1 /* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License
16 * @file client-manager-impl.cpp
17 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
19 * @brief Manager implementation.
21 #include <openssl/evp.h>
23 #include <dpl/serialization.h>
24 #include <dpl/log/log.h>
26 #include <client-manager-impl.h>
27 #include <client-common.h>
28 #include <message-buffer.h>
29 #include <protocols.h>
31 #include <certificate-impl.h>
35 void clientInitialize(void) {
36 OpenSSL_add_all_ciphers();
37 OpenSSL_add_all_algorithms();
38 OpenSSL_add_all_digests();
41 } // namespace anonymous
45 bool ManagerImpl::s_isInit = false;
47 ManagerImpl::ManagerImpl()
48 : m_counter(0), m_storageConnection(SERVICE_SOCKET_CKM_STORAGE), m_ocspConnection(SERVICE_SOCKET_OCSP)
50 // TODO secure with mutex
58 int ManagerImpl::saveBinaryData(
61 const RawBuffer &rawData,
66 return try_catch([&] {
67 if (alias.empty() || rawData.empty())
68 return CKM_API_ERROR_INPUT_PARAM;
71 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SAVE),
73 static_cast<int>(dataType),
76 PolicySerializable(policy));
78 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
79 if (CKM_API_SUCCESS != retCode)
85 recv.Deserialize(command, counter, retCode, opType);
87 if (counter != m_counter) {
88 return CKM_API_ERROR_UNKNOWN;
95 int ManagerImpl::saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) {
96 if (key.get() == NULL)
97 return CKM_API_ERROR_INPUT_PARAM;
98 return saveBinaryData(alias, toDBDataType(key->getType()), key->getDER(), policy);
101 int ManagerImpl::saveCertificate(
103 const CertificateShPtr &cert,
104 const Policy &policy)
106 if (cert.get() == NULL)
107 return CKM_API_ERROR_INPUT_PARAM;
108 return saveBinaryData(alias, DBDataType::CERTIFICATE, cert->getDER(), policy);
111 int ManagerImpl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy) {
112 if (!policy.extractable)
113 return CKM_API_ERROR_INPUT_PARAM;
114 return saveBinaryData(alias, DBDataType::BINARY_DATA, rawData, policy);
117 int ManagerImpl::removeBinaryData(const Alias &alias, DBDataType dataType)
119 return try_catch([&] {
121 return CKM_API_ERROR_INPUT_PARAM;
124 AliasSupport helper(alias);
125 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::REMOVE),
127 static_cast<int>(dataType),
131 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
132 if (CKM_API_SUCCESS != retCode)
138 recv.Deserialize(command, counter, retCode, opType);
140 if (counter != m_counter) {
141 return CKM_API_ERROR_UNKNOWN;
148 int ManagerImpl::removeKey(const Alias &alias) {
149 return removeBinaryData(alias, DBDataType::KEY_RSA_PUBLIC);
152 int ManagerImpl::removeCertificate(const Alias &alias) {
153 return removeBinaryData(alias, DBDataType::CERTIFICATE);
156 int ManagerImpl::removeData(const Alias &alias) {
157 return removeBinaryData(alias, DBDataType::BINARY_DATA);
160 int ManagerImpl::getBinaryData(
162 DBDataType sendDataType,
163 const Password &password,
164 DBDataType &recvDataType,
167 return try_catch([&] {
169 return CKM_API_ERROR_INPUT_PARAM;
172 AliasSupport helper(alias);
173 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET),
175 static_cast<int>(sendDataType),
180 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
181 if (CKM_API_SUCCESS != retCode)
187 recv.Deserialize(command, counter, retCode, tmpDataType, rawData);
188 recvDataType = static_cast<DBDataType>(tmpDataType);
190 if (counter != m_counter) {
191 return CKM_API_ERROR_UNKNOWN;
198 int ManagerImpl::getKey(const Alias &alias, const Password &password, KeyShPtr &key) {
199 DBDataType recvDataType;
202 int retCode = getBinaryData(
204 DBDataType::KEY_RSA_PUBLIC,
209 if (retCode != CKM_API_SUCCESS)
212 KeyShPtr keyParsed(new KeyImpl(rawData));
214 if (keyParsed->empty()) {
215 LogDebug("Key empty - failed to parse!");
216 return CKM_API_ERROR_BAD_RESPONSE;
221 return CKM_API_SUCCESS;
224 int ManagerImpl::getCertificate(const Alias &alias, const Password &password, CertificateShPtr &cert)
226 DBDataType recvDataType;
229 int retCode = getBinaryData(
231 DBDataType::CERTIFICATE,
236 if (retCode != CKM_API_SUCCESS)
239 if (recvDataType != DBDataType::CERTIFICATE)
240 return CKM_API_ERROR_BAD_RESPONSE;
242 CertificateShPtr certParsed(new CertificateImpl(rawData, DataFormat::FORM_DER));
244 if (certParsed->empty())
245 return CKM_API_ERROR_BAD_RESPONSE;
249 return CKM_API_SUCCESS;
252 int ManagerImpl::getData(const Alias &alias, const Password &password, RawBuffer &rawData)
254 DBDataType recvDataType;
256 int retCode = getBinaryData(
258 DBDataType::BINARY_DATA,
263 if (retCode != CKM_API_SUCCESS)
266 if (recvDataType != DBDataType::BINARY_DATA)
267 return CKM_API_ERROR_BAD_RESPONSE;
269 return CKM_API_SUCCESS;
272 int ManagerImpl::getBinaryDataAliasVector(DBDataType dataType, AliasVector &aliasVector)
274 return try_catch([&] {
277 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_LIST),
279 static_cast<int>(dataType));
281 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
282 if (CKM_API_SUCCESS != retCode)
288 LabelNameVector labelNameVector;
289 recv.Deserialize(command, counter, retCode, tmpDataType, labelNameVector);
290 if ((command != static_cast<int>(LogicCommand::GET_LIST)) || (counter != m_counter)) {
291 return CKM_API_ERROR_UNKNOWN;
294 for(const auto &it : labelNameVector)
295 aliasVector.push_back( AliasSupport::merge(it.first, it.second) );
301 int ManagerImpl::getKeyAliasVector(AliasVector &aliasVector) {
302 // in fact datatype has no meaning here - if not certificate or binary data
303 // then manager decides to list all between DB_KEY_FIRST and DB_KEY_LAST
304 return getBinaryDataAliasVector(DBDataType::DB_KEY_LAST, aliasVector);
307 int ManagerImpl::getCertificateAliasVector(AliasVector &aliasVector) {
308 return getBinaryDataAliasVector(DBDataType::CERTIFICATE, aliasVector);
311 int ManagerImpl::getDataAliasVector(AliasVector &aliasVector) {
312 return getBinaryDataAliasVector(DBDataType::BINARY_DATA, aliasVector);
315 int ManagerImpl::createKeyPairRSA(
317 const Alias &privateKeyAlias,
318 const Alias &publicKeyAlias,
319 const Policy &policyPrivateKey,
320 const Policy &policyPublicKey)
322 return this->createKeyPair(CKM::KeyType::KEY_RSA_PUBLIC, size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
325 int ManagerImpl::createKeyPairDSA(
327 const Alias &privateKeyAlias,
328 const Alias &publicKeyAlias,
329 const Policy &policyPrivateKey,
330 const Policy &policyPublicKey)
332 return this->createKeyPair(CKM::KeyType::KEY_DSA_PUBLIC, size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
335 int ManagerImpl::createKeyPairECDSA(
337 const Alias &privateKeyAlias,
338 const Alias &publicKeyAlias,
339 const Policy &policyPrivateKey,
340 const Policy &policyPublicKey)
342 return this->createKeyPair(CKM::KeyType::KEY_ECDSA_PUBLIC, static_cast<int>(type), privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
345 int ManagerImpl::createKeyPair(
346 const KeyType key_type,
347 const int additional_param,
348 const Alias &privateKeyAlias,
349 const Alias &publicKeyAlias,
350 const Policy &policyPrivateKey,
351 const Policy &policyPublicKey)
354 LogicCommand cmd_type;
357 case KeyType::KEY_RSA_PUBLIC:
358 case KeyType::KEY_RSA_PRIVATE:
359 cmd_type = LogicCommand::CREATE_KEY_PAIR_RSA;
362 case KeyType::KEY_DSA_PUBLIC:
363 case KeyType::KEY_DSA_PRIVATE:
364 cmd_type = LogicCommand::CREATE_KEY_PAIR_DSA;
367 case KeyType::KEY_ECDSA_PUBLIC:
368 case KeyType::KEY_ECDSA_PRIVATE:
369 cmd_type = LogicCommand::CREATE_KEY_PAIR_ECDSA;
373 return CKM_API_ERROR_INPUT_PARAM;
376 // proceed with sending request
378 int my_counter = m_counter;
379 return try_catch([&] {
382 auto send = MessageBuffer::Serialize(static_cast<int>(cmd_type),
384 static_cast<int>(additional_param),
385 PolicySerializable(policyPrivateKey),
386 PolicySerializable(policyPublicKey),
390 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
391 if (CKM_API_SUCCESS != retCode)
396 recv.Deserialize(command, counter, retCode);
397 if (counter != my_counter) {
398 return CKM_API_ERROR_UNKNOWN;
408 LogicCommand command,
410 const CertificateShPtr &certificate,
412 CertificateShPtrVector &certificateChainVector,
413 ServiceConnection & service_connection)
415 return try_catch([&] {
418 auto send = MessageBuffer::Serialize(static_cast<int>(command),
420 certificate->getDER(),
423 int retCode = service_connection.processRequest(send.Pop(), recv);
424 if (CKM_API_SUCCESS != retCode)
429 RawBufferVector rawBufferVector;
430 recv.Deserialize(retCommand, retCounter, retCode, rawBufferVector);
432 if ((counter != retCounter) || (static_cast<int>(command) != retCommand)) {
433 return CKM_API_ERROR_UNKNOWN;
436 if (retCode != CKM_API_SUCCESS) {
440 for (auto &e: rawBufferVector) {
441 CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
443 return CKM_API_ERROR_BAD_RESPONSE;
444 certificateChainVector.push_back(cert);
452 int ManagerImpl::getCertificateChain(
453 const CertificateShPtr &certificate,
454 const CertificateShPtrVector &untrustedCertificates,
455 CertificateShPtrVector &certificateChainVector)
457 RawBufferVector rawBufferVector;
459 for (auto &e: untrustedCertificates) {
460 rawBufferVector.push_back(e->getDER());
464 LogicCommand::GET_CHAIN_CERT,
468 certificateChainVector,
469 m_storageConnection);
472 int ManagerImpl::getCertificateChain(
473 const CertificateShPtr &certificate,
474 const AliasVector &untrustedCertificates,
475 CertificateShPtrVector &certificateChainVector)
477 LabelNameVector untrusted_certs;
478 for (auto &e: untrustedCertificates) {
479 AliasSupport helper(e);
480 untrusted_certs.push_back(std::make_pair(helper.getLabel(), helper.getName()));
484 LogicCommand::GET_CHAIN_ALIAS,
488 certificateChainVector,
489 m_storageConnection);
492 int ManagerImpl::createSignature(
493 const Alias &privateKeyAlias,
494 const Password &password, // password for private_key
495 const RawBuffer &message,
496 const HashAlgorithm hash,
497 const RSAPaddingAlgorithm padding,
498 RawBuffer &signature)
501 int my_counter = m_counter;
502 return try_catch([&] {
505 AliasSupport helper(privateKeyAlias);
506 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_SIGNATURE),
512 static_cast<int>(hash),
513 static_cast<int>(padding));
515 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
516 if (CKM_API_SUCCESS != retCode)
521 recv.Deserialize(command, counter, retCode, signature);
523 if ((command != static_cast<int>(LogicCommand::CREATE_SIGNATURE))
524 || (counter != my_counter))
526 return CKM_API_ERROR_UNKNOWN;
533 int ManagerImpl::verifySignature(
534 const Alias &publicKeyOrCertAlias,
535 const Password &password, // password for public_key (optional)
536 const RawBuffer &message,
537 const RawBuffer &signature,
538 const HashAlgorithm hash,
539 const RSAPaddingAlgorithm padding)
542 int my_counter = m_counter;
543 return try_catch([&] {
546 AliasSupport helper(publicKeyOrCertAlias);
547 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::VERIFY_SIGNATURE),
554 static_cast<int>(hash),
555 static_cast<int>(padding));
557 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
558 if (CKM_API_SUCCESS != retCode)
563 recv.Deserialize(command, counter, retCode);
565 if ((command != static_cast<int>(LogicCommand::VERIFY_SIGNATURE))
566 || (counter != my_counter))
568 return CKM_API_ERROR_UNKNOWN;
575 int ManagerImpl::ocspCheck(const CertificateShPtrVector &certChain, int &ocspStatus)
577 return try_catch([&] {
578 int my_counter = ++m_counter;
581 RawBufferVector rawCertChain;
582 for (auto &e: certChain) {
583 rawCertChain.push_back(e->getDER());
586 auto send = MessageBuffer::Serialize(my_counter, rawCertChain);
588 int retCode = m_ocspConnection.processRequest(send.Pop(), recv);
589 if (CKM_API_SUCCESS != retCode)
593 recv.Deserialize(counter, retCode, ocspStatus);
595 if (my_counter != counter) {
596 return CKM_API_ERROR_UNKNOWN;
603 int ManagerImpl::allowAccess(const Alias &alias,
604 const Label &accessor,
608 int my_counter = m_counter;
609 return try_catch([&] {
611 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::ALLOW_ACCESS),
615 static_cast<int>(granted));
617 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
618 if (CKM_API_SUCCESS != retCode)
623 recv.Deserialize(command, counter, retCode);
625 if (my_counter != counter) {
626 return CKM_API_ERROR_UNKNOWN;
633 int ManagerImpl::denyAccess(const Alias &alias, const Label &accessor)
636 int my_counter = m_counter;
637 return try_catch([&] {
639 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::DENY_ACCESS),
644 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
645 if (CKM_API_SUCCESS != retCode)
650 recv.Deserialize(command, counter, retCode);
652 if (my_counter != counter) {
653 return CKM_API_ERROR_UNKNOWN;
660 ManagerShPtr Manager::create() {
662 return std::make_shared<ManagerImpl>();
663 } catch (const std::bad_alloc &) {
664 LogDebug("Bad alloc was caught during ManagerImpl creation.");
666 LogError("Critical error: Unknown exception was caught during ManagerImpl creation!");
668 return ManagerShPtr();
projects / platform / core / security / key-manager.git / blob