src/manager/client/client-manager-impl.cpp

   1 /* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
   2  *
   3  *  Licensed under the Apache License, Version 2.0 (the "License");
   4  *  you may not use this file except in compliance with the License.
   5  *  You may obtain a copy of the License at
   6  *
   7  *      http://www.apache.org/licenses/LICENSE-2.0
   8  *
   9  *  Unless required by applicable law or agreed to in writing, software
  10  *  distributed under the License is distributed on an "AS IS" BASIS,
  11  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12  *  See the License for the specific language governing permissions and
  13  *  limitations under the License
  14  *
  15  *
  16  * @file        client-manager-impl.cpp
  17  * @author      Bartlomiej Grzelewski (b.grzelewski@samsung.com)
  18  * @version     1.0
  19  * @brief       Manager implementation.
  20  */
  21 #include <openssl/evp.h>
  22
  23 #include <dpl/serialization.h>
  24 #include <dpl/log/log.h>
  25
  26 #include <crypto-init.h>
  27 #include <client-manager-impl.h>
  28 #include <client-common.h>
  29 #include <exception.h>
  30 #include <message-buffer.h>
  31 #include <protocols.h>
  32 #include <key-impl.h>
  33 #include <key-aes-impl.h>
  34 #include <certificate-impl.h>
  35
  36 namespace CKM {
  37
  38 namespace {
  39 template <class T>
  40 int getCertChain(
  41         ServiceConnection &serviceConnection,
  42         LogicCommand command,
  43         int counter,
  44         const CertificateShPtr &certificate,
  45         const T &untrustedVector,
  46         const T &trustedVector,
  47         bool useTrustedSystemCertificates,
  48         CertificateShPtrVector &certificateChainVector)
  49 {
  50         EXCEPTION_GUARD_START_CPPAPI
  51
  52         MessageBuffer recv;
  53         auto send = MessageBuffer::Serialize(static_cast<int>(command),
  54                                                                                  counter,
  55                                                                                  certificate->getDER(),
  56                                                                                  untrustedVector,
  57                                                                                  trustedVector,
  58                                                                                  useTrustedSystemCertificates);
  59
  60         int retCode = serviceConnection.processRequest(send.Pop(), recv);
  61
  62         if (CKM_API_SUCCESS != retCode)
  63                 return retCode;
  64
  65         int retCommand;
  66         int retCounter;
  67         RawBufferVector rawBufferVector;
  68         recv.Deserialize(retCommand, retCounter, retCode, rawBufferVector);
  69
  70         if ((counter != retCounter) || (static_cast<int>(command) != retCommand))
  71                 return CKM_API_ERROR_UNKNOWN;
  72
  73         if (retCode != CKM_API_SUCCESS)
  74                 return retCode;
  75
  76         for (auto &e : rawBufferVector) {
  77                 CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
  78
  79                 if (cert->empty())
  80                         return CKM_API_ERROR_BAD_RESPONSE;
  81
  82                 certificateChainVector.push_back(cert);
  83         }
  84
  85         return retCode;
  86
  87         EXCEPTION_GUARD_END
  88 }
  89
  90 } // namespace anonymous
  91
  92 Manager::Impl::Impl()
  93         : m_counter(0),
  94           m_storageConnection(SERVICE_SOCKET_CKM_STORAGE),
  95           m_ocspConnection(SERVICE_SOCKET_OCSP),
  96           m_encryptionConnection(SERVICE_SOCKET_ENCRYPTION)
  97 {
  98         initOpenSslOnce();
  99 }
 100
 101
 102 int Manager::Impl::saveBinaryData(
 103         const Alias &alias,
 104         DataType dataType,
 105         const RawBuffer &rawData,
 106         const Policy &policy)
 107 {
 108         int my_counter = ++m_counter;
 109
 110         EXCEPTION_GUARD_START_CPPAPI
 111
 112         if (alias.empty() || rawData.empty())
 113                 return CKM_API_ERROR_INPUT_PARAM;
 114
 115         MessageBuffer recv;
 116         AliasSupport helper(alias);
 117         auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SAVE),
 118                                                                                  my_counter,
 119                                                                                  static_cast<int>(dataType),
 120                                                                                  helper.getName(),
 121                                                                                  helper.getOwner(),
 122                                                                                  rawData,
 123                                                                                  PolicySerializable(policy));
 124
 125         int retCode = m_storageConnection.processRequest(send.Pop(), recv);
 126
 127         if (CKM_API_SUCCESS != retCode)
 128                 return retCode;
 129
 130         int command;
 131         int counter;
 132         int opType;
 133         recv.Deserialize(command, counter, retCode, opType);
 134
 135         if (counter != my_counter)
 136                 return CKM_API_ERROR_UNKNOWN;
 137
 138         return retCode;
 139
 140         EXCEPTION_GUARD_END
 141 }
 142
 143 int Manager::Impl::saveKey(const Alias &alias, const KeyShPtr &key,
 144                                                    const Policy &policy)
 145 {
 146         if (key.get() == NULL || key->empty())
 147                 return CKM_API_ERROR_INPUT_PARAM;
 148
 149         try {
 150                 return saveBinaryData(alias, DataType(key->getType()), key->getDER(), policy);
 151         } catch (const Exc::Exception &e) {
 152                 LogError("Exception: " << e.what());
 153                 return e.error();
 154         }
 155 }
 156
 157 int Manager::Impl::saveCertificate(
 158         const Alias &alias,
 159         const CertificateShPtr &cert,
 160         const Policy &policy)
 161 {
 162         if (cert.get() == NULL || cert->empty())
 163                 return CKM_API_ERROR_INPUT_PARAM;
 164
 165         return saveBinaryData(alias, DataType::CERTIFICATE, cert->getDER(), policy);
 166 }
 167
 168 int Manager::Impl::saveData(const Alias &alias, const RawBuffer &rawData,
 169                                                         const Policy &policy)
 170 {
 171         if (!policy.extractable)
 172                 return CKM_API_ERROR_INPUT_PARAM;
 173
 174         return saveBinaryData(alias, DataType::BINARY_DATA, rawData, policy);
 175 }
 176
 177
 178 int Manager::Impl::savePKCS12(
 179         const Alias &alias,
 180         const PKCS12ShPtr &pkcs,
 181         const Policy &keyPolicy,
 182         const Policy &certPolicy)
 183 {
 184         if (alias.empty() || pkcs.get() == NULL)
 185                 return CKM_API_ERROR_INPUT_PARAM;
 186
 187         int my_counter = ++m_counter;
 188
 189         EXCEPTION_GUARD_START_CPPAPI
 190
 191         MessageBuffer recv;
 192         AliasSupport helper(alias);
 193         auto send = MessageBuffer::Serialize(static_cast<int>
 194                                                                                  (LogicCommand::SAVE_PKCS12),
 195                                                                                  my_counter,
 196                                                                                  helper.getName(),
 197                                                                                  helper.getOwner(),
 198                                                                                  PKCS12Serializable(*pkcs.get()),
 199                                                                                  PolicySerializable(keyPolicy),
 200                                                                                  PolicySerializable(certPolicy));
 201
 202         int retCode = m_storageConnection.processRequest(send.Pop(), recv);
 203
 204         if (CKM_API_SUCCESS != retCode)
 205                 return retCode;
 206
 207         int command;
 208         int counter;
 209         recv.Deserialize(command, counter, retCode);
 210
 211         if (counter != my_counter)
 212                 return CKM_API_ERROR_UNKNOWN;
 213
 214         return retCode;
 215
 216         EXCEPTION_GUARD_END
 217 }
 218
 219 int Manager::Impl::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs)
 220 {
 221         return getPKCS12(alias, Password(), Password(), pkcs);
 222 }
 223
 224 int Manager::Impl::getPKCS12(const Alias &alias, const Password &keyPass,
 225                                                          const Password &certPass, PKCS12ShPtr &pkcs)
 226 {
 227         if (alias.empty())
 228                 return CKM_API_ERROR_INPUT_PARAM;
 229
 230         int my_counter = ++m_counter;
 231
 232         EXCEPTION_GUARD_START_CPPAPI
 233
 234         MessageBuffer recv;
 235         AliasSupport helper(alias);
 236         auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_PKCS12),
 237                                                                                  my_counter,
 238                                                                                  helper.getName(),
 239                                                                                  helper.getOwner(),
 240                                                                                  keyPass,
 241                                                                                  certPass);
 242
 243         int retCode = m_storageConnection.processRequest(send.Pop(), recv);
 244
 245         if (CKM_API_SUCCESS != retCode)
 246                 return retCode;
 247
 248         int command;
 249         int counter;
 250         PKCS12Serializable gotPkcs;
 251         recv.Deserialize(command, counter, retCode, gotPkcs);
 252
 253         if (counter != my_counter)
 254                 return CKM_API_ERROR_UNKNOWN;
 255
 256         pkcs = std::make_shared<PKCS12Impl>(std::move(gotPkcs));
 257
 258         return retCode;
 259
 260         EXCEPTION_GUARD_END
 261 }
 262
 263
 264 int Manager::Impl::removeAlias(const Alias &alias)
 265 {
 266         if (alias.empty())
 267                 return CKM_API_ERROR_INPUT_PARAM;
 268
 269         int my_counter = ++m_counter;
 270
 271         EXCEPTION_GUARD_START_CPPAPI
 272
 273         MessageBuffer recv;
 274         AliasSupport helper(alias);
 275         auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::REMOVE),
 276                                                                                  my_counter,
 277                                                                                  helper.getName(),
 278                                                                                  helper.getOwner());
 279
 280         int retCode = m_storageConnection.processRequest(send.Pop(), recv);
 281
 282         if (CKM_API_SUCCESS != retCode)
 283                 return retCode;
 284
 285         int command;
 286         int counter;
 287         recv.Deserialize(command, counter, retCode);
 288
 289         if (counter != my_counter)
 290                 return CKM_API_ERROR_UNKNOWN;
 291
 292         return retCode;
 293
 294         EXCEPTION_GUARD_END
 295 }
 296
 297 int Manager::Impl::getBinaryData(
 298         const Alias &alias,
 299         DataType sendDataType,
 300         const Password &password,
 301         DataType &recvDataType,
 302         RawBuffer &rawData)
 303 {
 304         if (alias.empty())
 305                 return CKM_API_ERROR_INPUT_PARAM;
 306
 307         int my_counter = ++m_counter;
 308
 309         EXCEPTION_GUARD_START_CPPAPI
 310
 311         MessageBuffer recv;
 312         AliasSupport helper(alias);
 313         auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET),
 314                                                                                  my_counter,
 315                                                                                  static_cast<int>(sendDataType),
 316                                                                                  helper.getName(),
 317                                                                                  helper.getOwner(),
 318                                                                                  password);
 319
 320         int retCode = m_storageConnection.processRequest(send.Pop(), recv);
 321
 322         if (CKM_API_SUCCESS != retCode)
 323                 return retCode;
 324
 325         int command;
 326         int counter;
 327         int tmpDataType;
 328         recv.Deserialize(command, counter, retCode, tmpDataType, rawData);
 329         recvDataType = DataType(tmpDataType);
 330
 331         if (counter != my_counter)
 332                 return CKM_API_ERROR_UNKNOWN;
 333
 334         return retCode;
 335
 336         EXCEPTION_GUARD_END
 337 }
 338
 339 int Manager::Impl::getKey(const Alias &alias, const Password &password,
 340                                                   KeyShPtr &key)
 341 {
 342         DataType recvDataType;
 343         RawBuffer rawData;
 344
 345         int retCode = getBinaryData(
 346                                           alias,
 347                                           DataType::KEY_RSA_PUBLIC,
 348                                           password,
 349                                           recvDataType,
 350                                           rawData);
 351
 352         if (retCode != CKM_API_SUCCESS)
 353                 return retCode;
 354
 355         KeyShPtr keyParsed;
 356
 357         if (DataType::KEY_AES == recvDataType)
 358                 keyParsed = KeyShPtr(new KeyAESImpl(rawData));
 359         else
 360                 keyParsed = KeyShPtr(new KeyImpl(rawData));
 361
 362         if (keyParsed->empty()) {
 363                 LogDebug("Key empty - failed to parse!");
 364                 return CKM_API_ERROR_BAD_RESPONSE;
 365         }
 366
 367         key = keyParsed;
 368
 369         return CKM_API_SUCCESS;
 370 }
 371
 372 int Manager::Impl::getCertificate(const Alias &alias, const Password &password,
 373                                                                   CertificateShPtr &cert)
 374 {
 375         DataType recvDataType;
 376         RawBuffer rawData;
 377
 378         int retCode = getBinaryData(
 379                                           alias,
 380                                           DataType::CERTIFICATE,
 381                                           password,
 382                                           recvDataType,
 383                                           rawData);
 384
 385         if (retCode != CKM_API_SUCCESS)
 386                 return retCode;
 387
 388         if (recvDataType != DataType::CERTIFICATE)
 389                 return CKM_API_ERROR_BAD_RESPONSE;
 390
 391         CertificateShPtr certParsed(new CertificateImpl(rawData, DataFormat::FORM_DER));
 392
 393         if (certParsed->empty())
 394                 return CKM_API_ERROR_BAD_RESPONSE;
 395
 396         cert = certParsed;
 397
 398         return CKM_API_SUCCESS;
 399 }
 400
 401 int Manager::Impl::getData(const Alias &alias, const Password &password,
 402                                                    RawBuffer &rawData)
 403 {
 404         DataType recvDataType = DataType::BINARY_DATA;
 405
 406         int retCode = getBinaryData(
 407                                           alias,
 408                                           DataType::BINARY_DATA,
 409                                           password,
 410                                           recvDataType,
 411                                           rawData);
 412
 413         if (retCode != CKM_API_SUCCESS)
 414                 return retCode;
 415
 416         if (recvDataType != DataType::BINARY_DATA)
 417                 return CKM_API_ERROR_BAD_RESPONSE;
 418
 419         return CKM_API_SUCCESS;
 420 }
 421
 422 int Manager::Impl::getBinaryDataAliasVector(DataType dataType,
 423                 AliasVector &aliasVector)
 424 {
 425         int my_counter = ++m_counter;
 426
 427         EXCEPTION_GUARD_START_CPPAPI
 428
 429         MessageBuffer recv;
 430         auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_LIST),
 431                                                                                  my_counter,
 432                                                                                  static_cast<int>(dataType));
 433
 434         int retCode = m_storageConnection.processRequest(send.Pop(), recv);
 435
 436         if (CKM_API_SUCCESS != retCode)
 437                 return retCode;
 438
 439         int command;
 440         int counter;
 441         int tmpDataType;
 442         OwnerNameVector ownerNameVector;
 443         recv.Deserialize(command, counter, retCode, tmpDataType, ownerNameVector);
 444
 445         if ((command != static_cast<int>(LogicCommand::GET_LIST)) ||
 446                         (counter != my_counter))
 447                 return CKM_API_ERROR_UNKNOWN;
 448
 449         for (const auto &it : ownerNameVector)
 450                 aliasVector.push_back(AliasSupport::merge(it.first, it.second));
 451
 452         return retCode;
 453
 454         EXCEPTION_GUARD_END
 455 }
 456
 457 int Manager::Impl::getKeyAliasVector(AliasVector &aliasVector)
 458 {
 459         // in fact datatype has no meaning here - if not certificate or binary data
 460         // then manager decides to list all between DB_KEY_FIRST and DB_KEY_LAST
 461         return getBinaryDataAliasVector(DataType::DB_KEY_LAST, aliasVector);
 462 }
 463
 464 int Manager::Impl::getCertificateAliasVector(AliasVector &aliasVector)
 465 {
 466         return getBinaryDataAliasVector(DataType::CERTIFICATE, aliasVector);
 467 }
 468
 469 int Manager::Impl::getDataAliasVector(AliasVector &aliasVector)
 470 {
 471         return getBinaryDataAliasVector(DataType::BINARY_DATA, aliasVector);
 472 }
 473
 474 int Manager::Impl::createKeyPairRSA(
 475         const int size,
 476         const Alias &privateKeyAlias,
 477         const Alias &publicKeyAlias,
 478         const Policy &policyPrivateKey,
 479         const Policy &policyPublicKey)
 480 {
 481         return this->createKeyPair(CKM::KeyType::KEY_RSA_PUBLIC, size, privateKeyAlias,
 482                                                            publicKeyAlias, policyPrivateKey, policyPublicKey);
 483 }
 484
 485 int Manager::Impl::createKeyPairDSA(
 486         const int size,
 487         const Alias &privateKeyAlias,
 488         const Alias &publicKeyAlias,
 489         const Policy &policyPrivateKey,
 490         const Policy &policyPublicKey)
 491 {
 492         return this->createKeyPair(CKM::KeyType::KEY_DSA_PUBLIC, size, privateKeyAlias,
 493                                                            publicKeyAlias, policyPrivateKey, policyPublicKey);
 494 }
 495
 496 int Manager::Impl::createKeyPairECDSA(
 497         ElipticCurve type,
 498         const Alias &privateKeyAlias,
 499         const Alias &publicKeyAlias,
 500         const Policy &policyPrivateKey,
 501         const Policy &policyPublicKey)
 502 {
 503         return this->createKeyPair(CKM::KeyType::KEY_ECDSA_PUBLIC,
 504                                                            static_cast<int>(type), privateKeyAlias, publicKeyAlias, policyPrivateKey,
 505                                                            policyPublicKey);
 506 }
 507
 508 int Manager::Impl::createKeyAES(
 509         const int size,
 510         const Alias &keyAlias,
 511         const Policy &policyKey)
 512 {
 513         // proceed with sending request
 514         int my_counter = ++m_counter;
 515
 516         EXCEPTION_GUARD_START_CPPAPI
 517
 518         MessageBuffer recv;
 519         AliasSupport aliasHelper(keyAlias);
 520         auto send = MessageBuffer::Serialize(static_cast<int>
 521                                                                                  (LogicCommand::CREATE_KEY_AES),
 522                                                                                  my_counter,
 523                                                                                  static_cast<int>(size),
 524                                                                                  PolicySerializable(policyKey),
 525                                                                                  aliasHelper.getName(),
 526                                                                                  aliasHelper.getOwner());
 527
 528         int retCode = m_storageConnection.processRequest(send.Pop(), recv);
 529
 530         if (CKM_API_SUCCESS != retCode)
 531                 return retCode;
 532
 533         int command;
 534         int counter;
 535         recv.Deserialize(command, counter, retCode);
 536
 537         if (counter != my_counter)
 538                 return CKM_API_ERROR_UNKNOWN;
 539
 540         return retCode;
 541
 542         EXCEPTION_GUARD_END
 543 }
 544
 545
 546 int Manager::Impl::createKeyPair(
 547         const KeyType key_type,
 548         const int     additional_param,
 549         const Alias  &privateKeyAlias,
 550         const Alias  &publicKeyAlias,
 551         const Policy &policyPrivateKey,
 552         const Policy &policyPublicKey)
 553 {
 554         // input type check
 555         CryptoAlgorithm keyGenAlgorithm;
 556
 557         switch (key_type) {
 558         case KeyType::KEY_RSA_PUBLIC:
 559         case KeyType::KEY_RSA_PRIVATE:
 560                 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_GEN);
 561                 keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
 562                 break;
 563
 564         case KeyType::KEY_DSA_PUBLIC:
 565         case KeyType::KEY_DSA_PRIVATE:
 566                 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::DSA_GEN);
 567                 keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
 568                 break;
 569
 570         case KeyType::KEY_ECDSA_PUBLIC:
 571         case KeyType::KEY_ECDSA_PRIVATE:
 572                 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::ECDSA_GEN);
 573                 keyGenAlgorithm.setParam(ParamName::GEN_EC, additional_param);
 574                 break;
 575
 576         default:
 577                 return CKM_API_ERROR_INPUT_PARAM;
 578         }
 579
 580         // proceed with sending request
 581         int my_counter = ++m_counter;
 582
 583         EXCEPTION_GUARD_START_CPPAPI
 584
 585         MessageBuffer recv;
 586         AliasSupport privateHelper(privateKeyAlias);
 587         AliasSupport publicHelper(publicKeyAlias);
 588         auto send = MessageBuffer::Serialize(static_cast<int>
 589                                                                                  (LogicCommand::CREATE_KEY_PAIR),
 590                                                                                  my_counter,
 591                                                                                  CryptoAlgorithmSerializable(keyGenAlgorithm),
 592                                                                                  PolicySerializable(policyPrivateKey),
 593                                                                                  PolicySerializable(policyPublicKey),
 594                                                                                  privateHelper.getName(),
 595                                                                                  privateHelper.getOwner(),
 596                                                                                  publicHelper.getName(),
 597                                                                                  publicHelper.getOwner());
 598
 599         int retCode = m_storageConnection.processRequest(send.Pop(), recv);
 600
 601         if (CKM_API_SUCCESS != retCode)
 602                 return retCode;
 603
 604         int command;
 605         int counter;
 606         recv.Deserialize(command, counter, retCode);
 607
 608         if (counter != my_counter)
 609                 return CKM_API_ERROR_UNKNOWN;
 610
 611         return retCode;
 612
 613         EXCEPTION_GUARD_END
 614 }
 615
 616 int Manager::Impl::getCertificateChain(
 617         const CertificateShPtr &certificate,
 618         const CertificateShPtrVector &untrustedCertificates,
 619         const CertificateShPtrVector &trustedCertificates,
 620         bool useTrustedSystemCertificates,
 621         CertificateShPtrVector &certificateChainVector)
 622 {
 623         RawBufferVector untrustedVector;
 624         RawBufferVector trustedVector;
 625
 626         if (!certificate || certificate->empty())
 627                 return CKM_API_ERROR_INPUT_PARAM;
 628
 629         for (auto &e : untrustedCertificates) {
 630                 if (!e || e->empty())
 631                         return CKM_API_ERROR_INPUT_PARAM;
 632                 untrustedVector.push_back(e->getDER());
 633         }
 634
 635         for (auto &e : trustedCertificates) {
 636                 if (!e || e->empty())
 637                         return CKM_API_ERROR_INPUT_PARAM;
 638                 trustedVector.push_back(e->getDER());
 639         }
 640
 641         return getCertChain(
 642                            m_storageConnection,
 643                            LogicCommand::GET_CHAIN_CERT,
 644                            ++m_counter,
 645                            certificate,
 646                            untrustedVector,
 647                            trustedVector,
 648                            useTrustedSystemCertificates,
 649                            certificateChainVector);
 650 }
 651
 652 int Manager::Impl::getCertificateChain(
 653         const CertificateShPtr &certificate,
 654         const AliasVector &untrustedCertificates,
 655         const AliasVector &trustedCertificates,
 656         bool useTrustedSystemCertificates,
 657         CertificateShPtrVector &certificateChainVector)
 658 {
 659         OwnerNameVector untrustedVector;
 660         OwnerNameVector trustedVector;
 661
 662         if (!certificate || certificate->empty())
 663                 return CKM_API_ERROR_INPUT_PARAM;
 664
 665         for (auto &e : untrustedCertificates) {
 666                 AliasSupport helper(e);
 667                 untrustedVector.push_back(std::make_pair(helper.getOwner(), helper.getName()));
 668         }
 669
 670         for (auto &e : trustedCertificates) {
 671                 AliasSupport helper(e);
 672                 trustedVector.push_back(std::make_pair(helper.getOwner(), helper.getName()));
 673         }
 674
 675         return getCertChain(
 676                            m_storageConnection,
 677                            LogicCommand::GET_CHAIN_ALIAS,
 678                            ++m_counter,
 679                            certificate,
 680                            untrustedVector,
 681                            trustedVector,
 682                            useTrustedSystemCertificates,
 683                            certificateChainVector);
 684 }
 685
 686 int Manager::Impl::createSignature(
 687         const Alias &privateKeyAlias,
 688         const Password &password,           // password for private_key
 689         const RawBuffer &message,
 690         const CryptoAlgorithm &cAlgorithm,
 691         RawBuffer &signature)
 692 {
 693         int my_counter = ++m_counter;
 694
 695         EXCEPTION_GUARD_START_CPPAPI
 696
 697         MessageBuffer recv;
 698         AliasSupport helper(privateKeyAlias);
 699         auto send = MessageBuffer::Serialize(static_cast<int>
 700                                                                                  (LogicCommand::CREATE_SIGNATURE),
 701                                                                                  my_counter,
 702                                                                                  helper.getName(),
 703                                                                                  helper.getOwner(),
 704                                                                                  password,
 705                                                                                  message,
 706                                                                                  CryptoAlgorithmSerializable(cAlgorithm));
 707
 708         int retCode = m_storageConnection.processRequest(send.Pop(), recv);
 709
 710         if (CKM_API_SUCCESS != retCode)
 711                 return retCode;
 712
 713         int command;
 714         int counter;
 715         recv.Deserialize(command, counter, retCode, signature);
 716
 717         if ((command != static_cast<int>(LogicCommand::CREATE_SIGNATURE))
 718                         || (counter != my_counter))
 719                 return CKM_API_ERROR_UNKNOWN;
 720
 721         return retCode;
 722
 723         EXCEPTION_GUARD_END
 724 }
 725
 726 int Manager::Impl::verifySignature(
 727         const Alias &publicKeyOrCertAlias,
 728         const Password &password,           // password for public_key (optional)
 729         const RawBuffer &message,
 730         const RawBuffer &signature,
 731         const CryptoAlgorithm &cAlg)
 732 {
 733         int my_counter = ++m_counter;
 734
 735         EXCEPTION_GUARD_START_CPPAPI
 736
 737         MessageBuffer recv;
 738         AliasSupport helper(publicKeyOrCertAlias);
 739         auto send = MessageBuffer::Serialize(static_cast<int>
 740                                                                                  (LogicCommand::VERIFY_SIGNATURE),
 741                                                                                  my_counter,
 742                                                                                  helper.getName(),
 743                                                                                  helper.getOwner(),
 744                                                                                  password,
 745                                                                                  message,
 746                                                                                  signature,
 747                                                                                  CryptoAlgorithmSerializable(cAlg));
 748
 749         int retCode = m_storageConnection.processRequest(send.Pop(), recv);
 750
 751         if (CKM_API_SUCCESS != retCode)
 752                 return retCode;
 753
 754         int command;
 755         int counter;
 756         recv.Deserialize(command, counter, retCode);
 757
 758         if ((command != static_cast<int>(LogicCommand::VERIFY_SIGNATURE))
 759                         || (counter != my_counter))
 760                 return CKM_API_ERROR_UNKNOWN;
 761
 762         return retCode;
 763
 764         EXCEPTION_GUARD_END
 765 }
 766
 767 int Manager::Impl::ocspCheck(const CertificateShPtrVector &certChain,
 768                                                          int &ocspStatus)
 769 {
 770         EXCEPTION_GUARD_START_CPPAPI
 771
 772         int my_counter = ++m_counter;
 773         MessageBuffer recv;
 774
 775         RawBufferVector rawCertChain;
 776
 777         for (auto &e : certChain) {
 778                 if (!e || e->empty()) {
 779                         LogError("Empty certificate");
 780                         return CKM_API_ERROR_INPUT_PARAM;
 781                 }
 782
 783                 rawCertChain.push_back(e->getDER());
 784         }
 785
 786         auto send = MessageBuffer::Serialize(my_counter, rawCertChain);
 787
 788         int retCode = m_ocspConnection.processRequest(send.Pop(), recv);
 789
 790         if (CKM_API_SUCCESS != retCode)
 791                 return retCode;
 792
 793         int counter;
 794         recv.Deserialize(counter, retCode, ocspStatus);
 795
 796         if (my_counter != counter)
 797                 return CKM_API_ERROR_UNKNOWN;
 798
 799         return retCode;
 800
 801         EXCEPTION_GUARD_END
 802 }
 803
 804 int Manager::Impl::setPermission(const Alias &alias,
 805                                                                  const ClientId &accessor,
 806                                                                  PermissionMask permissionMask)
 807 {
 808         int my_counter = ++m_counter;
 809
 810         EXCEPTION_GUARD_START_CPPAPI
 811
 812         MessageBuffer recv;
 813         AliasSupport helper(alias);
 814         auto send = MessageBuffer::Serialize(static_cast<int>
 815                                                                                  (LogicCommand::SET_PERMISSION),
 816                                                                                  my_counter,
 817                                                                                  helper.getName(),
 818                                                                                  helper.getOwner(),
 819                                                                                  accessor,
 820                                                                                  permissionMask);
 821
 822         int retCode = m_storageConnection.processRequest(send.Pop(), recv);
 823
 824         if (CKM_API_SUCCESS != retCode)
 825                 return retCode;
 826
 827         int command;
 828         int counter;
 829         recv.Deserialize(command, counter, retCode);
 830
 831         if (my_counter != counter)
 832                 return CKM_API_ERROR_UNKNOWN;
 833
 834         return retCode;
 835
 836         EXCEPTION_GUARD_END
 837 }
 838
 839 int Manager::Impl::crypt(EncryptionCommand command,
 840                                                  const CryptoAlgorithm &algo,
 841                                                  const Alias &keyAlias,
 842                                                  const Password &password,
 843                                                  const RawBuffer &input,
 844                                                  RawBuffer &output)
 845 {
 846         int my_counter = ++m_counter;
 847
 848         EXCEPTION_GUARD_START_CPPAPI
 849
 850         MessageBuffer recv;
 851         AliasSupport helper(keyAlias);
 852         CryptoAlgorithmSerializable cas(algo);
 853         auto send = MessageBuffer::Serialize(static_cast<int>(command),
 854                                                                                  my_counter,
 855                                                                                  cas,
 856                                                                                  helper.getName(),
 857                                                                                  helper.getOwner(),
 858                                                                                  password,
 859                                                                                  input);
 860
 861         int retCode = m_encryptionConnection.processRequest(send.Pop(), recv);
 862
 863         if (CKM_API_SUCCESS != retCode)
 864                 return retCode;
 865
 866         int retCommand;
 867         int counter;
 868         recv.Deserialize(retCommand, counter, retCode, output);
 869
 870         if (my_counter != counter || retCommand != static_cast<int>(command))
 871                 return CKM_API_ERROR_UNKNOWN;
 872
 873         return retCode;
 874
 875         EXCEPTION_GUARD_END
 876 }
 877
 878 int Manager::Impl::encrypt(const CryptoAlgorithm &algo,
 879                                                    const Alias &keyAlias,
 880                                                    const Password &password,
 881                                                    const RawBuffer &plain,
 882                                                    RawBuffer &encrypted)
 883 {
 884         return crypt(EncryptionCommand::ENCRYPT, algo, keyAlias, password, plain,
 885                                  encrypted);
 886 }
 887
 888 int Manager::Impl::decrypt(const CryptoAlgorithm &algo,
 889                                                    const Alias &keyAlias,
 890                                                    const Password &password,
 891                                                    const RawBuffer &encrypted,
 892                                                    RawBuffer &decrypted)
 893 {
 894         return crypt(EncryptionCommand::DECRYPT, algo, keyAlias, password, encrypted,
 895                                  decrypted);
 896 }
 897
 898 } // namespace CKM