2 * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief Main header file for client library.
28 #include <ckm/ckm-certificate.h>
29 #include <ckm/ckm-error.h>
30 #include <ckm/ckm-key.h>
31 #include <ckm/ckm-type.h>
33 // Central Key Manager namespace
37 typedef std::shared_ptr<Manager> ManagerShPtr;
43 virtual int saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) = 0;
44 virtual int saveCertificate(const Alias &alias, const CertificateShPtr &cert, const Policy &policy) = 0;
47 * Data must be extractable. If you set extractable bit to false funciton will
48 * return ERROR_INPUT_PARAM.
50 virtual int saveData(const Alias &alias, const RawBuffer &data, const Policy &policy) = 0;
52 virtual int removeKey(const Alias &alias) = 0;
53 virtual int removeCertificate(const Alias &alias) = 0;
54 virtual int removeData(const Alias &alias) = 0;
56 virtual int getKey(const Alias &alias, const Password &password, KeyShPtr &key) = 0;
57 virtual int getCertificate(
59 const Password &password,
60 CertificateShPtr &certificate) = 0;
61 virtual int getData(const Alias &alias, const Password &password, RawBuffer &data) = 0;
63 // send request for list of all keys/certificates/data that application/user may use
64 virtual int getKeyAliasVector(AliasVector &aliasVector) = 0;
65 virtual int getCertificateAliasVector(AliasVector &aliasVector) = 0;
66 virtual int getDataAliasVector(AliasVector &aliasVector) = 0;
68 virtual int createKeyPairRSA(
69 const int size, // size in bits [1024, 2048, 4096]
70 const Alias &privateKeyAlias,
71 const Alias &publicKeyAlias,
72 const Policy &policyPrivateKey = Policy(),
73 const Policy &policyPublicKey = Policy()) = 0;
75 virtual int createKeyPairDSA(
76 const int size, // size in bits [1024, 2048, 3072, 4096]
77 const Alias &privateKeyAlias,
78 const Alias &publicKeyAlias,
79 const Policy &policyPrivateKey = Policy(),
80 const Policy &policyPublicKey = Policy()) = 0;
82 virtual int createKeyPairECDSA(
83 const ElipticCurve type,
84 const Alias &privateKeyAlias,
85 const Alias &publicKeyAlias,
86 const Policy &policyPrivateKey = Policy(),
87 const Policy &policyPublicKey = Policy()) = 0;
89 virtual int getCertificateChain(
90 const CertificateShPtr &certificate,
91 const CertificateShPtrVector &untrustedCertificates,
92 CertificateShPtrVector &certificateChainVector) = 0;
94 virtual int getCertificateChain(
95 const CertificateShPtr &certificate,
96 const AliasVector &untrustedCertificates,
97 CertificateShPtrVector &certificateChainVector) = 0;
99 virtual int createSignature(
100 const Alias &privateKeyAlias,
101 const Password &password, // password for private_key
102 const RawBuffer &message,
103 const HashAlgorithm hash,
104 const RSAPaddingAlgorithm padding,
105 RawBuffer &signature) = 0;
107 virtual int verifySignature(
108 const Alias &publicKeyOrCertAlias,
109 const Password &password, // password for public_key (optional)
110 const RawBuffer &message,
111 const RawBuffer &signature,
112 const HashAlgorithm hash,
113 const RSAPaddingAlgorithm padding) = 0;
115 // This function will check all certificates in chain except Root CA.
116 // This function will delegate task to service. You may use this even
117 // if application does not have permission to use network.
118 virtual int ocspCheck(const CertificateShPtrVector &certificateChainVector, int &ocspStatus) = 0;
120 virtual int allowAccess(const std::string &alias, const std::string &accessor, AccessRight granted) = 0;
121 virtual int denyAccess(const std::string &alias, const std::string &accessor) = 0;
124 static ManagerShPtr create();
125 // static ManagerShPtr getManager(int uid); // TODO
129 // Asynchronous interface to Central Key Manager. This implementation uses
130 // internal thread for connection.
133 class ManagerAsyncImpl;
135 // Observer will observer custom operation.
137 // Error callback - all errors
138 // ERROR_API_NOT_SUPPORTED,
139 // ERROR_API_CONNECTION_LOST,
140 // ERROR_API_PARSING_ERROR,
141 // ERROR_API_ALIAS_UNKNOWN
142 virtual void ReceivedError(int error, const std::string &errormsg);
144 // This will return data
145 virtual void ReceivedKey(Key && key) {}
146 virtual void ReceivedCertificate(Certificate && certificate) {}
147 virtual void ReceivedKeyAliasVector(AliasVector && aliasVector) {}
148 virtual void ReceivedCertificateAliasVector(AliasVector && aliasVector) {}
150 // This callbacks will confirm successful operation
151 virtual void ReceivedSaveKey() {}
152 virtual void ReceivedSaveCertificate() {}
153 virtual void ReceivedRemovedKey() {}
154 virtual void ReceivedRemovedCertificate() {}
156 // Added By Dongsun Lee
157 virtual void ReceivedData(RawBuffer && data) {}
158 virtual void ReceivedDataAliasVector(AliasVector && aliasVector) {}
160 // This callbacks will confirm successful operation
161 virtual void ReceivedSaveData() {}
162 virtual void ReceivedRemovedData() {}
163 virtual void ReceivedCreateKeyPairRSA() {}
164 virtual void ReceivedCreateKeyPairECDSA() {}
165 virtual void ReceivedCreateSignature(RawBuffer && signature) {}
167 // TODO: describe status
168 virtual void ReceivedVerifySignature() {}
169 // TODO: describe status
170 // Do we need some chain of the certificate?
171 virtual void ReceivedVerifyCertificate() {}
173 virtual void ReceivedGetCertiticateChain(CertificateShPtrVector &&certificateVector) {}
174 virtual void ReceivedStrictCACheck();
175 virtual void ReceivedOCSPCheck();
177 virtual ~Observer() {}
181 ManagerAsync(const ManagerAsync &);
182 ManagerAsync(ManagerAsync &&);
183 ManagerAsync& operator=(const ManagerAsync &);
184 ManagerAsync& operator=(ManagerAsync &&);
185 virtual ~ManagerAsync();
187 // observer will be destroyed after use
188 void saveKey(Observer *observer, const Alias &alias, const Key &key, const Policy &policy);
189 void saveCertificate(Observer *observer, const Alias &alias, const Certificate &cert, const Policy &policy);
191 void removeKey(Observer *observer, const Alias &alias);
192 void removeCertificate(Observer *observer, const Alias &alias);
194 void requestKey(Observer *observer, const Alias &alias);
195 void requestCertificate(Observer *observer, const Alias &alias);
197 // This will extract list of all Keys and Certificates in Key Store
198 void requestKeyAliasVector(Observer *observer); // send request for list of all keys that application/user may use
199 void requestCertificateAliasVector(Observer *observer); // send request for list of all certs that application/user may use
201 // Added By Dongsun Lee
202 void saveData(Observer *observer, const Alias &alias, const RawBuffer &data, const Policy &policy);
203 void removeData(Observer *observer, const Alias &alias);
204 void requestData(Observer *observer, const Alias &alias);
205 void requestDataAliasVector(Observer *observer); // send request for list of all data that application/user may use
206 void createKeyPairRSA(Observer *observer, const Alias &privateKeyAlias, const Alias &publicKeyAlias, const int &size, const Policy &policy);
207 void createKeyPairECDSA(Observer *observer, const Alias &privateKeyAlias, const Alias &publicKeyAlias, ECType type, const int &size, const Policy &policy);
208 void createSignature(Observer *observer, const Alias &privateKeyAlias, const RawBuffer &password, const RawBuffer &message);
209 void verifySignature(Observer *observer, const Alias &publicKeyOrCertAlias, const RawBuffer &password, const RawBuffer &message, const RawBuffer &signature);
211 // Should we use also certificates stored by user in Certral Key Manager?
212 // Sometimes we may want to verify certificate without OCSP (for example we are installing side-loaded app and network is not working).
213 void verifyCertificate(Observer *observer, const Certificate &certificate, const CertificateShPtrVector &untrusted, const bool ocspCheck, const bool strictCaFlagCheck);
215 void createKeyPairRSA(
217 const int size, // size in bits [1024, 2048, 4096]
218 const Alias &privateKeyAlias,
219 const Alias &publicKeyAlias,
220 const Policy &policyPrivateKey = Policy(),
221 const Policy &policyPublicKey = Policy());
223 void createKeyPairECDSA(
225 const Key::ECType type,
226 const Alias &privateKeyAlias,
227 const Alias &publicKeyAlias,
228 const Policy &policyPrivateKey = Policy(),
229 const Policy &policyPublicKey = Policy());
231 // this fuction will return chains of certificates and check it with openssl
232 // status : OK, INCOMPLETE_CHAIN, VERIFICATION_FAILED
233 void getCertiticateChain(
234 const Certificate &certificate,
235 const CertificateShPtrVector &untrustedCertificates);
237 void getCertificateChain(
238 const Certificate &certificate,
239 const AliasVector &untrustedCertificates);
241 void strictCACheck(const CertificateShPtrVector &certificateVector);
243 // This function will check all certificates in chain except Root CA.
244 void ocspCheck(const CertificateShPtrVector &certificateChainVector);
247 ConnectionAsyncImpl *m_impl;
250 class ManagerAsyncThread : public ManagerAsync {
252 ManagerAsyncThread();
253 ManagerAsyncThread(int uid); // connect to database related to uid
254 ManagerAsyncThread(const ConnectionAsyncThread &);
255 ManagerAsyncThread(ConnectionAsyncThread &&);
256 ManagerAsyncThread& operator=(const ConnectionAsyncThread &);
257 ManagerAsyncThread& operator=(ConnectionAsyncThread &&);
258 virtual ~ConnectionAsyncThread() {}
263 class ManagerAsyncNoThread : public ManagerAsync {
265 ManagerAsyncNoThread();
266 ManagerAsyncNoThread(const ConnectionAsyncNoThread &);
267 ManagerAsyncNoThread(ConnectionAsyncNoThread &&);
268 ManagerAsyncNoThread& operator=(const ConnectionAsyncNoThread &);
269 ManagerAsyncNoThread& operator=(ConnectionAsyncNoThread &&);
270 virtual ~ConnecitonAsyncNoThread() {}
272 int getDesc(); // extract descriptor number
273 int processDesc(); // send request and receive data from central key manager