1 /* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License
16 * @file client-manager-impl.cpp
17 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
19 * @brief Manager implementation.
21 #include <openssl/evp.h>
23 #include <dpl/serialization.h>
24 #include <dpl/log/log.h>
26 #include <crypto-init.h>
27 #include <client-manager-impl.h>
28 #include <client-common.h>
29 #include <message-buffer.h>
30 #include <protocols.h>
32 #include <certificate-impl.h>
37 int ManagerImpl::getCertChain(
38 ServiceConnection & serviceConnection,
41 const CertificateShPtr &certificate,
42 const T &untrustedVector,
43 const T &trustedVector,
44 bool useTrustedSystemCertificates,
45 CertificateShPtrVector &certificateChainVector)
47 return try_catch([&] {
50 auto send = MessageBuffer::Serialize(static_cast<int>(command),
52 certificate->getDER(),
55 useTrustedSystemCertificates);
57 int retCode = serviceConnection.processRequest(send.Pop(), recv);
58 if (CKM_API_SUCCESS != retCode)
64 RawBufferVector rawBufferVector;
65 recv.Deserialize(retCommand, retCounter, retCode, rawBufferVector, retCCModeState);
67 LogDebug("CCModeState[" << (retCCModeState ? "TRUE" : "FALSE") << "]");
69 if ((counter != retCounter) || (static_cast<int>(command) != retCommand)) {
70 return CKM_API_ERROR_UNKNOWN;
73 if (retCode != CKM_API_SUCCESS) {
77 for (auto &e: rawBufferVector) {
78 CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
80 return CKM_API_ERROR_BAD_RESPONSE;
81 certificateChainVector.push_back(cert);
86 retCode = ocspCheck(certificateChainVector, ocspStatus);
88 if ((retCode == CKM_API_SUCCESS) && (ocspStatus != CKM_API_OCSP_STATUS_GOOD)) {
89 retCode = CKM_API_ERROR_VERIFICATION_FAILED;
97 ManagerImpl::ManagerImpl()
98 : m_counter(0), m_storageConnection(SERVICE_SOCKET_CKM_STORAGE), m_ocspConnection(SERVICE_SOCKET_OCSP)
104 int ManagerImpl::saveBinaryData(
107 const RawBuffer &rawData,
108 const Policy &policy)
110 int my_counter = ++m_counter;
112 return try_catch([&] {
113 if (alias.empty() || rawData.empty())
114 return CKM_API_ERROR_INPUT_PARAM;
117 AliasSupport helper(alias);
118 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SAVE),
120 static_cast<int>(dataType),
124 PolicySerializable(policy));
126 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
127 if (CKM_API_SUCCESS != retCode)
133 recv.Deserialize(command, counter, retCode, opType);
135 if (counter != my_counter)
136 return CKM_API_ERROR_UNKNOWN;
142 int ManagerImpl::saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) {
143 if (key.get() == NULL)
144 return CKM_API_ERROR_INPUT_PARAM;
146 return saveBinaryData(alias, DataType(key->getType()), key->getDER(), policy);
147 } Catch (DataType::Exception::Base) {
148 LogError("Error in key conversion. Could not convert KeyType::NONE to DBDataType!");
150 return CKM_API_ERROR_INPUT_PARAM;
153 int ManagerImpl::saveCertificate(
155 const CertificateShPtr &cert,
156 const Policy &policy)
158 if (cert.get() == NULL)
159 return CKM_API_ERROR_INPUT_PARAM;
160 return saveBinaryData(alias, DataType::CERTIFICATE, cert->getDER(), policy);
163 int ManagerImpl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy) {
164 if (!policy.extractable)
165 return CKM_API_ERROR_INPUT_PARAM;
166 return saveBinaryData(alias, DataType::BINARY_DATA, rawData, policy);
170 int ManagerImpl::savePKCS12(
172 const PKCS12ShPtr &pkcs,
173 const Policy &keyPolicy,
174 const Policy &certPolicy)
176 if (alias.empty() || pkcs.get()==NULL)
177 return CKM_API_ERROR_INPUT_PARAM;
179 int my_counter = ++m_counter;
181 return try_catch([&] {
183 AliasSupport helper(alias);
184 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SAVE_PKCS12),
188 PKCS12Serializable(*pkcs.get()),
189 PolicySerializable(keyPolicy),
190 PolicySerializable(certPolicy));
192 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
193 if (CKM_API_SUCCESS != retCode)
198 recv.Deserialize(command, counter, retCode);
200 if (counter != my_counter)
201 return CKM_API_ERROR_UNKNOWN;
207 int ManagerImpl::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs)
209 return getPKCS12(alias, Password(), Password(), pkcs);
212 int ManagerImpl::getPKCS12(const Alias &alias, const Password &keyPass, const Password &certPass, PKCS12ShPtr &pkcs)
215 return CKM_API_ERROR_INPUT_PARAM;
217 int my_counter = ++m_counter;
219 return try_catch([&] {
221 AliasSupport helper(alias);
222 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_PKCS12),
229 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
230 if (CKM_API_SUCCESS != retCode)
235 PKCS12Serializable gotPkcs;
236 recv.Deserialize(command, counter, retCode, gotPkcs);
238 if (counter != my_counter)
239 return CKM_API_ERROR_UNKNOWN;
241 pkcs = std::make_shared<PKCS12Impl>(std::move(gotPkcs));
248 int ManagerImpl::removeAlias(const Alias &alias)
251 return CKM_API_ERROR_INPUT_PARAM;
253 int my_counter = ++m_counter;
255 return try_catch([&] {
257 AliasSupport helper(alias);
258 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::REMOVE),
263 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
264 if (CKM_API_SUCCESS != retCode)
269 recv.Deserialize(command, counter, retCode);
271 if (counter != my_counter)
272 return CKM_API_ERROR_UNKNOWN;
278 int ManagerImpl::getBinaryData(
280 DataType sendDataType,
281 const Password &password,
282 DataType &recvDataType,
286 return CKM_API_ERROR_INPUT_PARAM;
288 int my_counter = ++m_counter;
290 return try_catch([&] {
292 AliasSupport helper(alias);
293 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET),
295 static_cast<int>(sendDataType),
300 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
301 if (CKM_API_SUCCESS != retCode)
307 recv.Deserialize(command, counter, retCode, tmpDataType, rawData);
308 recvDataType = DataType(tmpDataType);
310 if (counter != my_counter)
311 return CKM_API_ERROR_UNKNOWN;
317 int ManagerImpl::getKey(const Alias &alias, const Password &password, KeyShPtr &key) {
318 DataType recvDataType;
321 int retCode = getBinaryData(
323 DataType::KEY_RSA_PUBLIC,
328 if (retCode != CKM_API_SUCCESS)
331 KeyShPtr keyParsed(new KeyImpl(rawData));
333 if (keyParsed->empty()) {
334 LogDebug("Key empty - failed to parse!");
335 return CKM_API_ERROR_BAD_RESPONSE;
340 return CKM_API_SUCCESS;
343 int ManagerImpl::getCertificate(const Alias &alias, const Password &password, CertificateShPtr &cert)
345 DataType recvDataType;
348 int retCode = getBinaryData(
350 DataType::CERTIFICATE,
355 if (retCode != CKM_API_SUCCESS)
358 if (recvDataType != DataType::CERTIFICATE)
359 return CKM_API_ERROR_BAD_RESPONSE;
361 CertificateShPtr certParsed(new CertificateImpl(rawData, DataFormat::FORM_DER));
363 if (certParsed->empty())
364 return CKM_API_ERROR_BAD_RESPONSE;
368 return CKM_API_SUCCESS;
371 int ManagerImpl::getData(const Alias &alias, const Password &password, RawBuffer &rawData)
373 DataType recvDataType = DataType::BINARY_DATA;
375 int retCode = getBinaryData(
377 DataType::BINARY_DATA,
382 if (retCode != CKM_API_SUCCESS)
385 if (recvDataType != DataType::BINARY_DATA)
386 return CKM_API_ERROR_BAD_RESPONSE;
388 return CKM_API_SUCCESS;
391 int ManagerImpl::getBinaryDataAliasVector(DataType dataType, AliasVector &aliasVector)
393 int my_counter = ++m_counter;
395 return try_catch([&] {
397 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_LIST),
399 static_cast<int>(dataType));
401 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
402 if (CKM_API_SUCCESS != retCode)
408 LabelNameVector labelNameVector;
409 recv.Deserialize(command, counter, retCode, tmpDataType, labelNameVector);
410 if ((command != static_cast<int>(LogicCommand::GET_LIST)) || (counter != my_counter)) {
411 return CKM_API_ERROR_UNKNOWN;
414 for(const auto &it : labelNameVector)
415 aliasVector.push_back( AliasSupport::merge(it.first, it.second) );
421 int ManagerImpl::getKeyAliasVector(AliasVector &aliasVector) {
422 // in fact datatype has no meaning here - if not certificate or binary data
423 // then manager decides to list all between DB_KEY_FIRST and DB_KEY_LAST
424 return getBinaryDataAliasVector(DataType::DB_KEY_LAST, aliasVector);
427 int ManagerImpl::getCertificateAliasVector(AliasVector &aliasVector) {
428 return getBinaryDataAliasVector(DataType::CERTIFICATE, aliasVector);
431 int ManagerImpl::getDataAliasVector(AliasVector &aliasVector) {
432 return getBinaryDataAliasVector(DataType::BINARY_DATA, aliasVector);
435 int ManagerImpl::createKeyPairRSA(
437 const Alias &privateKeyAlias,
438 const Alias &publicKeyAlias,
439 const Policy &policyPrivateKey,
440 const Policy &policyPublicKey)
442 return this->createKeyPair(CKM::KeyType::KEY_RSA_PUBLIC, size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
445 int ManagerImpl::createKeyPairDSA(
447 const Alias &privateKeyAlias,
448 const Alias &publicKeyAlias,
449 const Policy &policyPrivateKey,
450 const Policy &policyPublicKey)
452 return this->createKeyPair(CKM::KeyType::KEY_DSA_PUBLIC, size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
455 int ManagerImpl::createKeyPairECDSA(
457 const Alias &privateKeyAlias,
458 const Alias &publicKeyAlias,
459 const Policy &policyPrivateKey,
460 const Policy &policyPublicKey)
462 return this->createKeyPair(CKM::KeyType::KEY_ECDSA_PUBLIC, static_cast<int>(type), privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
465 int ManagerImpl::createKeyPair(
466 const KeyType key_type,
467 const int additional_param,
468 const Alias &privateKeyAlias,
469 const Alias &publicKeyAlias,
470 const Policy &policyPrivateKey,
471 const Policy &policyPublicKey)
474 LogicCommand cmd_type;
477 case KeyType::KEY_RSA_PUBLIC:
478 case KeyType::KEY_RSA_PRIVATE:
479 cmd_type = LogicCommand::CREATE_KEY_PAIR_RSA;
482 case KeyType::KEY_DSA_PUBLIC:
483 case KeyType::KEY_DSA_PRIVATE:
484 cmd_type = LogicCommand::CREATE_KEY_PAIR_DSA;
487 case KeyType::KEY_ECDSA_PUBLIC:
488 case KeyType::KEY_ECDSA_PRIVATE:
489 cmd_type = LogicCommand::CREATE_KEY_PAIR_ECDSA;
493 return CKM_API_ERROR_INPUT_PARAM;
496 // proceed with sending request
497 int my_counter = ++m_counter;
499 return try_catch([&] {
502 AliasSupport privateHelper(privateKeyAlias);
503 AliasSupport publicHelper(publicKeyAlias);
504 auto send = MessageBuffer::Serialize(static_cast<int>(cmd_type),
506 static_cast<int>(additional_param),
507 PolicySerializable(policyPrivateKey),
508 PolicySerializable(policyPublicKey),
509 privateHelper.getName(),
510 privateHelper.getLabel(),
511 publicHelper.getName(),
512 publicHelper.getLabel());
514 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
515 if (CKM_API_SUCCESS != retCode)
520 recv.Deserialize(command, counter, retCode);
521 if (counter != my_counter) {
522 return CKM_API_ERROR_UNKNOWN;
529 int ManagerImpl::getCertificateChain(
530 const CertificateShPtr &certificate,
531 const CertificateShPtrVector &untrustedCertificates,
532 const CertificateShPtrVector &trustedCertificates,
533 bool useTrustedSystemCertificates,
534 CertificateShPtrVector &certificateChainVector)
536 RawBufferVector untrustedVector;
537 RawBufferVector trustedVector;
539 for (auto &e: untrustedCertificates) {
540 untrustedVector.push_back(e->getDER());
542 for (auto &e: trustedCertificates) {
543 trustedVector.push_back(e->getDER());
548 LogicCommand::GET_CHAIN_CERT,
553 useTrustedSystemCertificates,
554 certificateChainVector);
557 int ManagerImpl::getCertificateChain(
558 const CertificateShPtr &certificate,
559 const AliasVector &untrustedCertificates,
560 const AliasVector &trustedCertificates,
561 bool useTrustedSystemCertificates,
562 CertificateShPtrVector &certificateChainVector)
564 LabelNameVector untrustedVector;
565 LabelNameVector trustedVector;
567 for (auto &e: untrustedCertificates) {
568 AliasSupport helper(e);
569 untrustedVector.push_back(std::make_pair(helper.getLabel(), helper.getName()));
571 for (auto &e: trustedCertificates) {
572 AliasSupport helper(e);
573 trustedVector.push_back(std::make_pair(helper.getLabel(), helper.getName()));
578 LogicCommand::GET_CHAIN_ALIAS,
583 useTrustedSystemCertificates,
584 certificateChainVector);
587 int ManagerImpl::createSignature(
588 const Alias &privateKeyAlias,
589 const Password &password, // password for private_key
590 const RawBuffer &message,
591 const HashAlgorithm hash,
592 const RSAPaddingAlgorithm padding,
593 RawBuffer &signature)
595 int my_counter = ++m_counter;
597 return try_catch([&] {
600 AliasSupport helper(privateKeyAlias);
601 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_SIGNATURE),
607 static_cast<int>(hash),
608 static_cast<int>(padding));
610 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
611 if (CKM_API_SUCCESS != retCode)
616 recv.Deserialize(command, counter, retCode, signature);
618 if ((command != static_cast<int>(LogicCommand::CREATE_SIGNATURE))
619 || (counter != my_counter))
621 return CKM_API_ERROR_UNKNOWN;
628 int ManagerImpl::verifySignature(
629 const Alias &publicKeyOrCertAlias,
630 const Password &password, // password for public_key (optional)
631 const RawBuffer &message,
632 const RawBuffer &signature,
633 const HashAlgorithm hash,
634 const RSAPaddingAlgorithm padding)
636 int my_counter = ++m_counter;
638 return try_catch([&] {
640 AliasSupport helper(publicKeyOrCertAlias);
641 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::VERIFY_SIGNATURE),
648 static_cast<int>(hash),
649 static_cast<int>(padding));
651 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
652 if (CKM_API_SUCCESS != retCode)
657 recv.Deserialize(command, counter, retCode);
659 if ((command != static_cast<int>(LogicCommand::VERIFY_SIGNATURE))
660 || (counter != my_counter))
662 return CKM_API_ERROR_UNKNOWN;
669 int ManagerImpl::ocspCheck(const CertificateShPtrVector &certChain, int &ocspStatus)
671 return try_catch([&] {
672 int my_counter = ++m_counter;
675 RawBufferVector rawCertChain;
676 for (auto &e: certChain) {
677 rawCertChain.push_back(e->getDER());
680 auto send = MessageBuffer::Serialize(my_counter, rawCertChain);
682 int retCode = m_ocspConnection.processRequest(send.Pop(), recv);
683 if (CKM_API_SUCCESS != retCode)
687 recv.Deserialize(counter, retCode, ocspStatus);
689 if (my_counter != counter) {
690 return CKM_API_ERROR_UNKNOWN;
697 int ManagerImpl::setPermission(const Alias &alias,
698 const Label &accessor,
699 PermissionMask permissionMask)
701 int my_counter = ++m_counter;
703 return try_catch([&] {
705 AliasSupport helper(alias);
706 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SET_PERMISSION),
713 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
714 if (CKM_API_SUCCESS != retCode)
719 recv.Deserialize(command, counter, retCode);
721 if (my_counter != counter) {
722 return CKM_API_ERROR_UNKNOWN;
729 ManagerShPtr Manager::create() {
731 return std::make_shared<ManagerImpl>();
732 } catch (const std::bad_alloc &) {
733 LogDebug("Bad alloc was caught during ManagerImpl creation.");
735 LogError("Critical error: Unknown exception was caught during ManagerImpl creation!");
737 return ManagerShPtr();