2 * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief Main header file for client library.
28 #include <ckm/ckm-certificate.h>
29 #include <ckm/ckm-error.h>
30 #include <ckm/ckm-key.h>
31 #include <ckm/ckm-type.h>
33 // Central Key Manager namespace
37 typedef std::shared_ptr<Manager> ManagerShPtr;
43 virtual int saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) = 0;
44 virtual int saveCertificate(const Alias &alias, const CertificateShPtr &cert, const Policy &policy) = 0;
47 * Data must be extractable. If you set extractable bit to false funciton will
48 * return ERROR_INPUT_PARAM.
50 virtual int saveData(const Alias &alias, const RawBuffer &data, const Policy &policy) = 0;
52 virtual int removeKey(const Alias &alias) = 0;
53 virtual int removeCertificate(const Alias &alias) = 0;
54 virtual int removeData(const Alias &alias) = 0;
56 virtual int getKey(const Alias &alias, const Password &password, KeyShPtr &key) = 0;
57 virtual int getCertificate(
59 const Password &password,
60 CertificateShPtr &certificate) = 0;
61 virtual int getData(const Alias &alias, const Password &password, RawBuffer &data) = 0;
63 // send request for list of all keys/certificates/data that application/user may use
64 virtual int getKeyAliasVector(AliasVector &aliasVector) = 0;
65 virtual int getCertificateAliasVector(AliasVector &aliasVector) = 0;
66 virtual int getDataAliasVector(AliasVector &aliasVector) = 0;
68 virtual int createKeyPairRSA(
69 const int size, // size in bits [1024, 2048, 4096]
70 const Alias &privateKeyAlias,
71 const Alias &publicKeyAlias,
72 const Policy &policyPrivateKey = Policy(),
73 const Policy &policyPublicKey = Policy()) = 0;
75 virtual int createKeyPairECDSA(
76 const ElipticCurve type,
77 const Alias &privateKeyAlias,
78 const Alias &publicKeyAlias,
79 const Policy &policyPrivateKey = Policy(),
80 const Policy &policyPublicKey = Policy()) = 0;
82 virtual int getCertificateChain(
83 const CertificateShPtr &certificate,
84 const CertificateShPtrVector &untrustedCertificates,
85 CertificateShPtrVector &certificateChainVector) = 0;
87 virtual int getCertificateChain(
88 const CertificateShPtr &certificate,
89 const AliasVector &untrustedCertificates,
90 CertificateShPtrVector &certificateChainVector) = 0;
92 virtual int createSignature(
93 const Alias &privateKeyAlias,
94 const Password &password, // password for private_key
95 const RawBuffer &message,
96 const HashAlgorithm hash,
97 const RSAPaddingAlgorithm padding,
98 RawBuffer &signature) = 0;
100 virtual int verifySignature(
101 const Alias &publicKeyOrCertAlias,
102 const Password &password, // password for public_key (optional)
103 const RawBuffer &message,
104 const RawBuffer &signature,
105 const HashAlgorithm hash,
106 const RSAPaddingAlgorithm padding) = 0;
108 // This function will check all certificates in chain except Root CA.
109 // This function will delegate task to service. You may use this even
110 // if application does not have permission to use network.
111 virtual int ocspCheck(const CertificateShPtrVector &certificateChainVector, int &ocspStatus) = 0;
113 static ManagerShPtr create();
114 // static ManagerShPtr getManager(int uid); // TODO
118 // Asynchronous interface to Central Key Manager. This implementation uses
119 // internal thread for connection.
122 class ManagerAsyncImpl;
124 // Observer will observer custom operation.
126 // Error callback - all errors
127 // ERROR_API_NOT_SUPPORTED,
128 // ERROR_API_CONNECTION_LOST,
129 // ERROR_API_PARSING_ERROR,
130 // ERROR_API_ALIAS_UNKNOWN
131 virtual void ReceivedError(int error, const std::string &errormsg);
133 // This will return data
134 virtual void ReceivedKey(Key && key) {}
135 virtual void ReceivedCertificate(Certificate && certificate) {}
136 virtual void ReceivedKeyAliasVector(AliasVector && aliasVector) {}
137 virtual void ReceivedCertificateAliasVector(AliasVector && aliasVector) {}
139 // This callbacks will confirm successful operation
140 virtual void ReceivedSaveKey() {}
141 virtual void ReceivedSaveCertificate() {}
142 virtual void ReceivedRemovedKey() {}
143 virtual void ReceivedRemovedCertificate() {}
145 // Added By Dongsun Lee
146 virtual void ReceivedData(RawBuffer && data) {}
147 virtual void ReceivedDataAliasVector(AliasVector && aliasVector) {}
149 // This callbacks will confirm successful operation
150 virtual void ReceivedSaveData() {}
151 virtual void ReceivedRemovedData() {}
152 virtual void ReceivedCreateKeyPairRSA() {}
153 virtual void ReceivedCreateKeyPairECDSA() {}
154 virtual void ReceivedCreateSignature(RawBuffer && signature) {}
156 // TODO: describe status
157 virtual void ReceivedVerifySignature() {}
158 // TODO: describe status
159 // Do we need some chain of the certificate?
160 virtual void ReceivedVerifyCertificate() {}
162 virtual void ReceivedGetCertiticateChain(CertificateShPtrVector &&certificateVector) {}
163 virtual void ReceivedStrictCACheck();
164 virtual void ReceivedOCSPCheck();
166 virtual ~Observer() {}
170 ManagerAsync(const ManagerAsync &);
171 ManagerAsync(ManagerAsync &&);
172 ManagerAsync& operator=(const ManagerAsync &);
173 ManagerAsync& operator=(ManagerAsync &&);
174 virtual ~ManagerAsync();
176 // observer will be destroyed after use
177 void saveKey(Observer *observer, const Alias &alias, const Key &key, const Policy &policy);
178 void saveCertificate(Observer *observer, const Alias &alias, const Certificate &cert, const Policy &policy);
180 void removeKey(Observer *observer, const Alias &alias);
181 void removeCertificate(Observer *observer, const Alias &alias);
183 void requestKey(Observer *observer, const Alias &alias);
184 void requestCertificate(Observer *observer, const Alias &alias);
186 // This will extract list of all Keys and Certificates in Key Store
187 void requestKeyAliasVector(Observer *observer); // send request for list of all keys that application/user may use
188 void requestCertificateAliasVector(Observer *observer); // send request for list of all certs that application/user may use
190 // Added By Dongsun Lee
191 void saveData(Observer *observer, const Alias &alias, const RawBuffer &data, const Policy &policy);
192 void removeData(Observer *observer, const Alias &alias);
193 void requestData(Observer *observer, const Alias &alias);
194 void requestDataAliasVector(Observer *observer); // send request for list of all data that application/user may use
195 void createKeyPairRSA(Observer *observer, const Alias &privateKeyAlias, const Alias &publicKeyAlias, const int &size, const Policy &policy);
196 void createKeyPairECDSA(Observer *observer, const Alias &privateKeyAlias, const Alias &publicKeyAlias, ECType type, const int &size, const Policy &policy);
197 void createSignature(Observer *observer, const Alias &privateKeyAlias, const RawBuffer &password, const RawBuffer &message);
198 void verifySignature(Observer *observer, const Alias &publicKeyOrCertAlias, const RawBuffer &password, const RawBuffer &message, const RawBuffer &signature);
200 // Should we use also certificates stored by user in Certral Key Manager?
201 // Sometimes we may want to verify certificate without OCSP (for example we are installing side-loaded app and network is not working).
202 void verifyCertificate(Observer *observer, const Certificate &certificate, const CertificateShPtrVector &untrusted, const bool ocspCheck, const bool strictCaFlagCheck);
204 void createKeyPairRSA(
206 const int size, // size in bits [1024, 2048, 4096]
207 const Alias &privateKeyAlias,
208 const Alias &publicKeyAlias,
209 const Policy &policyPrivateKey = Policy(),
210 const Policy &policyPublicKey = Policy());
212 void createKeyPairECDSA(
214 const Key::ECType type,
215 const Alias &privateKeyAlias,
216 const Alias &publicKeyAlias,
217 const Policy &policyPrivateKey = Policy(),
218 const Policy &policyPublicKey = Policy());
220 // this fuction will return chains of certificates and check it with openssl
221 // status : OK, INCOMPLETE_CHAIN, VERIFICATION_FAILED
222 void getCertiticateChain(
223 const Certificate &certificate,
224 const CertificateShPtrVector &untrustedCertificates);
226 void getCertificateChain(
227 const Certificate &certificate,
228 const AliasVector &untrustedCertificates);
230 void strictCACheck(const CertificateShPtrVector &certificateVector);
232 // This function will check all certificates in chain except Root CA.
233 void ocspCheck(const CertificateShPtrVector &certificateChainVector);
236 ConnectionAsyncImpl *m_impl;
239 class ManagerAsyncThread : public ManagerAsync {
241 ManagerAsyncThread();
242 ManagerAsyncThread(int uid); // connect to database related to uid
243 ManagerAsyncThread(const ConnectionAsyncThread &);
244 ManagerAsyncThread(ConnectionAsyncThread &&);
245 ManagerAsyncThread& operator=(const ConnectionAsyncThread &);
246 ManagerAsyncThread& operator=(ConnectionAsyncThread &&);
247 virtual ~ConnectionAsyncThread() {}
252 class ManagerAsyncNoThread : public ManagerAsync {
254 ManagerAsyncNoThread();
255 ManagerAsyncNoThread(const ConnectionAsyncNoThread &);
256 ManagerAsyncNoThread(ConnectionAsyncNoThread &&);
257 ManagerAsyncNoThread& operator=(const ConnectionAsyncNoThread &);
258 ManagerAsyncNoThread& operator=(ConnectionAsyncNoThread &&);
259 virtual ~ConnecitonAsyncNoThread() {}
261 int getDesc(); // extract descriptor number
262 int processDesc(); // send request and receive data from central key manager