2 * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief Main header file for client library.
28 #include <ckm/ckm-error.h>
29 #include <ckm/ckm-type.h>
31 // Central Key Manager namespace
37 Key(const RawBuffer &rawData,
38 const std::string &password = std::string(),
39 KeyType type = KeyType::KEY_NONE); // Import key
41 Key& operator=(const Key &key);
45 KeyType getType() const;
47 ElipticCurve getCurve() const;
48 RawBuffer getDER() const;
49 GenericKey* getImpl() const;
52 std::shared_ptr<GenericKey> m_impl;
57 // enum class FingerprintType : unsigned int {
64 Certificate(const RawBuffer &rawData, DataFormat format);
65 Certificate(const Certificate &certificate);
66 Certificate& operator=(const Certificate &certificate);
70 // Key getKey() const;
72 // This function will return openssl struct X509*.
74 RawBuffer getDER() const;
75 CertificateImpl* getImpl();
77 // // *** standard certificate operation begin ***
78 // RawBuffer getDER() const;
79 // bool isSignedBy(const Certificate &parent) const;
80 // RawBuffer getFingerprint(FingerprintType type) const;
82 // // *** standard certificate operation end ***
84 std::shared_ptr<CertificateImpl> m_impl;
87 typedef std::vector<Certificate> CertificateVector;
93 Pkcs12(const RawBuffer &rawData, const RawBuffer &password = RawBuffer());
95 Pkcs12(const Pkcs12 &pkcs);
96 Pkcs12(Pkcs12 &&pkcs);
97 Pkcs12& operator=(const Pkcs12 &pkcs);
98 Pkcs12& operator=(Pkcs12 &&pkcs);
100 Key getKey(const RawBuffer &password = RawBuffer());
101 Certificate getCertificate(); // this is connected with Key
103 // check the API in openssl and translate it 1 to 1.
105 CertificateVector getCertificateVector();
118 // Manager(int uid); // connect to database related with uid
119 Manager(const Manager &connection) = delete;
120 Manager(Manager &&connection) = delete;
121 Manager operator=(const Manager &connection) = delete;
122 Manager operator=(Manager && connection) = delete;
125 int saveKey(const Alias &alias, const Key &key, const Policy &policy);
126 int saveCertificate(const Alias &alias, const Certificate &cert, const Policy &policy);
129 * Data must be extractable. If you set extractable bit to false funciton will
130 * return ERROR_INPUT_PARAM.
132 int saveData(const Alias &alias, const RawBuffer &data, const Policy &policy);
134 int removeKey(const Alias &alias);
135 int removeCertificate(const Alias &alias);
136 int removeData(const Alias &alias);
138 int getKey(const Alias &alias, const std::string &password, Key &key);
141 const std::string &password,
142 Certificate &certificate);
143 int getData(const Alias &alias, const std::string &password, RawBuffer &data);
145 // send request for list of all keys/certificates/data that application/user may use
146 int getKeyAliasVector(AliasVector &aliasVector);
147 int getCertificateAliasVector(AliasVector &aliasVector);
148 int getDataAliasVector(AliasVector &aliasVector);
150 int createKeyPairRSA(
151 const int size, // size in bits [1024, 2048, 4096]
152 const Alias &privateKeyAlias,
153 const Alias &publicKeyAlias,
154 const Policy &policyPrivateKey = Policy(),
155 const Policy &policyPublicKey = Policy());
157 int createKeyPairECDSA(
158 const ElipticCurve type,
159 const Alias &privateKeyAlias,
160 const Alias &publicKeyAlias,
161 const Policy &policyPrivateKey = Policy(),
162 const Policy &policyPublicKey = Policy());
164 int getCertificateChain(
165 const Certificate &certificate,
166 const CertificateVector &untrustedCertificates,
167 CertificateVector &certificateChainVector);
169 int getCertificateChain(
170 const Certificate &certificate,
171 const AliasVector &untrustedCertificates,
172 CertificateVector &certificateChainVector);
175 const Alias &privateKeyAlias,
176 const std::string &password, // password for private_key
177 const RawBuffer &message,
178 const HashAlgorithm hash,
179 const RSAPaddingAlgorithm padding,
180 RawBuffer &signature);
183 const Alias &publicKeyOrCertAlias,
184 const std::string &password, // password for public_key (optional)
185 const RawBuffer &message,
186 const RawBuffer &signature,
187 const HashAlgorithm hash,
188 const RSAPaddingAlgorithm padding);
190 // // This function will check all certificates in chain except Root CA.
191 // int ocspCheck(const CertificateVector &certificateChainVector);
195 std::shared_ptr<ManagerImpl> m_impl;
199 // Asynchronous interface to Central Key Manager. This implementation uses
200 // internal thread for connection.
203 class ManagerAsyncImpl;
205 // Observer will observer custom operation.
207 // Error callback - all errors
208 // ERROR_API_NOT_SUPPORTED,
209 // ERROR_API_CONNECTION_LOST,
210 // ERROR_API_PARSING_ERROR,
211 // ERROR_API_ALIAS_UNKNOWN
212 virtual void ReceivedError(int error, const std::string &errormsg);
214 // This will return data
215 virtual void ReceivedKey(Key && key) {}
216 virtual void ReceivedCertificate(Certificate && certificate) {}
217 virtual void ReceivedKeyAliasVector(AliasVector && aliasVector) {}
218 virtual void ReceivedCertificateAliasVector(AliasVector && aliasVector) {}
220 // This callbacks will confirm successful operation
221 virtual void ReceivedSaveKey() {}
222 virtual void ReceivedSaveCertificate() {}
223 virtual void ReceivedRemovedKey() {}
224 virtual void ReceivedRemovedCertificate() {}
226 // Added By Dongsun Lee
227 virtual void ReceivedData(RawBuffer && data) {}
228 virtual void ReceivedDataAliasVector(AliasVector && aliasVector) {}
230 // This callbacks will confirm successful operation
231 virtual void ReceivedSaveData() {}
232 virtual void ReceivedRemovedData() {}
233 virtual void ReceivedCreateKeyPairRSA() {}
234 virtual void ReceivedCreateKeyPairECDSA() {}
235 virtual void ReceivedCreateSignature(RawBuffer && signature) {}
237 // TODO: describe status
238 virtual void ReceivedVerifySignature() {}
239 // TODO: describe status
240 // Do we need some chain of the certificate?
241 virtual void ReceivedVerifyCertificate() {}
243 virtual void ReceivedGetCertiticateChain(CertificateVector &&certificateVector) {}
244 virtual void ReceivedStrictCACheck();
245 virtual void ReceivedOCSPCheck();
247 virtual ~Observer() {}
251 ManagerAsync(const ManagerAsync &);
252 ManagerAsync(ManagerAsync &&);
253 ManagerAsync& operator=(const ManagerAsync &);
254 ManagerAsync& operator=(ManagerAsync &&);
255 virtual ~ManagerAsync();
257 // observer will be destroyed after use
258 void saveKey(Observer *observer, const Alias &alias, const Key &key, const Policy &policy);
259 void saveCertificate(Observer *observer, const Alias &alias, const Certificate &cert, const Policy &policy);
261 void removeKey(Observer *observer, const Alias &alias);
262 void removeCertificate(Observer *observer, const Alias &alias);
264 void requestKey(Observer *observer, const Alias &alias);
265 void requestCertificate(Observer *observer, const Alias &alias);
267 // This will extract list of all Keys and Certificates in Key Store
268 void requestKeyAliasVector(Observer *observer); // send request for list of all keys that application/user may use
269 void requestCertificateAliasVector(Observer *observer); // send request for list of all certs that application/user may use
271 // Added By Dongsun Lee
272 void saveData(Observer *observer, const Alias &alias, const RawBuffer &data, const Policy &policy);
273 void removeData(Observer *observer, const Alias &alias);
274 void requestData(Observer *observer, const Alias &alias);
275 void requestDataAliasVector(Observer *observer); // send request for list of all data that application/user may use
276 void createKeyPairRSA(Observer *observer, const Alias &privateKeyAlias, const Alias &publicKeyAlias, const int &size, const Policy &policy);
277 void createKeyPairECDSA(Observer *observer, const Alias &privateKeyAlias, const Alias &publicKeyAlias, ECType type, const int &size, const Policy &policy);
278 void createSignature(Observer *observer, const Alias &privateKeyAlias, const RawBuffer &password, const RawBuffer &message);
279 void verifySignature(Observer *observer, const Alias &publicKeyOrCertAlias, const RawBuffer &password, const RawBuffer &message, const RawBuffer &signature);
281 // Should we use also certificates stored by user in Certral Key Manager?
282 // Sometimes we may want to verify certificate without OCSP (for example we are installing side-loaded app and network is not working).
283 void verifyCertificate(Observer *observer, const Certificate &certificate, const CertificateVector &untrusted, const bool ocspCheck, const bool strictCaFlagCheck);
285 void createKeyPairRSA(
287 const int size, // size in bits [1024, 2048, 4096]
288 const Alias &privateKeyAlias,
289 const Alias &publicKeyAlias,
290 const Policy &policyPrivateKey = Policy(),
291 const Policy &policyPublicKey = Policy());
293 void createKeyPairECDSA(
295 const Key::ECType type,
296 const Alias &privateKeyAlias,
297 const Alias &publicKeyAlias,
298 const Policy &policyPrivateKey = Policy(),
299 const Policy &policyPublicKey = Policy());
301 // this fuction will return chains of certificates and check it with openssl
302 // status : OK, INCOMPLETE_CHAIN, VERIFICATION_FAILED
303 void getCertiticateChain(
304 const Certificate &certificate,
305 const CertificateVector &untrustedCertificates);
307 void getCertificateChain(
308 const Certificate &certificate,
309 const AliasVector &untrustedCertificates);
311 void strictCACheck(const CertificateVector &certificateVector);
313 // This function will check all certificates in chain except Root CA.
314 void ocspCheck(const CertificateVector &certificateChainVector);
317 ConnectionAsyncImpl *m_impl;
320 class ManagerAsyncThread : public ManagerAsync {
322 ManagerAsyncThread();
323 ManagerAsyncThread(int uid); // connect to database related to uid
324 ManagerAsyncThread(const ConnectionAsyncThread &);
325 ManagerAsyncThread(ConnectionAsyncThread &&);
326 ManagerAsyncThread& operator=(const ConnectionAsyncThread &);
327 ManagerAsyncThread& operator=(ConnectionAsyncThread &&);
328 virtual ~ConnectionAsyncThread() {}
333 class ManagerAsyncNoThread : public ManagerAsync {
335 ManagerAsyncNoThread();
336 ManagerAsyncNoThread(const ConnectionAsyncNoThread &);
337 ManagerAsyncNoThread(ConnectionAsyncNoThread &&);
338 ManagerAsyncNoThread& operator=(const ConnectionAsyncNoThread &);
339 ManagerAsyncNoThread& operator=(ConnectionAsyncNoThread &&);
340 virtual ~ConnecitonAsyncNoThread() {}
342 int getDesc(); // extract descriptor number
343 int processDesc(); // send request and receive data from central key manager