Add openssl initialization in client library.
[platform/core/security/key-manager.git] / src / manager / client / client-manager-impl.cpp
1 /* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
2  *
3  *  Licensed under the Apache License, Version 2.0 (the "License");
4  *  you may not use this file except in compliance with the License.
5  *  You may obtain a copy of the License at
6  *
7  *      http://www.apache.org/licenses/LICENSE-2.0
8  *
9  *  Unless required by applicable law or agreed to in writing, software
10  *  distributed under the License is distributed on an "AS IS" BASIS,
11  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  *  See the License for the specific language governing permissions and
13  *  limitations under the License
14  *
15  *
16  * @file        client-manager-impl.cpp
17  * @author      Bartlomiej Grzelewski (b.grzelewski@samsung.com)
18  * @version     1.0
19  * @brief       Manager implementation.
20  */
21 #include <openssl/evp.h>
22
23 #include <dpl/serialization.h>
24 #include <dpl/log/log.h>
25
26 #include <client-manager-impl.h>
27 #include <client-common.h>
28 #include <message-buffer.h>
29 #include <protocols.h>
30
31
32 namespace {
33
34 void clientInitialize(void) {
35     OpenSSL_add_all_ciphers();
36     OpenSSL_add_all_algorithms();
37     OpenSSL_add_all_digests();
38 }
39
40 } // namespace anonymous
41
42 namespace CKM {
43
44 bool Manager::ManagerImpl::s_isInit = false;
45
46 Manager::ManagerImpl::ManagerImpl()
47   : m_counter(0)
48 {
49     // TODO secure with mutex
50     if (!s_isInit) {
51         s_isInit = true;
52         clientInitialize();
53     }
54
55 }
56
57
58 int Manager::ManagerImpl::saveBinaryData(
59     const Alias &alias,
60     DBDataType dataType,
61     const RawBuffer &rawData,
62     const Policy &policy)
63 {
64     m_counter++;
65
66     return try_catch([&] {
67         if (alias.empty() || rawData.empty())
68             return CKM_API_ERROR_INPUT_PARAM;
69
70         MessageBuffer send, recv;
71         Serialization::Serialize(send, static_cast<int>(LogicCommand::SAVE));
72         Serialization::Serialize(send, m_counter);
73         Serialization::Serialize(send, static_cast<int>(dataType));
74         Serialization::Serialize(send, alias);
75         Serialization::Serialize(send, rawData);
76         Serialization::Serialize(send, PolicySerializable(policy));
77
78         int retCode = sendToServer(
79             SERVICE_SOCKET_CKM_STORAGE,
80             send.Pop(),
81             recv);
82
83         if (CKM_API_SUCCESS != retCode) {
84             return retCode;
85         }
86
87         int command;
88         int counter;
89         int opType;
90         Deserialization::Deserialize(recv, command);
91         Deserialization::Deserialize(recv, counter);
92         Deserialization::Deserialize(recv, retCode);
93         Deserialization::Deserialize(recv, opType);
94
95         if (counter != m_counter) {
96             return CKM_API_ERROR_UNKNOWN;
97         }
98
99         return retCode;
100     });
101 }
102
103 int Manager::ManagerImpl::saveKey(const Alias &alias, const Key &key, const Policy &policy) {
104     if (key.empty())
105         return CKM_API_ERROR_INPUT_PARAM;
106     return saveBinaryData(alias, toDBDataType(key.getType()), key.getDER(), policy);
107 }
108
109 int Manager::ManagerImpl::saveCertificate(
110     const Alias &alias,
111     const Certificate &cert,
112     const Policy &policy)
113 {
114     return saveBinaryData(alias, DBDataType::CERTIFICATE, cert.getDER(), policy);
115 }
116
117 int Manager::ManagerImpl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy) {
118     if (!policy.extractable)
119         return CKM_API_ERROR_INPUT_PARAM;
120     return saveBinaryData(alias, DBDataType::BINARY_DATA, rawData, policy);
121 }
122
123 int Manager::ManagerImpl::removeBinaryData(const Alias &alias, DBDataType dataType)
124 {
125     return try_catch([&] {
126         if (alias.empty())
127             return CKM_API_ERROR_INPUT_PARAM;
128
129         MessageBuffer send, recv;
130         Serialization::Serialize(send, static_cast<int>(LogicCommand::REMOVE));
131         Serialization::Serialize(send, m_counter);
132         Serialization::Serialize(send, static_cast<int>(dataType));
133         Serialization::Serialize(send, alias);
134
135         int retCode = sendToServer(
136             SERVICE_SOCKET_CKM_STORAGE,
137             send.Pop(),
138             recv);
139
140         if (CKM_API_SUCCESS != retCode) {
141             return retCode;
142         }
143
144         int command;
145         int counter;
146         int opType;
147         Deserialization::Deserialize(recv, command);
148         Deserialization::Deserialize(recv, counter);
149         Deserialization::Deserialize(recv, retCode);
150         Deserialization::Deserialize(recv, opType);
151
152         if (counter != m_counter) {
153             return CKM_API_ERROR_UNKNOWN;
154         }
155
156         return retCode;
157     });
158 }
159
160 int Manager::ManagerImpl::removeKey(const Alias &alias) {
161     return removeBinaryData(alias, DBDataType::KEY_RSA_PUBLIC);
162 }
163
164 int Manager::ManagerImpl::removeCertificate(const Alias &alias) {
165     return removeBinaryData(alias, DBDataType::CERTIFICATE);
166 }
167
168 int Manager::ManagerImpl::removeData(const Alias &alias) {
169     return removeBinaryData(alias, DBDataType::BINARY_DATA);
170 }
171
172 int Manager::ManagerImpl::getBinaryData(
173     const Alias &alias,
174     DBDataType sendDataType,
175     const std::string &password,
176     DBDataType &recvDataType,
177     RawBuffer &rawData)
178 {
179     return try_catch([&] {
180         if (alias.empty())
181             return CKM_API_ERROR_INPUT_PARAM;
182
183         MessageBuffer send, recv;
184         Serialization::Serialize(send, static_cast<int>(LogicCommand::GET));
185         Serialization::Serialize(send, m_counter);
186         Serialization::Serialize(send, static_cast<int>(sendDataType));
187         Serialization::Serialize(send, alias);
188         Serialization::Serialize(send, password);
189
190         int retCode = sendToServer(
191             SERVICE_SOCKET_CKM_STORAGE,
192             send.Pop(),
193             recv);
194
195         if (CKM_API_SUCCESS != retCode) {
196             return retCode;
197         }
198
199         int command;
200         int counter;
201         int tmpDataType;
202         Deserialization::Deserialize(recv, command);
203         Deserialization::Deserialize(recv, counter);
204         Deserialization::Deserialize(recv, retCode);
205         Deserialization::Deserialize(recv, tmpDataType);
206         Deserialization::Deserialize(recv, rawData);
207         recvDataType = static_cast<DBDataType>(tmpDataType);
208
209         if (counter != m_counter) {
210             return CKM_API_ERROR_UNKNOWN;
211         }
212
213         return retCode;
214     });
215 }
216
217 int Manager::ManagerImpl::getKey(const Alias &alias, const std::string &password, Key &key) {
218     DBDataType recvDataType;
219     RawBuffer rawData;
220
221     int retCode = getBinaryData(
222         alias,
223         DBDataType::KEY_RSA_PUBLIC,
224         password,
225         recvDataType,
226         rawData);
227
228     if (retCode != CKM_API_SUCCESS)
229         return retCode;
230
231     Key keyParsed(rawData);
232
233     if (keyParsed.empty()) {
234         LogDebug("Key empty - failed to parse!");
235         return CKM_API_ERROR_BAD_RESPONSE;
236     }
237
238     key = keyParsed;
239
240     return CKM_API_SUCCESS;
241 }
242
243 int Manager::ManagerImpl::getCertificate(const Alias &alias, const std::string &password, Certificate &cert)
244 {
245     DBDataType recvDataType;
246     RawBuffer rawData;
247
248     int retCode = getBinaryData(
249         alias,
250         DBDataType::CERTIFICATE,
251         password,
252         recvDataType,
253         rawData);
254
255     if (retCode != CKM_API_SUCCESS)
256         return retCode;
257
258     if (recvDataType != DBDataType::CERTIFICATE)
259         return CKM_API_ERROR_BAD_RESPONSE;
260
261     Certificate certParsed(rawData, DataFormat::FORM_DER);
262
263     if (certParsed.empty())
264         return CKM_API_ERROR_BAD_RESPONSE;
265
266     cert = certParsed;
267
268     return CKM_API_SUCCESS;
269 }
270
271 int Manager::ManagerImpl::getData(const Alias &alias, const std::string &password, RawBuffer &rawData)
272 {
273     DBDataType recvDataType;
274
275     int retCode = getBinaryData(
276         alias,
277         DBDataType::BINARY_DATA,
278         password,
279         recvDataType,
280         rawData);
281
282     if (retCode != CKM_API_SUCCESS)
283         return retCode;
284
285     if (recvDataType != DBDataType::BINARY_DATA)
286         return CKM_API_ERROR_BAD_RESPONSE;
287
288     return CKM_API_SUCCESS;
289 }
290
291 int Manager::ManagerImpl::getBinaryDataAliasVector(DBDataType dataType, AliasVector &aliasVector)
292 {
293     return try_catch([&] {
294
295         MessageBuffer send, recv;
296         Serialization::Serialize(send, static_cast<int>(LogicCommand::GET_LIST));
297         Serialization::Serialize(send, m_counter);
298         Serialization::Serialize(send, static_cast<int>(dataType));
299
300         int retCode = sendToServer(
301             SERVICE_SOCKET_CKM_STORAGE,
302             send.Pop(),
303             recv);
304
305         if (CKM_API_SUCCESS != retCode) {
306             return retCode;
307         }
308
309         int command;
310         int counter;
311         int tmpDataType;
312
313         Deserialization::Deserialize(recv, command);
314         Deserialization::Deserialize(recv, counter);
315         Deserialization::Deserialize(recv, retCode);
316         Deserialization::Deserialize(recv, tmpDataType);
317         Deserialization::Deserialize(recv, aliasVector);
318         if ((command != static_cast<int>(LogicCommand::GET_LIST)) || (counter != m_counter)) {
319             return CKM_API_ERROR_UNKNOWN;
320         }
321
322         return retCode;
323     });
324 }
325
326 int Manager::ManagerImpl::getKeyAliasVector(AliasVector &aliasVector) {
327     return getBinaryDataAliasVector(DBDataType::KEY_RSA_PUBLIC, aliasVector);
328 }
329
330 int Manager::ManagerImpl::getCertificateAliasVector(AliasVector &aliasVector) {
331     return getBinaryDataAliasVector(DBDataType::CERTIFICATE, aliasVector);
332 }
333
334 int Manager::ManagerImpl::getDataAliasVector(AliasVector &aliasVector) {
335     return getBinaryDataAliasVector(DBDataType::BINARY_DATA, aliasVector);
336 }
337
338 int Manager::ManagerImpl::createKeyPairRSA(
339     const int size,              // size in bits [1024, 2048, 4096]
340     const Alias &privateKeyAlias,
341     const Alias &publicKeyAlias,
342     const Policy &policyPrivateKey,
343     const Policy &policyPublicKey)
344 {
345     m_counter++;
346     int my_counter = m_counter;
347     return try_catch([&] {
348
349         MessageBuffer send, recv;
350         Serialization::Serialize(send, static_cast<int>(LogicCommand::CREATE_KEY_PAIR_RSA));
351         Serialization::Serialize(send, my_counter);
352         Serialization::Serialize(send, static_cast<int>(size));
353         Serialization::Serialize(send, PolicySerializable(policyPrivateKey));
354         Serialization::Serialize(send, PolicySerializable(policyPublicKey));
355         Serialization::Serialize(send, privateKeyAlias);
356         Serialization::Serialize(send, publicKeyAlias);
357
358         int retCode = sendToServer(
359             SERVICE_SOCKET_CKM_STORAGE,
360             send.Pop(),
361             recv);
362
363         if (CKM_API_SUCCESS != retCode) {
364             return retCode;
365         }
366
367         int command;
368         int counter;
369
370         Deserialization::Deserialize(recv, command);
371         Deserialization::Deserialize(recv, counter);
372         Deserialization::Deserialize(recv, retCode);
373         if (counter != my_counter) {
374             return CKM_API_ERROR_UNKNOWN;
375         }
376
377         return retCode;
378     });
379 }
380
381 int Manager::ManagerImpl::createKeyPairECDSA(
382     ElipticCurve type,
383     const Alias &privateKeyAlias,
384     const Alias &publicKeyAlias,
385     const Policy &policyPrivateKey,
386     const Policy &policyPublicKey)
387 {
388     m_counter++;
389     int my_counter = m_counter;
390     return try_catch([&] {
391
392         MessageBuffer send, recv;
393         Serialization::Serialize(send, static_cast<int>(LogicCommand::CREATE_KEY_PAIR_ECDSA));
394         Serialization::Serialize(send, my_counter);
395         Serialization::Serialize(send, static_cast<unsigned int>(type));
396         Serialization::Serialize(send, PolicySerializable(policyPrivateKey));
397         Serialization::Serialize(send, PolicySerializable(policyPublicKey));
398         Serialization::Serialize(send, privateKeyAlias);
399         Serialization::Serialize(send, publicKeyAlias);
400
401         int retCode = sendToServer(
402             SERVICE_SOCKET_CKM_STORAGE,
403             send.Pop(),
404             recv);
405
406         if (CKM_API_SUCCESS != retCode) {
407             return retCode;
408         }
409
410         int command;
411         int counter;
412
413         Deserialization::Deserialize(recv, command);
414         Deserialization::Deserialize(recv, counter);
415         Deserialization::Deserialize(recv, retCode);
416
417         if (counter != my_counter) {
418             return CKM_API_ERROR_UNKNOWN;
419         }
420
421         return retCode;
422     });
423 }
424
425 template <class T>
426 int getCertChain(
427     LogicCommand command,
428     int counter,
429     const Certificate &certificate,
430     const T &sendData,
431     CertificateVector &certificateChainVector)
432 {
433     return try_catch([&] {
434
435         MessageBuffer send, recv;
436         Serialization::Serialize(send, static_cast<int>(command));
437         Serialization::Serialize(send, counter);
438         Serialization::Serialize(send, certificate.getDER());
439         Serialization::Serialize(send, sendData);
440         int retCode = sendToServer(
441             SERVICE_SOCKET_CKM_STORAGE,
442             send.Pop(),
443             recv);
444
445         if (CKM_API_SUCCESS != retCode) {
446             return retCode;
447         }
448
449         int retCommand;
450         int retCounter;
451         RawBufferVector rawBufferVector;
452
453         Deserialization::Deserialize(recv, retCommand);
454         Deserialization::Deserialize(recv, retCounter);
455         Deserialization::Deserialize(recv, retCode);
456         Deserialization::Deserialize(recv, rawBufferVector);
457
458         if ((counter != retCounter) || (static_cast<int>(command) != retCommand)) {
459             return CKM_API_ERROR_UNKNOWN;
460         }
461
462         if (retCode != CKM_API_SUCCESS) {
463             return retCode;
464         }
465
466         for (auto &e: rawBufferVector)
467             certificateChainVector.push_back(Certificate(e, DataFormat::FORM_DER));
468
469         return retCode;
470     });
471 }
472
473
474 int Manager::ManagerImpl::getCertificateChain(
475     const Certificate &certificate,
476     const CertificateVector &untrustedCertificates,
477     CertificateVector &certificateChainVector)
478 {
479     RawBufferVector rawBufferVector;
480
481     for (auto &e: untrustedCertificates) {
482         rawBufferVector.push_back(e.getDER());
483     }
484
485     return getCertChain(
486         LogicCommand::GET_CHAIN_CERT,
487         ++m_counter,
488         certificate,
489         rawBufferVector,
490         certificateChainVector);
491 }
492
493 int Manager::ManagerImpl::getCertificateChain(
494     const Certificate &certificate,
495     const AliasVector &untrustedCertificates,
496     CertificateVector &certificateChainVector)
497 {
498     (void) certificate;
499     (void) untrustedCertificates;
500     (void) certificateChainVector;
501     return CKM_API_ERROR_UNKNOWN;
502 }
503
504 int Manager::ManagerImpl::createSignature(
505     const Alias &privateKeyAlias,
506     const std::string &password,           // password for private_key
507     const RawBuffer &message,
508     const HashAlgorithm hash,
509     const RSAPaddingAlgorithm padding,
510     RawBuffer &signature)
511 {
512     m_counter++;
513     int my_counter = m_counter;
514     return try_catch([&] {
515
516         MessageBuffer send, recv;
517         Serialization::Serialize(send, static_cast<int>(LogicCommand::CREATE_SIGNATURE));
518         Serialization::Serialize(send, my_counter);
519         Serialization::Serialize(send, privateKeyAlias);
520         Serialization::Serialize(send, password);
521         Serialization::Serialize(send, message);
522         Serialization::Serialize(send, static_cast<int>(hash));
523         Serialization::Serialize(send, static_cast<int>(padding));
524
525         int retCode = sendToServer(
526             SERVICE_SOCKET_CKM_STORAGE,
527             send.Pop(),
528             recv);
529
530         if (CKM_API_SUCCESS != retCode) {
531             return retCode;
532         }
533
534         int command;
535         int counter;
536
537         Deserialization::Deserialize(recv, command);
538         Deserialization::Deserialize(recv, counter);
539         Deserialization::Deserialize(recv, signature);
540
541         if ((command != static_cast<int>(LogicCommand::CREATE_SIGNATURE)) || (counter != my_counter)) {
542             return CKM_API_ERROR_UNKNOWN;
543         }
544
545         return retCode;
546     });
547 }
548
549 int Manager::ManagerImpl::verifySignature(
550     const Alias &publicKeyOrCertAlias,
551     const std::string &password,           // password for public_key (optional)
552     const RawBuffer &message,
553     const RawBuffer &signature,
554     const HashAlgorithm hash,
555     const RSAPaddingAlgorithm padding)
556 {
557     m_counter++;
558     int my_counter = m_counter;
559     return try_catch([&] {
560
561         MessageBuffer send, recv;
562         Serialization::Serialize(send, static_cast<int>(LogicCommand::VERIFY_SIGNATURE));
563         Serialization::Serialize(send, my_counter);
564         Serialization::Serialize(send, publicKeyOrCertAlias);
565         Serialization::Serialize(send, password);
566         Serialization::Serialize(send, message);
567         Serialization::Serialize(send, signature);
568         Serialization::Serialize(send, static_cast<int>(hash));
569         Serialization::Serialize(send, static_cast<int>(padding));
570
571         int retCode = sendToServer(
572             SERVICE_SOCKET_CKM_STORAGE,
573             send.Pop(),
574             recv);
575
576         if (CKM_API_SUCCESS != retCode) {
577             return retCode;
578         }
579
580         int command;
581         int counter;
582
583         Deserialization::Deserialize(recv, command);
584         Deserialization::Deserialize(recv, counter);
585
586         if ((command != static_cast<int>(LogicCommand::VERIFY_SIGNATURE)) || (counter != my_counter)) {
587             return CKM_API_ERROR_UNKNOWN;
588         }
589
590         return retCode;
591     });
592 }
593
594 } // namespace CKM
595