| // Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "chaps/chaps_adaptor.h" |
| |
| #include <base/files/file_path.h> |
| #include <base/logging.h> |
| #include <base/synchronization/lock.h> |
| #include <dbus/object_path.h> |
| |
| #include "chaps/chaps.h" |
| #include "chaps/chaps_interface.h" |
| #include "chaps/chaps_utility.h" |
| #include "chaps/dbus_bindings/constants.h" |
| #include "chaps/token_manager_interface.h" |
| |
| using base::AutoLock; |
| using base::FilePath; |
| using base::Lock; |
| using brillo::SecureBlob; |
| using std::string; |
| using std::vector; |
| |
| namespace chaps { |
| |
| ChapsAdaptor::ChapsAdaptor( |
| brillo::dbus_utils::ExportedObjectManager* object_manager, |
| Lock* lock, |
| ChapsInterface* service, |
| TokenManagerInterface* token_manager) |
| : dbus_object_(object_manager, |
| object_manager->GetBus(), |
| dbus::ObjectPath(kChapsServicePath)), |
| lock_(lock), |
| service_(service), |
| token_manager_(token_manager) {} |
| |
| ChapsAdaptor::~ChapsAdaptor() {} |
| |
| void ChapsAdaptor::RegisterAsync( |
| const brillo::dbus_utils::AsyncEventSequencer::CompletionAction& cb) { |
| brillo::dbus_utils::DBusInterface* interface = |
| dbus_object_.AddOrGetInterface(kChapsInterface); |
| interface->AddSimpleMethodHandler(kOpenIsolateMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::OpenIsolate); |
| interface->AddSimpleMethodHandler(kCloseIsolateMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::CloseIsolate); |
| interface->AddSimpleMethodHandler(kLoadTokenMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::LoadToken); |
| interface->AddSimpleMethodHandler(kUnloadTokenMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::UnloadToken); |
| interface->AddSimpleMethodHandler(kChangeTokenAuthDataMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::ChangeTokenAuthData); |
| interface->AddSimpleMethodHandler(kGetTokenPathMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::GetTokenPath); |
| interface->AddSimpleMethodHandler(kSetLogLevelMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::SetLogLevel); |
| interface->AddSimpleMethodHandler(kGetSlotListMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::GetSlotList); |
| interface->AddSimpleMethodHandler(kGetSlotInfoMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::GetSlotInfo); |
| interface->AddSimpleMethodHandler(kGetTokenInfoMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::GetTokenInfo); |
| interface->AddSimpleMethodHandler(kGetMechanismListMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::GetMechanismList); |
| interface->AddSimpleMethodHandler(kGetMechanismInfoMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::GetMechanismInfo); |
| interface->AddSimpleMethodHandler(kInitTokenMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::InitToken); |
| interface->AddSimpleMethodHandler(kInitPINMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::InitPIN); |
| interface->AddSimpleMethodHandler(kSetPINMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::SetPIN); |
| interface->AddSimpleMethodHandler(kOpenSessionMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::OpenSession); |
| interface->AddSimpleMethodHandler(kCloseSessionMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::CloseSession); |
| interface->AddSimpleMethodHandler(kCloseAllSessionsMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::CloseAllSessions); |
| interface->AddSimpleMethodHandler(kGetSessionInfoMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::GetSessionInfo); |
| interface->AddSimpleMethodHandler(kGetOperationStateMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::GetOperationState); |
| interface->AddSimpleMethodHandler(kSetOperationStateMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::SetOperationState); |
| interface->AddSimpleMethodHandler(kLoginMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::Login); |
| interface->AddSimpleMethodHandler(kLogoutMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::Logout); |
| interface->AddSimpleMethodHandler(kCreateObjectMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::CreateObject); |
| interface->AddSimpleMethodHandler(kCopyObjectMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::CopyObject); |
| interface->AddSimpleMethodHandler(kDestroyObjectMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::DestroyObject); |
| interface->AddSimpleMethodHandler(kGetObjectSizeMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::GetObjectSize); |
| interface->AddSimpleMethodHandler(kGetAttributeValueMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::GetAttributeValue); |
| interface->AddSimpleMethodHandler(kSetAttributeValueMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::SetAttributeValue); |
| interface->AddSimpleMethodHandler(kFindObjectsInitMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::FindObjectsInit); |
| interface->AddSimpleMethodHandler(kFindObjectsMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::FindObjects); |
| interface->AddSimpleMethodHandler(kFindObjectsFinalMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::FindObjectsFinal); |
| interface->AddSimpleMethodHandler(kEncryptInitMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::EncryptInit); |
| interface->AddSimpleMethodHandler(kEncryptMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::Encrypt); |
| interface->AddSimpleMethodHandler(kEncryptUpdateMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::EncryptUpdate); |
| interface->AddSimpleMethodHandler(kEncryptFinalMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::EncryptFinal); |
| interface->AddSimpleMethodHandler(kEncryptCancelMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::EncryptCancel); |
| interface->AddSimpleMethodHandler(kDecryptInitMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::DecryptInit); |
| interface->AddSimpleMethodHandler(kDecryptMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::Decrypt); |
| interface->AddSimpleMethodHandler(kDecryptUpdateMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::DecryptUpdate); |
| interface->AddSimpleMethodHandler(kDecryptFinalMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::DecryptFinal); |
| interface->AddSimpleMethodHandler(kDecryptCancelMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::DecryptCancel); |
| interface->AddSimpleMethodHandler(kDigestInitMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::DigestInit); |
| interface->AddSimpleMethodHandler(kDigestMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::Digest); |
| interface->AddSimpleMethodHandler(kDigestUpdateMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::DigestUpdate); |
| interface->AddSimpleMethodHandler(kDigestKeyMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::DigestKey); |
| interface->AddSimpleMethodHandler(kDigestFinalMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::DigestFinal); |
| interface->AddSimpleMethodHandler(kDigestCancelMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::DigestCancel); |
| interface->AddSimpleMethodHandler(kSignInitMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::SignInit); |
| interface->AddSimpleMethodHandler(kSignMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::Sign); |
| interface->AddSimpleMethodHandler(kSignUpdateMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::SignUpdate); |
| interface->AddSimpleMethodHandler(kSignFinalMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::SignFinal); |
| interface->AddSimpleMethodHandler(kSignCancelMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::SignCancel); |
| interface->AddSimpleMethodHandler(kSignRecoverInitMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::SignRecoverInit); |
| interface->AddSimpleMethodHandler(kSignRecoverMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::SignRecover); |
| interface->AddSimpleMethodHandler(kVerifyInitMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::VerifyInit); |
| interface->AddSimpleMethodHandler(kVerifyMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::Verify); |
| interface->AddSimpleMethodHandler(kVerifyUpdateMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::VerifyUpdate); |
| interface->AddSimpleMethodHandler(kVerifyFinalMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::VerifyFinal); |
| interface->AddSimpleMethodHandler(kVerifyCancelMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::VerifyCancel); |
| interface->AddSimpleMethodHandler(kVerifyRecoverInitMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::VerifyRecoverInit); |
| interface->AddSimpleMethodHandler(kVerifyRecoverMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::VerifyRecover); |
| interface->AddSimpleMethodHandler(kDigestEncryptUpdateMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::DigestEncryptUpdate); |
| interface->AddSimpleMethodHandler(kDecryptDigestUpdateMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::DecryptDigestUpdate); |
| interface->AddSimpleMethodHandler(kSignEncryptUpdateMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::SignEncryptUpdate); |
| interface->AddSimpleMethodHandler(kDecryptVerifyUpdateMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::DecryptVerifyUpdate); |
| interface->AddSimpleMethodHandler(kGenerateKeyMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::GenerateKey); |
| interface->AddSimpleMethodHandler(kGenerateKeyPairMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::GenerateKeyPair); |
| interface->AddSimpleMethodHandler(kWrapKeyMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::WrapKey); |
| interface->AddSimpleMethodHandler(kUnwrapKeyMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::UnwrapKey); |
| interface->AddSimpleMethodHandler(kDeriveKeyMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::DeriveKey); |
| interface->AddSimpleMethodHandler(kSeedRandomMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::SeedRandom); |
| interface->AddSimpleMethodHandler(kGenerateRandomMethod, |
| base::Unretained(this), |
| &ChapsAdaptor::GenerateRandom); |
| dbus_object_.RegisterAsync(cb); |
| } |
| |
| void ChapsAdaptor::OpenIsolate( |
| const std::vector<uint8_t>& isolate_credential_in, |
| std::vector<uint8_t>* isolate_credential_out, |
| bool* new_isolate_created, |
| bool* result) { |
| VLOG(1) << "CALL: " << __func__; |
| *result = false; |
| SecureBlob isolate_credential(isolate_credential_in.begin(), |
| isolate_credential_in.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential_in)); |
| if (token_manager_) |
| *result = token_manager_->OpenIsolate(&isolate_credential, |
| new_isolate_created); |
| isolate_credential_out->swap(isolate_credential); |
| } |
| |
| void ChapsAdaptor::CloseIsolate(const vector<uint8_t>& isolate_credential) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| if (token_manager_) |
| token_manager_->CloseIsolate(isolate_credential_blob); |
| } |
| |
| void ChapsAdaptor::LoadToken(const vector<uint8_t>& isolate_credential, |
| const string& path, |
| const vector<uint8_t>& auth_data, |
| const string& label, |
| uint64_t* slot_id, |
| bool* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| SecureBlob auth_data_blob(auth_data.begin(), auth_data.end()); |
| if (token_manager_) |
| *result = token_manager_->LoadToken(isolate_credential_blob, |
| FilePath(path), |
| auth_data_blob, |
| label, |
| PreservedValue<uint64_t, int>(slot_id)); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| ClearVector(const_cast<vector<uint8_t>*>(&auth_data)); |
| } |
| |
| void ChapsAdaptor::UnloadToken(const vector<uint8_t>& isolate_credential, |
| const string& path) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| if (token_manager_) |
| token_manager_->UnloadToken(isolate_credential_blob, FilePath(path)); |
| } |
| |
| void ChapsAdaptor::ChangeTokenAuthData(const string& path, |
| const vector<uint8_t>& old_auth_data, |
| const vector<uint8_t>& new_auth_data) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| if (token_manager_) |
| token_manager_->ChangeTokenAuthData( |
| FilePath(path), |
| SecureBlob(old_auth_data.begin(), old_auth_data.end()), |
| SecureBlob(new_auth_data.begin(), new_auth_data.end())); |
| ClearVector(const_cast<vector<uint8_t>*>(&old_auth_data)); |
| ClearVector(const_cast<vector<uint8_t>*>(&new_auth_data)); |
| } |
| |
| void ChapsAdaptor::GetTokenPath(const std::vector<uint8_t>& isolate_credential, |
| uint64_t slot_id, |
| std::string* path, |
| bool* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| if (token_manager_) { |
| FilePath tmp; |
| *result = token_manager_->GetTokenPath(isolate_credential_blob, |
| slot_id, |
| &tmp); |
| *path = tmp.value(); |
| } |
| } |
| |
| void ChapsAdaptor::SetLogLevel(const int32_t& level) { |
| logging::SetMinLogLevel(level); |
| } |
| |
| void ChapsAdaptor::GetSlotList(const vector<uint8_t>& isolate_credential, |
| bool token_present, |
| vector<uint64_t>* slot_list, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "token_present=" << token_present; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->GetSlotList(isolate_credential_blob, token_present, |
| slot_list); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "slot_list=" |
| << PrintIntVector(*slot_list); |
| } |
| |
| void ChapsAdaptor::GetSlotInfo(const vector<uint8_t>& isolate_credential, |
| uint64_t slot_id, |
| vector<uint8_t>* slot_info, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "slot_id=" << slot_id; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| SlotInfo proto; |
| *result = service_->GetSlotInfo(isolate_credential_blob, |
| slot_id, |
| &proto); |
| slot_info->clear(); |
| slot_info->resize(proto.ByteSize()); |
| proto.SerializeToArray(slot_info->data(), slot_info->size()); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "slot_description=" |
| << proto.slot_description(); |
| } |
| |
| void ChapsAdaptor::GetTokenInfo(const vector<uint8_t>& isolate_credential, |
| uint64_t slot_id, |
| vector<uint8_t>* token_info, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "slot_id=" << slot_id; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| TokenInfo proto; |
| *result = service_->GetTokenInfo(isolate_credential_blob, |
| slot_id, |
| &proto); |
| token_info->clear(); |
| token_info->resize(proto.ByteSize()); |
| proto.SerializeToArray(token_info->data(), token_info->size()); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "label=" << proto.label(); |
| } |
| |
| void ChapsAdaptor::GetMechanismList(const vector<uint8_t>& isolate_credential, |
| uint64_t slot_id, |
| vector<uint64_t>* mechanism_list, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "slot_id=" << slot_id; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->GetMechanismList(isolate_credential_blob, |
| slot_id, |
| mechanism_list); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "mechanism_list=" |
| << PrintIntVector(*mechanism_list); |
| } |
| |
| void ChapsAdaptor::GetMechanismInfo(const vector<uint8_t>& isolate_credential, |
| uint64_t slot_id, |
| uint64_t mechanism_type, |
| std::vector<uint8_t>* mechanism_info, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "slot_id=" << slot_id; |
| VLOG(2) << "IN: " << "mechanism_type=" << mechanism_type; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| MechanismInfo proto; |
| *result = service_->GetMechanismInfo(isolate_credential_blob, |
| slot_id, |
| mechanism_type, |
| &proto); |
| mechanism_info->clear(); |
| mechanism_info->resize(proto.ByteSize()); |
| proto.SerializeToArray(mechanism_info->data(), mechanism_info->size()); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "min_key_size=" |
| << proto.min_key_size(); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "max_key_size=" |
| << proto.max_key_size(); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "flags=" << proto.flags(); |
| } |
| |
| uint32_t ChapsAdaptor::InitToken(const vector<uint8_t>& isolate_credential, |
| uint64_t slot_id, |
| bool use_null_pin, |
| const string& optional_so_pin, |
| const vector<uint8_t>& new_token_label) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "slot_id=" << slot_id; |
| VLOG(2) << "IN: " << "new_token_label=" |
| << ConvertByteVectorToString(new_token_label); |
| const string* tmp_pin = use_null_pin ? NULL : &optional_so_pin; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| return service_->InitToken(isolate_credential_blob, |
| slot_id, |
| tmp_pin, |
| new_token_label); |
| } |
| |
| uint32_t ChapsAdaptor::InitPIN(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| bool use_null_pin, |
| const string& optional_user_pin) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "use_null_pin=" << use_null_pin; |
| const string* tmp_pin = use_null_pin ? NULL : &optional_user_pin; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| return service_->InitPIN(isolate_credential_blob, |
| session_id, |
| tmp_pin); |
| } |
| |
| uint32_t ChapsAdaptor::SetPIN(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| bool use_null_old_pin, |
| const string& optional_old_pin, |
| bool use_null_new_pin, |
| const string& optional_new_pin) { |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "use_null_old_pin=" << use_null_old_pin; |
| VLOG(2) << "IN: " << "use_null_new_pin=" << use_null_new_pin; |
| const string* tmp_old_pin = use_null_old_pin ? NULL : &optional_old_pin; |
| const string* tmp_new_pin = use_null_new_pin ? NULL : &optional_new_pin; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| return service_->SetPIN(isolate_credential_blob, |
| session_id, |
| tmp_old_pin, |
| tmp_new_pin); |
| } |
| |
| void ChapsAdaptor::OpenSession(const vector<uint8_t>& isolate_credential, |
| uint64_t slot_id, |
| uint64_t flags, |
| uint64_t* session_id, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "slot_id=" << slot_id; |
| VLOG(2) << "IN: " << "flags=" << flags; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->OpenSession(isolate_credential_blob, |
| slot_id, |
| flags, |
| session_id); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "session_id=" << session_id; |
| } |
| |
| uint32_t ChapsAdaptor::CloseSession(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id) { |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| return service_->CloseSession(isolate_credential_blob, |
| session_id); |
| } |
| |
| uint32_t ChapsAdaptor::CloseAllSessions( |
| const vector<uint8_t>& isolate_credential, |
| uint64_t slot_id) { |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "slot_id=" << slot_id; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| return service_->CloseAllSessions( |
| isolate_credential_blob, |
| slot_id); |
| } |
| |
| void ChapsAdaptor::GetSessionInfo(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| std::vector<uint8_t>* session_info, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| SessionInfo proto; |
| *result = service_->GetSessionInfo(isolate_credential_blob, |
| session_id, |
| &proto); |
| session_info->clear(); |
| session_info->resize(proto.ByteSize()); |
| proto.SerializeToArray(session_info->data(), session_info->size()); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "slot_id=" << proto.slot_id(); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "state=" << proto.state(); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "flags=" << proto.flags(); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "device_error=" |
| << proto.device_error(); |
| } |
| |
| void ChapsAdaptor::GetOperationState(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| vector<uint8_t>* operation_state, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->GetOperationState(isolate_credential_blob, |
| session_id, |
| operation_state); |
| } |
| |
| uint32_t ChapsAdaptor::SetOperationState( |
| const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& operation_state, |
| uint64_t encryption_key_handle, |
| uint64_t authentication_key_handle) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| return service_->SetOperationState(isolate_credential_blob, |
| session_id, |
| operation_state, |
| encryption_key_handle, |
| authentication_key_handle); |
| } |
| |
| uint32_t ChapsAdaptor::Login(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| uint64_t user_type, |
| bool use_null_pin, |
| const string& optional_pin) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "user_type=" << user_type; |
| VLOG(2) << "IN: " << "use_null_pin=" << use_null_pin; |
| const string* pin = use_null_pin ? NULL : &optional_pin; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| return service_->Login(isolate_credential_blob, |
| session_id, |
| user_type, |
| pin); |
| } |
| |
| uint32_t ChapsAdaptor::Logout(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| return service_->Logout(isolate_credential_blob, |
| session_id); |
| } |
| |
| void ChapsAdaptor::CreateObject( |
| const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& attributes, |
| uint64_t* new_object_handle, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "attributes=" << PrintAttributes(attributes, true); |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->CreateObject(isolate_credential_blob, |
| session_id, |
| attributes, |
| new_object_handle); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "new_object_handle=" |
| << new_object_handle; |
| } |
| |
| void ChapsAdaptor::CopyObject( |
| const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| uint64_t object_handle, |
| const vector<uint8_t>& attributes, |
| uint64_t* new_object_handle, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "object_handle=" << object_handle; |
| VLOG(2) << "IN: " << "attributes=" << PrintAttributes(attributes, true); |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->CopyObject(isolate_credential_blob, |
| session_id, |
| object_handle, |
| attributes, |
| new_object_handle); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "new_object_handle=" |
| << new_object_handle; |
| } |
| |
| uint32_t ChapsAdaptor::DestroyObject(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| uint64_t object_handle) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "object_handle=" << object_handle; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| return service_->DestroyObject(isolate_credential_blob, |
| session_id, |
| object_handle); |
| } |
| |
| void ChapsAdaptor::GetObjectSize(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| uint64_t object_handle, |
| uint64_t* object_size, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "object_handle=" << object_handle; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->GetObjectSize(isolate_credential_blob, |
| session_id, |
| object_handle, |
| object_size); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "object_size=" << object_size; |
| } |
| |
| void ChapsAdaptor::GetAttributeValue(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| uint64_t object_handle, |
| const vector<uint8_t>& attributes_in, |
| vector<uint8_t>* attributes_out, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "object_handle=" << object_handle; |
| VLOG(2) << "IN: " << "attributes_in=" |
| << PrintAttributes(attributes_in, false); |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->GetAttributeValue(isolate_credential_blob, |
| session_id, |
| object_handle, |
| attributes_in, |
| attributes_out); |
| VLOG_IF(2, *result == CKR_OK || *result == CKR_ATTRIBUTE_TYPE_INVALID) |
| << "OUT: " << "attributes_out=" << PrintAttributes(*attributes_out, true); |
| } |
| |
| uint32_t ChapsAdaptor::SetAttributeValue( |
| const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| uint64_t object_handle, |
| const vector<uint8_t>& attributes) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "object_handle=" << object_handle; |
| VLOG(2) << "IN: " << "attributes=" << PrintAttributes(attributes, true); |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| return service_->SetAttributeValue(isolate_credential_blob, |
| session_id, |
| object_handle, |
| attributes); |
| } |
| |
| uint32_t ChapsAdaptor::FindObjectsInit( |
| const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& attributes) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "attributes=" << PrintAttributes(attributes, true); |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| return service_->FindObjectsInit(isolate_credential_blob, |
| session_id, |
| attributes); |
| } |
| |
| void ChapsAdaptor::FindObjects(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| uint64_t max_object_count, |
| vector<uint64_t>* object_list, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "max_object_count=" << max_object_count; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->FindObjects(isolate_credential_blob, |
| session_id, |
| max_object_count, |
| object_list); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "object_list=" |
| << PrintIntVector(*object_list); |
| } |
| |
| uint32_t ChapsAdaptor::FindObjectsFinal( |
| const vector<uint8_t>& isolate_credential, |
| uint64_t session_id) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| return service_->FindObjectsFinal(isolate_credential_blob, session_id); |
| } |
| |
| uint32_t ChapsAdaptor::EncryptInit( |
| const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| uint64_t key_handle) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "mechanism_type=" << mechanism_type; |
| VLOG(2) << "IN: " << "mechanism_parameter=" |
| << PrintIntVector(mechanism_parameter); |
| VLOG(2) << "IN: " << "key_handle=" << key_handle; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| return service_->EncryptInit(isolate_credential_blob, |
| session_id, |
| mechanism_type, |
| mechanism_parameter, |
| key_handle); |
| } |
| |
| void ChapsAdaptor::Encrypt(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->Encrypt(isolate_credential_blob, |
| session_id, |
| data_in, |
| max_out_length, |
| actual_out_length, |
| data_out); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "actual_out_length=" |
| << actual_out_length; |
| } |
| |
| void ChapsAdaptor::EncryptUpdate(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->EncryptUpdate(isolate_credential_blob, |
| session_id, |
| data_in, |
| max_out_length, |
| actual_out_length, |
| data_out); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "actual_out_length=" |
| << actual_out_length; |
| } |
| |
| void ChapsAdaptor::EncryptFinal(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->EncryptFinal(isolate_credential_blob, |
| session_id, |
| max_out_length, |
| actual_out_length, |
| data_out); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "actual_out_length=" |
| << actual_out_length; |
| } |
| |
| void ChapsAdaptor::EncryptCancel(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| service_->EncryptCancel(isolate_credential_blob, session_id); |
| } |
| |
| uint32_t ChapsAdaptor::DecryptInit( |
| const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| uint64_t key_handle) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "mechanism_type=" << mechanism_type; |
| VLOG(2) << "IN: " << "mechanism_parameter=" |
| << PrintIntVector(mechanism_parameter); |
| VLOG(2) << "IN: " << "key_handle=" << key_handle; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| return service_->DecryptInit(isolate_credential_blob, |
| session_id, |
| mechanism_type, |
| mechanism_parameter, |
| key_handle); |
| } |
| |
| void ChapsAdaptor::Decrypt(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->Decrypt(isolate_credential_blob, |
| session_id, |
| data_in, |
| max_out_length, |
| actual_out_length, |
| data_out); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "actual_out_length=" |
| << actual_out_length; |
| } |
| |
| void ChapsAdaptor::DecryptUpdate(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->DecryptUpdate(isolate_credential_blob, |
| session_id, |
| data_in, |
| max_out_length, |
| actual_out_length, |
| data_out); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "actual_out_length=" |
| << actual_out_length; |
| } |
| |
| void ChapsAdaptor::DecryptFinal(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->DecryptFinal(isolate_credential_blob, |
| session_id, |
| max_out_length, |
| actual_out_length, |
| data_out); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "actual_out_length=" |
| << actual_out_length; |
| } |
| |
| void ChapsAdaptor::DecryptCancel(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| service_->DecryptCancel(isolate_credential_blob, session_id); |
| } |
| |
| uint32_t ChapsAdaptor::DigestInit( |
| const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "mechanism_type=" << mechanism_type; |
| VLOG(2) << "IN: " << "mechanism_parameter=" |
| << PrintIntVector(mechanism_parameter); |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| return service_->DigestInit(isolate_credential_blob, |
| session_id, |
| mechanism_type, |
| mechanism_parameter); |
| } |
| |
| void ChapsAdaptor::Digest(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* digest, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->Digest(isolate_credential_blob, |
| session_id, |
| data_in, |
| max_out_length, |
| actual_out_length, |
| digest); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "actual_out_length=" |
| << actual_out_length; |
| } |
| |
| uint32_t ChapsAdaptor::DigestUpdate(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| return service_->DigestUpdate(isolate_credential_blob, |
| session_id, |
| data_in); |
| } |
| |
| uint32_t ChapsAdaptor::DigestKey(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| uint64_t key_handle) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "key_handle=" << key_handle; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| return service_->DigestKey(isolate_credential_blob, |
| session_id, |
| key_handle); |
| } |
| |
| void ChapsAdaptor::DigestFinal(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* digest, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->DigestFinal(isolate_credential_blob, |
| session_id, |
| max_out_length, |
| actual_out_length, |
| digest); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "actual_out_length=" |
| << actual_out_length; |
| } |
| |
| void ChapsAdaptor::DigestCancel(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| service_->DigestCancel(isolate_credential_blob, session_id); |
| } |
| |
| uint32_t ChapsAdaptor::SignInit(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| uint64_t key_handle) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "mechanism_type=" << mechanism_type; |
| VLOG(2) << "IN: " << "mechanism_parameter=" |
| << PrintIntVector(mechanism_parameter); |
| VLOG(2) << "IN: " << "key_handle=" << key_handle; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| return service_->SignInit(isolate_credential_blob, |
| session_id, |
| mechanism_type, |
| mechanism_parameter, |
| key_handle); |
| } |
| |
| void ChapsAdaptor::Sign(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* signature, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->Sign(isolate_credential_blob, |
| session_id, |
| data, |
| max_out_length, |
| actual_out_length, |
| signature); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "actual_out_length=" |
| << actual_out_length; |
| } |
| |
| uint32_t ChapsAdaptor::SignUpdate(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_part) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| return service_->SignUpdate(isolate_credential_blob, |
| session_id, |
| data_part); |
| } |
| |
| void ChapsAdaptor::SignFinal(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* signature, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->SignFinal(isolate_credential_blob, |
| session_id, |
| max_out_length, |
| actual_out_length, |
| signature); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "actual_out_length=" |
| << actual_out_length; |
| } |
| |
| void ChapsAdaptor::SignCancel(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| service_->SignCancel(isolate_credential_blob, session_id); |
| } |
| |
| uint32_t ChapsAdaptor::SignRecoverInit( |
| const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| uint64_t key_handle) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "mechanism_type=" << mechanism_type; |
| VLOG(2) << "IN: " << "mechanism_parameter=" |
| << PrintIntVector(mechanism_parameter); |
| VLOG(2) << "IN: " << "key_handle=" << key_handle; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| return service_->SignRecoverInit(isolate_credential_blob, |
| session_id, |
| mechanism_type, |
| mechanism_parameter, |
| key_handle); |
| } |
| |
| void ChapsAdaptor::SignRecover(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* signature, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->SignRecover(isolate_credential_blob, |
| session_id, |
| data, |
| max_out_length, |
| actual_out_length, |
| signature); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "actual_out_length=" |
| << actual_out_length; |
| } |
| |
| uint32_t ChapsAdaptor::VerifyInit(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| uint64_t key_handle) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "mechanism_type=" << mechanism_type; |
| VLOG(2) << "IN: " << "mechanism_parameter=" |
| << PrintIntVector(mechanism_parameter); |
| VLOG(2) << "IN: " << "key_handle=" << key_handle; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| return service_->VerifyInit(isolate_credential_blob, |
| session_id, |
| mechanism_type, |
| mechanism_parameter, |
| key_handle); |
| } |
| |
| uint32_t ChapsAdaptor::Verify(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data, |
| const vector<uint8_t>& signature) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| return service_->Verify(isolate_credential_blob, |
| session_id, |
| data, |
| signature); |
| } |
| |
| uint32_t ChapsAdaptor::VerifyUpdate(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_part) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| return service_->VerifyUpdate(isolate_credential_blob, |
| session_id, |
| data_part); |
| } |
| |
| uint32_t ChapsAdaptor::VerifyFinal(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& signature) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| return service_->VerifyFinal(isolate_credential_blob, |
| session_id, |
| signature); |
| } |
| |
| void ChapsAdaptor::VerifyCancel(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| service_->VerifyCancel(isolate_credential_blob, session_id); |
| } |
| |
| uint32_t ChapsAdaptor::VerifyRecoverInit( |
| const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| uint64_t key_handle) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "mechanism_type=" << mechanism_type; |
| VLOG(2) << "IN: " << "mechanism_parameter=" |
| << PrintIntVector(mechanism_parameter); |
| VLOG(2) << "IN: " << "key_handle=" << key_handle; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| return service_->VerifyRecoverInit(isolate_credential_blob, |
| session_id, |
| mechanism_type, |
| mechanism_parameter, |
| key_handle); |
| } |
| |
| void ChapsAdaptor::VerifyRecover(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& signature, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->VerifyRecover(isolate_credential_blob, |
| session_id, |
| signature, |
| max_out_length, |
| actual_out_length, |
| data); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "actual_out_length=" |
| << actual_out_length; |
| } |
| |
| |
| void ChapsAdaptor::DigestEncryptUpdate( |
| const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->DigestEncryptUpdate(isolate_credential_blob, |
| session_id, |
| data_in, |
| max_out_length, |
| actual_out_length, |
| data_out); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "actual_out_length=" |
| << actual_out_length; |
| } |
| |
| void ChapsAdaptor::DecryptDigestUpdate( |
| const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->DecryptDigestUpdate(isolate_credential_blob, |
| session_id, |
| data_in, |
| max_out_length, |
| actual_out_length, |
| data_out); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "actual_out_length=" |
| << actual_out_length; |
| } |
| |
| void ChapsAdaptor::SignEncryptUpdate(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->SignEncryptUpdate(isolate_credential_blob, |
| session_id, |
| data_in, |
| max_out_length, |
| actual_out_length, |
| data_out); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "actual_out_length=" |
| << actual_out_length; |
| } |
| |
| void ChapsAdaptor::DecryptVerifyUpdate( |
| const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& data_in, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* data_out, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->DecryptVerifyUpdate(isolate_credential_blob, |
| session_id, |
| data_in, |
| max_out_length, |
| actual_out_length, |
| data_out); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "actual_out_length=" |
| << actual_out_length; |
| } |
| |
| void ChapsAdaptor::GenerateKey( |
| const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| const vector<uint8_t>& attributes, |
| uint64_t* key_handle, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "mechanism_type=" << mechanism_type; |
| VLOG(2) << "IN: " << "mechanism_parameter=" |
| << PrintIntVector(mechanism_parameter); |
| VLOG(2) << "IN: " << "attributes=" << PrintAttributes(attributes, true); |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->GenerateKey(isolate_credential_blob, |
| session_id, |
| mechanism_type, |
| mechanism_parameter, |
| attributes, |
| key_handle); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "key_handle=" << key_handle; |
| } |
| |
| void ChapsAdaptor::GenerateKeyPair( |
| const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| const vector<uint8_t>& public_attributes, |
| const vector<uint8_t>& private_attributes, |
| uint64_t* public_key_handle, |
| uint64_t* private_key_handle, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "mechanism_type=" << mechanism_type; |
| VLOG(2) << "IN: " << "mechanism_parameter=" |
| << PrintIntVector(mechanism_parameter); |
| VLOG(2) << "IN: " << "public_attributes=" |
| << PrintAttributes(public_attributes, true); |
| VLOG(2) << "IN: " << "private_attributes=" |
| << PrintAttributes(private_attributes, true); |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->GenerateKeyPair(isolate_credential_blob, |
| session_id, |
| mechanism_type, |
| mechanism_parameter, |
| public_attributes, |
| private_attributes, |
| public_key_handle, |
| private_key_handle); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "public_key_handle=" |
| << public_key_handle; |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "private_key_handle=" |
| << private_key_handle; |
| } |
| |
| void ChapsAdaptor::WrapKey(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| uint64_t wrapping_key_handle, |
| uint64_t key_handle, |
| uint64_t max_out_length, |
| uint64_t* actual_out_length, |
| vector<uint8_t>* wrapped_key, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "mechanism_type=" << mechanism_type; |
| VLOG(2) << "IN: " << "mechanism_parameter=" |
| << PrintIntVector(mechanism_parameter); |
| VLOG(2) << "IN: " << "wrapping_key_handle=" << wrapping_key_handle; |
| VLOG(2) << "IN: " << "key_handle=" << key_handle; |
| VLOG(2) << "IN: " << "max_out_length=" << max_out_length; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->WrapKey(isolate_credential_blob, |
| session_id, |
| mechanism_type, |
| mechanism_parameter, |
| wrapping_key_handle, |
| key_handle, |
| max_out_length, |
| actual_out_length, |
| wrapped_key); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "actual_out_length=" |
| << actual_out_length; |
| } |
| |
| void ChapsAdaptor::UnwrapKey(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| uint64_t wrapping_key_handle, |
| const vector<uint8_t>& wrapped_key, |
| const vector<uint8_t>& attributes, |
| uint64_t* key_handle, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "mechanism_type=" << mechanism_type; |
| VLOG(2) << "IN: " << "mechanism_parameter=" |
| << PrintIntVector(mechanism_parameter); |
| VLOG(2) << "IN: " << "wrapping_key_handle=" << wrapping_key_handle; |
| VLOG(2) << "IN: " << "attributes=" << PrintAttributes(attributes, true); |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->UnwrapKey(isolate_credential_blob, |
| session_id, |
| mechanism_type, |
| mechanism_parameter, |
| wrapping_key_handle, |
| wrapped_key, |
| attributes, |
| key_handle); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "key_handle=" << key_handle; |
| } |
| |
| void ChapsAdaptor::DeriveKey(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| uint64_t mechanism_type, |
| const vector<uint8_t>& mechanism_parameter, |
| uint64_t base_key_handle, |
| const vector<uint8_t>& attributes, |
| uint64_t* key_handle, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "mechanism_type=" << mechanism_type; |
| VLOG(2) << "IN: " << "mechanism_parameter=" |
| << PrintIntVector(mechanism_parameter); |
| VLOG(2) << "IN: " << "base_key_handle=" << base_key_handle; |
| VLOG(2) << "IN: " << "attributes=" << PrintAttributes(attributes, true); |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->DeriveKey(isolate_credential_blob, |
| session_id, |
| mechanism_type, |
| mechanism_parameter, |
| base_key_handle, |
| attributes, |
| key_handle); |
| VLOG_IF(2, *result == CKR_OK) << "OUT: " << "key_handle=" << key_handle; |
| } |
| |
| uint32_t ChapsAdaptor::SeedRandom(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| const vector<uint8_t>& seed) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "num_bytes=" << seed.size(); |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| return service_->SeedRandom(isolate_credential_blob, |
| session_id, |
| seed); |
| } |
| |
| void ChapsAdaptor::GenerateRandom(const vector<uint8_t>& isolate_credential, |
| uint64_t session_id, |
| uint64_t num_bytes, |
| vector<uint8_t>* random_data, |
| uint32_t* result) { |
| AutoLock lock(*lock_); |
| VLOG(1) << "CALL: " << __func__; |
| VLOG(2) << "IN: " << "session_id=" << session_id; |
| VLOG(2) << "IN: " << "num_bytes=" << num_bytes; |
| SecureBlob isolate_credential_blob(isolate_credential.begin(), |
| isolate_credential.end()); |
| ClearVector(const_cast<vector<uint8_t>*>(&isolate_credential)); |
| *result = service_->GenerateRandom(isolate_credential_blob, |
| session_id, |
| num_bytes, |
| random_data); |
| } |
| |
| } // namespace chaps |