1 /* Copyright (c) 2014-2020 Samsung Electronics Co., Ltd. All rights reserved
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License
16 * @file client-manager-impl.cpp
17 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
19 * @brief Manager implementation.
21 #include <openssl/evp.h>
23 #include <dpl/serialization.h>
24 #include <dpl/log/log.h>
26 #include <client-manager-impl.h>
27 #include <client-common.h>
28 #include <exception.h>
29 #include <message-buffer.h>
30 #include <protocols.h>
32 #include <key-aes-impl.h>
33 #include <certificate-impl.h>
39 int deserialize(const int msgId, MessageBuffer &recv, T&&...t)
41 int retMsgId, retCode;
42 recv.Deserialize(retMsgId, retCode, std::forward<T>(t)...);
43 return msgId != retMsgId ? CKM_API_ERROR_UNKNOWN : retCode;
48 ServiceConnection &serviceConnection,
51 const CertificateShPtr &certificate,
52 const T &untrustedVector,
53 const T &trustedVector,
54 bool useTrustedSystemCertificates,
55 CertificateShPtrVector &certificateChainVector)
57 EXCEPTION_GUARD_START_CPPAPI
60 auto send = SerializeMessage(static_cast<int>(command),
62 certificate->getDER(),
65 useTrustedSystemCertificates);
67 int retCode = serviceConnection.processRequest(send, recv);
69 if (CKM_API_SUCCESS != retCode)
72 RawBufferVector rawBufferVector;
73 retCode = deserialize(msgId, recv, rawBufferVector);
75 if (retCode != CKM_API_SUCCESS)
78 for (auto &e : rawBufferVector) {
79 CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
82 return CKM_API_ERROR_BAD_RESPONSE;
84 certificateChainVector.push_back(cert);
92 } // namespace anonymous
96 m_storageConnection(SERVICE_SOCKET_CKM_STORAGE),
97 m_ocspConnection(SERVICE_SOCKET_OCSP),
98 m_encryptionConnection(SERVICE_SOCKET_ENCRYPTION)
103 int Manager::Impl::saveBinaryData(
106 const RawBuffer &rawData,
107 const Policy &policy)
109 int msgId = ++m_counter;
111 EXCEPTION_GUARD_START_CPPAPI
113 if (alias.empty() || rawData.empty())
114 return CKM_API_ERROR_INPUT_PARAM;
117 AliasSupport helper(alias);
118 auto send = SerializeMessage(static_cast<int>(LogicCommand::SAVE),
124 PolicySerializable(policy));
126 int retCode = m_storageConnection.processRequest(send, recv);
128 if (CKM_API_SUCCESS != retCode)
132 return deserialize(msgId, recv, opType);
137 int Manager::Impl::saveKey(const Alias &alias, const KeyShPtr &key,
138 const Policy &policy)
140 if (key.get() == NULL || key->empty())
141 return CKM_API_ERROR_INPUT_PARAM;
144 return saveBinaryData(alias, DataType(key->getType()), key->getDER(), policy);
145 } catch (const Exc::Exception &e) {
146 LogError("Exception: " << e.what());
151 int Manager::Impl::saveCertificate(
153 const CertificateShPtr &cert,
154 const Policy &policy)
156 if (cert.get() == NULL || cert->empty())
157 return CKM_API_ERROR_INPUT_PARAM;
159 return saveBinaryData(alias, DataType::CERTIFICATE, cert->getDER(), policy);
162 int Manager::Impl::saveData(const Alias &alias, const RawBuffer &rawData,
163 const Policy &policy)
165 if (!policy.extractable)
166 return CKM_API_ERROR_INPUT_PARAM;
168 return saveBinaryData(alias, DataType::BINARY_DATA, rawData, policy);
172 int Manager::Impl::savePKCS12(
174 const PKCS12ShPtr &pkcs,
175 const Policy &keyPolicy,
176 const Policy &certPolicy)
178 if (alias.empty() || pkcs.get() == NULL)
179 return CKM_API_ERROR_INPUT_PARAM;
181 int msgId = ++m_counter;
183 EXCEPTION_GUARD_START_CPPAPI
186 AliasSupport helper(alias);
187 auto send = SerializeMessage(static_cast<int>(LogicCommand::SAVE_PKCS12),
191 PKCS12Serializable(*pkcs.get()),
192 PolicySerializable(keyPolicy),
193 PolicySerializable(certPolicy));
195 int retCode = m_storageConnection.processRequest(send, recv);
197 if (CKM_API_SUCCESS != retCode)
200 return deserialize(msgId, recv);
205 int Manager::Impl::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs)
207 return getPKCS12(alias, Password(), Password(), pkcs);
210 int Manager::Impl::getPKCS12(const Alias &alias, const Password &keyPass,
211 const Password &certPass, PKCS12ShPtr &pkcs)
214 return CKM_API_ERROR_INPUT_PARAM;
216 int msgId = ++m_counter;
218 EXCEPTION_GUARD_START_CPPAPI
221 AliasSupport helper(alias);
222 auto send = SerializeMessage(static_cast<int>(LogicCommand::GET_PKCS12),
229 int retCode = m_storageConnection.processRequest(send, recv);
231 if (CKM_API_SUCCESS != retCode)
235 PKCS12Serializable gotPkcs;
236 recv.Deserialize(retMsgId, retCode, gotPkcs);
238 if (retMsgId != msgId)
239 return CKM_API_ERROR_UNKNOWN;
241 pkcs = std::make_shared<PKCS12Impl>(std::move(gotPkcs));
249 int Manager::Impl::removeAlias(const Alias &alias)
252 return CKM_API_ERROR_INPUT_PARAM;
254 int msgId = ++m_counter;
256 EXCEPTION_GUARD_START_CPPAPI
259 AliasSupport helper(alias);
260 auto send = SerializeMessage(static_cast<int>(LogicCommand::REMOVE),
265 int retCode = m_storageConnection.processRequest(send, recv);
267 if (CKM_API_SUCCESS != retCode)
270 return deserialize(msgId, recv);
275 int Manager::Impl::getBinaryData(
277 DataType sendDataType,
278 const Password &password,
279 DataType &recvDataType,
283 return CKM_API_ERROR_INPUT_PARAM;
285 int msgId = ++m_counter;
287 EXCEPTION_GUARD_START_CPPAPI
290 AliasSupport helper(alias);
291 auto send = SerializeMessage(static_cast<int>(LogicCommand::GET),
298 int retCode = m_storageConnection.processRequest(send, recv);
300 if (CKM_API_SUCCESS != retCode)
303 return deserialize(msgId, recv, recvDataType, rawData);
308 int Manager::Impl::getBinaryDataEncryptionStatus(const DataType sendDataType,
309 const Alias &alias, bool &status)
313 return CKM_API_ERROR_INPUT_PARAM;
315 int msgId = ++m_counter;
317 EXCEPTION_GUARD_START_CPPAPI
320 AliasSupport helper(alias);
321 auto send = SerializeMessage(static_cast<int>(LogicCommand::GET_PROTECTION_STATUS),
327 int retCode = m_storageConnection.processRequest(send, recv);
329 if (CKM_API_SUCCESS != retCode)
332 DataType tmpDataType;
333 bool passwordProtectionStatus;
334 retCode = deserialize(msgId, recv, tmpDataType, passwordProtectionStatus);
336 if (retCode != CKM_API_SUCCESS) {
339 status = passwordProtectionStatus;
340 return CKM_API_SUCCESS;
345 int Manager::Impl::getKey(const Alias &alias, const Password &password,
348 DataType recvDataType;
351 int retCode = getBinaryData(
353 DataType::KEY_RSA_PUBLIC,
358 if (retCode != CKM_API_SUCCESS)
363 if (recvDataType.isSKey())
364 keyParsed = Key::createAES(rawData);
366 keyParsed = Key::create(rawData);
369 LogDebug("Key empty - failed to parse!");
370 return CKM_API_ERROR_BAD_RESPONSE;
375 return CKM_API_SUCCESS;
378 int Manager::Impl::getCertificate(const Alias &alias, const Password &password,
379 CertificateShPtr &cert)
381 DataType recvDataType;
384 int retCode = getBinaryData(
386 DataType::CERTIFICATE,
391 if (retCode != CKM_API_SUCCESS)
394 if (!recvDataType.isCertificate())
395 return CKM_API_ERROR_BAD_RESPONSE;
397 CertificateShPtr certParsed(new CertificateImpl(rawData, DataFormat::FORM_DER));
399 if (certParsed->empty())
400 return CKM_API_ERROR_BAD_RESPONSE;
404 return CKM_API_SUCCESS;
407 int Manager::Impl::getData(const Alias &alias, const Password &password,
410 DataType recvDataType = DataType::BINARY_DATA;
412 int retCode = getBinaryData(
414 DataType::BINARY_DATA,
419 if (retCode != CKM_API_SUCCESS)
422 if (!recvDataType.isBinaryData())
423 return CKM_API_ERROR_BAD_RESPONSE;
425 return CKM_API_SUCCESS;
428 int Manager::Impl::getBinaryDataAliasVectorHelper(DataType dataType,
429 OwnerNameVector &ownerNameVector)
431 int msgId = ++m_counter;
434 auto send = SerializeMessage(static_cast<int>(LogicCommand::GET_LIST), msgId, dataType);
436 int retCode = m_storageConnection.processRequest(send, recv);
438 if (retCode != CKM_API_SUCCESS)
442 DataType tmpDataType;
443 recv.Deserialize(retMsgId, retCode, tmpDataType, ownerNameVector);
445 if (retMsgId != msgId)
446 return CKM_API_ERROR_UNKNOWN;
448 return CKM_API_SUCCESS;
451 int Manager::Impl::getBinaryDataAliasVector(DataType dataType,
452 AliasVector &aliasVector)
454 EXCEPTION_GUARD_START_CPPAPI
455 OwnerNameVector ownerNameVector;
456 int retCode = getBinaryDataAliasVectorHelper(dataType, ownerNameVector);
458 if (retCode != CKM_API_SUCCESS)
461 for (const auto &it : ownerNameVector)
462 aliasVector.push_back(AliasSupport::merge(it.first, it.second));
464 return CKM_API_SUCCESS;
468 int Manager::Impl::getBinaryDataAliasPwdVector(DataType dataType,
469 AliasPwdVector &aliasPwdVector)
471 EXCEPTION_GUARD_START_CPPAPI
472 OwnerNameVector ownerNameVector;
473 OwnerNameEncryptionStatusVector ownerNameEncryptionStatusVector;
474 int retCode = getBinaryDataAliasVectorHelper(dataType, ownerNameVector);
476 if (retCode != CKM_API_SUCCESS)
479 for (const auto &it : ownerNameVector)
481 Alias alias = AliasSupport::merge(std::get<0>(it), std::get<1>(it));
483 retCode = getBinaryDataEncryptionStatus(dataType, alias, status);
485 if (retCode != CKM_API_SUCCESS)
488 aliasPwdVector.push_back(std::make_pair(alias, status));
490 return CKM_API_SUCCESS;
494 int Manager::Impl::getKeyAliasVector(AliasVector &aliasVector)
496 // in fact datatype has no meaning here - if not certificate or binary data
497 // then manager decides to list all between DB_KEY_FIRST and DB_KEY_LAST
498 return getBinaryDataAliasVector(DataType::DB_KEY_LAST, aliasVector);
501 int Manager::Impl::getCertificateAliasVector(AliasVector &aliasVector)
503 return getBinaryDataAliasVector(DataType::CERTIFICATE, aliasVector);
506 int Manager::Impl::getDataAliasVector(AliasVector &aliasVector)
508 return getBinaryDataAliasVector(DataType::BINARY_DATA, aliasVector);
511 int Manager::Impl::getKeyAliasPwdVector(AliasPwdVector &aliasPwdVector)
513 return getBinaryDataAliasPwdVector(DataType::DB_KEY_LAST, aliasPwdVector);
516 int Manager::Impl::getKeyEncryptionStatus(const Alias &alias, bool &status)
518 return getBinaryDataEncryptionStatus(DataType::DB_KEY_LAST, alias, status);
521 int Manager::Impl::getCertificateAliasPwdVector(AliasPwdVector &aliasPwdVector)
523 return getBinaryDataAliasPwdVector(DataType::CERTIFICATE, aliasPwdVector);
526 int Manager::Impl::getCertificateEncryptionStatus(const Alias &alias, bool &status)
528 return getBinaryDataEncryptionStatus(DataType::CERTIFICATE, alias, status);
531 int Manager::Impl::getDataAliasPwdVector(AliasPwdVector &aliasPwdVector)
533 return getBinaryDataAliasPwdVector(DataType::BINARY_DATA, aliasPwdVector);
536 int Manager::Impl::getDataEncryptionStatus(const Alias &alias, bool &status)
538 return getBinaryDataEncryptionStatus(DataType::BINARY_DATA, alias, status);
541 int Manager::Impl::createKeyPairRSA(
543 const Alias &privateKeyAlias,
544 const Alias &publicKeyAlias,
545 const Policy &policyPrivateKey,
546 const Policy &policyPublicKey)
548 return this->createKeyPair(CKM::KeyType::KEY_RSA_PUBLIC, size, privateKeyAlias,
549 publicKeyAlias, policyPrivateKey, policyPublicKey);
552 int Manager::Impl::createKeyPairDSA(
554 const Alias &privateKeyAlias,
555 const Alias &publicKeyAlias,
556 const Policy &policyPrivateKey,
557 const Policy &policyPublicKey)
559 return this->createKeyPair(CKM::KeyType::KEY_DSA_PUBLIC, size, privateKeyAlias,
560 publicKeyAlias, policyPrivateKey, policyPublicKey);
563 int Manager::Impl::createKeyPairECDSA(
565 const Alias &privateKeyAlias,
566 const Alias &publicKeyAlias,
567 const Policy &policyPrivateKey,
568 const Policy &policyPublicKey)
570 return this->createKeyPair(CKM::KeyType::KEY_ECDSA_PUBLIC,
571 static_cast<int>(type), privateKeyAlias, publicKeyAlias, policyPrivateKey,
575 int Manager::Impl::createKeyAES(
577 const Alias &keyAlias,
578 const Policy &policyKey)
580 // proceed with sending request
581 int msgId = ++m_counter;
583 EXCEPTION_GUARD_START_CPPAPI
586 AliasSupport aliasHelper(keyAlias);
587 auto send = SerializeMessage(static_cast<int>(LogicCommand::CREATE_KEY_AES),
589 static_cast<int>(size),
590 PolicySerializable(policyKey),
591 aliasHelper.getName(),
592 aliasHelper.getOwner());
594 int retCode = m_storageConnection.processRequest(send, recv);
596 if (CKM_API_SUCCESS != retCode)
599 return deserialize(msgId, recv);
605 int Manager::Impl::createKeyPair(
606 const KeyType key_type,
607 const int additional_param,
608 const Alias &privateKeyAlias,
609 const Alias &publicKeyAlias,
610 const Policy &policyPrivateKey,
611 const Policy &policyPublicKey)
614 CryptoAlgorithm keyGenAlgorithm;
617 case KeyType::KEY_RSA_PUBLIC:
618 case KeyType::KEY_RSA_PRIVATE:
619 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_GEN);
620 keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
623 case KeyType::KEY_DSA_PUBLIC:
624 case KeyType::KEY_DSA_PRIVATE:
625 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::DSA_GEN);
626 keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
629 case KeyType::KEY_ECDSA_PUBLIC:
630 case KeyType::KEY_ECDSA_PRIVATE:
631 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::ECDSA_GEN);
632 keyGenAlgorithm.setParam(ParamName::GEN_EC, additional_param);
636 return CKM_API_ERROR_INPUT_PARAM;
639 // proceed with sending request
640 int msgId = ++m_counter;
642 EXCEPTION_GUARD_START_CPPAPI
645 AliasSupport privateHelper(privateKeyAlias);
646 AliasSupport publicHelper(publicKeyAlias);
647 auto send = SerializeMessage(static_cast<int>(LogicCommand::CREATE_KEY_PAIR),
649 CryptoAlgorithmSerializable(keyGenAlgorithm),
650 PolicySerializable(policyPrivateKey),
651 PolicySerializable(policyPublicKey),
652 privateHelper.getName(),
653 privateHelper.getOwner(),
654 publicHelper.getName(),
655 publicHelper.getOwner());
657 int retCode = m_storageConnection.processRequest(send, recv);
659 if (CKM_API_SUCCESS != retCode)
662 return deserialize(msgId, recv);
667 int Manager::Impl::getCertificateChain(
668 const CertificateShPtr &certificate,
669 const CertificateShPtrVector &untrustedCertificates,
670 const CertificateShPtrVector &trustedCertificates,
671 bool useTrustedSystemCertificates,
672 CertificateShPtrVector &certificateChainVector)
674 RawBufferVector untrustedVector;
675 RawBufferVector trustedVector;
677 if (!certificate || certificate->empty())
678 return CKM_API_ERROR_INPUT_PARAM;
680 for (auto &e : untrustedCertificates) {
681 if (!e || e->empty())
682 return CKM_API_ERROR_INPUT_PARAM;
683 untrustedVector.push_back(e->getDER());
686 for (auto &e : trustedCertificates) {
687 if (!e || e->empty())
688 return CKM_API_ERROR_INPUT_PARAM;
689 trustedVector.push_back(e->getDER());
694 LogicCommand::GET_CHAIN_CERT,
699 useTrustedSystemCertificates,
700 certificateChainVector);
703 int Manager::Impl::getCertificateChain(
704 const CertificateShPtr &certificate,
705 const AliasVector &untrustedCertificates,
706 const AliasVector &trustedCertificates,
707 bool useTrustedSystemCertificates,
708 CertificateShPtrVector &certificateChainVector)
710 OwnerNameVector untrustedVector;
711 OwnerNameVector trustedVector;
713 if (!certificate || certificate->empty())
714 return CKM_API_ERROR_INPUT_PARAM;
716 for (auto &e : untrustedCertificates) {
717 AliasSupport helper(e);
718 untrustedVector.push_back(std::make_pair(helper.getOwner(), helper.getName()));
721 for (auto &e : trustedCertificates) {
722 AliasSupport helper(e);
723 trustedVector.push_back(std::make_pair(helper.getOwner(), helper.getName()));
728 LogicCommand::GET_CHAIN_ALIAS,
733 useTrustedSystemCertificates,
734 certificateChainVector);
737 int Manager::Impl::createSignature(
738 const Alias &privateKeyAlias,
739 const Password &password, // password for private_key
740 const RawBuffer &message,
741 const CryptoAlgorithm &cAlgorithm,
742 RawBuffer &signature)
744 int msgId = ++m_counter;
746 EXCEPTION_GUARD_START_CPPAPI
749 AliasSupport helper(privateKeyAlias);
750 auto send = SerializeMessage(static_cast<int>(LogicCommand::CREATE_SIGNATURE),
756 CryptoAlgorithmSerializable(cAlgorithm));
758 int retCode = m_storageConnection.processRequest(send, recv);
760 if (CKM_API_SUCCESS != retCode)
763 return deserialize(msgId, recv, signature);
768 int Manager::Impl::verifySignature(
769 const Alias &publicKeyOrCertAlias,
770 const Password &password, // password for public_key (optional)
771 const RawBuffer &message,
772 const RawBuffer &signature,
773 const CryptoAlgorithm &cAlg)
775 int msgId = ++m_counter;
777 EXCEPTION_GUARD_START_CPPAPI
780 AliasSupport helper(publicKeyOrCertAlias);
781 auto send = SerializeMessage(static_cast<int>(LogicCommand::VERIFY_SIGNATURE),
788 CryptoAlgorithmSerializable(cAlg));
790 int retCode = m_storageConnection.processRequest(send, recv);
792 if (CKM_API_SUCCESS != retCode)
795 return deserialize(msgId, recv);
800 int Manager::Impl::ocspCheck(const CertificateShPtrVector &certChain,
803 EXCEPTION_GUARD_START_CPPAPI
805 int msgId = ++m_counter;
808 RawBufferVector rawCertChain;
810 for (auto &e : certChain) {
811 if (!e || e->empty()) {
812 LogError("Empty certificate");
813 return CKM_API_ERROR_INPUT_PARAM;
816 rawCertChain.push_back(e->getDER());
819 auto send = SerializeMessage(msgId, rawCertChain);
821 int retCode = m_ocspConnection.processRequest(send, recv);
823 if (CKM_API_SUCCESS != retCode)
826 return deserialize(msgId, recv, ocspStatus);
831 int Manager::Impl::setPermission(const Alias &alias,
832 const ClientId &accessor,
833 PermissionMask permissionMask)
835 int msgId = ++m_counter;
837 EXCEPTION_GUARD_START_CPPAPI
840 AliasSupport helper(alias);
841 auto send = SerializeMessage(static_cast<int>(LogicCommand::SET_PERMISSION),
848 int retCode = m_storageConnection.processRequest(send, recv);
850 if (CKM_API_SUCCESS != retCode)
853 return deserialize(msgId, recv);
858 int Manager::Impl::crypt(EncryptionCommand command,
859 const CryptoAlgorithm &algo,
860 const Alias &keyAlias,
861 const Password &password,
862 const RawBuffer &input,
865 int msgId = ++m_counter;
867 EXCEPTION_GUARD_START_CPPAPI
870 AliasSupport helper(keyAlias);
871 CryptoAlgorithmSerializable cas(algo);
872 auto send = SerializeMessage(static_cast<int>(command),
880 int retCode = m_encryptionConnection.processRequest(send, recv);
882 if (CKM_API_SUCCESS != retCode)
885 return deserialize(msgId, recv, output);
890 int Manager::Impl::encrypt(const CryptoAlgorithm &algo,
891 const Alias &keyAlias,
892 const Password &password,
893 const RawBuffer &plain,
894 RawBuffer &encrypted)
896 return crypt(EncryptionCommand::ENCRYPT, algo, keyAlias, password, plain,
900 int Manager::Impl::decrypt(const CryptoAlgorithm &algo,
901 const Alias &keyAlias,
902 const Password &password,
903 const RawBuffer &encrypted,
904 RawBuffer &decrypted)
906 return crypt(EncryptionCommand::DECRYPT, algo, keyAlias, password, encrypted,