1 /* Copyright (c) 2014 - 2020 Samsung Electronics Co., Ltd All Rights Reserved
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License
16 * @file client-manager-impl.cpp
17 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
19 * @brief Manager implementation.
21 #include <openssl/evp.h>
23 #include <dpl/serialization.h>
24 #include <dpl/log/log.h>
26 #include <client-manager-impl.h>
27 #include <client-common.h>
28 #include <exception.h>
29 #include <message-buffer.h>
30 #include <protocols.h>
32 #include <key-aes-impl.h>
33 #include <certificate-impl.h>
40 ServiceConnection &serviceConnection,
43 const CertificateShPtr &certificate,
44 const T &untrustedVector,
45 const T &trustedVector,
46 bool useTrustedSystemCertificates,
47 CertificateShPtrVector &certificateChainVector)
49 EXCEPTION_GUARD_START_CPPAPI
52 auto send = SerializeMessage(static_cast<int>(command),
54 certificate->getDER(),
57 useTrustedSystemCertificates);
59 int retCode = serviceConnection.processRequest(send, recv);
61 if (CKM_API_SUCCESS != retCode)
65 RawBufferVector rawBufferVector;
66 recv.Deserialize(retMsgId, retCode, rawBufferVector);
68 if (msgId != retMsgId)
69 return CKM_API_ERROR_UNKNOWN;
71 if (retCode != CKM_API_SUCCESS)
74 for (auto &e : rawBufferVector) {
75 CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
78 return CKM_API_ERROR_BAD_RESPONSE;
80 certificateChainVector.push_back(cert);
88 } // namespace anonymous
92 m_storageConnection(SERVICE_SOCKET_CKM_STORAGE),
93 m_ocspConnection(SERVICE_SOCKET_OCSP),
94 m_encryptionConnection(SERVICE_SOCKET_ENCRYPTION)
99 int Manager::Impl::saveBinaryData(
102 const RawBuffer &rawData,
103 const Policy &policy)
105 int msgId = ++m_counter;
107 EXCEPTION_GUARD_START_CPPAPI
109 if (alias.empty() || rawData.empty())
110 return CKM_API_ERROR_INPUT_PARAM;
113 AliasSupport helper(alias);
114 auto send = SerializeMessage(static_cast<int>(LogicCommand::SAVE),
120 PolicySerializable(policy));
122 int retCode = m_storageConnection.processRequest(send, recv);
124 if (CKM_API_SUCCESS != retCode)
129 recv.Deserialize(retMsgId, retCode, opType);
131 if (retMsgId != msgId)
132 return CKM_API_ERROR_UNKNOWN;
139 int Manager::Impl::saveKey(const Alias &alias, const KeyShPtr &key,
140 const Policy &policy)
142 if (key.get() == NULL || key->empty())
143 return CKM_API_ERROR_INPUT_PARAM;
146 return saveBinaryData(alias, DataType(key->getType()), key->getDER(), policy);
147 } catch (const Exc::Exception &e) {
148 LogError("Exception: " << e.what());
153 int Manager::Impl::saveCertificate(
155 const CertificateShPtr &cert,
156 const Policy &policy)
158 if (cert.get() == NULL || cert->empty())
159 return CKM_API_ERROR_INPUT_PARAM;
161 return saveBinaryData(alias, DataType::CERTIFICATE, cert->getDER(), policy);
164 int Manager::Impl::saveData(const Alias &alias, const RawBuffer &rawData,
165 const Policy &policy)
167 if (!policy.extractable)
168 return CKM_API_ERROR_INPUT_PARAM;
170 return saveBinaryData(alias, DataType::BINARY_DATA, rawData, policy);
174 int Manager::Impl::savePKCS12(
176 const PKCS12ShPtr &pkcs,
177 const Policy &keyPolicy,
178 const Policy &certPolicy)
180 if (alias.empty() || pkcs.get() == NULL)
181 return CKM_API_ERROR_INPUT_PARAM;
183 int msgId = ++m_counter;
185 EXCEPTION_GUARD_START_CPPAPI
188 AliasSupport helper(alias);
189 auto send = SerializeMessage(static_cast<int>(LogicCommand::SAVE_PKCS12),
193 PKCS12Serializable(*pkcs.get()),
194 PolicySerializable(keyPolicy),
195 PolicySerializable(certPolicy));
197 int retCode = m_storageConnection.processRequest(send, recv);
199 if (CKM_API_SUCCESS != retCode)
203 recv.Deserialize(retMsgId, retCode);
205 if (retMsgId != msgId)
206 return CKM_API_ERROR_UNKNOWN;
213 int Manager::Impl::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs)
215 return getPKCS12(alias, Password(), Password(), pkcs);
218 int Manager::Impl::getPKCS12(const Alias &alias, const Password &keyPass,
219 const Password &certPass, PKCS12ShPtr &pkcs)
222 return CKM_API_ERROR_INPUT_PARAM;
224 int msgId = ++m_counter;
226 EXCEPTION_GUARD_START_CPPAPI
229 AliasSupport helper(alias);
230 auto send = SerializeMessage(static_cast<int>(LogicCommand::GET_PKCS12),
237 int retCode = m_storageConnection.processRequest(send, recv);
239 if (CKM_API_SUCCESS != retCode)
243 PKCS12Serializable gotPkcs;
244 recv.Deserialize(retMsgId, retCode, gotPkcs);
246 if (retMsgId != msgId)
247 return CKM_API_ERROR_UNKNOWN;
249 pkcs = std::make_shared<PKCS12Impl>(std::move(gotPkcs));
257 int Manager::Impl::removeAlias(const Alias &alias)
260 return CKM_API_ERROR_INPUT_PARAM;
262 int msgId = ++m_counter;
264 EXCEPTION_GUARD_START_CPPAPI
267 AliasSupport helper(alias);
268 auto send = SerializeMessage(static_cast<int>(LogicCommand::REMOVE),
273 int retCode = m_storageConnection.processRequest(send, recv);
275 if (CKM_API_SUCCESS != retCode)
279 recv.Deserialize(retMsgId, retCode);
281 if (retMsgId != msgId)
282 return CKM_API_ERROR_UNKNOWN;
289 int Manager::Impl::getBinaryData(
291 DataType sendDataType,
292 const Password &password,
293 DataType &recvDataType,
297 return CKM_API_ERROR_INPUT_PARAM;
299 int msgId = ++m_counter;
301 EXCEPTION_GUARD_START_CPPAPI
304 AliasSupport helper(alias);
305 auto send = SerializeMessage(static_cast<int>(LogicCommand::GET),
312 int retCode = m_storageConnection.processRequest(send, recv);
314 if (CKM_API_SUCCESS != retCode)
318 recv.Deserialize(retMsgId, retCode, recvDataType, rawData);
320 if (retMsgId != msgId)
321 return CKM_API_ERROR_UNKNOWN;
328 int Manager::Impl::getBinaryDataEncryptionStatus(const DataType sendDataType,
329 const Alias &alias, bool &status)
333 return CKM_API_ERROR_INPUT_PARAM;
335 int msgId = ++m_counter;
337 EXCEPTION_GUARD_START_CPPAPI
340 AliasSupport helper(alias);
341 auto send = SerializeMessage(static_cast<int>(LogicCommand::GET_PROTECTION_STATUS),
347 int retCode = m_storageConnection.processRequest(send, recv);
349 if (CKM_API_SUCCESS != retCode)
353 DataType tmpDataType;
354 bool passwordProtectionStatus;
355 recv.Deserialize(retMsgId, retCode, tmpDataType, passwordProtectionStatus);
357 if (retMsgId != msgId)
358 return CKM_API_ERROR_UNKNOWN;
360 if (retCode != CKM_API_SUCCESS) {
363 status = passwordProtectionStatus;
364 return CKM_API_SUCCESS;
369 int Manager::Impl::getKey(const Alias &alias, const Password &password,
372 DataType recvDataType;
375 int retCode = getBinaryData(
377 DataType::KEY_RSA_PUBLIC,
382 if (retCode != CKM_API_SUCCESS)
387 if (recvDataType.isSKey())
388 keyParsed = Key::createAES(rawData);
390 keyParsed = Key::create(rawData);
393 LogDebug("Key empty - failed to parse!");
394 return CKM_API_ERROR_BAD_RESPONSE;
399 return CKM_API_SUCCESS;
402 int Manager::Impl::getCertificate(const Alias &alias, const Password &password,
403 CertificateShPtr &cert)
405 DataType recvDataType;
408 int retCode = getBinaryData(
410 DataType::CERTIFICATE,
415 if (retCode != CKM_API_SUCCESS)
418 if (!recvDataType.isCertificate())
419 return CKM_API_ERROR_BAD_RESPONSE;
421 CertificateShPtr certParsed(new CertificateImpl(rawData, DataFormat::FORM_DER));
423 if (certParsed->empty())
424 return CKM_API_ERROR_BAD_RESPONSE;
428 return CKM_API_SUCCESS;
431 int Manager::Impl::getData(const Alias &alias, const Password &password,
434 DataType recvDataType = DataType::BINARY_DATA;
436 int retCode = getBinaryData(
438 DataType::BINARY_DATA,
443 if (retCode != CKM_API_SUCCESS)
446 if (!recvDataType.isBinaryData())
447 return CKM_API_ERROR_BAD_RESPONSE;
449 return CKM_API_SUCCESS;
452 int Manager::Impl::getBinaryDataAliasVectorHelper(DataType dataType,
453 OwnerNameVector &ownerNameVector)
455 int msgId = ++m_counter;
458 auto send = SerializeMessage(static_cast<int>(LogicCommand::GET_LIST), msgId, dataType);
460 int retCode = m_storageConnection.processRequest(send, recv);
462 if (retCode != CKM_API_SUCCESS)
466 DataType tmpDataType;
467 recv.Deserialize(retMsgId, retCode, tmpDataType, ownerNameVector);
469 if (retMsgId != msgId)
470 return CKM_API_ERROR_UNKNOWN;
472 return CKM_API_SUCCESS;
475 int Manager::Impl::getBinaryDataAliasVector(DataType dataType,
476 AliasVector &aliasVector)
478 EXCEPTION_GUARD_START_CPPAPI
479 OwnerNameVector ownerNameVector;
480 int retCode = getBinaryDataAliasVectorHelper(dataType, ownerNameVector);
482 if (retCode != CKM_API_SUCCESS)
485 for (const auto &it : ownerNameVector)
486 aliasVector.push_back(AliasSupport::merge(it.first, it.second));
488 return CKM_API_SUCCESS;
492 int Manager::Impl::getBinaryDataAliasPwdVector(DataType dataType,
493 AliasPwdVector &aliasPwdVector)
495 EXCEPTION_GUARD_START_CPPAPI
496 OwnerNameVector ownerNameVector;
497 OwnerNameEncryptionStatusVector ownerNameEncryptionStatusVector;
498 int retCode = getBinaryDataAliasVectorHelper(dataType, ownerNameVector);
500 if (retCode != CKM_API_SUCCESS)
503 for (const auto &it : ownerNameVector)
505 Alias alias = AliasSupport::merge(std::get<0>(it), std::get<1>(it));
507 retCode = getBinaryDataEncryptionStatus(dataType, alias, status);
509 if (retCode != CKM_API_SUCCESS)
512 aliasPwdVector.push_back(std::make_pair(alias, status));
514 return CKM_API_SUCCESS;
518 int Manager::Impl::getKeyAliasVector(AliasVector &aliasVector)
520 // in fact datatype has no meaning here - if not certificate or binary data
521 // then manager decides to list all between DB_KEY_FIRST and DB_KEY_LAST
522 return getBinaryDataAliasVector(DataType::DB_KEY_LAST, aliasVector);
525 int Manager::Impl::getCertificateAliasVector(AliasVector &aliasVector)
527 return getBinaryDataAliasVector(DataType::CERTIFICATE, aliasVector);
530 int Manager::Impl::getDataAliasVector(AliasVector &aliasVector)
532 return getBinaryDataAliasVector(DataType::BINARY_DATA, aliasVector);
535 int Manager::Impl::getKeyAliasPwdVector(AliasPwdVector &aliasPwdVector)
537 return getBinaryDataAliasPwdVector(DataType::DB_KEY_LAST, aliasPwdVector);
540 int Manager::Impl::getKeyEncryptionStatus(const Alias &alias, bool &status)
542 return getBinaryDataEncryptionStatus(DataType::DB_KEY_LAST, alias, status);
545 int Manager::Impl::getCertificateAliasPwdVector(AliasPwdVector &aliasPwdVector)
547 return getBinaryDataAliasPwdVector(DataType::CERTIFICATE, aliasPwdVector);
550 int Manager::Impl::getCertificateEncryptionStatus(const Alias &alias, bool &status)
552 return getBinaryDataEncryptionStatus(DataType::CERTIFICATE, alias, status);
555 int Manager::Impl::getDataAliasPwdVector(AliasPwdVector &aliasPwdVector)
557 return getBinaryDataAliasPwdVector(DataType::BINARY_DATA, aliasPwdVector);
560 int Manager::Impl::getDataEncryptionStatus(const Alias &alias, bool &status)
562 return getBinaryDataEncryptionStatus(DataType::BINARY_DATA, alias, status);
565 int Manager::Impl::createKeyPairRSA(
567 const Alias &privateKeyAlias,
568 const Alias &publicKeyAlias,
569 const Policy &policyPrivateKey,
570 const Policy &policyPublicKey)
572 return this->createKeyPair(CKM::KeyType::KEY_RSA_PUBLIC, size, privateKeyAlias,
573 publicKeyAlias, policyPrivateKey, policyPublicKey);
576 int Manager::Impl::createKeyPairDSA(
578 const Alias &privateKeyAlias,
579 const Alias &publicKeyAlias,
580 const Policy &policyPrivateKey,
581 const Policy &policyPublicKey)
583 return this->createKeyPair(CKM::KeyType::KEY_DSA_PUBLIC, size, privateKeyAlias,
584 publicKeyAlias, policyPrivateKey, policyPublicKey);
587 int Manager::Impl::createKeyPairECDSA(
589 const Alias &privateKeyAlias,
590 const Alias &publicKeyAlias,
591 const Policy &policyPrivateKey,
592 const Policy &policyPublicKey)
594 return this->createKeyPair(CKM::KeyType::KEY_ECDSA_PUBLIC,
595 static_cast<int>(type), privateKeyAlias, publicKeyAlias, policyPrivateKey,
599 int Manager::Impl::createKeyAES(
601 const Alias &keyAlias,
602 const Policy &policyKey)
604 // proceed with sending request
605 int msgId = ++m_counter;
607 EXCEPTION_GUARD_START_CPPAPI
610 AliasSupport aliasHelper(keyAlias);
611 auto send = SerializeMessage(static_cast<int>(LogicCommand::CREATE_KEY_AES),
613 static_cast<int>(size),
614 PolicySerializable(policyKey),
615 aliasHelper.getName(),
616 aliasHelper.getOwner());
618 int retCode = m_storageConnection.processRequest(send, recv);
620 if (CKM_API_SUCCESS != retCode)
624 recv.Deserialize(retMsgId, retCode);
626 if (retMsgId != msgId)
627 return CKM_API_ERROR_UNKNOWN;
635 int Manager::Impl::createKeyPair(
636 const KeyType key_type,
637 const int additional_param,
638 const Alias &privateKeyAlias,
639 const Alias &publicKeyAlias,
640 const Policy &policyPrivateKey,
641 const Policy &policyPublicKey)
644 CryptoAlgorithm keyGenAlgorithm;
647 case KeyType::KEY_RSA_PUBLIC:
648 case KeyType::KEY_RSA_PRIVATE:
649 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_GEN);
650 keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
653 case KeyType::KEY_DSA_PUBLIC:
654 case KeyType::KEY_DSA_PRIVATE:
655 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::DSA_GEN);
656 keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
659 case KeyType::KEY_ECDSA_PUBLIC:
660 case KeyType::KEY_ECDSA_PRIVATE:
661 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::ECDSA_GEN);
662 keyGenAlgorithm.setParam(ParamName::GEN_EC, additional_param);
666 return CKM_API_ERROR_INPUT_PARAM;
669 // proceed with sending request
670 int msgId = ++m_counter;
672 EXCEPTION_GUARD_START_CPPAPI
675 AliasSupport privateHelper(privateKeyAlias);
676 AliasSupport publicHelper(publicKeyAlias);
677 auto send = SerializeMessage(static_cast<int>(LogicCommand::CREATE_KEY_PAIR),
679 CryptoAlgorithmSerializable(keyGenAlgorithm),
680 PolicySerializable(policyPrivateKey),
681 PolicySerializable(policyPublicKey),
682 privateHelper.getName(),
683 privateHelper.getOwner(),
684 publicHelper.getName(),
685 publicHelper.getOwner());
687 int retCode = m_storageConnection.processRequest(send, recv);
689 if (CKM_API_SUCCESS != retCode)
693 recv.Deserialize(retMsgId, retCode);
695 if (retMsgId != msgId)
696 return CKM_API_ERROR_UNKNOWN;
703 int Manager::Impl::getCertificateChain(
704 const CertificateShPtr &certificate,
705 const CertificateShPtrVector &untrustedCertificates,
706 const CertificateShPtrVector &trustedCertificates,
707 bool useTrustedSystemCertificates,
708 CertificateShPtrVector &certificateChainVector)
710 RawBufferVector untrustedVector;
711 RawBufferVector trustedVector;
713 if (!certificate || certificate->empty())
714 return CKM_API_ERROR_INPUT_PARAM;
716 for (auto &e : untrustedCertificates) {
717 if (!e || e->empty())
718 return CKM_API_ERROR_INPUT_PARAM;
719 untrustedVector.push_back(e->getDER());
722 for (auto &e : trustedCertificates) {
723 if (!e || e->empty())
724 return CKM_API_ERROR_INPUT_PARAM;
725 trustedVector.push_back(e->getDER());
730 LogicCommand::GET_CHAIN_CERT,
735 useTrustedSystemCertificates,
736 certificateChainVector);
739 int Manager::Impl::getCertificateChain(
740 const CertificateShPtr &certificate,
741 const AliasVector &untrustedCertificates,
742 const AliasVector &trustedCertificates,
743 bool useTrustedSystemCertificates,
744 CertificateShPtrVector &certificateChainVector)
746 OwnerNameVector untrustedVector;
747 OwnerNameVector trustedVector;
749 if (!certificate || certificate->empty())
750 return CKM_API_ERROR_INPUT_PARAM;
752 for (auto &e : untrustedCertificates) {
753 AliasSupport helper(e);
754 untrustedVector.push_back(std::make_pair(helper.getOwner(), helper.getName()));
757 for (auto &e : trustedCertificates) {
758 AliasSupport helper(e);
759 trustedVector.push_back(std::make_pair(helper.getOwner(), helper.getName()));
764 LogicCommand::GET_CHAIN_ALIAS,
769 useTrustedSystemCertificates,
770 certificateChainVector);
773 int Manager::Impl::createSignature(
774 const Alias &privateKeyAlias,
775 const Password &password, // password for private_key
776 const RawBuffer &message,
777 const CryptoAlgorithm &cAlgorithm,
778 RawBuffer &signature)
780 int msgId = ++m_counter;
782 EXCEPTION_GUARD_START_CPPAPI
785 AliasSupport helper(privateKeyAlias);
786 auto send = SerializeMessage(static_cast<int>(LogicCommand::CREATE_SIGNATURE),
792 CryptoAlgorithmSerializable(cAlgorithm));
794 int retCode = m_storageConnection.processRequest(send, recv);
796 if (CKM_API_SUCCESS != retCode)
800 recv.Deserialize(retMsgId, retCode, signature);
802 if (retMsgId != msgId)
803 return CKM_API_ERROR_UNKNOWN;
810 int Manager::Impl::verifySignature(
811 const Alias &publicKeyOrCertAlias,
812 const Password &password, // password for public_key (optional)
813 const RawBuffer &message,
814 const RawBuffer &signature,
815 const CryptoAlgorithm &cAlg)
817 int msgId = ++m_counter;
819 EXCEPTION_GUARD_START_CPPAPI
822 AliasSupport helper(publicKeyOrCertAlias);
823 auto send = SerializeMessage(static_cast<int>(LogicCommand::VERIFY_SIGNATURE),
830 CryptoAlgorithmSerializable(cAlg));
832 int retCode = m_storageConnection.processRequest(send, recv);
834 if (CKM_API_SUCCESS != retCode)
838 recv.Deserialize(retMsgId, retCode);
840 if (retMsgId != msgId)
841 return CKM_API_ERROR_UNKNOWN;
848 int Manager::Impl::ocspCheck(const CertificateShPtrVector &certChain,
851 EXCEPTION_GUARD_START_CPPAPI
853 int msgId = ++m_counter;
856 RawBufferVector rawCertChain;
858 for (auto &e : certChain) {
859 if (!e || e->empty()) {
860 LogError("Empty certificate");
861 return CKM_API_ERROR_INPUT_PARAM;
864 rawCertChain.push_back(e->getDER());
867 auto send = SerializeMessage(msgId, rawCertChain);
869 int retCode = m_ocspConnection.processRequest(send, recv);
871 if (CKM_API_SUCCESS != retCode)
875 recv.Deserialize(retMsgId, retCode, ocspStatus);
877 if (msgId != retMsgId)
878 return CKM_API_ERROR_UNKNOWN;
885 int Manager::Impl::setPermission(const Alias &alias,
886 const ClientId &accessor,
887 PermissionMask permissionMask)
889 int msgId = ++m_counter;
891 EXCEPTION_GUARD_START_CPPAPI
894 AliasSupport helper(alias);
895 auto send = SerializeMessage(static_cast<int>(LogicCommand::SET_PERMISSION),
902 int retCode = m_storageConnection.processRequest(send, recv);
904 if (CKM_API_SUCCESS != retCode)
908 recv.Deserialize(retMsgId, retCode);
910 if (msgId != retMsgId)
911 return CKM_API_ERROR_UNKNOWN;
918 int Manager::Impl::crypt(EncryptionCommand command,
919 const CryptoAlgorithm &algo,
920 const Alias &keyAlias,
921 const Password &password,
922 const RawBuffer &input,
925 int msgId = ++m_counter;
927 EXCEPTION_GUARD_START_CPPAPI
930 AliasSupport helper(keyAlias);
931 CryptoAlgorithmSerializable cas(algo);
932 auto send = SerializeMessage(static_cast<int>(command),
940 int retCode = m_encryptionConnection.processRequest(send, recv);
942 if (CKM_API_SUCCESS != retCode)
946 recv.Deserialize(retMsgId, retCode, output);
948 if (msgId != retMsgId)
949 return CKM_API_ERROR_UNKNOWN;
956 int Manager::Impl::encrypt(const CryptoAlgorithm &algo,
957 const Alias &keyAlias,
958 const Password &password,
959 const RawBuffer &plain,
960 RawBuffer &encrypted)
962 return crypt(EncryptionCommand::ENCRYPT, algo, keyAlias, password, plain,
966 int Manager::Impl::decrypt(const CryptoAlgorithm &algo,
967 const Alias &keyAlias,
968 const Password &password,
969 const RawBuffer &encrypted,
970 RawBuffer &decrypted)
972 return crypt(EncryptionCommand::DECRYPT, algo, keyAlias, password, encrypted,
projects / platform / core / security / key-manager.git / blob