1 /* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License
16 * @file client-manager-impl.cpp
17 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
19 * @brief Manager implementation.
21 #include <openssl/evp.h>
23 #include <dpl/serialization.h>
24 #include <dpl/log/log.h>
26 #include <client-manager-impl.h>
27 #include <client-common.h>
28 #include <message-buffer.h>
29 #include <protocols.h>
31 #include <certificate-impl.h>
35 void clientInitialize(void) {
36 OpenSSL_add_all_ciphers();
37 OpenSSL_add_all_algorithms();
38 OpenSSL_add_all_digests();
41 } // namespace anonymous
45 bool ManagerImpl::s_isInit = false;
47 ManagerImpl::ManagerImpl()
50 // TODO secure with mutex
59 int ManagerImpl::saveBinaryData(
62 const RawBuffer &rawData,
67 return try_catch([&] {
68 if (alias.empty() || rawData.empty())
69 return CKM_API_ERROR_INPUT_PARAM;
71 MessageBuffer send, recv;
72 Serialization::Serialize(send, static_cast<int>(LogicCommand::SAVE));
73 Serialization::Serialize(send, m_counter);
74 Serialization::Serialize(send, static_cast<int>(dataType));
75 Serialization::Serialize(send, alias);
76 Serialization::Serialize(send, rawData);
77 Serialization::Serialize(send, PolicySerializable(policy));
79 int retCode = sendToServer(
80 SERVICE_SOCKET_CKM_STORAGE,
84 if (CKM_API_SUCCESS != retCode) {
91 Deserialization::Deserialize(recv, command);
92 Deserialization::Deserialize(recv, counter);
93 Deserialization::Deserialize(recv, retCode);
94 Deserialization::Deserialize(recv, opType);
96 if (counter != m_counter) {
97 return CKM_API_ERROR_UNKNOWN;
104 int ManagerImpl::saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) {
105 if (key.get() == NULL)
106 return CKM_API_ERROR_INPUT_PARAM;
107 return saveBinaryData(alias, toDBDataType(key->getType()), key->getDER(), policy);
110 int ManagerImpl::saveCertificate(
112 const CertificateShPtr &cert,
113 const Policy &policy)
115 if (cert.get() == NULL)
116 return CKM_API_ERROR_INPUT_PARAM;
117 return saveBinaryData(alias, DBDataType::CERTIFICATE, cert->getDER(), policy);
120 int ManagerImpl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy) {
121 if (!policy.extractable)
122 return CKM_API_ERROR_INPUT_PARAM;
123 return saveBinaryData(alias, DBDataType::BINARY_DATA, rawData, policy);
126 int ManagerImpl::removeBinaryData(const Alias &alias, DBDataType dataType)
128 return try_catch([&] {
130 return CKM_API_ERROR_INPUT_PARAM;
132 MessageBuffer send, recv;
133 Serialization::Serialize(send, static_cast<int>(LogicCommand::REMOVE));
134 Serialization::Serialize(send, m_counter);
135 Serialization::Serialize(send, static_cast<int>(dataType));
136 Serialization::Serialize(send, alias);
138 int retCode = sendToServer(
139 SERVICE_SOCKET_CKM_STORAGE,
143 if (CKM_API_SUCCESS != retCode) {
150 Deserialization::Deserialize(recv, command);
151 Deserialization::Deserialize(recv, counter);
152 Deserialization::Deserialize(recv, retCode);
153 Deserialization::Deserialize(recv, opType);
155 if (counter != m_counter) {
156 return CKM_API_ERROR_UNKNOWN;
163 int ManagerImpl::removeKey(const Alias &alias) {
164 return removeBinaryData(alias, DBDataType::KEY_RSA_PUBLIC);
167 int ManagerImpl::removeCertificate(const Alias &alias) {
168 return removeBinaryData(alias, DBDataType::CERTIFICATE);
171 int ManagerImpl::removeData(const Alias &alias) {
172 return removeBinaryData(alias, DBDataType::BINARY_DATA);
175 int ManagerImpl::getBinaryData(
177 DBDataType sendDataType,
178 const Password &password,
179 DBDataType &recvDataType,
182 return try_catch([&] {
184 return CKM_API_ERROR_INPUT_PARAM;
186 MessageBuffer send, recv;
187 Serialization::Serialize(send, static_cast<int>(LogicCommand::GET));
188 Serialization::Serialize(send, m_counter);
189 Serialization::Serialize(send, static_cast<int>(sendDataType));
190 Serialization::Serialize(send, alias);
191 Serialization::Serialize(send, password);
193 int retCode = sendToServer(
194 SERVICE_SOCKET_CKM_STORAGE,
198 if (CKM_API_SUCCESS != retCode) {
205 Deserialization::Deserialize(recv, command);
206 Deserialization::Deserialize(recv, counter);
207 Deserialization::Deserialize(recv, retCode);
208 Deserialization::Deserialize(recv, tmpDataType);
209 Deserialization::Deserialize(recv, rawData);
210 recvDataType = static_cast<DBDataType>(tmpDataType);
212 if (counter != m_counter) {
213 return CKM_API_ERROR_UNKNOWN;
220 int ManagerImpl::getKey(const Alias &alias, const Password &password, KeyShPtr &key) {
221 DBDataType recvDataType;
224 int retCode = getBinaryData(
226 DBDataType::KEY_RSA_PUBLIC,
231 if (retCode != CKM_API_SUCCESS)
234 KeyShPtr keyParsed(new KeyImpl(rawData));
236 if (keyParsed->empty()) {
237 LogDebug("Key empty - failed to parse!");
238 return CKM_API_ERROR_BAD_RESPONSE;
243 return CKM_API_SUCCESS;
246 int ManagerImpl::getCertificate(const Alias &alias, const Password &password, CertificateShPtr &cert)
248 DBDataType recvDataType;
251 int retCode = getBinaryData(
253 DBDataType::CERTIFICATE,
258 if (retCode != CKM_API_SUCCESS)
261 if (recvDataType != DBDataType::CERTIFICATE)
262 return CKM_API_ERROR_BAD_RESPONSE;
264 CertificateShPtr certParsed(new CertificateImpl(rawData, DataFormat::FORM_DER));
266 if (certParsed->empty())
267 return CKM_API_ERROR_BAD_RESPONSE;
271 return CKM_API_SUCCESS;
274 int ManagerImpl::getData(const Alias &alias, const Password &password, RawBuffer &rawData)
276 DBDataType recvDataType;
278 int retCode = getBinaryData(
280 DBDataType::BINARY_DATA,
285 if (retCode != CKM_API_SUCCESS)
288 if (recvDataType != DBDataType::BINARY_DATA)
289 return CKM_API_ERROR_BAD_RESPONSE;
291 return CKM_API_SUCCESS;
294 int ManagerImpl::getBinaryDataAliasVector(DBDataType dataType, AliasVector &aliasVector)
296 return try_catch([&] {
298 MessageBuffer send, recv;
299 Serialization::Serialize(send, static_cast<int>(LogicCommand::GET_LIST));
300 Serialization::Serialize(send, m_counter);
301 Serialization::Serialize(send, static_cast<int>(dataType));
303 int retCode = sendToServer(
304 SERVICE_SOCKET_CKM_STORAGE,
308 if (CKM_API_SUCCESS != retCode) {
316 Deserialization::Deserialize(recv, command);
317 Deserialization::Deserialize(recv, counter);
318 Deserialization::Deserialize(recv, retCode);
319 Deserialization::Deserialize(recv, tmpDataType);
320 Deserialization::Deserialize(recv, aliasVector);
321 if ((command != static_cast<int>(LogicCommand::GET_LIST)) || (counter != m_counter)) {
322 return CKM_API_ERROR_UNKNOWN;
329 int ManagerImpl::getKeyAliasVector(AliasVector &aliasVector) {
330 // in fact datatype has no meaning here - if not certificate or binary data
331 // then manager decides to list all between DB_KEY_FIRST and DB_KEY_LAST
332 return getBinaryDataAliasVector(DBDataType::DB_KEY_LAST, aliasVector);
335 int ManagerImpl::getCertificateAliasVector(AliasVector &aliasVector) {
336 return getBinaryDataAliasVector(DBDataType::CERTIFICATE, aliasVector);
339 int ManagerImpl::getDataAliasVector(AliasVector &aliasVector) {
340 return getBinaryDataAliasVector(DBDataType::BINARY_DATA, aliasVector);
343 int ManagerImpl::createKeyPairRSA(
345 const Alias &privateKeyAlias,
346 const Alias &publicKeyAlias,
347 const Policy &policyPrivateKey,
348 const Policy &policyPublicKey)
350 return this->createKeyPair(CKM::KeyType::KEY_RSA_PUBLIC, size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
353 int ManagerImpl::createKeyPairDSA(
355 const Alias &privateKeyAlias,
356 const Alias &publicKeyAlias,
357 const Policy &policyPrivateKey,
358 const Policy &policyPublicKey)
360 return this->createKeyPair(CKM::KeyType::KEY_DSA_PUBLIC, size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
363 int ManagerImpl::createKeyPairECDSA(
365 const Alias &privateKeyAlias,
366 const Alias &publicKeyAlias,
367 const Policy &policyPrivateKey,
368 const Policy &policyPublicKey)
370 return this->createKeyPair(CKM::KeyType::KEY_ECDSA_PUBLIC, static_cast<int>(type), privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
373 int ManagerImpl::createKeyPair(
374 const KeyType key_type,
375 const int additional_param,
376 const Alias &privateKeyAlias,
377 const Alias &publicKeyAlias,
378 const Policy &policyPrivateKey,
379 const Policy &policyPublicKey)
382 LogicCommand cmd_type;
385 case KeyType::KEY_RSA_PUBLIC:
386 case KeyType::KEY_RSA_PRIVATE:
387 cmd_type = LogicCommand::CREATE_KEY_PAIR_RSA;
390 case KeyType::KEY_DSA_PUBLIC:
391 case KeyType::KEY_DSA_PRIVATE:
392 cmd_type = LogicCommand::CREATE_KEY_PAIR_DSA;
395 case KeyType::KEY_ECDSA_PUBLIC:
396 case KeyType::KEY_ECDSA_PRIVATE:
397 cmd_type = LogicCommand::CREATE_KEY_PAIR_ECDSA;
401 return CKM_API_ERROR_INPUT_PARAM;
404 // proceed with sending request
406 int my_counter = m_counter;
407 return try_catch([&] {
409 MessageBuffer send, recv;
410 Serialization::Serialize(send, static_cast<int>(cmd_type));
411 Serialization::Serialize(send, my_counter);
412 Serialization::Serialize(send, static_cast<int>(additional_param));
413 Serialization::Serialize(send, PolicySerializable(policyPrivateKey));
414 Serialization::Serialize(send, PolicySerializable(policyPublicKey));
415 Serialization::Serialize(send, privateKeyAlias);
416 Serialization::Serialize(send, publicKeyAlias);
418 int retCode = sendToServer(
419 SERVICE_SOCKET_CKM_STORAGE,
423 if (CKM_API_SUCCESS != retCode) {
430 Deserialization::Deserialize(recv, command);
431 Deserialization::Deserialize(recv, counter);
432 Deserialization::Deserialize(recv, retCode);
433 if (counter != my_counter) {
434 return CKM_API_ERROR_UNKNOWN;
444 LogicCommand command,
446 const CertificateShPtr &certificate,
448 CertificateShPtrVector &certificateChainVector)
450 return try_catch([&] {
452 MessageBuffer send, recv;
453 Serialization::Serialize(send, static_cast<int>(command));
454 Serialization::Serialize(send, counter);
455 Serialization::Serialize(send, certificate->getDER());
456 Serialization::Serialize(send, sendData);
457 int retCode = sendToServer(
458 SERVICE_SOCKET_CKM_STORAGE,
462 if (CKM_API_SUCCESS != retCode) {
468 RawBufferVector rawBufferVector;
470 Deserialization::Deserialize(recv, retCommand);
471 Deserialization::Deserialize(recv, retCounter);
472 Deserialization::Deserialize(recv, retCode);
473 Deserialization::Deserialize(recv, rawBufferVector);
475 if ((counter != retCounter) || (static_cast<int>(command) != retCommand)) {
476 return CKM_API_ERROR_UNKNOWN;
479 if (retCode != CKM_API_SUCCESS) {
483 for (auto &e: rawBufferVector) {
484 CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
486 return CKM_API_ERROR_BAD_RESPONSE;
487 certificateChainVector.push_back(cert);
495 int ManagerImpl::getCertificateChain(
496 const CertificateShPtr &certificate,
497 const CertificateShPtrVector &untrustedCertificates,
498 CertificateShPtrVector &certificateChainVector)
500 RawBufferVector rawBufferVector;
502 for (auto &e: untrustedCertificates) {
503 rawBufferVector.push_back(e->getDER());
507 LogicCommand::GET_CHAIN_CERT,
511 certificateChainVector);
514 int ManagerImpl::getCertificateChain(
515 const CertificateShPtr &certificate,
516 const AliasVector &untrustedCertificates,
517 CertificateShPtrVector &certificateChainVector)
520 LogicCommand::GET_CHAIN_ALIAS,
523 untrustedCertificates,
524 certificateChainVector);
527 int ManagerImpl::createSignature(
528 const Alias &privateKeyAlias,
529 const Password &password, // password for private_key
530 const RawBuffer &message,
531 const HashAlgorithm hash,
532 const RSAPaddingAlgorithm padding,
533 RawBuffer &signature)
536 int my_counter = m_counter;
537 return try_catch([&] {
539 MessageBuffer send, recv;
540 Serialization::Serialize(send, static_cast<int>(LogicCommand::CREATE_SIGNATURE));
541 Serialization::Serialize(send, my_counter);
542 Serialization::Serialize(send, privateKeyAlias);
543 Serialization::Serialize(send, password);
544 Serialization::Serialize(send, message);
545 Serialization::Serialize(send, static_cast<int>(hash));
546 Serialization::Serialize(send, static_cast<int>(padding));
548 int retCode = sendToServer(
549 SERVICE_SOCKET_CKM_STORAGE,
553 if (CKM_API_SUCCESS != retCode) {
560 Deserialization::Deserialize(recv, command);
561 Deserialization::Deserialize(recv, counter);
562 Deserialization::Deserialize(recv, retCode);
563 Deserialization::Deserialize(recv, signature);
565 if ((command != static_cast<int>(LogicCommand::CREATE_SIGNATURE))
566 || (counter != my_counter))
568 return CKM_API_ERROR_UNKNOWN;
575 int ManagerImpl::verifySignature(
576 const Alias &publicKeyOrCertAlias,
577 const Password &password, // password for public_key (optional)
578 const RawBuffer &message,
579 const RawBuffer &signature,
580 const HashAlgorithm hash,
581 const RSAPaddingAlgorithm padding)
584 int my_counter = m_counter;
585 return try_catch([&] {
587 MessageBuffer send, recv;
588 Serialization::Serialize(send, static_cast<int>(LogicCommand::VERIFY_SIGNATURE));
589 Serialization::Serialize(send, my_counter);
590 Serialization::Serialize(send, publicKeyOrCertAlias);
591 Serialization::Serialize(send, password);
592 Serialization::Serialize(send, message);
593 Serialization::Serialize(send, signature);
594 Serialization::Serialize(send, static_cast<int>(hash));
595 Serialization::Serialize(send, static_cast<int>(padding));
597 int retCode = sendToServer(
598 SERVICE_SOCKET_CKM_STORAGE,
602 if (CKM_API_SUCCESS != retCode) {
609 Deserialization::Deserialize(recv, command);
610 Deserialization::Deserialize(recv, counter);
611 Deserialization::Deserialize(recv, retCode);
613 if ((command != static_cast<int>(LogicCommand::VERIFY_SIGNATURE))
614 || (counter != my_counter))
616 return CKM_API_ERROR_UNKNOWN;
623 int ManagerImpl::ocspCheck(const CertificateShPtrVector &certChain, int &ocspStatus)
625 return try_catch([&] {
626 int my_counter = ++m_counter;
627 MessageBuffer send, recv;
629 RawBufferVector rawCertChain;
630 for (auto &e: certChain) {
631 rawCertChain.push_back(e->getDER());
634 Serialization::Serialize(send, my_counter);
635 Serialization::Serialize(send, rawCertChain);
637 int retCode = sendToServer(
642 if (CKM_API_SUCCESS != retCode) {
648 Deserialization::Deserialize(recv, counter);
649 Deserialization::Deserialize(recv, retCode);
650 Deserialization::Deserialize(recv, ocspStatus);
652 if (my_counter != counter) {
653 return CKM_API_ERROR_UNKNOWN;
660 int ManagerImpl::allowAccess(const std::string &alias,
661 const std::string &accessor,
665 int my_counter = m_counter;
666 return try_catch([&] {
667 MessageBuffer send, recv;
668 Serialization::Serialize(send, static_cast<int>(LogicCommand::ALLOW_ACCESS));
669 Serialization::Serialize(send, my_counter);
670 Serialization::Serialize(send, alias);
671 Serialization::Serialize(send, accessor);
672 Serialization::Serialize(send, static_cast<int>(granted));
674 int retCode = sendToServer(
675 SERVICE_SOCKET_CKM_STORAGE,
679 if (CKM_API_SUCCESS != retCode) {
685 Deserialization::Deserialize(recv, command);
686 Deserialization::Deserialize(recv, counter);
687 Deserialization::Deserialize(recv, retCode);
689 if (my_counter != counter) {
690 return CKM_API_ERROR_UNKNOWN;
697 int ManagerImpl::denyAccess(const std::string &alias, const std::string &accessor)
700 int my_counter = m_counter;
701 return try_catch([&] {
702 MessageBuffer send, recv;
703 Serialization::Serialize(send, static_cast<int>(LogicCommand::DENY_ACCESS));
704 Serialization::Serialize(send, my_counter);
705 Serialization::Serialize(send, alias);
706 Serialization::Serialize(send, accessor);
708 int retCode = sendToServer(
709 SERVICE_SOCKET_CKM_STORAGE,
713 if (CKM_API_SUCCESS != retCode) {
719 Deserialization::Deserialize(recv, command);
720 Deserialization::Deserialize(recv, counter);
721 Deserialization::Deserialize(recv, retCode);
723 if (my_counter != counter) {
724 return CKM_API_ERROR_UNKNOWN;
731 ManagerShPtr Manager::create() {
733 return std::make_shared<ManagerImpl>();
734 } catch (const std::bad_alloc &) {
735 LogDebug("Bad alloc was caught during ManagerImpl creation.");
737 LogError("Critical error: Unknown exception was caught during ManagerImpl creation!");
739 return ManagerShPtr();