1 /* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License
16 * @file client-manager-impl.cpp
17 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
19 * @brief Manager implementation.
21 #include <openssl/evp.h>
23 #include <dpl/serialization.h>
24 #include <dpl/log/log.h>
26 #include <crypto-init.h>
27 #include <client-manager-impl.h>
28 #include <client-common.h>
29 #include <message-buffer.h>
30 #include <protocols.h>
32 #include <key-aes-impl.h>
33 #include <certificate-impl.h>
40 ServiceConnection & serviceConnection,
43 const CertificateShPtr &certificate,
44 const T &untrustedVector,
45 const T &trustedVector,
46 bool useTrustedSystemCertificates,
47 CertificateShPtrVector &certificateChainVector)
49 return try_catch([&] {
52 auto send = MessageBuffer::Serialize(static_cast<int>(command),
54 certificate->getDER(),
57 useTrustedSystemCertificates);
59 int retCode = serviceConnection.processRequest(send.Pop(), recv);
60 if (CKM_API_SUCCESS != retCode)
65 RawBufferVector rawBufferVector;
66 recv.Deserialize(retCommand, retCounter, retCode, rawBufferVector);
68 if ((counter != retCounter) || (static_cast<int>(command) != retCommand)) {
69 return CKM_API_ERROR_UNKNOWN;
72 if (retCode != CKM_API_SUCCESS) {
76 for (auto &e: rawBufferVector) {
77 CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
79 return CKM_API_ERROR_BAD_RESPONSE;
80 certificateChainVector.push_back(cert);
87 } // namespace anonymous
89 ManagerImpl::ManagerImpl()
91 m_storageConnection(SERVICE_SOCKET_CKM_STORAGE),
92 m_ocspConnection(SERVICE_SOCKET_OCSP),
93 m_encryptionConnection(SERVICE_SOCKET_ENCRYPTION)
99 int ManagerImpl::saveBinaryData(
102 const RawBuffer &rawData,
103 const Policy &policy)
105 int my_counter = ++m_counter;
107 return try_catch([&] {
108 if (alias.empty() || rawData.empty())
109 return CKM_API_ERROR_INPUT_PARAM;
112 AliasSupport helper(alias);
113 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SAVE),
115 static_cast<int>(dataType),
119 PolicySerializable(policy));
121 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
122 if (CKM_API_SUCCESS != retCode)
128 recv.Deserialize(command, counter, retCode, opType);
130 if (counter != my_counter)
131 return CKM_API_ERROR_UNKNOWN;
137 int ManagerImpl::saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) {
138 if (key.get() == NULL)
139 return CKM_API_ERROR_INPUT_PARAM;
141 return saveBinaryData(alias, DataType(key->getType()), key->getDER(), policy);
142 } Catch (DataType::Exception::Base) {
143 LogError("Error in key conversion. Could not convert KeyType::NONE to DBDataType!");
145 return CKM_API_ERROR_INPUT_PARAM;
148 int ManagerImpl::saveCertificate(
150 const CertificateShPtr &cert,
151 const Policy &policy)
153 if (cert.get() == NULL)
154 return CKM_API_ERROR_INPUT_PARAM;
155 return saveBinaryData(alias, DataType::CERTIFICATE, cert->getDER(), policy);
158 int ManagerImpl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy) {
159 if (!policy.extractable)
160 return CKM_API_ERROR_INPUT_PARAM;
161 return saveBinaryData(alias, DataType::BINARY_DATA, rawData, policy);
165 int ManagerImpl::savePKCS12(
167 const PKCS12ShPtr &pkcs,
168 const Policy &keyPolicy,
169 const Policy &certPolicy)
171 if (alias.empty() || pkcs.get()==NULL)
172 return CKM_API_ERROR_INPUT_PARAM;
174 int my_counter = ++m_counter;
176 return try_catch([&] {
178 AliasSupport helper(alias);
179 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SAVE_PKCS12),
183 PKCS12Serializable(*pkcs.get()),
184 PolicySerializable(keyPolicy),
185 PolicySerializable(certPolicy));
187 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
188 if (CKM_API_SUCCESS != retCode)
193 recv.Deserialize(command, counter, retCode);
195 if (counter != my_counter)
196 return CKM_API_ERROR_UNKNOWN;
202 int ManagerImpl::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs)
204 return getPKCS12(alias, Password(), Password(), pkcs);
207 int ManagerImpl::getPKCS12(const Alias &alias, const Password &keyPass, const Password &certPass, PKCS12ShPtr &pkcs)
210 return CKM_API_ERROR_INPUT_PARAM;
212 int my_counter = ++m_counter;
214 return try_catch([&] {
216 AliasSupport helper(alias);
217 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_PKCS12),
224 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
225 if (CKM_API_SUCCESS != retCode)
230 PKCS12Serializable gotPkcs;
231 recv.Deserialize(command, counter, retCode, gotPkcs);
233 if (counter != my_counter)
234 return CKM_API_ERROR_UNKNOWN;
236 pkcs = std::make_shared<PKCS12Impl>(std::move(gotPkcs));
243 int ManagerImpl::removeAlias(const Alias &alias)
246 return CKM_API_ERROR_INPUT_PARAM;
248 int my_counter = ++m_counter;
250 return try_catch([&] {
252 AliasSupport helper(alias);
253 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::REMOVE),
258 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
259 if (CKM_API_SUCCESS != retCode)
264 recv.Deserialize(command, counter, retCode);
266 if (counter != my_counter)
267 return CKM_API_ERROR_UNKNOWN;
273 int ManagerImpl::getBinaryData(
275 DataType sendDataType,
276 const Password &password,
277 DataType &recvDataType,
281 return CKM_API_ERROR_INPUT_PARAM;
283 int my_counter = ++m_counter;
285 return try_catch([&] {
287 AliasSupport helper(alias);
288 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET),
290 static_cast<int>(sendDataType),
295 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
296 if (CKM_API_SUCCESS != retCode)
302 recv.Deserialize(command, counter, retCode, tmpDataType, rawData);
303 recvDataType = DataType(tmpDataType);
305 if (counter != my_counter)
306 return CKM_API_ERROR_UNKNOWN;
312 int ManagerImpl::getKey(const Alias &alias, const Password &password, KeyShPtr &key) {
313 DataType recvDataType;
316 int retCode = getBinaryData(
318 DataType::KEY_RSA_PUBLIC,
323 if (retCode != CKM_API_SUCCESS)
327 if(DataType::KEY_AES == recvDataType)
328 keyParsed = KeyShPtr(new KeyAESImpl(rawData));
330 keyParsed = KeyShPtr(new KeyImpl(rawData));
332 if (keyParsed->empty()) {
333 LogDebug("Key empty - failed to parse!");
334 return CKM_API_ERROR_BAD_RESPONSE;
339 return CKM_API_SUCCESS;
342 int ManagerImpl::getCertificate(const Alias &alias, const Password &password, CertificateShPtr &cert)
344 DataType recvDataType;
347 int retCode = getBinaryData(
349 DataType::CERTIFICATE,
354 if (retCode != CKM_API_SUCCESS)
357 if (recvDataType != DataType::CERTIFICATE)
358 return CKM_API_ERROR_BAD_RESPONSE;
360 CertificateShPtr certParsed(new CertificateImpl(rawData, DataFormat::FORM_DER));
362 if (certParsed->empty())
363 return CKM_API_ERROR_BAD_RESPONSE;
367 return CKM_API_SUCCESS;
370 int ManagerImpl::getData(const Alias &alias, const Password &password, RawBuffer &rawData)
372 DataType recvDataType = DataType::BINARY_DATA;
374 int retCode = getBinaryData(
376 DataType::BINARY_DATA,
381 if (retCode != CKM_API_SUCCESS)
384 if (recvDataType != DataType::BINARY_DATA)
385 return CKM_API_ERROR_BAD_RESPONSE;
387 return CKM_API_SUCCESS;
390 int ManagerImpl::getBinaryDataAliasVector(DataType dataType, AliasVector &aliasVector)
392 int my_counter = ++m_counter;
394 return try_catch([&] {
396 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_LIST),
398 static_cast<int>(dataType));
400 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
401 if (CKM_API_SUCCESS != retCode)
407 LabelNameVector labelNameVector;
408 recv.Deserialize(command, counter, retCode, tmpDataType, labelNameVector);
409 if ((command != static_cast<int>(LogicCommand::GET_LIST)) || (counter != my_counter)) {
410 return CKM_API_ERROR_UNKNOWN;
413 for(const auto &it : labelNameVector)
414 aliasVector.push_back( AliasSupport::merge(it.first, it.second) );
420 int ManagerImpl::getKeyAliasVector(AliasVector &aliasVector) {
421 // in fact datatype has no meaning here - if not certificate or binary data
422 // then manager decides to list all between DB_KEY_FIRST and DB_KEY_LAST
423 return getBinaryDataAliasVector(DataType::DB_KEY_LAST, aliasVector);
426 int ManagerImpl::getCertificateAliasVector(AliasVector &aliasVector) {
427 return getBinaryDataAliasVector(DataType::CERTIFICATE, aliasVector);
430 int ManagerImpl::getDataAliasVector(AliasVector &aliasVector) {
431 return getBinaryDataAliasVector(DataType::BINARY_DATA, aliasVector);
434 int ManagerImpl::createKeyPairRSA(
436 const Alias &privateKeyAlias,
437 const Alias &publicKeyAlias,
438 const Policy &policyPrivateKey,
439 const Policy &policyPublicKey)
441 return this->createKeyPair(CKM::KeyType::KEY_RSA_PUBLIC, size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
444 int ManagerImpl::createKeyPairDSA(
446 const Alias &privateKeyAlias,
447 const Alias &publicKeyAlias,
448 const Policy &policyPrivateKey,
449 const Policy &policyPublicKey)
451 return this->createKeyPair(CKM::KeyType::KEY_DSA_PUBLIC, size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
454 int ManagerImpl::createKeyPairECDSA(
456 const Alias &privateKeyAlias,
457 const Alias &publicKeyAlias,
458 const Policy &policyPrivateKey,
459 const Policy &policyPublicKey)
461 return this->createKeyPair(CKM::KeyType::KEY_ECDSA_PUBLIC, static_cast<int>(type), privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
464 int ManagerImpl::createKeyAES(
466 const Alias &keyAlias,
467 const Policy &policyKey)
469 // proceed with sending request
470 int my_counter = ++m_counter;
472 return try_catch([&] {
475 AliasSupport aliasHelper(keyAlias);
476 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_KEY_AES),
478 static_cast<int>(size),
479 PolicySerializable(policyKey),
480 aliasHelper.getName(),
481 aliasHelper.getLabel());
483 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
484 if (CKM_API_SUCCESS != retCode)
489 recv.Deserialize(command, counter, retCode);
490 if (counter != my_counter) {
491 return CKM_API_ERROR_UNKNOWN;
499 int ManagerImpl::createKeyPair(
500 const KeyType key_type,
501 const int additional_param,
502 const Alias &privateKeyAlias,
503 const Alias &publicKeyAlias,
504 const Policy &policyPrivateKey,
505 const Policy &policyPublicKey)
508 CryptoAlgorithm keyGenAlgorithm;
511 case KeyType::KEY_RSA_PUBLIC:
512 case KeyType::KEY_RSA_PRIVATE:
513 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_GEN);
514 keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
517 case KeyType::KEY_DSA_PUBLIC:
518 case KeyType::KEY_DSA_PRIVATE:
519 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::DSA_GEN);
520 keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
523 case KeyType::KEY_ECDSA_PUBLIC:
524 case KeyType::KEY_ECDSA_PRIVATE:
525 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::ECDSA_GEN);
526 keyGenAlgorithm.setParam(ParamName::GEN_EC, additional_param);
530 return CKM_API_ERROR_INPUT_PARAM;
533 // proceed with sending request
534 int my_counter = ++m_counter;
536 return try_catch([&] {
539 AliasSupport privateHelper(privateKeyAlias);
540 AliasSupport publicHelper(publicKeyAlias);
541 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_KEY_PAIR),
543 CryptoAlgorithmSerializable(keyGenAlgorithm),
544 PolicySerializable(policyPrivateKey),
545 PolicySerializable(policyPublicKey),
546 privateHelper.getName(),
547 privateHelper.getLabel(),
548 publicHelper.getName(),
549 publicHelper.getLabel());
551 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
552 if (CKM_API_SUCCESS != retCode)
557 recv.Deserialize(command, counter, retCode);
558 if (counter != my_counter) {
559 return CKM_API_ERROR_UNKNOWN;
566 int ManagerImpl::getCertificateChain(
567 const CertificateShPtr &certificate,
568 const CertificateShPtrVector &untrustedCertificates,
569 const CertificateShPtrVector &trustedCertificates,
570 bool useTrustedSystemCertificates,
571 CertificateShPtrVector &certificateChainVector)
573 RawBufferVector untrustedVector;
574 RawBufferVector trustedVector;
576 for (auto &e: untrustedCertificates) {
577 untrustedVector.push_back(e->getDER());
579 for (auto &e: trustedCertificates) {
580 trustedVector.push_back(e->getDER());
585 LogicCommand::GET_CHAIN_CERT,
590 useTrustedSystemCertificates,
591 certificateChainVector);
594 int ManagerImpl::getCertificateChain(
595 const CertificateShPtr &certificate,
596 const AliasVector &untrustedCertificates,
597 const AliasVector &trustedCertificates,
598 bool useTrustedSystemCertificates,
599 CertificateShPtrVector &certificateChainVector)
601 LabelNameVector untrustedVector;
602 LabelNameVector trustedVector;
604 for (auto &e: untrustedCertificates) {
605 AliasSupport helper(e);
606 untrustedVector.push_back(std::make_pair(helper.getLabel(), helper.getName()));
608 for (auto &e: trustedCertificates) {
609 AliasSupport helper(e);
610 trustedVector.push_back(std::make_pair(helper.getLabel(), helper.getName()));
615 LogicCommand::GET_CHAIN_ALIAS,
620 useTrustedSystemCertificates,
621 certificateChainVector);
624 int ManagerImpl::createSignature(
625 const Alias &privateKeyAlias,
626 const Password &password, // password for private_key
627 const RawBuffer &message,
628 const HashAlgorithm hash,
629 const RSAPaddingAlgorithm padding,
630 RawBuffer &signature)
632 int my_counter = ++m_counter;
634 return try_catch([&] {
637 AliasSupport helper(privateKeyAlias);
638 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_SIGNATURE),
644 static_cast<int>(hash),
645 static_cast<int>(padding));
647 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
648 if (CKM_API_SUCCESS != retCode)
653 recv.Deserialize(command, counter, retCode, signature);
655 if ((command != static_cast<int>(LogicCommand::CREATE_SIGNATURE))
656 || (counter != my_counter))
658 return CKM_API_ERROR_UNKNOWN;
665 int ManagerImpl::verifySignature(
666 const Alias &publicKeyOrCertAlias,
667 const Password &password, // password for public_key (optional)
668 const RawBuffer &message,
669 const RawBuffer &signature,
670 const HashAlgorithm hash,
671 const RSAPaddingAlgorithm padding)
673 int my_counter = ++m_counter;
675 return try_catch([&] {
677 AliasSupport helper(publicKeyOrCertAlias);
678 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::VERIFY_SIGNATURE),
685 static_cast<int>(hash),
686 static_cast<int>(padding));
688 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
689 if (CKM_API_SUCCESS != retCode)
694 recv.Deserialize(command, counter, retCode);
696 if ((command != static_cast<int>(LogicCommand::VERIFY_SIGNATURE))
697 || (counter != my_counter))
699 return CKM_API_ERROR_UNKNOWN;
706 int ManagerImpl::ocspCheck(const CertificateShPtrVector &certChain, int &ocspStatus)
708 return try_catch([&] {
709 int my_counter = ++m_counter;
712 RawBufferVector rawCertChain;
713 for (auto &e: certChain) {
714 rawCertChain.push_back(e->getDER());
717 auto send = MessageBuffer::Serialize(my_counter, rawCertChain);
719 int retCode = m_ocspConnection.processRequest(send.Pop(), recv);
720 if (CKM_API_SUCCESS != retCode)
724 recv.Deserialize(counter, retCode, ocspStatus);
726 if (my_counter != counter) {
727 return CKM_API_ERROR_UNKNOWN;
734 int ManagerImpl::setPermission(const Alias &alias,
735 const Label &accessor,
736 PermissionMask permissionMask)
738 int my_counter = ++m_counter;
740 return try_catch([&] {
742 AliasSupport helper(alias);
743 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SET_PERMISSION),
750 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
751 if (CKM_API_SUCCESS != retCode)
756 recv.Deserialize(command, counter, retCode);
758 if (my_counter != counter) {
759 return CKM_API_ERROR_UNKNOWN;
766 int ManagerImpl::crypt(EncryptionCommand command,
767 const CryptoAlgorithm &algo,
768 const Alias &keyAlias,
769 const Password &password,
770 const RawBuffer& input,
773 int my_counter = ++m_counter;
775 return try_catch([&] {
777 AliasSupport helper(keyAlias);
778 CryptoAlgorithmSerializable cas(algo);
779 auto send = MessageBuffer::Serialize(static_cast<int>(command),
787 int retCode = m_encryptionConnection.processRequest(send.Pop(), recv);
788 if (CKM_API_SUCCESS != retCode)
793 recv.Deserialize(command, counter, retCode, output);
795 if (my_counter != counter) {
796 return CKM_API_ERROR_UNKNOWN;
803 int ManagerImpl::encrypt(const CryptoAlgorithm &algo,
804 const Alias &keyAlias,
805 const Password &password,
806 const RawBuffer& plain,
807 RawBuffer& encrypted)
809 return crypt(EncryptionCommand::ENCRYPT, algo, keyAlias, password, plain, encrypted);
812 int ManagerImpl::decrypt(const CryptoAlgorithm &algo,
813 const Alias &keyAlias,
814 const Password &password,
815 const RawBuffer& encrypted,
816 RawBuffer& decrypted)
818 return crypt(EncryptionCommand::DECRYPT, algo, keyAlias, password, encrypted, decrypted);
821 ManagerShPtr Manager::create() {
823 return std::make_shared<ManagerImpl>();
824 } catch (const std::bad_alloc &) {
825 LogDebug("Bad alloc was caught during ManagerImpl creation.");
827 LogError("Critical error: Unknown exception was caught during ManagerImpl creation!");
829 return ManagerShPtr();