1 /* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License
16 * @file client-manager-impl.cpp
17 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
19 * @brief Manager implementation.
21 #include <openssl/evp.h>
23 #include <dpl/serialization.h>
24 #include <dpl/log/log.h>
27 #include <client-manager-impl.h>
28 #include <client-common.h>
29 #include <message-buffer.h>
30 #include <protocols.h>
32 #include <certificate-impl.h>
36 ManagerImpl::ManagerImpl()
37 : m_counter(0), m_storageConnection(SERVICE_SOCKET_CKM_STORAGE), m_ocspConnection(SERVICE_SOCKET_OCSP)
43 int ManagerImpl::saveBinaryData(
46 const RawBuffer &rawData,
51 return try_catch([&] {
52 if (alias.empty() || rawData.empty())
53 return CKM_API_ERROR_INPUT_PARAM;
56 AliasSupport helper(alias);
57 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SAVE),
59 static_cast<int>(dataType),
63 PolicySerializable(policy));
65 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
66 if (CKM_API_SUCCESS != retCode)
72 recv.Deserialize(command, counter, retCode, opType);
74 if (counter != m_counter) {
75 return CKM_API_ERROR_UNKNOWN;
82 int ManagerImpl::saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) {
83 if (key.get() == NULL)
84 return CKM_API_ERROR_INPUT_PARAM;
85 return saveBinaryData(alias, toDBDataType(key->getType()), key->getDER(), policy);
88 int ManagerImpl::saveCertificate(
90 const CertificateShPtr &cert,
93 if (cert.get() == NULL)
94 return CKM_API_ERROR_INPUT_PARAM;
95 return saveBinaryData(alias, DBDataType::CERTIFICATE, cert->getDER(), policy);
98 int ManagerImpl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy) {
99 if (!policy.extractable)
100 return CKM_API_ERROR_INPUT_PARAM;
101 return saveBinaryData(alias, DBDataType::BINARY_DATA, rawData, policy);
104 int ManagerImpl::removeBinaryData(const Alias &alias, DBDataType dataType)
106 return try_catch([&] {
108 return CKM_API_ERROR_INPUT_PARAM;
111 AliasSupport helper(alias);
112 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::REMOVE),
114 static_cast<int>(dataType),
118 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
119 if (CKM_API_SUCCESS != retCode)
125 recv.Deserialize(command, counter, retCode, opType);
127 if (counter != m_counter) {
128 return CKM_API_ERROR_UNKNOWN;
135 int ManagerImpl::removeKey(const Alias &alias) {
136 return removeBinaryData(alias, DBDataType::KEY_RSA_PUBLIC);
139 int ManagerImpl::removeCertificate(const Alias &alias) {
140 return removeBinaryData(alias, DBDataType::CERTIFICATE);
143 int ManagerImpl::removeData(const Alias &alias) {
144 return removeBinaryData(alias, DBDataType::BINARY_DATA);
147 int ManagerImpl::getBinaryData(
149 DBDataType sendDataType,
150 const Password &password,
151 DBDataType &recvDataType,
154 return try_catch([&] {
156 return CKM_API_ERROR_INPUT_PARAM;
159 AliasSupport helper(alias);
160 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET),
162 static_cast<int>(sendDataType),
167 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
168 if (CKM_API_SUCCESS != retCode)
174 recv.Deserialize(command, counter, retCode, tmpDataType, rawData);
175 recvDataType = static_cast<DBDataType>(tmpDataType);
177 if (counter != m_counter) {
178 return CKM_API_ERROR_UNKNOWN;
185 int ManagerImpl::getKey(const Alias &alias, const Password &password, KeyShPtr &key) {
186 DBDataType recvDataType;
189 int retCode = getBinaryData(
191 DBDataType::KEY_RSA_PUBLIC,
196 if (retCode != CKM_API_SUCCESS)
199 KeyShPtr keyParsed(new KeyImpl(rawData));
201 if (keyParsed->empty()) {
202 LogDebug("Key empty - failed to parse!");
203 return CKM_API_ERROR_BAD_RESPONSE;
208 return CKM_API_SUCCESS;
211 int ManagerImpl::getCertificate(const Alias &alias, const Password &password, CertificateShPtr &cert)
213 DBDataType recvDataType = DBDataType::CERTIFICATE;
216 int retCode = getBinaryData(
218 DBDataType::CERTIFICATE,
223 if (retCode != CKM_API_SUCCESS)
226 if (recvDataType != DBDataType::CERTIFICATE)
227 return CKM_API_ERROR_BAD_RESPONSE;
229 CertificateShPtr certParsed(new CertificateImpl(rawData, DataFormat::FORM_DER));
231 if (certParsed->empty())
232 return CKM_API_ERROR_BAD_RESPONSE;
236 return CKM_API_SUCCESS;
239 int ManagerImpl::getData(const Alias &alias, const Password &password, RawBuffer &rawData)
241 DBDataType recvDataType = DBDataType::BINARY_DATA;
243 int retCode = getBinaryData(
245 DBDataType::BINARY_DATA,
250 if (retCode != CKM_API_SUCCESS)
253 if (recvDataType != DBDataType::BINARY_DATA)
254 return CKM_API_ERROR_BAD_RESPONSE;
256 return CKM_API_SUCCESS;
259 int ManagerImpl::getBinaryDataAliasVector(DBDataType dataType, AliasVector &aliasVector)
261 return try_catch([&] {
264 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_LIST),
266 static_cast<int>(dataType));
268 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
269 if (CKM_API_SUCCESS != retCode)
275 LabelNameVector labelNameVector;
276 recv.Deserialize(command, counter, retCode, tmpDataType, labelNameVector);
277 if ((command != static_cast<int>(LogicCommand::GET_LIST)) || (counter != m_counter)) {
278 return CKM_API_ERROR_UNKNOWN;
281 for(const auto &it : labelNameVector)
282 aliasVector.push_back( AliasSupport::merge(it.first, it.second) );
288 int ManagerImpl::getKeyAliasVector(AliasVector &aliasVector) {
289 // in fact datatype has no meaning here - if not certificate or binary data
290 // then manager decides to list all between DB_KEY_FIRST and DB_KEY_LAST
291 return getBinaryDataAliasVector(DBDataType::DB_KEY_LAST, aliasVector);
294 int ManagerImpl::getCertificateAliasVector(AliasVector &aliasVector) {
295 return getBinaryDataAliasVector(DBDataType::CERTIFICATE, aliasVector);
298 int ManagerImpl::getDataAliasVector(AliasVector &aliasVector) {
299 return getBinaryDataAliasVector(DBDataType::BINARY_DATA, aliasVector);
302 int ManagerImpl::createKeyPairRSA(
304 const Alias &privateKeyAlias,
305 const Alias &publicKeyAlias,
306 const Policy &policyPrivateKey,
307 const Policy &policyPublicKey)
309 return this->createKeyPair(CKM::KeyType::KEY_RSA_PUBLIC, size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
312 int ManagerImpl::createKeyPairDSA(
314 const Alias &privateKeyAlias,
315 const Alias &publicKeyAlias,
316 const Policy &policyPrivateKey,
317 const Policy &policyPublicKey)
319 return this->createKeyPair(CKM::KeyType::KEY_DSA_PUBLIC, size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
322 int ManagerImpl::createKeyPairECDSA(
324 const Alias &privateKeyAlias,
325 const Alias &publicKeyAlias,
326 const Policy &policyPrivateKey,
327 const Policy &policyPublicKey)
329 return this->createKeyPair(CKM::KeyType::KEY_ECDSA_PUBLIC, static_cast<int>(type), privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
332 int ManagerImpl::createKeyPair(
333 const KeyType key_type,
334 const int additional_param,
335 const Alias &privateKeyAlias,
336 const Alias &publicKeyAlias,
337 const Policy &policyPrivateKey,
338 const Policy &policyPublicKey)
341 LogicCommand cmd_type;
344 case KeyType::KEY_RSA_PUBLIC:
345 case KeyType::KEY_RSA_PRIVATE:
346 cmd_type = LogicCommand::CREATE_KEY_PAIR_RSA;
349 case KeyType::KEY_DSA_PUBLIC:
350 case KeyType::KEY_DSA_PRIVATE:
351 cmd_type = LogicCommand::CREATE_KEY_PAIR_DSA;
354 case KeyType::KEY_ECDSA_PUBLIC:
355 case KeyType::KEY_ECDSA_PRIVATE:
356 cmd_type = LogicCommand::CREATE_KEY_PAIR_ECDSA;
360 return CKM_API_ERROR_INPUT_PARAM;
363 // proceed with sending request
365 int my_counter = m_counter;
366 return try_catch([&] {
369 AliasSupport privateHelper(privateKeyAlias);
370 AliasSupport publicHelper(publicKeyAlias);
371 auto send = MessageBuffer::Serialize(static_cast<int>(cmd_type),
373 static_cast<int>(additional_param),
374 PolicySerializable(policyPrivateKey),
375 PolicySerializable(policyPublicKey),
376 privateHelper.getName(),
377 privateHelper.getLabel(),
378 publicHelper.getName(),
379 publicHelper.getLabel());
381 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
382 if (CKM_API_SUCCESS != retCode)
387 recv.Deserialize(command, counter, retCode);
388 if (counter != my_counter) {
389 return CKM_API_ERROR_UNKNOWN;
399 LogicCommand command,
401 const CertificateShPtr &certificate,
403 CertificateShPtrVector &certificateChainVector,
404 ServiceConnection & service_connection)
406 return try_catch([&] {
409 auto send = MessageBuffer::Serialize(static_cast<int>(command),
411 certificate->getDER(),
414 int retCode = service_connection.processRequest(send.Pop(), recv);
415 if (CKM_API_SUCCESS != retCode)
420 RawBufferVector rawBufferVector;
421 recv.Deserialize(retCommand, retCounter, retCode, rawBufferVector);
423 if ((counter != retCounter) || (static_cast<int>(command) != retCommand)) {
424 return CKM_API_ERROR_UNKNOWN;
427 if (retCode != CKM_API_SUCCESS) {
431 for (auto &e: rawBufferVector) {
432 CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
434 return CKM_API_ERROR_BAD_RESPONSE;
435 certificateChainVector.push_back(cert);
443 int ManagerImpl::getCertificateChain(
444 const CertificateShPtr &certificate,
445 const CertificateShPtrVector &untrustedCertificates,
446 CertificateShPtrVector &certificateChainVector)
448 RawBufferVector rawBufferVector;
450 for (auto &e: untrustedCertificates) {
451 rawBufferVector.push_back(e->getDER());
455 LogicCommand::GET_CHAIN_CERT,
459 certificateChainVector,
460 m_storageConnection);
463 int ManagerImpl::getCertificateChain(
464 const CertificateShPtr &certificate,
465 const AliasVector &untrustedCertificates,
466 CertificateShPtrVector &certificateChainVector)
468 LabelNameVector untrusted_certs;
469 for (auto &e: untrustedCertificates) {
470 AliasSupport helper(e);
471 untrusted_certs.push_back(std::make_pair(helper.getLabel(), helper.getName()));
475 LogicCommand::GET_CHAIN_ALIAS,
479 certificateChainVector,
480 m_storageConnection);
483 int ManagerImpl::createSignature(
484 const Alias &privateKeyAlias,
485 const Password &password, // password for private_key
486 const RawBuffer &message,
487 const HashAlgorithm hash,
488 const RSAPaddingAlgorithm padding,
489 RawBuffer &signature)
492 int my_counter = m_counter;
493 return try_catch([&] {
496 AliasSupport helper(privateKeyAlias);
497 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_SIGNATURE),
503 static_cast<int>(hash),
504 static_cast<int>(padding));
506 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
507 if (CKM_API_SUCCESS != retCode)
512 recv.Deserialize(command, counter, retCode, signature);
514 if ((command != static_cast<int>(LogicCommand::CREATE_SIGNATURE))
515 || (counter != my_counter))
517 return CKM_API_ERROR_UNKNOWN;
524 int ManagerImpl::verifySignature(
525 const Alias &publicKeyOrCertAlias,
526 const Password &password, // password for public_key (optional)
527 const RawBuffer &message,
528 const RawBuffer &signature,
529 const HashAlgorithm hash,
530 const RSAPaddingAlgorithm padding)
533 int my_counter = m_counter;
534 return try_catch([&] {
537 AliasSupport helper(publicKeyOrCertAlias);
538 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::VERIFY_SIGNATURE),
545 static_cast<int>(hash),
546 static_cast<int>(padding));
548 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
549 if (CKM_API_SUCCESS != retCode)
554 recv.Deserialize(command, counter, retCode);
556 if ((command != static_cast<int>(LogicCommand::VERIFY_SIGNATURE))
557 || (counter != my_counter))
559 return CKM_API_ERROR_UNKNOWN;
566 int ManagerImpl::ocspCheck(const CertificateShPtrVector &certChain, int &ocspStatus)
568 return try_catch([&] {
569 int my_counter = ++m_counter;
572 RawBufferVector rawCertChain;
573 for (auto &e: certChain) {
574 rawCertChain.push_back(e->getDER());
577 auto send = MessageBuffer::Serialize(my_counter, rawCertChain);
579 int retCode = m_ocspConnection.processRequest(send.Pop(), recv);
580 if (CKM_API_SUCCESS != retCode)
584 recv.Deserialize(counter, retCode, ocspStatus);
586 if (my_counter != counter) {
587 return CKM_API_ERROR_UNKNOWN;
594 int ManagerImpl::setPermission(const Alias &alias,
595 const Label &accessor,
596 Permission newPermission)
599 int my_counter = m_counter;
600 return try_catch([&] {
602 AliasSupport helper(alias);
603 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SET_PERMISSION),
608 static_cast<int>(newPermission));
610 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
611 if (CKM_API_SUCCESS != retCode)
616 recv.Deserialize(command, counter, retCode);
618 if (my_counter != counter) {
619 return CKM_API_ERROR_UNKNOWN;
626 ManagerShPtr Manager::create() {
628 return std::make_shared<ManagerImpl>();
629 } catch (const std::bad_alloc &) {
630 LogDebug("Bad alloc was caught during ManagerImpl creation.");
632 LogError("Critical error: Unknown exception was caught during ManagerImpl creation!");
634 return ManagerShPtr();
projects / platform / core / security / key-manager.git / blob