bool MkStorage::store(string alias, SymKey *mk, Token *tok) { if(exist(alias)) { printf("Failed to store :: EMK already exists for %s\n", alias.c_str()); return false; } EncItem *payload = pbkdf_create_mkek(tok); SymKey *mkek = pbkdf_derive_mkek(payload, tok); EncKey *emk = aes_gcm_encrypt(mk, mkek); shared_ptr<SerializedItem> sEmk = emk->serialize(); shared_ptr<SerializedItem> sPayload = payload->serialize(); sEmk->dump("emk"); sPayload->dump("payload"); delete payload; delete mkek; delete emk; shared_ptr<SqlRecord> rec(new SqlRecord()); rec->push(shared_ptr<SqlValue>(new SqlString(EMK_COL_ALIAS, alias))); rec->push(shared_ptr<SqlValue>(new SqlString(EMK_COL_EMK, sEmk->getItem()))); rec->push(shared_ptr<SqlValue>(new SqlString(EMK_COL_EMK_AUTH_TAG, sEmk->getAuthTag()))); rec->push(shared_ptr<SqlValue>(new SqlString(EMK_COL_EMKEK, sPayload->getItem()))); rec->push(shared_ptr<SqlValue>(new SqlString(EMK_COL_EMKEK_AUTH_TAG, sPayload->getAuthTag()))); rec->push(shared_ptr<SqlValue>(new SqlString(EMK_COL_SALT, sPayload->getSalt()))); return mSqlHelper->insertRec(mDb, EMK_TBL_NAME, rec); }
void encrypt(struct cipher c, unsigned char *d, int dlen, unsigned char *oiv) { unsigned char out[1000], tag[16]; int outlen,i; unsigned char newiv[12]; unsigned char cnt[10]; *(long long*)cnt = c.recvcnt; cnt[8]=dlen%256; cnt[9]=dlen/256; for (i=0;i<4;i++) newiv[i]=c.recviv[i]; for (i=0;i<8;i++) newiv[i+4]=oiv[i]; aes_gcm_encrypt(c.recvkey, newiv, cnt, 10, d, dlen, out, &outlen, tag ,16); printf("%d ", outlen); for (i=0; i<outlen; i++) printf("%c", out[i]); for (i=0; i<16; i++) printf("%c", tag[i]); for (i=0;i<8;i++) printf("%c", oiv[i]); }
void FileBase::setxattr(const char* name, const char* value, size_t size, int flags) { if (!name || !value) throw OSException(EFAULT); std::unique_ptr<byte[]> buffer(new byte[size]); byte* ciphertext = buffer.get(); byte meta[XATTR_MAC_LENGTH + XATTR_IV_LENGTH]; byte* iv = meta; byte* mac = iv + XATTR_IV_LENGTH; generate_random(iv, XATTR_IV_LENGTH); auto name_len = strlen(name); std::unique_ptr<byte[]> header(new byte[name_len + ID_LENGTH]); memcpy(header.get(), get_id().data(), ID_LENGTH); memcpy(header.get() + ID_LENGTH, name, name_len); aes_gcm_encrypt(value, size, header.get(), name_len + ID_LENGTH, get_key().data(), get_key().size(), iv, XATTR_IV_LENGTH, mac, XATTR_MAC_LENGTH, ciphertext); auto rc = fsetxattr_wrapper(file_descriptor(), name, ciphertext, size, flags); if (rc < 0) throw OSException(errno); rc = fsetxattr_wrapper(m_meta_fd, name, meta, sizeof(meta), flags); if (rc < 0) throw OSException(errno); }
int main(int argc, char **argv) { unsigned char *plain; int i; pt_len = atoi(argv[1]); plain = (unsigned char *)malloc(sizeof(unsigned char)*pt_len); printf("pt_len:%d\n",pt_len); for(i=0;i<pt_len;i++) plain[i]=gcm_pte[i%16]; gcm_pt = plain; // printf("plain size: %d gcm_pt size: %d\n",sizeof(gcm_pte),sizeof(plain)); cycle_t tStart, tEnd; RDTSC_LL(tStart); aes_gcm_encrypt(); RDTSC_LL(tEnd); printf("Encrypt time: %lf us\n",(tEnd-tStart)/2600.0); RDTSC_LL(tStart); aes_gcm_decrypt(); RDTSC_LL(tEnd); printf("tStart:%ld\n",tStart); printf("tEnd :%ld\n",tEnd); printf("Decrypt time: %lf us\n",(tEnd-tStart)/2600.0); printf("orignal plain text:"); printf("encrypt text:\n"); BIO_dump_fp(stdout, enbuf, pt_len); printf("plain text:\n"); BIO_dump_fp(stdout, gcm_pt, pt_len); printf("decrypt text:\n"); BIO_dump_fp(stdout, debuf, pt_len); }
int main(int argc, char **argv) { aes_gcm_encrypt(); aes_gcm_decrypt(); }
int main(int argc, char **argv) { uint8 buf[4096]; uint8 tag[GCM_BLOCK_SZ]; status_t res; ENABLE_DEBUG; BEGINT(0); memcpy(buf, p0, plen0); aes_gcm_encrypt(k0, klen0, n0, nlen0, a0, alen0, buf, plen0, tag, sizeof(tag)); res = !memcmp(tag, t0, tlen0) ? OK : ERR; if (res != OK) TAG_ERR(res, t0, tag, tlen0); ENDT(0, res); BEGINT(1); memcpy(buf, p1, plen1); aes_gcm_mac(k1, klen1, n1, nlen1, a1, alen1, buf, plen1, tag, sizeof(tag)); res = !memcmp(tag, t1, tlen1) ? OK : ERR; if (res != OK) TAG_ERR(res, t1, tag, tlen1); ENDT(1, res); BEGINT(2); memcpy(buf, p1, plen1); aes_gcm_encrypt(k1, klen1, n1, nlen1, a1, alen1, buf, plen1, tag, sizeof(tag)); res = !memcmp(c1, buf, plen1) ? OK : ERR; if (res != OK) { CTXT_ERR(res, c1, buf, plen1); } else { res = !memcmp(tag, t1, tlen1) ? OK : ERR; if (res != OK) TAG_ERR(res, t1, tag, tlen1); } ENDT(2, res); BEGINT(3); memcpy(buf, p3, plen3); aes_gcm_encrypt(k3, klen3, n3, nlen3, a3, alen3, buf, plen3, tag, sizeof(tag)); res = !memcmp(c3, buf, plen3) ? OK : ERR; if (res != OK) { CTXT_ERR(res, c3, buf, plen3); } else { res = !memcmp(tag, t3, tlen3) ? OK : ERR; if (res != OK) TAG_ERR(res, t3, tag, tlen3); } ENDT(3, res); #ifdef HAVE_GCM_HASH BEGINT(4); gcm_hash(hk4, ac4, aclen4, buf, TRUE); res = !memcmp(hac4, buf, haclen4) ? OK : ERR; if (res != OK) TAG_ERR(res, hac4, buf, haclen4); ENDT(4, res); #endif BEGINT(5); memcpy(buf, p5, plen5); aes_gcm_encrypt(k5, klen5, n5, nlen5, a5, alen5, buf, plen5, tag, sizeof(tag)); res = !memcmp(c5, buf, plen5) ? OK : ERR; if (res != OK) { CTXT_ERR(res, c5, buf, plen5); } else { res = !memcmp(tag, t5, tlen5) ? OK : ERR; if (res != OK) TAG_ERR(res, t5, tag, tlen5); } ENDT(5, res); BEGINT(6); memcpy(buf, p5, plen5); aes_gcm_encrypt(k5, klen5, n6, nlen6, a5, alen5, buf, plen5, tag, sizeof(tag)); res = !memcmp(c6, buf, plen5) ? OK : ERR; if (res != OK) { CTXT_ERR(res, c6, buf, plen5); } else { res = !memcmp(tag, t6, tlen6) ? OK : ERR; if (res != OK) TAG_ERR(res, t6, tag, tlen6); } ENDT(6, res); BEGINT(7); memcpy(buf, c6, plen5); res = aes_gcm_decrypt(k5, klen5, n6, nlen6, a5, alen5, buf, plen5, t6, tlen6) ? OK : ERR; if (res != OK) { DBG("aes_gcm_decrypt returned error", NULL, 0); } else { res = !memcmp(p5, buf, plen5) ? OK : ERR; if (res != OK) PTXT_ERR(res, p5, buf, plen5); } ENDT(7, res); BEGINT(8); memcpy(buf, p5, plen5); res = aes_gcm_verify(k5, klen5, n6, nlen6, a5, alen5, buf, plen5, t6, tlen6) ? OK : ERR; if (res != OK) { DBG("aes_gcm_verify returned error", NULL, 0); } ENDT(8, res); BEGINT(9); memcpy(buf, p5, plen5); aes_gcm_mac(k5, klen5, n6, nlen6, a5, alen5, buf, plen5, tag, sizeof(tag)); res = !memcmp(tag, t6, tlen6) ? OK : ERR; if (res != OK) TAG_ERR(res, t6, tag, tlen6); ENDT(9, res); BEGINT(10); /* validate encrypt */ memcpy(buf, p10, plen10) ; aes_gcm_encrypt(k10, klen10, n10, nlen10, a10, alen10, buf, plen10, tag, sizeof(tag)); res = !memcmp(c10, buf, plen10) ? OK : ERR; if (res != OK) { CTXT_ERR(res, c10, buf, plen10); } else { res = !memcmp(tag, t10, tlen10) ? OK : ERR; if (res != OK) TAG_ERR(res, t10, tag, tlen10); } /* validate (just) mac */ memcpy(buf, p10, plen10); aes_gcm_mac(k10, klen10, n10, nlen10, a10, alen10, buf, plen10, tag, sizeof(tag)); res = !memcmp(tag, t10, tlen10) ? OK : ERR; if (res != OK) TAG_ERR(res, t10, tag, tlen10); /* validate decrypt */ memcpy(buf, c10, clen10); res = aes_gcm_decrypt(k10, klen10, n10, nlen10, a10, alen10, buf, clen10, t10, tlen10) ? OK : ERR; if (res != OK) { DBG("aes_gcm_decrypt returned error", NULL, 0); } else { res = !memcmp(p10, buf, plen10) ? OK : ERR; if (res != OK) { PTXT_ERR(res, p10, buf, plen10); } } /* validate verify */ memcpy(buf, p10, plen10); res = aes_gcm_verify(k10, klen10, n10, nlen10, a10, alen10, buf, plen10, t10, tlen10) ? OK : ERR; if (res != OK) { DBG("aes_gcm_verify returned error", NULL, 0); } ENDT(10, res); BEGINT(11); /* validate encrypt */ memcpy(buf, p10, plen10) ; aes_gcm_encrypt(k11, klen11, n10, nlen10, a10, alen10, buf, plen10, tag, sizeof(tag)); res = !memcmp(c11, buf, plen10) ? OK : ERR; if (res != OK) { CTXT_ERR(res, c11, buf, plen10); } else { res = !memcmp(tag, t11, tlen11) ? OK : ERR; if (res != OK) TAG_ERR(res, t11, tag, tlen11); } /* validate (just) mac */ memcpy(buf, p10, plen10); aes_gcm_mac(k11, klen11, n10, nlen10, a10, alen10, buf, plen10, tag, sizeof(tag)); res = !memcmp(tag, t11, tlen11) ? OK : ERR; if (res != OK) TAG_ERR(res, t11, tag, tlen11); /* validate decrypt */ memcpy(buf, c11, clen11); res = aes_gcm_decrypt(k11, klen11, n10, nlen10, a10, alen10, buf, clen11, t11, tlen11) ? OK : ERR; if (res != OK) { DBG("aes_gcm_decrypt returned error", NULL, 0); } else { res = !memcmp(p10, buf, plen10) ? OK : ERR; if (res != OK) { PTXT_ERR(res, p10, buf, plen10); } } /* validate verify */ memcpy(buf, p10, plen10); res = aes_gcm_verify(k11, klen11, n10, nlen10, a10, alen10, buf, plen10, t11, tlen11) ? OK : ERR; if (res != OK) { DBG("aes_gcm_verify returned error", NULL, 0); } ENDT(11, res); BEGINT(12); /* validate encrypt */ memcpy(buf, p12, plen12) ; aes_gcm_encrypt(k12, klen12, n12, nlen12, a12, alen12, buf, plen12, tag, sizeof(tag)); res = !memcmp(c12, buf, plen12) ? OK : ERR; if (res != OK) { CTXT_ERR(res, c12, buf, plen12); } else { res = !memcmp(tag, t12, tlen12) ? OK : ERR; if (res != OK) TAG_ERR(res, t12, tag, tlen12); } /* validate (just) mac */ memcpy(buf, p12, plen12); aes_gcm_mac(k12, klen12, n12, nlen12, a12, alen12, buf, plen12, tag, sizeof(tag)); res = !memcmp(tag, t12, tlen12) ? OK : ERR; if (res != OK) TAG_ERR(res, t12, tag, tlen12); /* validate decrypt */ memcpy(buf, c12, clen12); res = aes_gcm_decrypt(k12, klen12, n12, nlen12, a12, alen12, buf, clen12, t12, tlen12) ? OK : ERR; if (res != OK) { DBG("aes_gcm_decrypt returned error", NULL, 0); } else { res = !memcmp(p12, buf, plen12) ? OK : ERR; if (res != OK) { PTXT_ERR(res, p12, buf, plen12); } } /* validate verify */ memcpy(buf, p12, plen12); res = aes_gcm_verify(k12, klen12, n12, nlen12, a12, alen12, buf, plen12, t12, tlen12) ? OK : ERR; if (res != OK) { DBG("aes_gcm_verify returned error", NULL, 0); } ENDT(12, res); BEGINT(13); /* validate encrypt */ memcpy(buf, p12, plen12) ; aes_gcm_encrypt(k13, klen13, n12, nlen12, a12, alen12, buf, plen12, tag, sizeof(tag)); res = !memcmp(c13, buf, plen12) ? OK : ERR; if (res != OK) { CTXT_ERR(res, c13, buf, plen12); } else { res = !memcmp(tag, t13, tlen13) ? OK : ERR; if (res != OK) TAG_ERR(res, t13, tag, tlen13); } /* validate (just) mac */ memcpy(buf, p12, plen12); aes_gcm_mac(k13, klen13, n12, nlen12, a12, alen12, buf, plen12, tag, sizeof(tag)); res = !memcmp(tag, t13, tlen13) ? OK : ERR; if (res != OK) TAG_ERR(res, t13, tag, tlen13); /* validate decrypt */ memcpy(buf, c13, clen13); res = aes_gcm_decrypt(k13, klen13, n12, nlen12, a12, alen12, buf, clen12, t13, tlen13) ? OK : ERR; if (res != OK) { DBG("aes_gcm_decrypt returned error", NULL, 0); } else { res = !memcmp(p12, buf, plen12) ? OK : ERR; if (res != OK) { PTXT_ERR(res, p12, buf, plen12); } } /* validate verify */ memcpy(buf, p12, plen12); res = aes_gcm_verify(k13, klen13, n12, nlen12, a12, alen12, buf, plen12, t13, tlen13) ? OK : ERR; if (res != OK) { DBG("aes_gcm_verify returned error", NULL, 0); } ENDT(13, res); BEGINT(14); /* validate encrypt */ memcpy(buf, p14, plen14) ; aes_gcm_encrypt(k14, klen14, n14, nlen14, a14, alen14, buf, plen14, tag, sizeof(tag)); res = !memcmp(c14, buf, plen14) ? OK : ERR; if (res != OK) { CTXT_ERR(res, c14, buf, plen14); } else { res = !memcmp(tag, t14, tlen14) ? OK : ERR; if (res != OK) TAG_ERR(res, t14, tag, tlen14); } /* validate (just) mac */ memcpy(buf, p14, plen14); aes_gcm_mac(k14, klen14, n14, nlen14, a14, alen14, buf, plen14, tag, sizeof(tag)); res = !memcmp(tag, t14, tlen14) ? OK : ERR; if (res != OK) TAG_ERR(res, t14, tag, tlen14); /* validate decrypt */ memcpy(buf, c14, clen14); res = aes_gcm_decrypt(k14, klen14, n14, nlen14, a14, alen14, buf, clen14, t14, tlen14) ? OK : ERR; if (res != OK) { DBG("aes_gcm_decrypt returned error", NULL, 0); } else { res = !memcmp(p14, buf, plen14) ? OK : ERR; if (res != OK) { PTXT_ERR(res, p14, buf, plen14); } } /* validate verify */ memcpy(buf, p14, plen14); res = aes_gcm_verify(k14, klen14, n14, nlen14, a14, alen14, buf, plen14, t14, tlen14) ? OK : ERR; if (res != OK) { DBG("aes_gcm_verify returned error", NULL, 0); } ENDT(14, res); return 0; }
/** @brief Process an encrypt packet. * * An encrypt packet consists of a uint32 J and an uninterpreted array * of MESSAGE_SIZE bytes. To be well-formed, * J must identify a channel in the CSS_OPEN state. * [uint32 J][MESSAGE_SIZE bytes of uninterpreted data] * * On success, the response is simply * [CR_CIPHERTEXT][SESSION_BUFFER_SIZE bytes of uninterpreted data] * * @param ctx Non-null. The chat context. * @param pkt Non-null. The incoming login packet. On success, this * pointer re-used to format the outgoing reply message. * @return 0 on success. */ int chat_process_encrypt(chat_context_t *ctx, ffs_packet_t *pkt, uint32_t *pos) { int err = 0; uint32_t channel = 0; err = uint32_deserialize(pkt->data, FFS_DATA_SIZE, pos, &channel); if (err) goto cleanup; if (channel >= SESSIONS_SIZE) { err = -1; goto cleanup; } if (CSS_OPEN != ctx->sessions[channel].state) { err = -1; goto cleanup; } /* Format our response. */ clean_session_buffer(ctx); uint32_t out_pos = 0; { /* [SHA256_OUTPUT_LEN nonce] */ uint8_t nonce[SHA256_OUTPUT_LEN]; for (int i = 0; i < SHA256_OUTPUT_LEN; i += AES_BLOCK_SIZE) prng_output(&ctx->prng, &nonce[i]); sha256_hash(nonce, SHA256_OUTPUT_LEN, nonce); msel_memcpy(&ctx->session_buffer[out_pos], nonce, SHA256_OUTPUT_LEN); out_pos += SHA256_OUTPUT_LEN; msel_memset(nonce, 0, SHA256_OUTPUT_LEN); } { /* [CR_CIPHERTEXT] */ err = ChatResponse_serialize(ctx->session_buffer, SESSION_BUFFER_SIZE, &out_pos, CR_CIPHERTEXT); if (err) goto cleanup; } { /* [MESSAGE_SIZE The message] */ msel_memcpy(&ctx->session_buffer[out_pos], &pkt->data[*pos], MESSAGE_SIZE); out_pos += MESSAGE_SIZE; } { /* Encrypt seek string */ aes_gcm_ctx_t gcm; msel_memset(&gcm, 0, sizeof(gcm)); aes_gcm_setkey(&gcm, AES_GCM_128, ctx->sessions[channel].send_key, ctx->sessions[channel].send_iv, SHA256_OUTPUT_LEN); aes_gcm_aad(&gcm, NULL, 0); aes_gcm_encrypt(&gcm, ctx->session_buffer, SESSION_BUFFER_SIZE, ctx->session_buffer); msel_memset(&gcm, 0, sizeof(gcm)); } { /* Format the packet */ uint32_t length = 0; msel_memset(pkt->data, 0, FFS_DATA_SIZE); /* [CR_CIPHERTEXT] */ err = ChatResponse_serialize(pkt->data, FFS_DATA_SIZE, &length, CR_CIPHERTEXT); if (err) goto cleanup; /* SESSION_BUFFER_SIZE bytes of uninterpreted data */ msel_memcpy(&pkt->data[length], ctx->session_buffer, SESSION_BUFFER_SIZE); length += SESSION_BUFFER_SIZE; } /* Advance the key and IV */ sha256_hash(ctx->sessions[channel].send_key, SHA256_OUTPUT_LEN, ctx->sessions[channel].send_key); sha256_hash(ctx->sessions[channel].send_iv, SHA256_OUTPUT_LEN, ctx->sessions[channel].send_iv); /* Send the response */ while (msel_svc(MSEL_SVC_SESSION_SEND, pkt) != MSEL_OK) msel_svc(MSEL_SVC_YIELD, NULL); cleanup: return err; }
/** @brief Process a get-exchange packet. * * A get-exchange packet consists of a uint32 J. To be well-formed, * J must identify a channel in the CSS_LISTENING or CSS_OPEN state. * [uint32 J] * * On success, the response is simply * [CR_EXCHANGE][SESSION_BUFFER_SIZE bytes of uninterpreted data] * * @param ctx Non-null. The chat context. * @param pkt Non-null. The incoming login packet. On success, this * pointer re-used to format the outgoing reply message. * @return 0 on success. */ int chat_process_getexchange(chat_context_t *ctx, ffs_packet_t *pkt, uint32_t *pos) { int err = 0; uint32_t channel = 0; err = uint32_deserialize(pkt->data, FFS_DATA_SIZE, pos, &channel); if (err) goto cleanup; if (channel >= SESSIONS_SIZE) { err = -1; goto cleanup; } if ((CSS_LISTENING != ctx->sessions[channel].state) && (CSS_OPEN != ctx->sessions[channel].state)) { err = -1; goto cleanup; } /* Format our response. */ clean_session_buffer(ctx); uint32_t out_pos = 0; { /* [SHA256_OUTPUT_LEN nonce] */ uint8_t nonce[SHA256_OUTPUT_LEN]; for (int i = 0; i < SHA256_OUTPUT_LEN; i += AES_BLOCK_SIZE) prng_output(&ctx->prng, &nonce[i]); sha256_hash(nonce, SHA256_OUTPUT_LEN, nonce); msel_memcpy(&ctx->session_buffer[out_pos], nonce, SHA256_OUTPUT_LEN); out_pos += SHA256_OUTPUT_LEN; msel_memset(nonce, 0, SHA256_OUTPUT_LEN); } { /* [CR_EXCHANGE] */ err = ChatResponse_serialize(ctx->session_buffer, SESSION_BUFFER_SIZE, &out_pos, CR_EXCHANGE); if (err) goto cleanup; } { /* [SHA256_OUTPUT_LEN The pubkey hash] */ msel_memcpy(&ctx->session_buffer[out_pos], ctx->sessions[channel].local_key_pub_hash, SHA256_OUTPUT_LEN); out_pos += SHA256_OUTPUT_LEN; } { /* [ECC_POINT_LEN The pubkey itself] */ msel_memcpy(&ctx->session_buffer[out_pos], ctx->sessions[channel].local_key_pub, ECC_POINT_LEN); out_pos += ECC_POINT_LEN; } { /* TODO: ECDSA signature of the pubkey hash */ } { /* TODO: hmac */ } { /* Encrypt exchange string */ aes_gcm_ctx_t gcm; msel_memset(&gcm, 0, sizeof(gcm)); aes_gcm_setkey(&gcm, AES_GCM_128, ctx->sessions[channel].xchg_key, ctx->sessions[channel].xchg_iv, SHA256_OUTPUT_LEN); aes_gcm_aad(&gcm, NULL, 0); aes_gcm_encrypt(&gcm, ctx->session_buffer, SESSION_BUFFER_SIZE, ctx->session_buffer); msel_memset(&gcm, 0, sizeof(gcm)); } { /* Format the packet */ uint32_t length = 0; msel_memset(pkt->data, 0, FFS_DATA_SIZE); /* [CR_EXCHANGE] */ err = ChatResponse_serialize(pkt->data, FFS_DATA_SIZE, &length, CR_EXCHANGE); if (err) goto cleanup; /* SESSION_BUFFER_SIZE bytes of uninterpreted data */ msel_memcpy(&pkt->data[length], ctx->session_buffer, SESSION_BUFFER_SIZE); length += SESSION_BUFFER_SIZE; } /* Send the response */ while (msel_svc(MSEL_SVC_SESSION_SEND, pkt) != MSEL_OK) msel_svc(MSEL_SVC_YIELD, NULL); cleanup: return err; }
bool KekStorage::store(string alias, Key *key, Token *tok){ if(exist(alias, KeyName::getName(key))) { printf("Failed to store :: key[%s] already exists for %s\n", KeyName::getName(key), alias.c_str()); return false; } shared_ptr<SqlRecord> rec(new SqlRecord()); shared_ptr<SerializedItem> sItem; if(key->type == KeyType::PUB) { // don't encrypt the key sItem = key->serialize(); rec->push(shared_ptr<SqlString>( new SqlString(KEK_COL_ALIAS, alias))); rec->push(shared_ptr<SqlString>( new SqlString(KEK_COL_KEK_NAME, KeyName::getName(key)))); rec->push(shared_ptr<SqlInteger>( new SqlInteger(KEK_COL_KEK_TYPE, KeyType::PUB))); rec->push(shared_ptr<SqlInteger>( new SqlInteger(KEK_COL_ENCRYPTED_BY, CryptAlg::PLAIN))); rec->push(shared_ptr<SqlString>( new SqlString(KEK_COL_EKEK, (string )sItem->getItem()))); } else { if(tok->len > 32) { printf("Token length cannot be more than 32 bytes [%d]\n", tok->len); return false; } SymKey *symKey = new SymKey(32); memcpy(symKey->getData(), tok->getData(), tok->len); EncKey *eKey = aes_gcm_encrypt((Item *)key, symKey); if(eKey == NULL) { printf("Encryption failed!\n"); delete symKey; return false; } sItem = eKey->serialize(); rec->push(shared_ptr<SqlString>( new SqlString(KEK_COL_ALIAS, alias))); rec->push(shared_ptr<SqlString>( new SqlString(KEK_COL_KEK_NAME, KeyName::getName(key)))); rec->push(shared_ptr<SqlInteger>( new SqlInteger(KEK_COL_KEK_TYPE, key->type))); rec->push(shared_ptr<SqlInteger>( new SqlInteger(KEK_COL_ENCRYPTED_BY, CryptAlg::AES))); rec->push(shared_ptr<SqlString>( new SqlString(KEK_COL_EKEK, (string )sItem->getItem()))); rec->push(shared_ptr<SqlString>( new SqlString(KEK_COL_AUTH_TAG, (string )sItem->getAuthTag()))); delete eKey; delete symKey; } sItem->dump("KekStorage::store - serializedItem"); bool rc = mSqlHelper->insertRec(mDb, KEK_TBL_NAME, rec); return rc; }