1 /* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License
16 * @file client-manager-impl.cpp
17 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
19 * @brief Manager implementation.
21 #include <openssl/evp.h>
23 #include <dpl/serialization.h>
24 #include <dpl/log/log.h>
26 #include <client-manager-impl.h>
27 #include <client-common.h>
28 #include <message-buffer.h>
29 #include <protocols.h>
34 void clientInitialize(void) {
35 OpenSSL_add_all_ciphers();
36 OpenSSL_add_all_algorithms();
37 OpenSSL_add_all_digests();
40 } // namespace anonymous
44 bool Manager::ManagerImpl::s_isInit = false;
46 Manager::ManagerImpl::ManagerImpl()
49 // TODO secure with mutex
58 int Manager::ManagerImpl::saveBinaryData(
61 const RawBuffer &rawData,
66 return try_catch([&] {
67 if (alias.empty() || rawData.empty())
68 return CKM_API_ERROR_INPUT_PARAM;
70 MessageBuffer send, recv;
71 Serialization::Serialize(send, static_cast<int>(LogicCommand::SAVE));
72 Serialization::Serialize(send, m_counter);
73 Serialization::Serialize(send, static_cast<int>(dataType));
74 Serialization::Serialize(send, alias);
75 Serialization::Serialize(send, rawData);
76 Serialization::Serialize(send, PolicySerializable(policy));
78 int retCode = sendToServer(
79 SERVICE_SOCKET_CKM_STORAGE,
83 if (CKM_API_SUCCESS != retCode) {
90 Deserialization::Deserialize(recv, command);
91 Deserialization::Deserialize(recv, counter);
92 Deserialization::Deserialize(recv, retCode);
93 Deserialization::Deserialize(recv, opType);
95 if (counter != m_counter) {
96 return CKM_API_ERROR_UNKNOWN;
103 int Manager::ManagerImpl::saveKey(const Alias &alias, const Key &key, const Policy &policy) {
105 return CKM_API_ERROR_INPUT_PARAM;
106 return saveBinaryData(alias, toDBDataType(key.getType()), key.getDER(), policy);
109 int Manager::ManagerImpl::saveCertificate(
111 const Certificate &cert,
112 const Policy &policy)
114 return saveBinaryData(alias, DBDataType::CERTIFICATE, cert.getDER(), policy);
117 int Manager::ManagerImpl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy) {
118 if (!policy.extractable)
119 return CKM_API_ERROR_INPUT_PARAM;
120 return saveBinaryData(alias, DBDataType::BINARY_DATA, rawData, policy);
123 int Manager::ManagerImpl::removeBinaryData(const Alias &alias, DBDataType dataType)
125 return try_catch([&] {
127 return CKM_API_ERROR_INPUT_PARAM;
129 MessageBuffer send, recv;
130 Serialization::Serialize(send, static_cast<int>(LogicCommand::REMOVE));
131 Serialization::Serialize(send, m_counter);
132 Serialization::Serialize(send, static_cast<int>(dataType));
133 Serialization::Serialize(send, alias);
135 int retCode = sendToServer(
136 SERVICE_SOCKET_CKM_STORAGE,
140 if (CKM_API_SUCCESS != retCode) {
147 Deserialization::Deserialize(recv, command);
148 Deserialization::Deserialize(recv, counter);
149 Deserialization::Deserialize(recv, retCode);
150 Deserialization::Deserialize(recv, opType);
152 if (counter != m_counter) {
153 return CKM_API_ERROR_UNKNOWN;
160 int Manager::ManagerImpl::removeKey(const Alias &alias) {
161 return removeBinaryData(alias, DBDataType::KEY_RSA_PUBLIC);
164 int Manager::ManagerImpl::removeCertificate(const Alias &alias) {
165 return removeBinaryData(alias, DBDataType::CERTIFICATE);
168 int Manager::ManagerImpl::removeData(const Alias &alias) {
169 return removeBinaryData(alias, DBDataType::BINARY_DATA);
172 int Manager::ManagerImpl::getBinaryData(
174 DBDataType sendDataType,
175 const std::string &password,
176 DBDataType &recvDataType,
179 return try_catch([&] {
181 return CKM_API_ERROR_INPUT_PARAM;
183 MessageBuffer send, recv;
184 Serialization::Serialize(send, static_cast<int>(LogicCommand::GET));
185 Serialization::Serialize(send, m_counter);
186 Serialization::Serialize(send, static_cast<int>(sendDataType));
187 Serialization::Serialize(send, alias);
188 Serialization::Serialize(send, password);
190 int retCode = sendToServer(
191 SERVICE_SOCKET_CKM_STORAGE,
195 if (CKM_API_SUCCESS != retCode) {
202 Deserialization::Deserialize(recv, command);
203 Deserialization::Deserialize(recv, counter);
204 Deserialization::Deserialize(recv, retCode);
205 Deserialization::Deserialize(recv, tmpDataType);
206 Deserialization::Deserialize(recv, rawData);
207 recvDataType = static_cast<DBDataType>(tmpDataType);
209 if (counter != m_counter) {
210 return CKM_API_ERROR_UNKNOWN;
217 int Manager::ManagerImpl::getKey(const Alias &alias, const std::string &password, Key &key) {
218 DBDataType recvDataType;
221 int retCode = getBinaryData(
223 DBDataType::KEY_RSA_PUBLIC,
228 if (retCode != CKM_API_SUCCESS)
231 Key keyParsed(rawData);
233 if (keyParsed.empty()) {
234 LogDebug("Key empty - failed to parse!");
235 return CKM_API_ERROR_BAD_RESPONSE;
240 return CKM_API_SUCCESS;
243 int Manager::ManagerImpl::getCertificate(const Alias &alias, const std::string &password, Certificate &cert)
245 DBDataType recvDataType;
248 int retCode = getBinaryData(
250 DBDataType::CERTIFICATE,
255 if (retCode != CKM_API_SUCCESS)
258 if (recvDataType != DBDataType::CERTIFICATE)
259 return CKM_API_ERROR_BAD_RESPONSE;
261 Certificate certParsed(rawData, DataFormat::FORM_DER);
263 if (certParsed.empty())
264 return CKM_API_ERROR_BAD_RESPONSE;
268 return CKM_API_SUCCESS;
271 int Manager::ManagerImpl::getData(const Alias &alias, const std::string &password, RawBuffer &rawData)
273 DBDataType recvDataType;
275 int retCode = getBinaryData(
277 DBDataType::BINARY_DATA,
282 if (retCode != CKM_API_SUCCESS)
285 if (recvDataType != DBDataType::BINARY_DATA)
286 return CKM_API_ERROR_BAD_RESPONSE;
288 return CKM_API_SUCCESS;
291 int Manager::ManagerImpl::getBinaryDataAliasVector(DBDataType dataType, AliasVector &aliasVector)
293 return try_catch([&] {
295 MessageBuffer send, recv;
296 Serialization::Serialize(send, static_cast<int>(LogicCommand::GET_LIST));
297 Serialization::Serialize(send, m_counter);
298 Serialization::Serialize(send, static_cast<int>(dataType));
300 int retCode = sendToServer(
301 SERVICE_SOCKET_CKM_STORAGE,
305 if (CKM_API_SUCCESS != retCode) {
313 Deserialization::Deserialize(recv, command);
314 Deserialization::Deserialize(recv, counter);
315 Deserialization::Deserialize(recv, retCode);
316 Deserialization::Deserialize(recv, tmpDataType);
317 Deserialization::Deserialize(recv, aliasVector);
318 if ((command != static_cast<int>(LogicCommand::GET_LIST)) || (counter != m_counter)) {
319 return CKM_API_ERROR_UNKNOWN;
326 int Manager::ManagerImpl::getKeyAliasVector(AliasVector &aliasVector) {
327 return getBinaryDataAliasVector(DBDataType::KEY_RSA_PUBLIC, aliasVector);
330 int Manager::ManagerImpl::getCertificateAliasVector(AliasVector &aliasVector) {
331 return getBinaryDataAliasVector(DBDataType::CERTIFICATE, aliasVector);
334 int Manager::ManagerImpl::getDataAliasVector(AliasVector &aliasVector) {
335 return getBinaryDataAliasVector(DBDataType::BINARY_DATA, aliasVector);
338 int Manager::ManagerImpl::createKeyPairRSA(
339 const int size, // size in bits [1024, 2048, 4096]
340 const Alias &privateKeyAlias,
341 const Alias &publicKeyAlias,
342 const Policy &policyPrivateKey,
343 const Policy &policyPublicKey)
346 int my_counter = m_counter;
347 return try_catch([&] {
349 MessageBuffer send, recv;
350 Serialization::Serialize(send, static_cast<int>(LogicCommand::CREATE_KEY_PAIR_RSA));
351 Serialization::Serialize(send, my_counter);
352 Serialization::Serialize(send, static_cast<int>(size));
353 Serialization::Serialize(send, PolicySerializable(policyPrivateKey));
354 Serialization::Serialize(send, PolicySerializable(policyPublicKey));
355 Serialization::Serialize(send, privateKeyAlias);
356 Serialization::Serialize(send, publicKeyAlias);
358 int retCode = sendToServer(
359 SERVICE_SOCKET_CKM_STORAGE,
363 if (CKM_API_SUCCESS != retCode) {
370 Deserialization::Deserialize(recv, command);
371 Deserialization::Deserialize(recv, counter);
372 Deserialization::Deserialize(recv, retCode);
373 if (counter != my_counter) {
374 return CKM_API_ERROR_UNKNOWN;
381 int Manager::ManagerImpl::createKeyPairECDSA(
383 const Alias &privateKeyAlias,
384 const Alias &publicKeyAlias,
385 const Policy &policyPrivateKey,
386 const Policy &policyPublicKey)
389 int my_counter = m_counter;
390 return try_catch([&] {
392 MessageBuffer send, recv;
393 Serialization::Serialize(send, static_cast<int>(LogicCommand::CREATE_KEY_PAIR_ECDSA));
394 Serialization::Serialize(send, my_counter);
395 Serialization::Serialize(send, static_cast<unsigned int>(type));
396 Serialization::Serialize(send, PolicySerializable(policyPrivateKey));
397 Serialization::Serialize(send, PolicySerializable(policyPublicKey));
398 Serialization::Serialize(send, privateKeyAlias);
399 Serialization::Serialize(send, publicKeyAlias);
401 int retCode = sendToServer(
402 SERVICE_SOCKET_CKM_STORAGE,
406 if (CKM_API_SUCCESS != retCode) {
413 Deserialization::Deserialize(recv, command);
414 Deserialization::Deserialize(recv, counter);
415 Deserialization::Deserialize(recv, retCode);
417 if (counter != my_counter) {
418 return CKM_API_ERROR_UNKNOWN;
427 LogicCommand command,
429 const Certificate &certificate,
431 CertificateVector &certificateChainVector)
433 return try_catch([&] {
435 MessageBuffer send, recv;
436 Serialization::Serialize(send, static_cast<int>(command));
437 Serialization::Serialize(send, counter);
438 Serialization::Serialize(send, certificate.getDER());
439 Serialization::Serialize(send, sendData);
440 int retCode = sendToServer(
441 SERVICE_SOCKET_CKM_STORAGE,
445 if (CKM_API_SUCCESS != retCode) {
451 RawBufferVector rawBufferVector;
453 Deserialization::Deserialize(recv, retCommand);
454 Deserialization::Deserialize(recv, retCounter);
455 Deserialization::Deserialize(recv, retCode);
456 Deserialization::Deserialize(recv, rawBufferVector);
458 if ((counter != retCounter) || (static_cast<int>(command) != retCommand)) {
459 return CKM_API_ERROR_UNKNOWN;
462 if (retCode != CKM_API_SUCCESS) {
466 for (auto &e: rawBufferVector)
467 certificateChainVector.push_back(Certificate(e, DataFormat::FORM_DER));
474 int Manager::ManagerImpl::getCertificateChain(
475 const Certificate &certificate,
476 const CertificateVector &untrustedCertificates,
477 CertificateVector &certificateChainVector)
479 RawBufferVector rawBufferVector;
481 for (auto &e: untrustedCertificates) {
482 rawBufferVector.push_back(e.getDER());
486 LogicCommand::GET_CHAIN_CERT,
490 certificateChainVector);
493 int Manager::ManagerImpl::getCertificateChain(
494 const Certificate &certificate,
495 const AliasVector &untrustedCertificates,
496 CertificateVector &certificateChainVector)
499 LogicCommand::GET_CHAIN_ALIAS,
502 untrustedCertificates,
503 certificateChainVector);
506 int Manager::ManagerImpl::createSignature(
507 const Alias &privateKeyAlias,
508 const std::string &password, // password for private_key
509 const RawBuffer &message,
510 const HashAlgorithm hash,
511 const RSAPaddingAlgorithm padding,
512 RawBuffer &signature)
515 int my_counter = m_counter;
516 return try_catch([&] {
518 MessageBuffer send, recv;
519 Serialization::Serialize(send, static_cast<int>(LogicCommand::CREATE_SIGNATURE));
520 Serialization::Serialize(send, my_counter);
521 Serialization::Serialize(send, privateKeyAlias);
522 Serialization::Serialize(send, password);
523 Serialization::Serialize(send, message);
524 Serialization::Serialize(send, static_cast<int>(hash));
525 Serialization::Serialize(send, static_cast<int>(padding));
527 int retCode = sendToServer(
528 SERVICE_SOCKET_CKM_STORAGE,
532 if (CKM_API_SUCCESS != retCode) {
539 Deserialization::Deserialize(recv, command);
540 Deserialization::Deserialize(recv, counter);
541 Deserialization::Deserialize(recv, retCode);
542 Deserialization::Deserialize(recv, signature);
544 if ((command != static_cast<int>(LogicCommand::CREATE_SIGNATURE))
545 || (counter != my_counter))
547 return CKM_API_ERROR_UNKNOWN;
554 int Manager::ManagerImpl::verifySignature(
555 const Alias &publicKeyOrCertAlias,
556 const std::string &password, // password for public_key (optional)
557 const RawBuffer &message,
558 const RawBuffer &signature,
559 const HashAlgorithm hash,
560 const RSAPaddingAlgorithm padding)
563 int my_counter = m_counter;
564 return try_catch([&] {
566 MessageBuffer send, recv;
567 Serialization::Serialize(send, static_cast<int>(LogicCommand::VERIFY_SIGNATURE));
568 Serialization::Serialize(send, my_counter);
569 Serialization::Serialize(send, publicKeyOrCertAlias);
570 Serialization::Serialize(send, password);
571 Serialization::Serialize(send, message);
572 Serialization::Serialize(send, signature);
573 Serialization::Serialize(send, static_cast<int>(hash));
574 Serialization::Serialize(send, static_cast<int>(padding));
576 int retCode = sendToServer(
577 SERVICE_SOCKET_CKM_STORAGE,
581 if (CKM_API_SUCCESS != retCode) {
588 Deserialization::Deserialize(recv, command);
589 Deserialization::Deserialize(recv, counter);
590 Deserialization::Deserialize(recv, retCode);
592 if ((command != static_cast<int>(LogicCommand::VERIFY_SIGNATURE))
593 || (counter != my_counter))
595 return CKM_API_ERROR_UNKNOWN;