1 /* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License
16 * @file client-manager-impl.cpp
17 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
19 * @brief Manager implementation.
21 #include <openssl/evp.h>
23 #include <dpl/serialization.h>
24 #include <dpl/log/log.h>
26 #include <crypto-init.h>
27 #include <client-manager-impl.h>
28 #include <client-common.h>
29 #include <message-buffer.h>
30 #include <protocols.h>
32 #include <key-aes-impl.h>
33 #include <certificate-impl.h>
40 ServiceConnection & serviceConnection,
43 const CertificateShPtr &certificate,
44 const T &untrustedVector,
45 const T &trustedVector,
46 bool useTrustedSystemCertificates,
47 CertificateShPtrVector &certificateChainVector)
49 return try_catch([&] {
52 auto send = MessageBuffer::Serialize(static_cast<int>(command),
54 certificate->getDER(),
57 useTrustedSystemCertificates);
59 int retCode = serviceConnection.processRequest(send.Pop(), recv);
60 if (CKM_API_SUCCESS != retCode)
65 RawBufferVector rawBufferVector;
66 recv.Deserialize(retCommand, retCounter, retCode, rawBufferVector);
68 if ((counter != retCounter) || (static_cast<int>(command) != retCommand)) {
69 return CKM_API_ERROR_UNKNOWN;
72 if (retCode != CKM_API_SUCCESS) {
76 for (auto &e: rawBufferVector) {
77 CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
79 return CKM_API_ERROR_BAD_RESPONSE;
80 certificateChainVector.push_back(cert);
87 } // namespace anonymous
91 m_storageConnection(SERVICE_SOCKET_CKM_STORAGE),
92 m_ocspConnection(SERVICE_SOCKET_OCSP),
93 m_encryptionConnection(SERVICE_SOCKET_ENCRYPTION)
99 int Manager::Impl::saveBinaryData(
102 const RawBuffer &rawData,
103 const Policy &policy)
105 int my_counter = ++m_counter;
107 return try_catch([&] {
108 if (alias.empty() || rawData.empty())
109 return CKM_API_ERROR_INPUT_PARAM;
112 AliasSupport helper(alias);
113 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SAVE),
115 static_cast<int>(dataType),
119 PolicySerializable(policy));
121 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
122 if (CKM_API_SUCCESS != retCode)
128 recv.Deserialize(command, counter, retCode, opType);
130 if (counter != my_counter)
131 return CKM_API_ERROR_UNKNOWN;
137 int Manager::Impl::saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) {
138 if (key.get() == NULL)
139 return CKM_API_ERROR_INPUT_PARAM;
141 return saveBinaryData(alias, DataType(key->getType()), key->getDER(), policy);
142 } Catch (DataType::Exception::Base) {
143 LogError("Error in key conversion. Could not convert KeyType::NONE to DBDataType!");
145 return CKM_API_ERROR_INPUT_PARAM;
148 int Manager::Impl::saveCertificate(
150 const CertificateShPtr &cert,
151 const Policy &policy)
153 if (cert.get() == NULL)
154 return CKM_API_ERROR_INPUT_PARAM;
155 return saveBinaryData(alias, DataType::CERTIFICATE, cert->getDER(), policy);
158 int Manager::Impl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy) {
159 if (!policy.extractable)
160 return CKM_API_ERROR_INPUT_PARAM;
161 return saveBinaryData(alias, DataType::BINARY_DATA, rawData, policy);
165 int Manager::Impl::savePKCS12(
167 const PKCS12ShPtr &pkcs,
168 const Policy &keyPolicy,
169 const Policy &certPolicy)
171 if (alias.empty() || pkcs.get()==NULL)
172 return CKM_API_ERROR_INPUT_PARAM;
174 int my_counter = ++m_counter;
176 return try_catch([&] {
178 AliasSupport helper(alias);
179 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SAVE_PKCS12),
183 PKCS12Serializable(*pkcs.get()),
184 PolicySerializable(keyPolicy),
185 PolicySerializable(certPolicy));
187 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
188 if (CKM_API_SUCCESS != retCode)
193 recv.Deserialize(command, counter, retCode);
195 if (counter != my_counter)
196 return CKM_API_ERROR_UNKNOWN;
202 int Manager::Impl::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs)
204 return getPKCS12(alias, Password(), Password(), pkcs);
207 int Manager::Impl::getPKCS12(const Alias &alias, const Password &keyPass, const Password &certPass, PKCS12ShPtr &pkcs)
210 return CKM_API_ERROR_INPUT_PARAM;
212 int my_counter = ++m_counter;
214 return try_catch([&] {
216 AliasSupport helper(alias);
217 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_PKCS12),
224 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
225 if (CKM_API_SUCCESS != retCode)
230 PKCS12Serializable gotPkcs;
231 recv.Deserialize(command, counter, retCode, gotPkcs);
233 if (counter != my_counter)
234 return CKM_API_ERROR_UNKNOWN;
236 pkcs = std::make_shared<PKCS12Impl>(std::move(gotPkcs));
243 int Manager::Impl::removeAlias(const Alias &alias)
246 return CKM_API_ERROR_INPUT_PARAM;
248 int my_counter = ++m_counter;
250 return try_catch([&] {
252 AliasSupport helper(alias);
253 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::REMOVE),
258 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
259 if (CKM_API_SUCCESS != retCode)
264 recv.Deserialize(command, counter, retCode);
266 if (counter != my_counter)
267 return CKM_API_ERROR_UNKNOWN;
273 int Manager::Impl::getBinaryData(
275 DataType sendDataType,
276 const Password &password,
277 DataType &recvDataType,
281 return CKM_API_ERROR_INPUT_PARAM;
283 int my_counter = ++m_counter;
285 return try_catch([&] {
287 AliasSupport helper(alias);
288 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET),
290 static_cast<int>(sendDataType),
295 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
296 if (CKM_API_SUCCESS != retCode)
302 recv.Deserialize(command, counter, retCode, tmpDataType, rawData);
303 recvDataType = DataType(tmpDataType);
305 if (counter != my_counter)
306 return CKM_API_ERROR_UNKNOWN;
312 int Manager::Impl::getKey(const Alias &alias, const Password &password, KeyShPtr &key) {
313 DataType recvDataType;
316 int retCode = getBinaryData(
318 DataType::KEY_RSA_PUBLIC,
323 if (retCode != CKM_API_SUCCESS)
327 if(DataType::KEY_AES == recvDataType)
328 keyParsed = KeyShPtr(new KeyAESImpl(rawData));
330 keyParsed = KeyShPtr(new KeyImpl(rawData));
332 if (keyParsed->empty()) {
333 LogDebug("Key empty - failed to parse!");
334 return CKM_API_ERROR_BAD_RESPONSE;
339 return CKM_API_SUCCESS;
342 int Manager::Impl::getCertificate(const Alias &alias, const Password &password, CertificateShPtr &cert)
344 DataType recvDataType;
347 int retCode = getBinaryData(
349 DataType::CERTIFICATE,
354 if (retCode != CKM_API_SUCCESS)
357 if (recvDataType != DataType::CERTIFICATE)
358 return CKM_API_ERROR_BAD_RESPONSE;
360 CertificateShPtr certParsed(new CertificateImpl(rawData, DataFormat::FORM_DER));
362 if (certParsed->empty())
363 return CKM_API_ERROR_BAD_RESPONSE;
367 return CKM_API_SUCCESS;
370 int Manager::Impl::getData(const Alias &alias, const Password &password, RawBuffer &rawData)
372 DataType recvDataType = DataType::BINARY_DATA;
374 int retCode = getBinaryData(
376 DataType::BINARY_DATA,
381 if (retCode != CKM_API_SUCCESS)
384 if (recvDataType != DataType::BINARY_DATA)
385 return CKM_API_ERROR_BAD_RESPONSE;
387 return CKM_API_SUCCESS;
390 int Manager::Impl::getBinaryDataAliasVector(DataType dataType, AliasVector &aliasVector)
392 int my_counter = ++m_counter;
394 return try_catch([&] {
396 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_LIST),
398 static_cast<int>(dataType));
400 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
401 if (CKM_API_SUCCESS != retCode)
407 LabelNameVector labelNameVector;
408 recv.Deserialize(command, counter, retCode, tmpDataType, labelNameVector);
409 if ((command != static_cast<int>(LogicCommand::GET_LIST)) || (counter != my_counter)) {
410 return CKM_API_ERROR_UNKNOWN;
413 for(const auto &it : labelNameVector)
414 aliasVector.push_back( AliasSupport::merge(it.first, it.second) );
420 int Manager::Impl::getKeyAliasVector(AliasVector &aliasVector) {
421 // in fact datatype has no meaning here - if not certificate or binary data
422 // then manager decides to list all between DB_KEY_FIRST and DB_KEY_LAST
423 return getBinaryDataAliasVector(DataType::DB_KEY_LAST, aliasVector);
426 int Manager::Impl::getCertificateAliasVector(AliasVector &aliasVector) {
427 return getBinaryDataAliasVector(DataType::CERTIFICATE, aliasVector);
430 int Manager::Impl::getDataAliasVector(AliasVector &aliasVector) {
431 return getBinaryDataAliasVector(DataType::BINARY_DATA, aliasVector);
434 int Manager::Impl::createKeyPairRSA(
436 const Alias &privateKeyAlias,
437 const Alias &publicKeyAlias,
438 const Policy &policyPrivateKey,
439 const Policy &policyPublicKey)
441 return this->createKeyPair(CKM::KeyType::KEY_RSA_PUBLIC, size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
444 int Manager::Impl::createKeyPairDSA(
446 const Alias &privateKeyAlias,
447 const Alias &publicKeyAlias,
448 const Policy &policyPrivateKey,
449 const Policy &policyPublicKey)
451 return this->createKeyPair(CKM::KeyType::KEY_DSA_PUBLIC, size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
454 int Manager::Impl::createKeyPairECDSA(
456 const Alias &privateKeyAlias,
457 const Alias &publicKeyAlias,
458 const Policy &policyPrivateKey,
459 const Policy &policyPublicKey)
461 return this->createKeyPair(CKM::KeyType::KEY_ECDSA_PUBLIC, static_cast<int>(type), privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
464 int Manager::Impl::createKeyAES(
466 const Alias &keyAlias,
467 const Policy &policyKey)
469 // proceed with sending request
470 int my_counter = ++m_counter;
472 return try_catch([&] {
475 AliasSupport aliasHelper(keyAlias);
476 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_KEY_AES),
478 static_cast<int>(size),
479 PolicySerializable(policyKey),
480 aliasHelper.getName(),
481 aliasHelper.getLabel());
483 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
484 if (CKM_API_SUCCESS != retCode)
489 recv.Deserialize(command, counter, retCode);
490 if (counter != my_counter) {
491 return CKM_API_ERROR_UNKNOWN;
499 int Manager::Impl::createKeyPair(
500 const KeyType key_type,
501 const int additional_param,
502 const Alias &privateKeyAlias,
503 const Alias &publicKeyAlias,
504 const Policy &policyPrivateKey,
505 const Policy &policyPublicKey)
508 CryptoAlgorithm keyGenAlgorithm;
511 case KeyType::KEY_RSA_PUBLIC:
512 case KeyType::KEY_RSA_PRIVATE:
513 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_GEN);
514 keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
517 case KeyType::KEY_DSA_PUBLIC:
518 case KeyType::KEY_DSA_PRIVATE:
519 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::DSA_GEN);
520 keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
523 case KeyType::KEY_ECDSA_PUBLIC:
524 case KeyType::KEY_ECDSA_PRIVATE:
525 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::ECDSA_GEN);
526 keyGenAlgorithm.setParam(ParamName::GEN_EC, additional_param);
530 return CKM_API_ERROR_INPUT_PARAM;
533 // proceed with sending request
534 int my_counter = ++m_counter;
536 return try_catch([&] {
539 AliasSupport privateHelper(privateKeyAlias);
540 AliasSupport publicHelper(publicKeyAlias);
541 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_KEY_PAIR),
543 CryptoAlgorithmSerializable(keyGenAlgorithm),
544 PolicySerializable(policyPrivateKey),
545 PolicySerializable(policyPublicKey),
546 privateHelper.getName(),
547 privateHelper.getLabel(),
548 publicHelper.getName(),
549 publicHelper.getLabel());
551 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
552 if (CKM_API_SUCCESS != retCode)
557 recv.Deserialize(command, counter, retCode);
558 if (counter != my_counter) {
559 return CKM_API_ERROR_UNKNOWN;
566 int Manager::Impl::getCertificateChain(
567 const CertificateShPtr &certificate,
568 const CertificateShPtrVector &untrustedCertificates,
569 const CertificateShPtrVector &trustedCertificates,
570 bool useTrustedSystemCertificates,
571 CertificateShPtrVector &certificateChainVector)
573 RawBufferVector untrustedVector;
574 RawBufferVector trustedVector;
576 if(!certificate || certificate->empty())
577 return CKM_API_ERROR_INPUT_PARAM;
579 for (auto &e: untrustedCertificates) {
580 untrustedVector.push_back(e->getDER());
582 for (auto &e: trustedCertificates) {
583 trustedVector.push_back(e->getDER());
588 LogicCommand::GET_CHAIN_CERT,
593 useTrustedSystemCertificates,
594 certificateChainVector);
597 int Manager::Impl::getCertificateChain(
598 const CertificateShPtr &certificate,
599 const AliasVector &untrustedCertificates,
600 const AliasVector &trustedCertificates,
601 bool useTrustedSystemCertificates,
602 CertificateShPtrVector &certificateChainVector)
604 LabelNameVector untrustedVector;
605 LabelNameVector trustedVector;
607 if(!certificate || certificate->empty())
608 return CKM_API_ERROR_INPUT_PARAM;
610 for (auto &e: untrustedCertificates) {
611 AliasSupport helper(e);
612 untrustedVector.push_back(std::make_pair(helper.getLabel(), helper.getName()));
614 for (auto &e: trustedCertificates) {
615 AliasSupport helper(e);
616 trustedVector.push_back(std::make_pair(helper.getLabel(), helper.getName()));
621 LogicCommand::GET_CHAIN_ALIAS,
626 useTrustedSystemCertificates,
627 certificateChainVector);
630 int Manager::Impl::createSignature(
631 const Alias &privateKeyAlias,
632 const Password &password, // password for private_key
633 const RawBuffer &message,
634 const HashAlgorithm hash,
635 const RSAPaddingAlgorithm padding,
636 RawBuffer &signature)
638 int my_counter = ++m_counter;
640 return try_catch([&] {
643 AliasSupport helper(privateKeyAlias);
644 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_SIGNATURE),
650 static_cast<int>(hash),
651 static_cast<int>(padding));
653 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
654 if (CKM_API_SUCCESS != retCode)
659 recv.Deserialize(command, counter, retCode, signature);
661 if ((command != static_cast<int>(LogicCommand::CREATE_SIGNATURE))
662 || (counter != my_counter))
664 return CKM_API_ERROR_UNKNOWN;
671 int Manager::Impl::verifySignature(
672 const Alias &publicKeyOrCertAlias,
673 const Password &password, // password for public_key (optional)
674 const RawBuffer &message,
675 const RawBuffer &signature,
676 const HashAlgorithm hash,
677 const RSAPaddingAlgorithm padding)
679 int my_counter = ++m_counter;
681 return try_catch([&] {
683 AliasSupport helper(publicKeyOrCertAlias);
684 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::VERIFY_SIGNATURE),
691 static_cast<int>(hash),
692 static_cast<int>(padding));
694 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
695 if (CKM_API_SUCCESS != retCode)
700 recv.Deserialize(command, counter, retCode);
702 if ((command != static_cast<int>(LogicCommand::VERIFY_SIGNATURE))
703 || (counter != my_counter))
705 return CKM_API_ERROR_UNKNOWN;
712 int Manager::Impl::ocspCheck(const CertificateShPtrVector &certChain, int &ocspStatus)
714 return try_catch([&] {
715 int my_counter = ++m_counter;
718 RawBufferVector rawCertChain;
719 for (auto &e: certChain) {
720 if (!e || e->empty()) {
721 LogError("Empty certificate");
722 return CKM_API_ERROR_INPUT_PARAM;
724 rawCertChain.push_back(e->getDER());
727 auto send = MessageBuffer::Serialize(my_counter, rawCertChain);
729 int retCode = m_ocspConnection.processRequest(send.Pop(), recv);
730 if (CKM_API_SUCCESS != retCode)
734 recv.Deserialize(counter, retCode, ocspStatus);
736 if (my_counter != counter) {
737 return CKM_API_ERROR_UNKNOWN;
744 int Manager::Impl::setPermission(const Alias &alias,
745 const Label &accessor,
746 PermissionMask permissionMask)
748 int my_counter = ++m_counter;
750 return try_catch([&] {
752 AliasSupport helper(alias);
753 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SET_PERMISSION),
760 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
761 if (CKM_API_SUCCESS != retCode)
766 recv.Deserialize(command, counter, retCode);
768 if (my_counter != counter) {
769 return CKM_API_ERROR_UNKNOWN;
776 int Manager::Impl::crypt(EncryptionCommand command,
777 const CryptoAlgorithm &algo,
778 const Alias &keyAlias,
779 const Password &password,
780 const RawBuffer& input,
783 int my_counter = ++m_counter;
785 return try_catch([&] {
787 AliasSupport helper(keyAlias);
788 CryptoAlgorithmSerializable cas(algo);
789 auto send = MessageBuffer::Serialize(static_cast<int>(command),
797 int retCode = m_encryptionConnection.processRequest(send.Pop(), recv);
798 if (CKM_API_SUCCESS != retCode)
803 recv.Deserialize(command, counter, retCode, output);
805 if (my_counter != counter) {
806 return CKM_API_ERROR_UNKNOWN;
813 int Manager::Impl::encrypt(const CryptoAlgorithm &algo,
814 const Alias &keyAlias,
815 const Password &password,
816 const RawBuffer& plain,
817 RawBuffer& encrypted)
819 return crypt(EncryptionCommand::ENCRYPT, algo, keyAlias, password, plain, encrypted);
822 int Manager::Impl::decrypt(const CryptoAlgorithm &algo,
823 const Alias &keyAlias,
824 const Password &password,
825 const RawBuffer& encrypted,
826 RawBuffer& decrypted)
828 return crypt(EncryptionCommand::DECRYPT, algo, keyAlias, password, encrypted, decrypted);