1 /* Copyright (c) 2014 - 2020 Samsung Electronics Co., Ltd All Rights Reserved
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License
16 * @file client-manager-impl.cpp
17 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
19 * @brief Manager implementation.
21 #include <openssl/evp.h>
23 #include <dpl/serialization.h>
24 #include <dpl/log/log.h>
26 #include <crypto-init.h>
27 #include <client-manager-impl.h>
28 #include <client-common.h>
29 #include <exception.h>
30 #include <message-buffer.h>
31 #include <protocols.h>
33 #include <key-aes-impl.h>
34 #include <certificate-impl.h>
41 ServiceConnection &serviceConnection,
44 const CertificateShPtr &certificate,
45 const T &untrustedVector,
46 const T &trustedVector,
47 bool useTrustedSystemCertificates,
48 CertificateShPtrVector &certificateChainVector)
50 EXCEPTION_GUARD_START_CPPAPI
53 auto send = MessageBuffer::Serialize(static_cast<int>(command),
55 certificate->getDER(),
58 useTrustedSystemCertificates);
60 int retCode = serviceConnection.processRequest(send.Pop(), recv);
62 if (CKM_API_SUCCESS != retCode)
66 RawBufferVector rawBufferVector;
67 recv.Deserialize(retMsgId, retCode, rawBufferVector);
69 if (msgId != retMsgId)
70 return CKM_API_ERROR_UNKNOWN;
72 if (retCode != CKM_API_SUCCESS)
75 for (auto &e : rawBufferVector) {
76 CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
79 return CKM_API_ERROR_BAD_RESPONSE;
81 certificateChainVector.push_back(cert);
89 } // namespace anonymous
93 m_storageConnection(SERVICE_SOCKET_CKM_STORAGE),
94 m_ocspConnection(SERVICE_SOCKET_OCSP),
95 m_encryptionConnection(SERVICE_SOCKET_ENCRYPTION)
101 int Manager::Impl::saveBinaryData(
104 const RawBuffer &rawData,
105 const Policy &policy)
107 int msgId = ++m_counter;
109 EXCEPTION_GUARD_START_CPPAPI
111 if (alias.empty() || rawData.empty())
112 return CKM_API_ERROR_INPUT_PARAM;
115 AliasSupport helper(alias);
116 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SAVE),
122 PolicySerializable(policy));
124 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
126 if (CKM_API_SUCCESS != retCode)
131 recv.Deserialize(retMsgId, retCode, opType);
133 if (retMsgId != msgId)
134 return CKM_API_ERROR_UNKNOWN;
141 int Manager::Impl::saveKey(const Alias &alias, const KeyShPtr &key,
142 const Policy &policy)
144 if (key.get() == NULL || key->empty())
145 return CKM_API_ERROR_INPUT_PARAM;
148 return saveBinaryData(alias, DataType(key->getType()), key->getDER(), policy);
149 } catch (const Exc::Exception &e) {
150 LogError("Exception: " << e.what());
155 int Manager::Impl::saveCertificate(
157 const CertificateShPtr &cert,
158 const Policy &policy)
160 if (cert.get() == NULL || cert->empty())
161 return CKM_API_ERROR_INPUT_PARAM;
163 return saveBinaryData(alias, DataType::CERTIFICATE, cert->getDER(), policy);
166 int Manager::Impl::saveData(const Alias &alias, const RawBuffer &rawData,
167 const Policy &policy)
169 if (!policy.extractable)
170 return CKM_API_ERROR_INPUT_PARAM;
172 return saveBinaryData(alias, DataType::BINARY_DATA, rawData, policy);
176 int Manager::Impl::savePKCS12(
178 const PKCS12ShPtr &pkcs,
179 const Policy &keyPolicy,
180 const Policy &certPolicy)
182 if (alias.empty() || pkcs.get() == NULL)
183 return CKM_API_ERROR_INPUT_PARAM;
185 int msgId = ++m_counter;
187 EXCEPTION_GUARD_START_CPPAPI
190 AliasSupport helper(alias);
191 auto send = MessageBuffer::Serialize(static_cast<int>
192 (LogicCommand::SAVE_PKCS12),
196 PKCS12Serializable(*pkcs.get()),
197 PolicySerializable(keyPolicy),
198 PolicySerializable(certPolicy));
200 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
202 if (CKM_API_SUCCESS != retCode)
206 recv.Deserialize(retMsgId, retCode);
208 if (retMsgId != msgId)
209 return CKM_API_ERROR_UNKNOWN;
216 int Manager::Impl::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs)
218 return getPKCS12(alias, Password(), Password(), pkcs);
221 int Manager::Impl::getPKCS12(const Alias &alias, const Password &keyPass,
222 const Password &certPass, PKCS12ShPtr &pkcs)
225 return CKM_API_ERROR_INPUT_PARAM;
227 int msgId = ++m_counter;
229 EXCEPTION_GUARD_START_CPPAPI
232 AliasSupport helper(alias);
233 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_PKCS12),
240 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
242 if (CKM_API_SUCCESS != retCode)
246 PKCS12Serializable gotPkcs;
247 recv.Deserialize(retMsgId, retCode, gotPkcs);
249 if (retMsgId != msgId)
250 return CKM_API_ERROR_UNKNOWN;
252 pkcs = std::make_shared<PKCS12Impl>(std::move(gotPkcs));
260 int Manager::Impl::removeAlias(const Alias &alias)
263 return CKM_API_ERROR_INPUT_PARAM;
265 int msgId = ++m_counter;
267 EXCEPTION_GUARD_START_CPPAPI
270 AliasSupport helper(alias);
271 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::REMOVE),
276 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
278 if (CKM_API_SUCCESS != retCode)
282 recv.Deserialize(retMsgId, retCode);
284 if (retMsgId != msgId)
285 return CKM_API_ERROR_UNKNOWN;
292 int Manager::Impl::getBinaryData(
294 DataType sendDataType,
295 const Password &password,
296 DataType &recvDataType,
300 return CKM_API_ERROR_INPUT_PARAM;
302 int msgId = ++m_counter;
304 EXCEPTION_GUARD_START_CPPAPI
307 AliasSupport helper(alias);
308 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET),
315 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
317 if (CKM_API_SUCCESS != retCode)
321 recv.Deserialize(retMsgId, retCode, recvDataType, rawData);
323 if (retMsgId != msgId)
324 return CKM_API_ERROR_UNKNOWN;
331 int Manager::Impl::getBinaryDataEncryptionStatus(const DataType sendDataType,
332 const Alias &alias, bool &status)
336 return CKM_API_ERROR_INPUT_PARAM;
338 int msgId = ++m_counter;
340 EXCEPTION_GUARD_START_CPPAPI
343 AliasSupport helper(alias);
344 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_PROTECTION_STATUS),
350 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
352 if (CKM_API_SUCCESS != retCode)
356 DataType tmpDataType;
357 bool passwordProtectionStatus;
358 recv.Deserialize(retMsgId, retCode, tmpDataType, passwordProtectionStatus);
360 if (retMsgId != msgId)
361 return CKM_API_ERROR_UNKNOWN;
363 if (retCode != CKM_API_SUCCESS) {
366 status = passwordProtectionStatus;
367 return CKM_API_SUCCESS;
372 int Manager::Impl::getKey(const Alias &alias, const Password &password,
375 DataType recvDataType;
378 int retCode = getBinaryData(
380 DataType::KEY_RSA_PUBLIC,
385 if (retCode != CKM_API_SUCCESS)
390 if (recvDataType.isSKey())
391 keyParsed = KeyShPtr(new KeyAESImpl(rawData));
393 keyParsed = KeyShPtr(new KeyImpl(rawData));
395 if (keyParsed->empty()) {
396 LogDebug("Key empty - failed to parse!");
397 return CKM_API_ERROR_BAD_RESPONSE;
402 return CKM_API_SUCCESS;
405 int Manager::Impl::getCertificate(const Alias &alias, const Password &password,
406 CertificateShPtr &cert)
408 DataType recvDataType;
411 int retCode = getBinaryData(
413 DataType::CERTIFICATE,
418 if (retCode != CKM_API_SUCCESS)
421 if (!recvDataType.isCertificate())
422 return CKM_API_ERROR_BAD_RESPONSE;
424 CertificateShPtr certParsed(new CertificateImpl(rawData, DataFormat::FORM_DER));
426 if (certParsed->empty())
427 return CKM_API_ERROR_BAD_RESPONSE;
431 return CKM_API_SUCCESS;
434 int Manager::Impl::getData(const Alias &alias, const Password &password,
437 DataType recvDataType = DataType::BINARY_DATA;
439 int retCode = getBinaryData(
441 DataType::BINARY_DATA,
446 if (retCode != CKM_API_SUCCESS)
449 if (!recvDataType.isBinaryData())
450 return CKM_API_ERROR_BAD_RESPONSE;
452 return CKM_API_SUCCESS;
455 int Manager::Impl::getBinaryDataAliasVectorHelper(DataType dataType,
456 OwnerNameVector &ownerNameVector)
458 int msgId = ++m_counter;
461 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_LIST),
465 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
467 if (retCode != CKM_API_SUCCESS)
471 DataType tmpDataType;
472 recv.Deserialize(retMsgId, retCode, tmpDataType, ownerNameVector);
474 if (retMsgId != msgId)
475 return CKM_API_ERROR_UNKNOWN;
477 return CKM_API_SUCCESS;
480 int Manager::Impl::getBinaryDataAliasVector(DataType dataType,
481 AliasVector &aliasVector)
483 EXCEPTION_GUARD_START_CPPAPI
484 OwnerNameVector ownerNameVector;
485 int retCode = getBinaryDataAliasVectorHelper(dataType, ownerNameVector);
487 if (retCode != CKM_API_SUCCESS)
490 for (const auto &it : ownerNameVector)
491 aliasVector.push_back(AliasSupport::merge(it.first, it.second));
493 return CKM_API_SUCCESS;
497 int Manager::Impl::getBinaryDataAliasPwdVector(DataType dataType,
498 AliasPwdVector &aliasPwdVector)
500 EXCEPTION_GUARD_START_CPPAPI
501 OwnerNameVector ownerNameVector;
502 OwnerNameEncryptionStatusVector ownerNameEncryptionStatusVector;
503 int retCode = getBinaryDataAliasVectorHelper(dataType, ownerNameVector);
505 if (retCode != CKM_API_SUCCESS)
508 for (const auto &it : ownerNameVector)
510 Alias alias = AliasSupport::merge(std::get<0>(it), std::get<1>(it));
512 retCode = getBinaryDataEncryptionStatus(dataType, alias, status);
514 if (retCode != CKM_API_SUCCESS)
517 aliasPwdVector.push_back(std::make_pair(alias, status));
519 return CKM_API_SUCCESS;
523 int Manager::Impl::getKeyAliasVector(AliasVector &aliasVector)
525 // in fact datatype has no meaning here - if not certificate or binary data
526 // then manager decides to list all between DB_KEY_FIRST and DB_KEY_LAST
527 return getBinaryDataAliasVector(DataType::DB_KEY_LAST, aliasVector);
530 int Manager::Impl::getCertificateAliasVector(AliasVector &aliasVector)
532 return getBinaryDataAliasVector(DataType::CERTIFICATE, aliasVector);
535 int Manager::Impl::getDataAliasVector(AliasVector &aliasVector)
537 return getBinaryDataAliasVector(DataType::BINARY_DATA, aliasVector);
540 int Manager::Impl::getKeyAliasPwdVector(AliasPwdVector &aliasPwdVector)
542 return getBinaryDataAliasPwdVector(DataType::DB_KEY_LAST, aliasPwdVector);
545 int Manager::Impl::getKeyEncryptionStatus(const Alias &alias, bool &status)
547 return getBinaryDataEncryptionStatus(DataType::DB_KEY_LAST, alias, status);
550 int Manager::Impl::getCertificateAliasPwdVector(AliasPwdVector &aliasPwdVector)
552 return getBinaryDataAliasPwdVector(DataType::CERTIFICATE, aliasPwdVector);
555 int Manager::Impl::getCertificateEncryptionStatus(const Alias &alias, bool &status)
557 return getBinaryDataEncryptionStatus(DataType::CERTIFICATE, alias, status);
560 int Manager::Impl::getDataAliasPwdVector(AliasPwdVector &aliasPwdVector)
562 return getBinaryDataAliasPwdVector(DataType::BINARY_DATA, aliasPwdVector);
565 int Manager::Impl::getDataEncryptionStatus(const Alias &alias, bool &status)
567 return getBinaryDataEncryptionStatus(DataType::BINARY_DATA, alias, status);
570 int Manager::Impl::createKeyPairRSA(
572 const Alias &privateKeyAlias,
573 const Alias &publicKeyAlias,
574 const Policy &policyPrivateKey,
575 const Policy &policyPublicKey)
577 return this->createKeyPair(CKM::KeyType::KEY_RSA_PUBLIC, size, privateKeyAlias,
578 publicKeyAlias, policyPrivateKey, policyPublicKey);
581 int Manager::Impl::createKeyPairDSA(
583 const Alias &privateKeyAlias,
584 const Alias &publicKeyAlias,
585 const Policy &policyPrivateKey,
586 const Policy &policyPublicKey)
588 return this->createKeyPair(CKM::KeyType::KEY_DSA_PUBLIC, size, privateKeyAlias,
589 publicKeyAlias, policyPrivateKey, policyPublicKey);
592 int Manager::Impl::createKeyPairECDSA(
594 const Alias &privateKeyAlias,
595 const Alias &publicKeyAlias,
596 const Policy &policyPrivateKey,
597 const Policy &policyPublicKey)
599 return this->createKeyPair(CKM::KeyType::KEY_ECDSA_PUBLIC,
600 static_cast<int>(type), privateKeyAlias, publicKeyAlias, policyPrivateKey,
604 int Manager::Impl::createKeyAES(
606 const Alias &keyAlias,
607 const Policy &policyKey)
609 // proceed with sending request
610 int msgId = ++m_counter;
612 EXCEPTION_GUARD_START_CPPAPI
615 AliasSupport aliasHelper(keyAlias);
616 auto send = MessageBuffer::Serialize(static_cast<int>
617 (LogicCommand::CREATE_KEY_AES),
619 static_cast<int>(size),
620 PolicySerializable(policyKey),
621 aliasHelper.getName(),
622 aliasHelper.getOwner());
624 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
626 if (CKM_API_SUCCESS != retCode)
630 recv.Deserialize(retMsgId, retCode);
632 if (retMsgId != msgId)
633 return CKM_API_ERROR_UNKNOWN;
641 int Manager::Impl::createKeyPair(
642 const KeyType key_type,
643 const int additional_param,
644 const Alias &privateKeyAlias,
645 const Alias &publicKeyAlias,
646 const Policy &policyPrivateKey,
647 const Policy &policyPublicKey)
650 CryptoAlgorithm keyGenAlgorithm;
653 case KeyType::KEY_RSA_PUBLIC:
654 case KeyType::KEY_RSA_PRIVATE:
655 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_GEN);
656 keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
659 case KeyType::KEY_DSA_PUBLIC:
660 case KeyType::KEY_DSA_PRIVATE:
661 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::DSA_GEN);
662 keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
665 case KeyType::KEY_ECDSA_PUBLIC:
666 case KeyType::KEY_ECDSA_PRIVATE:
667 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::ECDSA_GEN);
668 keyGenAlgorithm.setParam(ParamName::GEN_EC, additional_param);
672 return CKM_API_ERROR_INPUT_PARAM;
675 // proceed with sending request
676 int msgId = ++m_counter;
678 EXCEPTION_GUARD_START_CPPAPI
681 AliasSupport privateHelper(privateKeyAlias);
682 AliasSupport publicHelper(publicKeyAlias);
683 auto send = MessageBuffer::Serialize(static_cast<int>
684 (LogicCommand::CREATE_KEY_PAIR),
686 CryptoAlgorithmSerializable(keyGenAlgorithm),
687 PolicySerializable(policyPrivateKey),
688 PolicySerializable(policyPublicKey),
689 privateHelper.getName(),
690 privateHelper.getOwner(),
691 publicHelper.getName(),
692 publicHelper.getOwner());
694 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
696 if (CKM_API_SUCCESS != retCode)
700 recv.Deserialize(retMsgId, retCode);
702 if (retMsgId != msgId)
703 return CKM_API_ERROR_UNKNOWN;
710 int Manager::Impl::getCertificateChain(
711 const CertificateShPtr &certificate,
712 const CertificateShPtrVector &untrustedCertificates,
713 const CertificateShPtrVector &trustedCertificates,
714 bool useTrustedSystemCertificates,
715 CertificateShPtrVector &certificateChainVector)
717 RawBufferVector untrustedVector;
718 RawBufferVector trustedVector;
720 if (!certificate || certificate->empty())
721 return CKM_API_ERROR_INPUT_PARAM;
723 for (auto &e : untrustedCertificates) {
724 if (!e || e->empty())
725 return CKM_API_ERROR_INPUT_PARAM;
726 untrustedVector.push_back(e->getDER());
729 for (auto &e : trustedCertificates) {
730 if (!e || e->empty())
731 return CKM_API_ERROR_INPUT_PARAM;
732 trustedVector.push_back(e->getDER());
737 LogicCommand::GET_CHAIN_CERT,
742 useTrustedSystemCertificates,
743 certificateChainVector);
746 int Manager::Impl::getCertificateChain(
747 const CertificateShPtr &certificate,
748 const AliasVector &untrustedCertificates,
749 const AliasVector &trustedCertificates,
750 bool useTrustedSystemCertificates,
751 CertificateShPtrVector &certificateChainVector)
753 OwnerNameVector untrustedVector;
754 OwnerNameVector trustedVector;
756 if (!certificate || certificate->empty())
757 return CKM_API_ERROR_INPUT_PARAM;
759 for (auto &e : untrustedCertificates) {
760 AliasSupport helper(e);
761 untrustedVector.push_back(std::make_pair(helper.getOwner(), helper.getName()));
764 for (auto &e : trustedCertificates) {
765 AliasSupport helper(e);
766 trustedVector.push_back(std::make_pair(helper.getOwner(), helper.getName()));
771 LogicCommand::GET_CHAIN_ALIAS,
776 useTrustedSystemCertificates,
777 certificateChainVector);
780 int Manager::Impl::createSignature(
781 const Alias &privateKeyAlias,
782 const Password &password, // password for private_key
783 const RawBuffer &message,
784 const CryptoAlgorithm &cAlgorithm,
785 RawBuffer &signature)
787 int msgId = ++m_counter;
789 EXCEPTION_GUARD_START_CPPAPI
792 AliasSupport helper(privateKeyAlias);
793 auto send = MessageBuffer::Serialize(static_cast<int>
794 (LogicCommand::CREATE_SIGNATURE),
800 CryptoAlgorithmSerializable(cAlgorithm));
802 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
804 if (CKM_API_SUCCESS != retCode)
808 recv.Deserialize(retMsgId, retCode, signature);
810 if (retMsgId != msgId)
811 return CKM_API_ERROR_UNKNOWN;
818 int Manager::Impl::verifySignature(
819 const Alias &publicKeyOrCertAlias,
820 const Password &password, // password for public_key (optional)
821 const RawBuffer &message,
822 const RawBuffer &signature,
823 const CryptoAlgorithm &cAlg)
825 int msgId = ++m_counter;
827 EXCEPTION_GUARD_START_CPPAPI
830 AliasSupport helper(publicKeyOrCertAlias);
831 auto send = MessageBuffer::Serialize(static_cast<int>
832 (LogicCommand::VERIFY_SIGNATURE),
839 CryptoAlgorithmSerializable(cAlg));
841 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
843 if (CKM_API_SUCCESS != retCode)
847 recv.Deserialize(retMsgId, retCode);
849 if (retMsgId != msgId)
850 return CKM_API_ERROR_UNKNOWN;
857 int Manager::Impl::ocspCheck(const CertificateShPtrVector &certChain,
860 EXCEPTION_GUARD_START_CPPAPI
862 int msgId = ++m_counter;
865 RawBufferVector rawCertChain;
867 for (auto &e : certChain) {
868 if (!e || e->empty()) {
869 LogError("Empty certificate");
870 return CKM_API_ERROR_INPUT_PARAM;
873 rawCertChain.push_back(e->getDER());
876 auto send = MessageBuffer::Serialize(msgId, rawCertChain);
878 int retCode = m_ocspConnection.processRequest(send.Pop(), recv);
880 if (CKM_API_SUCCESS != retCode)
884 recv.Deserialize(retMsgId, retCode, ocspStatus);
886 if (msgId != retMsgId)
887 return CKM_API_ERROR_UNKNOWN;
894 int Manager::Impl::setPermission(const Alias &alias,
895 const ClientId &accessor,
896 PermissionMask permissionMask)
898 int msgId = ++m_counter;
900 EXCEPTION_GUARD_START_CPPAPI
903 AliasSupport helper(alias);
904 auto send = MessageBuffer::Serialize(static_cast<int>
905 (LogicCommand::SET_PERMISSION),
912 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
914 if (CKM_API_SUCCESS != retCode)
918 recv.Deserialize(retMsgId, retCode);
920 if (msgId != retMsgId)
921 return CKM_API_ERROR_UNKNOWN;
928 int Manager::Impl::crypt(EncryptionCommand command,
929 const CryptoAlgorithm &algo,
930 const Alias &keyAlias,
931 const Password &password,
932 const RawBuffer &input,
935 int msgId = ++m_counter;
937 EXCEPTION_GUARD_START_CPPAPI
940 AliasSupport helper(keyAlias);
941 CryptoAlgorithmSerializable cas(algo);
942 auto send = MessageBuffer::Serialize(static_cast<int>(command),
950 int retCode = m_encryptionConnection.processRequest(send.Pop(), recv);
952 if (CKM_API_SUCCESS != retCode)
956 recv.Deserialize(retMsgId, retCode, output);
958 if (msgId != retMsgId)
959 return CKM_API_ERROR_UNKNOWN;
966 int Manager::Impl::encrypt(const CryptoAlgorithm &algo,
967 const Alias &keyAlias,
968 const Password &password,
969 const RawBuffer &plain,
970 RawBuffer &encrypted)
972 return crypt(EncryptionCommand::ENCRYPT, algo, keyAlias, password, plain,
976 int Manager::Impl::decrypt(const CryptoAlgorithm &algo,
977 const Alias &keyAlias,
978 const Password &password,
979 const RawBuffer &encrypted,
980 RawBuffer &decrypted)
982 return crypt(EncryptionCommand::DECRYPT, algo, keyAlias, password, encrypted,