key_handle, |
| const vector<uint8_t>& attributes, |
| uint64_t* key_handle) { |
| LOG_CK_RV_AND_RETURN_IF(!key_handle, CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kDeriveKeyMethod, AsVector(isolate_credential), session_id, |
| mechanism_type, mechanism_parameter, base_key_handle, attributes); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, key_handle, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::SeedRandom(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& seed) { |
| LOG_CK_RV_AND_RETURN_IF(seed.size() == 0, CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = proxy_->CallMethod( |
| kSeedRandomMethod, AsVector(isolate_credential), session_id, seed); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, &result); |
| return result; |
| } |
| |
| uint32_t ChapsProxyImpl::GenerateRandom(const SecureBlob& isolate_credential, |
| uint64_t session_id, |
| uint64_t num_bytes, |
| vector<uint8_t>* random_data) { |
| LOG_CK_RV_AND_RETURN_IF(!random_data || num_bytes == 0, CKR_ARGUMENTS_BAD); |
| uint32_t result = CKR_GENERAL_ERROR; |
| std::unique_ptr<dbus::Response> resp = |
| proxy_->CallMethod(kGenerateRandomMethod, AsVector(isolate_credential), |
| session_id, num_bytes); |
| if (resp) |
| ExtractMethodCallResults(resp.get(), nullptr, random_data, &result); |
| return result; |
| } |
| |
| } // namespace chaps |