1 /* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License
16 * @file client-manager-impl.cpp
17 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
19 * @brief Manager implementation.
21 #include <openssl/evp.h>
23 #include <dpl/serialization.h>
24 #include <dpl/log/log.h>
26 #include <client-manager-impl.h>
27 #include <client-common.h>
28 #include <buffer-conversion.h>
29 #include <message-buffer.h>
30 #include <protocols.h>
31 #include <generic-key.h>
32 #include <certificate-impl.h>
36 void clientInitialize(void) {
37 OpenSSL_add_all_ciphers();
38 OpenSSL_add_all_algorithms();
39 OpenSSL_add_all_digests();
42 } // namespace anonymous
46 bool ManagerImpl::s_isInit = false;
48 ManagerImpl::ManagerImpl()
51 // TODO secure with mutex
60 int ManagerImpl::saveBinaryData(
63 const SafeBuffer &rawData,
68 return try_catch([&] {
69 if (alias.empty() || rawData.empty())
70 return CKM_API_ERROR_INPUT_PARAM;
72 MessageBuffer send, recv;
73 Serialization::Serialize(send, static_cast<int>(LogicCommand::SAVE));
74 Serialization::Serialize(send, m_counter);
75 Serialization::Serialize(send, static_cast<int>(dataType));
76 Serialization::Serialize(send, alias);
77 Serialization::Serialize(send, rawData);
78 Serialization::Serialize(send, PolicySerializable(policy));
80 int retCode = sendToServer(
81 SERVICE_SOCKET_CKM_STORAGE,
85 if (CKM_API_SUCCESS != retCode) {
92 Deserialization::Deserialize(recv, command);
93 Deserialization::Deserialize(recv, counter);
94 Deserialization::Deserialize(recv, retCode);
95 Deserialization::Deserialize(recv, opType);
97 if (counter != m_counter) {
98 return CKM_API_ERROR_UNKNOWN;
105 int ManagerImpl::saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) {
106 if (key.get() == NULL)
107 return CKM_API_ERROR_INPUT_PARAM;
108 return saveBinaryData(alias, toDBDataType(key->getType()), toSafeBuffer(key->getDER()), policy);
111 int ManagerImpl::saveCertificate(
113 const CertificateShPtr &cert,
114 const Policy &policy)
116 if (cert.get() == NULL)
117 return CKM_API_ERROR_INPUT_PARAM;
118 return saveBinaryData(alias, DBDataType::CERTIFICATE, toSafeBuffer(cert->getDER()), policy);
121 int ManagerImpl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy) {
122 if (!policy.extractable)
123 return CKM_API_ERROR_INPUT_PARAM;
124 return saveBinaryData(alias, DBDataType::BINARY_DATA, toSafeBuffer(rawData), policy);
127 int ManagerImpl::removeBinaryData(const Alias &alias, DBDataType dataType)
129 return try_catch([&] {
131 return CKM_API_ERROR_INPUT_PARAM;
133 MessageBuffer send, recv;
134 Serialization::Serialize(send, static_cast<int>(LogicCommand::REMOVE));
135 Serialization::Serialize(send, m_counter);
136 Serialization::Serialize(send, static_cast<int>(dataType));
137 Serialization::Serialize(send, alias);
139 int retCode = sendToServer(
140 SERVICE_SOCKET_CKM_STORAGE,
144 if (CKM_API_SUCCESS != retCode) {
151 Deserialization::Deserialize(recv, command);
152 Deserialization::Deserialize(recv, counter);
153 Deserialization::Deserialize(recv, retCode);
154 Deserialization::Deserialize(recv, opType);
156 if (counter != m_counter) {
157 return CKM_API_ERROR_UNKNOWN;
164 int ManagerImpl::removeKey(const Alias &alias) {
165 return removeBinaryData(alias, DBDataType::KEY_RSA_PUBLIC);
168 int ManagerImpl::removeCertificate(const Alias &alias) {
169 return removeBinaryData(alias, DBDataType::CERTIFICATE);
172 int ManagerImpl::removeData(const Alias &alias) {
173 return removeBinaryData(alias, DBDataType::BINARY_DATA);
176 int ManagerImpl::getBinaryData(
178 DBDataType sendDataType,
179 const std::string &password,
180 DBDataType &recvDataType,
183 return try_catch([&] {
185 return CKM_API_ERROR_INPUT_PARAM;
187 MessageBuffer send, recv;
188 Serialization::Serialize(send, static_cast<int>(LogicCommand::GET));
189 Serialization::Serialize(send, m_counter);
190 Serialization::Serialize(send, static_cast<int>(sendDataType));
191 Serialization::Serialize(send, alias);
192 Serialization::Serialize(send, password);
194 int retCode = sendToServer(
195 SERVICE_SOCKET_CKM_STORAGE,
199 if (CKM_API_SUCCESS != retCode) {
206 Deserialization::Deserialize(recv, command);
207 Deserialization::Deserialize(recv, counter);
208 Deserialization::Deserialize(recv, retCode);
209 Deserialization::Deserialize(recv, tmpDataType);
210 Deserialization::Deserialize(recv, rawData);
211 recvDataType = static_cast<DBDataType>(tmpDataType);
213 if (counter != m_counter) {
214 return CKM_API_ERROR_UNKNOWN;
221 int ManagerImpl::getKey(const Alias &alias, const std::string &password, KeyShPtr &key) {
222 DBDataType recvDataType;
225 int retCode = getBinaryData(
227 DBDataType::KEY_RSA_PUBLIC,
232 if (retCode != CKM_API_SUCCESS)
235 KeyShPtr keyParsed(new GenericKey(rawData));
237 if (keyParsed->empty()) {
238 LogDebug("Key empty - failed to parse!");
239 return CKM_API_ERROR_BAD_RESPONSE;
244 return CKM_API_SUCCESS;
247 int ManagerImpl::getCertificate(const Alias &alias, const std::string &password, CertificateShPtr &cert)
249 DBDataType recvDataType;
252 int retCode = getBinaryData(
254 DBDataType::CERTIFICATE,
259 if (retCode != CKM_API_SUCCESS)
262 if (recvDataType != DBDataType::CERTIFICATE)
263 return CKM_API_ERROR_BAD_RESPONSE;
265 CertificateShPtr certParsed(new CertificateImpl(rawData, DataFormat::FORM_DER));
267 if (certParsed->empty())
268 return CKM_API_ERROR_BAD_RESPONSE;
272 return CKM_API_SUCCESS;
275 int ManagerImpl::getData(const Alias &alias, const std::string &password, RawBuffer &rawData)
277 DBDataType recvDataType;
280 int retCode = getBinaryData(
282 DBDataType::BINARY_DATA,
287 rawData = toRawBuffer(safeData);
289 if (retCode != CKM_API_SUCCESS)
292 if (recvDataType != DBDataType::BINARY_DATA)
293 return CKM_API_ERROR_BAD_RESPONSE;
295 return CKM_API_SUCCESS;
298 int ManagerImpl::getBinaryDataAliasVector(DBDataType dataType, AliasVector &aliasVector)
300 return try_catch([&] {
302 MessageBuffer send, recv;
303 Serialization::Serialize(send, static_cast<int>(LogicCommand::GET_LIST));
304 Serialization::Serialize(send, m_counter);
305 Serialization::Serialize(send, static_cast<int>(dataType));
307 int retCode = sendToServer(
308 SERVICE_SOCKET_CKM_STORAGE,
312 if (CKM_API_SUCCESS != retCode) {
320 Deserialization::Deserialize(recv, command);
321 Deserialization::Deserialize(recv, counter);
322 Deserialization::Deserialize(recv, retCode);
323 Deserialization::Deserialize(recv, tmpDataType);
324 Deserialization::Deserialize(recv, aliasVector);
325 if ((command != static_cast<int>(LogicCommand::GET_LIST)) || (counter != m_counter)) {
326 return CKM_API_ERROR_UNKNOWN;
333 int ManagerImpl::getKeyAliasVector(AliasVector &aliasVector) {
334 return getBinaryDataAliasVector(DBDataType::KEY_RSA_PUBLIC, aliasVector);
337 int ManagerImpl::getCertificateAliasVector(AliasVector &aliasVector) {
338 return getBinaryDataAliasVector(DBDataType::CERTIFICATE, aliasVector);
341 int ManagerImpl::getDataAliasVector(AliasVector &aliasVector) {
342 return getBinaryDataAliasVector(DBDataType::BINARY_DATA, aliasVector);
345 int ManagerImpl::createKeyPairRSA(
346 const int size, // size in bits [1024, 2048, 4096]
347 const Alias &privateKeyAlias,
348 const Alias &publicKeyAlias,
349 const Policy &policyPrivateKey,
350 const Policy &policyPublicKey)
353 int my_counter = m_counter;
354 return try_catch([&] {
356 MessageBuffer send, recv;
357 Serialization::Serialize(send, static_cast<int>(LogicCommand::CREATE_KEY_PAIR_RSA));
358 Serialization::Serialize(send, my_counter);
359 Serialization::Serialize(send, static_cast<int>(size));
360 Serialization::Serialize(send, PolicySerializable(policyPrivateKey));
361 Serialization::Serialize(send, PolicySerializable(policyPublicKey));
362 Serialization::Serialize(send, privateKeyAlias);
363 Serialization::Serialize(send, publicKeyAlias);
365 int retCode = sendToServer(
366 SERVICE_SOCKET_CKM_STORAGE,
370 if (CKM_API_SUCCESS != retCode) {
377 Deserialization::Deserialize(recv, command);
378 Deserialization::Deserialize(recv, counter);
379 Deserialization::Deserialize(recv, retCode);
380 if (counter != my_counter) {
381 return CKM_API_ERROR_UNKNOWN;
388 int ManagerImpl::createKeyPairECDSA(
390 const Alias &privateKeyAlias,
391 const Alias &publicKeyAlias,
392 const Policy &policyPrivateKey,
393 const Policy &policyPublicKey)
396 int my_counter = m_counter;
397 return try_catch([&] {
399 MessageBuffer send, recv;
400 Serialization::Serialize(send, static_cast<int>(LogicCommand::CREATE_KEY_PAIR_ECDSA));
401 Serialization::Serialize(send, my_counter);
402 Serialization::Serialize(send, static_cast<unsigned int>(type));
403 Serialization::Serialize(send, PolicySerializable(policyPrivateKey));
404 Serialization::Serialize(send, PolicySerializable(policyPublicKey));
405 Serialization::Serialize(send, privateKeyAlias);
406 Serialization::Serialize(send, publicKeyAlias);
408 int retCode = sendToServer(
409 SERVICE_SOCKET_CKM_STORAGE,
413 if (CKM_API_SUCCESS != retCode) {
420 Deserialization::Deserialize(recv, command);
421 Deserialization::Deserialize(recv, counter);
422 Deserialization::Deserialize(recv, retCode);
424 if (counter != my_counter) {
425 return CKM_API_ERROR_UNKNOWN;
434 LogicCommand command,
436 const CertificateShPtr &certificate,
438 CertificateShPtrVector &certificateChainVector)
440 return try_catch([&] {
442 MessageBuffer send, recv;
443 Serialization::Serialize(send, static_cast<int>(command));
444 Serialization::Serialize(send, counter);
445 Serialization::Serialize(send, certificate->getDER());
446 Serialization::Serialize(send, sendData);
447 int retCode = sendToServer(
448 SERVICE_SOCKET_CKM_STORAGE,
452 if (CKM_API_SUCCESS != retCode) {
458 SafeBufferVector rawBufferVector;
460 Deserialization::Deserialize(recv, retCommand);
461 Deserialization::Deserialize(recv, retCounter);
462 Deserialization::Deserialize(recv, retCode);
463 Deserialization::Deserialize(recv, rawBufferVector);
465 if ((counter != retCounter) || (static_cast<int>(command) != retCommand)) {
466 return CKM_API_ERROR_UNKNOWN;
469 if (retCode != CKM_API_SUCCESS) {
473 for (auto &e: rawBufferVector) {
474 CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
476 return CKM_API_ERROR_BAD_RESPONSE;
477 certificateChainVector.push_back(cert);
485 int ManagerImpl::getCertificateChain(
486 const CertificateShPtr &certificate,
487 const CertificateShPtrVector &untrustedCertificates,
488 CertificateShPtrVector &certificateChainVector)
490 SafeBufferVector rawBufferVector;
492 for (auto &e: untrustedCertificates) {
493 rawBufferVector.push_back(toSafeBuffer(e->getDER()));
497 LogicCommand::GET_CHAIN_CERT,
501 certificateChainVector);
504 int ManagerImpl::getCertificateChain(
505 const CertificateShPtr &certificate,
506 const AliasVector &untrustedCertificates,
507 CertificateShPtrVector &certificateChainVector)
510 LogicCommand::GET_CHAIN_ALIAS,
513 untrustedCertificates,
514 certificateChainVector);
517 int ManagerImpl::createSignature(
518 const Alias &privateKeyAlias,
519 const std::string &password, // password for private_key
520 const RawBuffer &message,
521 const HashAlgorithm hash,
522 const RSAPaddingAlgorithm padding,
523 RawBuffer &signature)
526 int my_counter = m_counter;
527 return try_catch([&] {
529 MessageBuffer send, recv;
530 Serialization::Serialize(send, static_cast<int>(LogicCommand::CREATE_SIGNATURE));
531 Serialization::Serialize(send, my_counter);
532 Serialization::Serialize(send, privateKeyAlias);
533 Serialization::Serialize(send, password);
534 Serialization::Serialize(send, toSafeBuffer(message));
535 Serialization::Serialize(send, static_cast<int>(hash));
536 Serialization::Serialize(send, static_cast<int>(padding));
538 int retCode = sendToServer(
539 SERVICE_SOCKET_CKM_STORAGE,
543 if (CKM_API_SUCCESS != retCode) {
551 Deserialization::Deserialize(recv, command);
552 Deserialization::Deserialize(recv, counter);
553 Deserialization::Deserialize(recv, retCode);
554 Deserialization::Deserialize(recv, safeData);
556 signature = toRawBuffer(safeData);
558 if ((command != static_cast<int>(LogicCommand::CREATE_SIGNATURE))
559 || (counter != my_counter))
561 return CKM_API_ERROR_UNKNOWN;
568 int ManagerImpl::verifySignature(
569 const Alias &publicKeyOrCertAlias,
570 const std::string &password, // password for public_key (optional)
571 const RawBuffer &message,
572 const RawBuffer &signature,
573 const HashAlgorithm hash,
574 const RSAPaddingAlgorithm padding)
577 int my_counter = m_counter;
578 return try_catch([&] {
580 MessageBuffer send, recv;
581 Serialization::Serialize(send, static_cast<int>(LogicCommand::VERIFY_SIGNATURE));
582 Serialization::Serialize(send, my_counter);
583 Serialization::Serialize(send, publicKeyOrCertAlias);
584 Serialization::Serialize(send, password);
585 Serialization::Serialize(send, toSafeBuffer(message));
586 Serialization::Serialize(send, toSafeBuffer(signature));
587 Serialization::Serialize(send, static_cast<int>(hash));
588 Serialization::Serialize(send, static_cast<int>(padding));
590 int retCode = sendToServer(
591 SERVICE_SOCKET_CKM_STORAGE,
595 if (CKM_API_SUCCESS != retCode) {
602 Deserialization::Deserialize(recv, command);
603 Deserialization::Deserialize(recv, counter);
604 Deserialization::Deserialize(recv, retCode);
606 if ((command != static_cast<int>(LogicCommand::VERIFY_SIGNATURE))
607 || (counter != my_counter))
609 return CKM_API_ERROR_UNKNOWN;
616 int ManagerImpl::ocspCheck(const CertificateShPtrVector &certChain, int &ocspStatus)
618 return try_catch([&] {
619 int my_counter = ++m_counter;
620 MessageBuffer send, recv;
622 SafeBufferVector rawCertChain;
623 for (auto &e: certChain) {
624 rawCertChain.push_back(toSafeBuffer(e->getDER()));
627 Serialization::Serialize(send, my_counter);
628 Serialization::Serialize(send, rawCertChain);
630 int retCode = sendToServer(
635 if (CKM_API_SUCCESS != retCode) {
641 Deserialization::Deserialize(recv, counter);
642 Deserialization::Deserialize(recv, retCode);
643 Deserialization::Deserialize(recv, ocspStatus);
645 if (my_counter != counter) {
646 return CKM_API_ERROR_UNKNOWN;
653 ManagerShPtr Manager::create() {
654 return ManagerShPtr(new ManagerImpl());