2 * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief Main header file for client library.
28 #include <ckm/ckm-certificate.h>
29 #include <ckm/ckm-error.h>
30 #include <ckm/ckm-key.h>
31 #include <ckm/ckm-type.h>
33 // Central Key Manager namespace
37 typedef std::shared_ptr<Manager> ManagerShPtr;
43 virtual int saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) = 0;
44 virtual int saveCertificate(const Alias &alias, const CertificateShPtr &cert, const Policy &policy) = 0;
47 * Data must be extractable. If you set extractable bit to false funciton will
48 * return ERROR_INPUT_PARAM.
50 virtual int saveData(const Alias &alias, const RawBuffer &data, const Policy &policy) = 0;
52 virtual int removeKey(const Alias &alias) = 0;
53 virtual int removeCertificate(const Alias &alias) = 0;
54 virtual int removeData(const Alias &alias) = 0;
56 virtual int getKey(const Alias &alias, const Password &password, KeyShPtr &key) = 0;
57 virtual int getCertificate(
59 const Password &password,
60 CertificateShPtr &certificate) = 0;
61 virtual int getData(const Alias &alias, const Password &password, RawBuffer &data) = 0;
63 // send request for list of all keys/certificates/data that application/user may use
64 virtual int getKeyAliasVector(AliasVector &aliasVector) = 0;
65 virtual int getCertificateAliasVector(AliasVector &aliasVector) = 0;
66 virtual int getDataAliasVector(AliasVector &aliasVector) = 0;
68 virtual int createKeyPairRSA(
69 const int size, // size in bits [1024, 2048, 4096]
70 const Alias &privateKeyAlias,
71 const Alias &publicKeyAlias,
72 const Policy &policyPrivateKey = Policy(),
73 const Policy &policyPublicKey = Policy()) = 0;
75 virtual int createKeyPairDSA(
76 const int size, // size in bits [1024, 2048, 3072, 4096]
77 const Alias &privateKeyAlias,
78 const Alias &publicKeyAlias,
79 const Policy &policyPrivateKey = Policy(),
80 const Policy &policyPublicKey = Policy()) = 0;
82 virtual int createKeyPairECDSA(
83 const ElipticCurve type,
84 const Alias &privateKeyAlias,
85 const Alias &publicKeyAlias,
86 const Policy &policyPrivateKey = Policy(),
87 const Policy &policyPublicKey = Policy()) = 0;
89 virtual int getCertificateChain(
90 const CertificateShPtr &certificate,
91 const CertificateShPtrVector &untrustedCertificates,
92 CertificateShPtrVector &certificateChainVector) = 0;
94 virtual int getCertificateChain(
95 const CertificateShPtr &certificate,
96 const AliasVector &untrustedCertificates,
97 CertificateShPtrVector &certificateChainVector) = 0;
99 virtual int createSignature(
100 const Alias &privateKeyAlias,
101 const Password &password, // password for private_key
102 const RawBuffer &message,
103 const HashAlgorithm hash,
104 const RSAPaddingAlgorithm padding,
105 RawBuffer &signature) = 0;
107 virtual int verifySignature(
108 const Alias &publicKeyOrCertAlias,
109 const Password &password, // password for public_key (optional)
110 const RawBuffer &message,
111 const RawBuffer &signature,
112 const HashAlgorithm hash,
113 const RSAPaddingAlgorithm padding) = 0;
115 // This function will check all certificates in chain except Root CA.
116 // This function will delegate task to service. You may use this even
117 // if application does not have permission to use network.
118 virtual int ocspCheck(const CertificateShPtrVector &certificateChainVector, int &ocspStatus) = 0;
120 static ManagerShPtr create();
121 // static ManagerShPtr getManager(int uid); // TODO
125 // Asynchronous interface to Central Key Manager. This implementation uses
126 // internal thread for connection.
129 class ManagerAsyncImpl;
131 // Observer will observer custom operation.
133 // Error callback - all errors
134 // ERROR_API_NOT_SUPPORTED,
135 // ERROR_API_CONNECTION_LOST,
136 // ERROR_API_PARSING_ERROR,
137 // ERROR_API_ALIAS_UNKNOWN
138 virtual void ReceivedError(int error, const std::string &errormsg);
140 // This will return data
141 virtual void ReceivedKey(Key && key) {}
142 virtual void ReceivedCertificate(Certificate && certificate) {}
143 virtual void ReceivedKeyAliasVector(AliasVector && aliasVector) {}
144 virtual void ReceivedCertificateAliasVector(AliasVector && aliasVector) {}
146 // This callbacks will confirm successful operation
147 virtual void ReceivedSaveKey() {}
148 virtual void ReceivedSaveCertificate() {}
149 virtual void ReceivedRemovedKey() {}
150 virtual void ReceivedRemovedCertificate() {}
152 // Added By Dongsun Lee
153 virtual void ReceivedData(RawBuffer && data) {}
154 virtual void ReceivedDataAliasVector(AliasVector && aliasVector) {}
156 // This callbacks will confirm successful operation
157 virtual void ReceivedSaveData() {}
158 virtual void ReceivedRemovedData() {}
159 virtual void ReceivedCreateKeyPairRSA() {}
160 virtual void ReceivedCreateKeyPairECDSA() {}
161 virtual void ReceivedCreateSignature(RawBuffer && signature) {}
163 // TODO: describe status
164 virtual void ReceivedVerifySignature() {}
165 // TODO: describe status
166 // Do we need some chain of the certificate?
167 virtual void ReceivedVerifyCertificate() {}
169 virtual void ReceivedGetCertiticateChain(CertificateShPtrVector &&certificateVector) {}
170 virtual void ReceivedStrictCACheck();
171 virtual void ReceivedOCSPCheck();
173 virtual ~Observer() {}
177 ManagerAsync(const ManagerAsync &);
178 ManagerAsync(ManagerAsync &&);
179 ManagerAsync& operator=(const ManagerAsync &);
180 ManagerAsync& operator=(ManagerAsync &&);
181 virtual ~ManagerAsync();
183 // observer will be destroyed after use
184 void saveKey(Observer *observer, const Alias &alias, const Key &key, const Policy &policy);
185 void saveCertificate(Observer *observer, const Alias &alias, const Certificate &cert, const Policy &policy);
187 void removeKey(Observer *observer, const Alias &alias);
188 void removeCertificate(Observer *observer, const Alias &alias);
190 void requestKey(Observer *observer, const Alias &alias);
191 void requestCertificate(Observer *observer, const Alias &alias);
193 // This will extract list of all Keys and Certificates in Key Store
194 void requestKeyAliasVector(Observer *observer); // send request for list of all keys that application/user may use
195 void requestCertificateAliasVector(Observer *observer); // send request for list of all certs that application/user may use
197 // Added By Dongsun Lee
198 void saveData(Observer *observer, const Alias &alias, const RawBuffer &data, const Policy &policy);
199 void removeData(Observer *observer, const Alias &alias);
200 void requestData(Observer *observer, const Alias &alias);
201 void requestDataAliasVector(Observer *observer); // send request for list of all data that application/user may use
202 void createKeyPairRSA(Observer *observer, const Alias &privateKeyAlias, const Alias &publicKeyAlias, const int &size, const Policy &policy);
203 void createKeyPairECDSA(Observer *observer, const Alias &privateKeyAlias, const Alias &publicKeyAlias, ECType type, const int &size, const Policy &policy);
204 void createSignature(Observer *observer, const Alias &privateKeyAlias, const RawBuffer &password, const RawBuffer &message);
205 void verifySignature(Observer *observer, const Alias &publicKeyOrCertAlias, const RawBuffer &password, const RawBuffer &message, const RawBuffer &signature);
207 // Should we use also certificates stored by user in Certral Key Manager?
208 // Sometimes we may want to verify certificate without OCSP (for example we are installing side-loaded app and network is not working).
209 void verifyCertificate(Observer *observer, const Certificate &certificate, const CertificateShPtrVector &untrusted, const bool ocspCheck, const bool strictCaFlagCheck);
211 void createKeyPairRSA(
213 const int size, // size in bits [1024, 2048, 4096]
214 const Alias &privateKeyAlias,
215 const Alias &publicKeyAlias,
216 const Policy &policyPrivateKey = Policy(),
217 const Policy &policyPublicKey = Policy());
219 void createKeyPairECDSA(
221 const Key::ECType type,
222 const Alias &privateKeyAlias,
223 const Alias &publicKeyAlias,
224 const Policy &policyPrivateKey = Policy(),
225 const Policy &policyPublicKey = Policy());
227 // this fuction will return chains of certificates and check it with openssl
228 // status : OK, INCOMPLETE_CHAIN, VERIFICATION_FAILED
229 void getCertiticateChain(
230 const Certificate &certificate,
231 const CertificateShPtrVector &untrustedCertificates);
233 void getCertificateChain(
234 const Certificate &certificate,
235 const AliasVector &untrustedCertificates);
237 void strictCACheck(const CertificateShPtrVector &certificateVector);
239 // This function will check all certificates in chain except Root CA.
240 void ocspCheck(const CertificateShPtrVector &certificateChainVector);
243 ConnectionAsyncImpl *m_impl;
246 class ManagerAsyncThread : public ManagerAsync {
248 ManagerAsyncThread();
249 ManagerAsyncThread(int uid); // connect to database related to uid
250 ManagerAsyncThread(const ConnectionAsyncThread &);
251 ManagerAsyncThread(ConnectionAsyncThread &&);
252 ManagerAsyncThread& operator=(const ConnectionAsyncThread &);
253 ManagerAsyncThread& operator=(ConnectionAsyncThread &&);
254 virtual ~ConnectionAsyncThread() {}
259 class ManagerAsyncNoThread : public ManagerAsync {
261 ManagerAsyncNoThread();
262 ManagerAsyncNoThread(const ConnectionAsyncNoThread &);
263 ManagerAsyncNoThread(ConnectionAsyncNoThread &&);
264 ManagerAsyncNoThread& operator=(const ConnectionAsyncNoThread &);
265 ManagerAsyncNoThread& operator=(ConnectionAsyncNoThread &&);
266 virtual ~ConnecitonAsyncNoThread() {}
268 int getDesc(); // extract descriptor number
269 int processDesc(); // send request and receive data from central key manager