1 /* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License
16 * @file client-manager-impl.cpp
17 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
19 * @brief Manager implementation.
21 #include <openssl/evp.h>
23 #include <dpl/serialization.h>
24 #include <dpl/log/log.h>
26 #include <client-manager-impl.h>
27 #include <client-common.h>
28 #include <message-buffer.h>
29 #include <protocols.h>
34 void clientInitialize(void) {
35 OpenSSL_add_all_ciphers();
36 OpenSSL_add_all_algorithms();
37 OpenSSL_add_all_digests();
40 } // namespace anonymous
44 bool Manager::ManagerImpl::s_isInit = false;
46 Manager::ManagerImpl::ManagerImpl()
49 // TODO secure with mutex
58 int Manager::ManagerImpl::saveBinaryData(
61 const RawBuffer &rawData,
66 return try_catch([&] {
67 if (alias.empty() || rawData.empty())
68 return CKM_API_ERROR_INPUT_PARAM;
70 MessageBuffer send, recv;
71 Serialization::Serialize(send, static_cast<int>(LogicCommand::SAVE));
72 Serialization::Serialize(send, m_counter);
73 Serialization::Serialize(send, static_cast<int>(dataType));
74 Serialization::Serialize(send, alias);
75 Serialization::Serialize(send, rawData);
76 Serialization::Serialize(send, PolicySerializable(policy));
78 int retCode = sendToServer(
79 SERVICE_SOCKET_CKM_STORAGE,
83 if (CKM_API_SUCCESS != retCode) {
90 Deserialization::Deserialize(recv, command);
91 Deserialization::Deserialize(recv, counter);
92 Deserialization::Deserialize(recv, retCode);
93 Deserialization::Deserialize(recv, opType);
95 if (counter != m_counter) {
96 return CKM_API_ERROR_UNKNOWN;
103 int Manager::ManagerImpl::saveKey(const Alias &alias, const Key &key, const Policy &policy) {
105 return CKM_API_ERROR_INPUT_PARAM;
106 return saveBinaryData(alias, toDBDataType(key.getType()), key.getDER(), policy);
109 int Manager::ManagerImpl::saveCertificate(
111 const Certificate &cert,
112 const Policy &policy)
114 return saveBinaryData(alias, DBDataType::CERTIFICATE, cert.getDER(), policy);
117 int Manager::ManagerImpl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy) {
118 if (!policy.extractable)
119 return CKM_API_ERROR_INPUT_PARAM;
120 return saveBinaryData(alias, DBDataType::BINARY_DATA, rawData, policy);
123 int Manager::ManagerImpl::removeBinaryData(const Alias &alias, DBDataType dataType)
125 return try_catch([&] {
127 return CKM_API_ERROR_INPUT_PARAM;
129 MessageBuffer send, recv;
130 Serialization::Serialize(send, static_cast<int>(LogicCommand::REMOVE));
131 Serialization::Serialize(send, m_counter);
132 Serialization::Serialize(send, static_cast<int>(dataType));
133 Serialization::Serialize(send, alias);
135 int retCode = sendToServer(
136 SERVICE_SOCKET_CKM_STORAGE,
140 if (CKM_API_SUCCESS != retCode) {
147 Deserialization::Deserialize(recv, command);
148 Deserialization::Deserialize(recv, counter);
149 Deserialization::Deserialize(recv, retCode);
150 Deserialization::Deserialize(recv, opType);
152 if (counter != m_counter) {
153 return CKM_API_ERROR_UNKNOWN;
160 int Manager::ManagerImpl::removeKey(const Alias &alias) {
161 return removeBinaryData(alias, DBDataType::KEY_RSA_PUBLIC);
164 int Manager::ManagerImpl::removeCertificate(const Alias &alias) {
165 return removeBinaryData(alias, DBDataType::CERTIFICATE);
168 int Manager::ManagerImpl::removeData(const Alias &alias) {
169 return removeBinaryData(alias, DBDataType::BINARY_DATA);
172 int Manager::ManagerImpl::getBinaryData(
174 DBDataType sendDataType,
175 const std::string &password,
176 DBDataType &recvDataType,
179 return try_catch([&] {
181 return CKM_API_ERROR_INPUT_PARAM;
183 MessageBuffer send, recv;
184 Serialization::Serialize(send, static_cast<int>(LogicCommand::GET));
185 Serialization::Serialize(send, m_counter);
186 Serialization::Serialize(send, static_cast<int>(sendDataType));
187 Serialization::Serialize(send, alias);
188 Serialization::Serialize(send, password);
190 int retCode = sendToServer(
191 SERVICE_SOCKET_CKM_STORAGE,
195 if (CKM_API_SUCCESS != retCode) {
202 Deserialization::Deserialize(recv, command);
203 Deserialization::Deserialize(recv, counter);
204 Deserialization::Deserialize(recv, retCode);
205 Deserialization::Deserialize(recv, tmpDataType);
206 Deserialization::Deserialize(recv, rawData);
207 recvDataType = static_cast<DBDataType>(tmpDataType);
209 if (counter != m_counter) {
210 return CKM_API_ERROR_UNKNOWN;
217 int Manager::ManagerImpl::getKey(const Alias &alias, const std::string &password, Key &key) {
218 DBDataType recvDataType;
221 int retCode = getBinaryData(
223 DBDataType::KEY_RSA_PUBLIC,
228 if (retCode != CKM_API_SUCCESS)
231 Key keyParsed(rawData);
233 if (keyParsed.empty()) {
234 LogDebug("Key empty - failed to parse!");
235 return CKM_API_ERROR_BAD_RESPONSE;
240 return CKM_API_SUCCESS;
243 int Manager::ManagerImpl::getCertificate(const Alias &alias, const std::string &password, Certificate &cert)
245 DBDataType recvDataType;
248 int retCode = getBinaryData(
250 DBDataType::CERTIFICATE,
255 if (retCode != CKM_API_SUCCESS)
258 if (recvDataType != DBDataType::CERTIFICATE)
259 return CKM_API_ERROR_BAD_RESPONSE;
261 Certificate certParsed(rawData, DataFormat::FORM_DER);
263 if (certParsed.empty())
264 return CKM_API_ERROR_BAD_RESPONSE;
268 return CKM_API_SUCCESS;
271 int Manager::ManagerImpl::getData(const Alias &alias, const std::string &password, RawBuffer &rawData)
273 DBDataType recvDataType;
275 int retCode = getBinaryData(
277 DBDataType::BINARY_DATA,
282 if (retCode != CKM_API_SUCCESS)
285 if (recvDataType != DBDataType::BINARY_DATA)
286 return CKM_API_ERROR_BAD_RESPONSE;
288 return CKM_API_SUCCESS;
291 int Manager::ManagerImpl::getBinaryDataAliasVector(DBDataType dataType, AliasVector &aliasVector)
293 return try_catch([&] {
295 MessageBuffer send, recv;
296 Serialization::Serialize(send, static_cast<int>(LogicCommand::GET_LIST));
297 Serialization::Serialize(send, m_counter);
298 Serialization::Serialize(send, static_cast<int>(dataType));
300 int retCode = sendToServer(
301 SERVICE_SOCKET_CKM_STORAGE,
305 if (CKM_API_SUCCESS != retCode) {
313 Deserialization::Deserialize(recv, command);
314 Deserialization::Deserialize(recv, counter);
315 Deserialization::Deserialize(recv, retCode);
316 Deserialization::Deserialize(recv, tmpDataType);
317 Deserialization::Deserialize(recv, aliasVector);
318 if ((command != static_cast<int>(LogicCommand::GET_LIST)) || (counter != m_counter)) {
319 return CKM_API_ERROR_UNKNOWN;
326 int Manager::ManagerImpl::getKeyAliasVector(AliasVector &aliasVector) {
327 return getBinaryDataAliasVector(DBDataType::KEY_RSA_PUBLIC, aliasVector);
330 int Manager::ManagerImpl::getCertificateAliasVector(AliasVector &aliasVector) {
331 return getBinaryDataAliasVector(DBDataType::CERTIFICATE, aliasVector);
334 int Manager::ManagerImpl::getDataAliasVector(AliasVector &aliasVector) {
335 return getBinaryDataAliasVector(DBDataType::BINARY_DATA, aliasVector);
338 int Manager::ManagerImpl::createKeyPairRSA(
339 const int size, // size in bits [1024, 2048, 4096]
340 const Alias &privateKeyAlias,
341 const Alias &publicKeyAlias,
342 const Policy &policyPrivateKey,
343 const Policy &policyPublicKey)
346 int my_counter = m_counter;
347 return try_catch([&] {
349 MessageBuffer send, recv;
350 Serialization::Serialize(send, static_cast<int>(LogicCommand::CREATE_KEY_PAIR_RSA));
351 Serialization::Serialize(send, my_counter);
352 Serialization::Serialize(send, static_cast<int>(size));
353 Serialization::Serialize(send, PolicySerializable(policyPrivateKey));
354 Serialization::Serialize(send, PolicySerializable(policyPublicKey));
355 Serialization::Serialize(send, privateKeyAlias);
356 Serialization::Serialize(send, publicKeyAlias);
358 int retCode = sendToServer(
359 SERVICE_SOCKET_CKM_STORAGE,
363 if (CKM_API_SUCCESS != retCode) {
370 Deserialization::Deserialize(recv, command);
371 Deserialization::Deserialize(recv, counter);
372 Deserialization::Deserialize(recv, retCode);
373 if (counter != my_counter) {
374 return CKM_API_ERROR_UNKNOWN;
381 int Manager::ManagerImpl::createKeyPairECDSA(
383 const Alias &privateKeyAlias,
384 const Alias &publicKeyAlias,
385 const Policy &policyPrivateKey,
386 const Policy &policyPublicKey)
389 int my_counter = m_counter;
390 return try_catch([&] {
392 MessageBuffer send, recv;
393 Serialization::Serialize(send, static_cast<int>(LogicCommand::CREATE_KEY_PAIR_ECDSA));
394 Serialization::Serialize(send, my_counter);
395 Serialization::Serialize(send, static_cast<unsigned int>(type));
396 Serialization::Serialize(send, PolicySerializable(policyPrivateKey));
397 Serialization::Serialize(send, PolicySerializable(policyPublicKey));
398 Serialization::Serialize(send, privateKeyAlias);
399 Serialization::Serialize(send, publicKeyAlias);
401 int retCode = sendToServer(
402 SERVICE_SOCKET_CKM_STORAGE,
406 if (CKM_API_SUCCESS != retCode) {
413 Deserialization::Deserialize(recv, command);
414 Deserialization::Deserialize(recv, counter);
415 Deserialization::Deserialize(recv, retCode);
417 if (counter != my_counter) {
418 return CKM_API_ERROR_UNKNOWN;
427 LogicCommand command,
429 const Certificate &certificate,
431 CertificateVector &certificateChainVector)
433 return try_catch([&] {
435 MessageBuffer send, recv;
436 Serialization::Serialize(send, static_cast<int>(command));
437 Serialization::Serialize(send, counter);
438 Serialization::Serialize(send, certificate.getDER());
439 Serialization::Serialize(send, sendData);
440 int retCode = sendToServer(
441 SERVICE_SOCKET_CKM_STORAGE,
445 if (CKM_API_SUCCESS != retCode) {
451 RawBufferVector rawBufferVector;
453 Deserialization::Deserialize(recv, retCommand);
454 Deserialization::Deserialize(recv, retCounter);
455 Deserialization::Deserialize(recv, retCode);
456 Deserialization::Deserialize(recv, rawBufferVector);
458 if ((counter != retCounter) || (static_cast<int>(command) != retCommand)) {
459 return CKM_API_ERROR_UNKNOWN;
462 if (retCode != CKM_API_SUCCESS) {
466 for (auto &e: rawBufferVector)
467 certificateChainVector.push_back(Certificate(e, DataFormat::FORM_DER));
474 int Manager::ManagerImpl::getCertificateChain(
475 const Certificate &certificate,
476 const CertificateVector &untrustedCertificates,
477 CertificateVector &certificateChainVector)
479 RawBufferVector rawBufferVector;
481 for (auto &e: untrustedCertificates) {
482 rawBufferVector.push_back(e.getDER());
486 LogicCommand::GET_CHAIN_CERT,
490 certificateChainVector);
493 int Manager::ManagerImpl::getCertificateChain(
494 const Certificate &certificate,
495 const AliasVector &untrustedCertificates,
496 CertificateVector &certificateChainVector)
499 (void) untrustedCertificates;
500 (void) certificateChainVector;
501 return CKM_API_ERROR_UNKNOWN;
504 int Manager::ManagerImpl::createSignature(
505 const Alias &privateKeyAlias,
506 const std::string &password, // password for private_key
507 const RawBuffer &message,
508 const HashAlgorithm hash,
509 const RSAPaddingAlgorithm padding,
510 RawBuffer &signature)
513 int my_counter = m_counter;
514 return try_catch([&] {
516 MessageBuffer send, recv;
517 Serialization::Serialize(send, static_cast<int>(LogicCommand::CREATE_SIGNATURE));
518 Serialization::Serialize(send, my_counter);
519 Serialization::Serialize(send, privateKeyAlias);
520 Serialization::Serialize(send, password);
521 Serialization::Serialize(send, message);
522 Serialization::Serialize(send, static_cast<int>(hash));
523 Serialization::Serialize(send, static_cast<int>(padding));
525 int retCode = sendToServer(
526 SERVICE_SOCKET_CKM_STORAGE,
530 if (CKM_API_SUCCESS != retCode) {
537 Deserialization::Deserialize(recv, command);
538 Deserialization::Deserialize(recv, counter);
539 Deserialization::Deserialize(recv, signature);
541 if ((command != static_cast<int>(LogicCommand::CREATE_SIGNATURE)) || (counter != my_counter)) {
542 return CKM_API_ERROR_UNKNOWN;
549 int Manager::ManagerImpl::verifySignature(
550 const Alias &publicKeyOrCertAlias,
551 const std::string &password, // password for public_key (optional)
552 const RawBuffer &message,
553 const RawBuffer &signature,
554 const HashAlgorithm hash,
555 const RSAPaddingAlgorithm padding)
558 int my_counter = m_counter;
559 return try_catch([&] {
561 MessageBuffer send, recv;
562 Serialization::Serialize(send, static_cast<int>(LogicCommand::VERIFY_SIGNATURE));
563 Serialization::Serialize(send, my_counter);
564 Serialization::Serialize(send, publicKeyOrCertAlias);
565 Serialization::Serialize(send, password);
566 Serialization::Serialize(send, message);
567 Serialization::Serialize(send, signature);
568 Serialization::Serialize(send, static_cast<int>(hash));
569 Serialization::Serialize(send, static_cast<int>(padding));
571 int retCode = sendToServer(
572 SERVICE_SOCKET_CKM_STORAGE,
576 if (CKM_API_SUCCESS != retCode) {
583 Deserialization::Deserialize(recv, command);
584 Deserialization::Deserialize(recv, counter);
586 if ((command != static_cast<int>(LogicCommand::VERIFY_SIGNATURE)) || (counter != my_counter)) {
587 return CKM_API_ERROR_UNKNOWN;