2 * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief Main header file for client library.
28 #include <ckm/ckm-error.h>
29 #include <ckm/ckm-type.h>
31 // Central Key Manager namespace
37 Key(const RawBuffer &rawData,
38 const std::string &password = std::string(),
39 KeyType type = KeyType::KEY_NONE); // Import key
41 Key& operator=(const Key &key);
45 KeyType getType() const;
47 ElipticCurve getCurve() const;
48 RawBuffer getDER() const;
49 GenericKey* getImpl() const;
52 std::shared_ptr<GenericKey> m_impl;
57 // enum class FingerprintType : unsigned int {
64 Certificate(const RawBuffer &rawData, DataFormat format);
65 Certificate(const Certificate &certificate);
66 Certificate& operator=(const Certificate &certificate);
70 // Key getKey() const;
72 // This function will return openssl struct X509*.
73 // You should not free the memory.
74 // Memory will be freed in ~Certificate.
76 RawBuffer getDER() const;
77 CertificateImpl* getImpl();
79 // // *** standard certificate operation begin ***
80 // bool isSignedBy(const Certificate &parent) const;
81 // RawBuffer getFingerprint(FingerprintType type) const;
83 // // *** standard certificate operation end ***
85 std::shared_ptr<CertificateImpl> m_impl;
88 typedef std::vector<Certificate> CertificateVector;
94 Pkcs12(const RawBuffer &rawData, const RawBuffer &password = RawBuffer());
96 Pkcs12(const Pkcs12 &pkcs);
97 Pkcs12(Pkcs12 &&pkcs);
98 Pkcs12& operator=(const Pkcs12 &pkcs);
99 Pkcs12& operator=(Pkcs12 &&pkcs);
101 Key getKey(const RawBuffer &password = RawBuffer());
102 Certificate getCertificate(); // this is connected with Key
104 // check the API in openssl and translate it 1 to 1.
106 CertificateVector getCertificateVector();
119 // Manager(int uid); // connect to database related with uid
120 Manager(const Manager &connection) = delete;
121 Manager(Manager &&connection) = delete;
122 Manager operator=(const Manager &connection) = delete;
123 Manager operator=(Manager && connection) = delete;
126 int saveKey(const Alias &alias, const Key &key, const Policy &policy);
127 int saveCertificate(const Alias &alias, const Certificate &cert, const Policy &policy);
130 * Data must be extractable. If you set extractable bit to false funciton will
131 * return ERROR_INPUT_PARAM.
133 int saveData(const Alias &alias, const RawBuffer &data, const Policy &policy);
135 int removeKey(const Alias &alias);
136 int removeCertificate(const Alias &alias);
137 int removeData(const Alias &alias);
139 int getKey(const Alias &alias, const std::string &password, Key &key);
142 const std::string &password,
143 Certificate &certificate);
144 int getData(const Alias &alias, const std::string &password, RawBuffer &data);
146 // send request for list of all keys/certificates/data that application/user may use
147 int getKeyAliasVector(AliasVector &aliasVector);
148 int getCertificateAliasVector(AliasVector &aliasVector);
149 int getDataAliasVector(AliasVector &aliasVector);
151 int createKeyPairRSA(
152 const int size, // size in bits [1024, 2048, 4096]
153 const Alias &privateKeyAlias,
154 const Alias &publicKeyAlias,
155 const Policy &policyPrivateKey = Policy(),
156 const Policy &policyPublicKey = Policy());
158 int createKeyPairECDSA(
159 const ElipticCurve type,
160 const Alias &privateKeyAlias,
161 const Alias &publicKeyAlias,
162 const Policy &policyPrivateKey = Policy(),
163 const Policy &policyPublicKey = Policy());
165 int getCertificateChain(
166 const Certificate &certificate,
167 const CertificateVector &untrustedCertificates,
168 CertificateVector &certificateChainVector);
170 int getCertificateChain(
171 const Certificate &certificate,
172 const AliasVector &untrustedCertificates,
173 CertificateVector &certificateChainVector);
176 const Alias &privateKeyAlias,
177 const std::string &password, // password for private_key
178 const RawBuffer &message,
179 const HashAlgorithm hash,
180 const RSAPaddingAlgorithm padding,
181 RawBuffer &signature);
184 const Alias &publicKeyOrCertAlias,
185 const std::string &password, // password for public_key (optional)
186 const RawBuffer &message,
187 const RawBuffer &signature,
188 const HashAlgorithm hash,
189 const RSAPaddingAlgorithm padding);
191 // This function will check all certificates in chain except Root CA.
192 // This function will delegate task to service. You may use this even
193 // if application does not have permission to use network.
194 int ocspCheck(const CertificateVector &certificateChainVector, int &ocspStatus);
198 std::shared_ptr<ManagerImpl> m_impl;
202 // Asynchronous interface to Central Key Manager. This implementation uses
203 // internal thread for connection.
206 class ManagerAsyncImpl;
208 // Observer will observer custom operation.
210 // Error callback - all errors
211 // ERROR_API_NOT_SUPPORTED,
212 // ERROR_API_CONNECTION_LOST,
213 // ERROR_API_PARSING_ERROR,
214 // ERROR_API_ALIAS_UNKNOWN
215 virtual void ReceivedError(int error, const std::string &errormsg);
217 // This will return data
218 virtual void ReceivedKey(Key && key) {}
219 virtual void ReceivedCertificate(Certificate && certificate) {}
220 virtual void ReceivedKeyAliasVector(AliasVector && aliasVector) {}
221 virtual void ReceivedCertificateAliasVector(AliasVector && aliasVector) {}
223 // This callbacks will confirm successful operation
224 virtual void ReceivedSaveKey() {}
225 virtual void ReceivedSaveCertificate() {}
226 virtual void ReceivedRemovedKey() {}
227 virtual void ReceivedRemovedCertificate() {}
229 // Added By Dongsun Lee
230 virtual void ReceivedData(RawBuffer && data) {}
231 virtual void ReceivedDataAliasVector(AliasVector && aliasVector) {}
233 // This callbacks will confirm successful operation
234 virtual void ReceivedSaveData() {}
235 virtual void ReceivedRemovedData() {}
236 virtual void ReceivedCreateKeyPairRSA() {}
237 virtual void ReceivedCreateKeyPairECDSA() {}
238 virtual void ReceivedCreateSignature(RawBuffer && signature) {}
240 // TODO: describe status
241 virtual void ReceivedVerifySignature() {}
242 // TODO: describe status
243 // Do we need some chain of the certificate?
244 virtual void ReceivedVerifyCertificate() {}
246 virtual void ReceivedGetCertiticateChain(CertificateVector &&certificateVector) {}
247 virtual void ReceivedStrictCACheck();
248 virtual void ReceivedOCSPCheck();
250 virtual ~Observer() {}
254 ManagerAsync(const ManagerAsync &);
255 ManagerAsync(ManagerAsync &&);
256 ManagerAsync& operator=(const ManagerAsync &);
257 ManagerAsync& operator=(ManagerAsync &&);
258 virtual ~ManagerAsync();
260 // observer will be destroyed after use
261 void saveKey(Observer *observer, const Alias &alias, const Key &key, const Policy &policy);
262 void saveCertificate(Observer *observer, const Alias &alias, const Certificate &cert, const Policy &policy);
264 void removeKey(Observer *observer, const Alias &alias);
265 void removeCertificate(Observer *observer, const Alias &alias);
267 void requestKey(Observer *observer, const Alias &alias);
268 void requestCertificate(Observer *observer, const Alias &alias);
270 // This will extract list of all Keys and Certificates in Key Store
271 void requestKeyAliasVector(Observer *observer); // send request for list of all keys that application/user may use
272 void requestCertificateAliasVector(Observer *observer); // send request for list of all certs that application/user may use
274 // Added By Dongsun Lee
275 void saveData(Observer *observer, const Alias &alias, const RawBuffer &data, const Policy &policy);
276 void removeData(Observer *observer, const Alias &alias);
277 void requestData(Observer *observer, const Alias &alias);
278 void requestDataAliasVector(Observer *observer); // send request for list of all data that application/user may use
279 void createKeyPairRSA(Observer *observer, const Alias &privateKeyAlias, const Alias &publicKeyAlias, const int &size, const Policy &policy);
280 void createKeyPairECDSA(Observer *observer, const Alias &privateKeyAlias, const Alias &publicKeyAlias, ECType type, const int &size, const Policy &policy);
281 void createSignature(Observer *observer, const Alias &privateKeyAlias, const RawBuffer &password, const RawBuffer &message);
282 void verifySignature(Observer *observer, const Alias &publicKeyOrCertAlias, const RawBuffer &password, const RawBuffer &message, const RawBuffer &signature);
284 // Should we use also certificates stored by user in Certral Key Manager?
285 // Sometimes we may want to verify certificate without OCSP (for example we are installing side-loaded app and network is not working).
286 void verifyCertificate(Observer *observer, const Certificate &certificate, const CertificateVector &untrusted, const bool ocspCheck, const bool strictCaFlagCheck);
288 void createKeyPairRSA(
290 const int size, // size in bits [1024, 2048, 4096]
291 const Alias &privateKeyAlias,
292 const Alias &publicKeyAlias,
293 const Policy &policyPrivateKey = Policy(),
294 const Policy &policyPublicKey = Policy());
296 void createKeyPairECDSA(
298 const Key::ECType type,
299 const Alias &privateKeyAlias,
300 const Alias &publicKeyAlias,
301 const Policy &policyPrivateKey = Policy(),
302 const Policy &policyPublicKey = Policy());
304 // this fuction will return chains of certificates and check it with openssl
305 // status : OK, INCOMPLETE_CHAIN, VERIFICATION_FAILED
306 void getCertiticateChain(
307 const Certificate &certificate,
308 const CertificateVector &untrustedCertificates);
310 void getCertificateChain(
311 const Certificate &certificate,
312 const AliasVector &untrustedCertificates);
314 void strictCACheck(const CertificateVector &certificateVector);
316 // This function will check all certificates in chain except Root CA.
317 void ocspCheck(const CertificateVector &certificateChainVector);
320 ConnectionAsyncImpl *m_impl;
323 class ManagerAsyncThread : public ManagerAsync {
325 ManagerAsyncThread();
326 ManagerAsyncThread(int uid); // connect to database related to uid
327 ManagerAsyncThread(const ConnectionAsyncThread &);
328 ManagerAsyncThread(ConnectionAsyncThread &&);
329 ManagerAsyncThread& operator=(const ConnectionAsyncThread &);
330 ManagerAsyncThread& operator=(ConnectionAsyncThread &&);
331 virtual ~ConnectionAsyncThread() {}
336 class ManagerAsyncNoThread : public ManagerAsync {
338 ManagerAsyncNoThread();
339 ManagerAsyncNoThread(const ConnectionAsyncNoThread &);
340 ManagerAsyncNoThread(ConnectionAsyncNoThread &&);
341 ManagerAsyncNoThread& operator=(const ConnectionAsyncNoThread &);
342 ManagerAsyncNoThread& operator=(ConnectionAsyncNoThread &&);
343 virtual ~ConnecitonAsyncNoThread() {}
345 int getDesc(); // extract descriptor number
346 int processDesc(); // send request and receive data from central key manager