1 /* Copyright (c) 2014-2020 Samsung Electronics Co., Ltd. All rights reserved
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License
16 * @file client-manager-impl.cpp
17 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
19 * @brief Manager implementation.
21 #include <openssl/evp.h>
23 #include <dpl/serialization.h>
24 #include <dpl/log/log.h>
26 #include <client-manager-impl.h>
27 #include <client-common.h>
28 #include <exception.h>
29 #include <message-buffer.h>
30 #include <protocols.h>
32 #include <key-aes-impl.h>
33 #include <certificate-impl.h>
39 int deserialize(const int msgId, MessageBuffer &recv, T&&...t)
41 int retMsgId, retCode;
42 recv.Deserialize(retMsgId, retCode, std::forward<T>(t)...);
43 return msgId != retMsgId ? CKM_API_ERROR_UNKNOWN : retCode;
48 ServiceConnection &serviceConnection,
51 const CertificateShPtr &certificate,
52 const T &untrustedVector,
53 const T &trustedVector,
54 bool useTrustedSystemCertificates,
55 CertificateShPtrVector &certificateChainVector)
57 EXCEPTION_GUARD_START_CPPAPI
60 auto send = SerializeMessage(static_cast<int>(command),
62 certificate->getDER(),
65 useTrustedSystemCertificates);
67 int retCode = serviceConnection.processRequest(send, recv);
69 if (CKM_API_SUCCESS != retCode)
72 RawBufferVector rawBufferVector;
73 retCode = deserialize(msgId, recv, rawBufferVector);
75 if (retCode != CKM_API_SUCCESS)
78 for (auto &e : rawBufferVector) {
79 CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
82 return CKM_API_ERROR_BAD_RESPONSE;
84 certificateChainVector.push_back(cert);
92 } // namespace anonymous
96 m_storageConnection(SERVICE_SOCKET_CKM_STORAGE),
97 m_ocspConnection(SERVICE_SOCKET_OCSP),
98 m_encryptionConnection(SERVICE_SOCKET_ENCRYPTION)
103 int Manager::Impl::saveBinaryData(
106 const RawBuffer &rawData,
107 const Policy &policy)
109 int msgId = ++m_counter;
111 EXCEPTION_GUARD_START_CPPAPI
113 if (alias.empty() || rawData.empty())
114 return CKM_API_ERROR_INPUT_PARAM;
117 AliasSupport helper(alias);
118 auto send = SerializeMessage(static_cast<int>(LogicCommand::SAVE),
124 PolicySerializable(policy));
126 int retCode = m_storageConnection.processRequest(send, recv);
128 if (CKM_API_SUCCESS != retCode)
132 return deserialize(msgId, recv, opType);
137 int Manager::Impl::saveKey(const Alias &alias, const KeyShPtr &key,
138 const Policy &policy)
140 if (key.get() == NULL || key->empty())
141 return CKM_API_ERROR_INPUT_PARAM;
144 return saveBinaryData(alias, DataType(key->getType()), key->getDER(), policy);
145 } catch (const Exc::Exception &e) {
146 LogError("Exception: " << e.what());
151 int Manager::Impl::saveCertificate(
153 const CertificateShPtr &cert,
154 const Policy &policy)
156 if (cert.get() == NULL || cert->empty())
157 return CKM_API_ERROR_INPUT_PARAM;
159 return saveBinaryData(alias, DataType::CERTIFICATE, cert->getDER(), policy);
162 int Manager::Impl::saveData(const Alias &alias, const RawBuffer &rawData,
163 const Policy &policy)
165 if (!policy.extractable)
166 return CKM_API_ERROR_INPUT_PARAM;
168 return saveBinaryData(alias, DataType::BINARY_DATA, rawData, policy);
172 int Manager::Impl::savePKCS12(
174 const PKCS12ShPtr &pkcs,
175 const Policy &keyPolicy,
176 const Policy &certPolicy)
178 if (alias.empty() || pkcs.get() == NULL)
179 return CKM_API_ERROR_INPUT_PARAM;
181 int msgId = ++m_counter;
183 EXCEPTION_GUARD_START_CPPAPI
186 AliasSupport helper(alias);
187 auto send = SerializeMessage(static_cast<int>(LogicCommand::SAVE_PKCS12),
191 PKCS12Serializable(*pkcs.get()),
192 PolicySerializable(keyPolicy),
193 PolicySerializable(certPolicy));
195 int retCode = m_storageConnection.processRequest(send, recv);
197 if (CKM_API_SUCCESS != retCode)
200 return deserialize(msgId, recv);
205 int Manager::Impl::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs)
207 return getPKCS12(alias, Password(), Password(), pkcs);
210 int Manager::Impl::getPKCS12(const Alias &alias, const Password &keyPass,
211 const Password &certPass, PKCS12ShPtr &pkcs)
214 return CKM_API_ERROR_INPUT_PARAM;
216 int msgId = ++m_counter;
218 EXCEPTION_GUARD_START_CPPAPI
221 AliasSupport helper(alias);
222 auto send = SerializeMessage(static_cast<int>(LogicCommand::GET_PKCS12),
229 int retCode = m_storageConnection.processRequest(send, recv);
231 if (CKM_API_SUCCESS != retCode)
235 PKCS12Serializable gotPkcs;
236 recv.Deserialize(retMsgId, retCode, gotPkcs);
238 if (retMsgId != msgId)
239 return CKM_API_ERROR_UNKNOWN;
241 pkcs = std::make_shared<PKCS12Impl>(std::move(gotPkcs));
249 int Manager::Impl::removeAlias(const Alias &alias)
252 return CKM_API_ERROR_INPUT_PARAM;
254 int msgId = ++m_counter;
256 EXCEPTION_GUARD_START_CPPAPI
259 AliasSupport helper(alias);
260 auto send = SerializeMessage(static_cast<int>(LogicCommand::REMOVE),
265 int retCode = m_storageConnection.processRequest(send, recv);
267 if (CKM_API_SUCCESS != retCode)
270 return deserialize(msgId, recv);
275 int Manager::Impl::getBinaryData(
277 DataType sendDataType,
278 const Password &password,
279 DataType &recvDataType,
283 return CKM_API_ERROR_INPUT_PARAM;
285 int msgId = ++m_counter;
287 EXCEPTION_GUARD_START_CPPAPI
290 AliasSupport helper(alias);
291 auto send = SerializeMessage(static_cast<int>(LogicCommand::GET),
298 int retCode = m_storageConnection.processRequest(send, recv);
300 if (CKM_API_SUCCESS != retCode)
303 return deserialize(msgId, recv, recvDataType, rawData);
308 int Manager::Impl::getBinaryDataEncryptionStatus(const DataType sendDataType,
309 const Alias &alias, bool &status)
313 return CKM_API_ERROR_INPUT_PARAM;
315 int msgId = ++m_counter;
317 EXCEPTION_GUARD_START_CPPAPI
320 AliasSupport helper(alias);
321 auto send = SerializeMessage(static_cast<int>(LogicCommand::GET_PROTECTION_STATUS),
327 int retCode = m_storageConnection.processRequest(send, recv);
329 if (CKM_API_SUCCESS != retCode)
332 DataType tmpDataType;
333 bool passwordProtectionStatus;
334 retCode = deserialize(msgId, recv, tmpDataType, passwordProtectionStatus);
336 if (retCode != CKM_API_SUCCESS) {
339 status = passwordProtectionStatus;
340 return CKM_API_SUCCESS;
345 int Manager::Impl::getKey(const Alias &alias, const Password &password,
348 DataType recvDataType;
351 int retCode = getBinaryData(
353 DataType::KEY_RSA_PUBLIC,
358 if (retCode != CKM_API_SUCCESS)
363 if (recvDataType.isSKey())
364 keyParsed = Key::createAES(rawData);
366 keyParsed = Key::create(rawData);
369 LogDebug("Key empty - failed to parse!");
370 return CKM_API_ERROR_BAD_RESPONSE;
375 return CKM_API_SUCCESS;
378 int Manager::Impl::getCertificate(const Alias &alias, const Password &password,
379 CertificateShPtr &cert)
381 DataType recvDataType;
384 int retCode = getBinaryData(
386 DataType::CERTIFICATE,
391 if (retCode != CKM_API_SUCCESS)
394 if (!recvDataType.isCertificate())
395 return CKM_API_ERROR_BAD_RESPONSE;
397 CertificateShPtr certParsed(new CertificateImpl(rawData, DataFormat::FORM_DER));
399 if (certParsed->empty())
400 return CKM_API_ERROR_BAD_RESPONSE;
404 return CKM_API_SUCCESS;
407 int Manager::Impl::getData(const Alias &alias, const Password &password,
410 DataType recvDataType = DataType::BINARY_DATA;
412 int retCode = getBinaryData(
414 DataType::BINARY_DATA,
419 if (retCode != CKM_API_SUCCESS)
422 if (!recvDataType.isBinaryData())
423 return CKM_API_ERROR_BAD_RESPONSE;
425 return CKM_API_SUCCESS;
428 int Manager::Impl::getBinaryDataAliasVectorHelper(DataType dataType,
429 OwnerNameVector &ownerNameVector)
431 int msgId = ++m_counter;
434 auto send = SerializeMessage(static_cast<int>(LogicCommand::GET_LIST), msgId, dataType);
436 int retCode = m_storageConnection.processRequest(send, recv);
438 if (retCode != CKM_API_SUCCESS)
442 DataType tmpDataType;
443 recv.Deserialize(retMsgId, retCode, tmpDataType, ownerNameVector);
445 return retMsgId != msgId ? CKM_API_ERROR_UNKNOWN : retCode;
448 int Manager::Impl::getBinaryDataAliasVector(DataType dataType,
449 AliasVector &aliasVector)
451 EXCEPTION_GUARD_START_CPPAPI
452 OwnerNameVector ownerNameVector;
453 int retCode = getBinaryDataAliasVectorHelper(dataType, ownerNameVector);
455 if (retCode != CKM_API_SUCCESS)
458 for (const auto &it : ownerNameVector)
459 aliasVector.push_back(AliasSupport::merge(it.first, it.second));
461 return CKM_API_SUCCESS;
465 int Manager::Impl::getBinaryDataAliasPwdVector(DataType dataType,
466 AliasPwdVector &aliasPwdVector)
468 EXCEPTION_GUARD_START_CPPAPI
469 OwnerNameVector ownerNameVector;
470 OwnerNameEncryptionStatusVector ownerNameEncryptionStatusVector;
471 int retCode = getBinaryDataAliasVectorHelper(dataType, ownerNameVector);
473 if (retCode != CKM_API_SUCCESS)
476 for (const auto &it : ownerNameVector)
478 Alias alias = AliasSupport::merge(std::get<0>(it), std::get<1>(it));
480 retCode = getBinaryDataEncryptionStatus(dataType, alias, status);
482 if (retCode != CKM_API_SUCCESS)
485 aliasPwdVector.push_back(std::make_pair(alias, status));
487 return CKM_API_SUCCESS;
491 int Manager::Impl::getKeyAliasVector(AliasVector &aliasVector)
493 // in fact datatype has no meaning here - if not certificate or binary data
494 // then manager decides to list all between DB_KEY_FIRST and DB_KEY_LAST
495 return getBinaryDataAliasVector(DataType::DB_KEY_LAST, aliasVector);
498 int Manager::Impl::getCertificateAliasVector(AliasVector &aliasVector)
500 return getBinaryDataAliasVector(DataType::CERTIFICATE, aliasVector);
503 int Manager::Impl::getDataAliasVector(AliasVector &aliasVector)
505 return getBinaryDataAliasVector(DataType::BINARY_DATA, aliasVector);
508 int Manager::Impl::getKeyAliasPwdVector(AliasPwdVector &aliasPwdVector)
510 return getBinaryDataAliasPwdVector(DataType::DB_KEY_LAST, aliasPwdVector);
513 int Manager::Impl::getKeyEncryptionStatus(const Alias &alias, bool &status)
515 return getBinaryDataEncryptionStatus(DataType::DB_KEY_LAST, alias, status);
518 int Manager::Impl::getCertificateAliasPwdVector(AliasPwdVector &aliasPwdVector)
520 return getBinaryDataAliasPwdVector(DataType::CERTIFICATE, aliasPwdVector);
523 int Manager::Impl::getCertificateEncryptionStatus(const Alias &alias, bool &status)
525 return getBinaryDataEncryptionStatus(DataType::CERTIFICATE, alias, status);
528 int Manager::Impl::getDataAliasPwdVector(AliasPwdVector &aliasPwdVector)
530 return getBinaryDataAliasPwdVector(DataType::BINARY_DATA, aliasPwdVector);
533 int Manager::Impl::getDataEncryptionStatus(const Alias &alias, bool &status)
535 return getBinaryDataEncryptionStatus(DataType::BINARY_DATA, alias, status);
538 int Manager::Impl::createKeyPairRSA(
540 const Alias &privateKeyAlias,
541 const Alias &publicKeyAlias,
542 const Policy &policyPrivateKey,
543 const Policy &policyPublicKey)
545 return this->createKeyPair(CKM::KeyType::KEY_RSA_PUBLIC, size, privateKeyAlias,
546 publicKeyAlias, policyPrivateKey, policyPublicKey);
549 int Manager::Impl::createKeyPairDSA(
551 const Alias &privateKeyAlias,
552 const Alias &publicKeyAlias,
553 const Policy &policyPrivateKey,
554 const Policy &policyPublicKey)
556 return this->createKeyPair(CKM::KeyType::KEY_DSA_PUBLIC, size, privateKeyAlias,
557 publicKeyAlias, policyPrivateKey, policyPublicKey);
560 int Manager::Impl::createKeyPairECDSA(
562 const Alias &privateKeyAlias,
563 const Alias &publicKeyAlias,
564 const Policy &policyPrivateKey,
565 const Policy &policyPublicKey)
567 return this->createKeyPair(CKM::KeyType::KEY_ECDSA_PUBLIC,
568 static_cast<int>(type), privateKeyAlias, publicKeyAlias, policyPrivateKey,
572 int Manager::Impl::createKeyAES(
574 const Alias &keyAlias,
575 const Policy &policyKey)
577 // proceed with sending request
578 int msgId = ++m_counter;
580 EXCEPTION_GUARD_START_CPPAPI
583 AliasSupport aliasHelper(keyAlias);
584 auto send = SerializeMessage(static_cast<int>(LogicCommand::CREATE_KEY_AES),
586 static_cast<int>(size),
587 PolicySerializable(policyKey),
588 aliasHelper.getName(),
589 aliasHelper.getOwner());
591 int retCode = m_storageConnection.processRequest(send, recv);
593 if (CKM_API_SUCCESS != retCode)
596 return deserialize(msgId, recv);
602 int Manager::Impl::createKeyPair(
603 const KeyType key_type,
604 const int additional_param,
605 const Alias &privateKeyAlias,
606 const Alias &publicKeyAlias,
607 const Policy &policyPrivateKey,
608 const Policy &policyPublicKey)
611 CryptoAlgorithm keyGenAlgorithm;
614 case KeyType::KEY_RSA_PUBLIC:
615 case KeyType::KEY_RSA_PRIVATE:
616 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_GEN);
617 keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
620 case KeyType::KEY_DSA_PUBLIC:
621 case KeyType::KEY_DSA_PRIVATE:
622 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::DSA_GEN);
623 keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
626 case KeyType::KEY_ECDSA_PUBLIC:
627 case KeyType::KEY_ECDSA_PRIVATE:
628 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::ECDSA_GEN);
629 keyGenAlgorithm.setParam(ParamName::GEN_EC, additional_param);
633 return CKM_API_ERROR_INPUT_PARAM;
636 // proceed with sending request
637 int msgId = ++m_counter;
639 EXCEPTION_GUARD_START_CPPAPI
642 AliasSupport privateHelper(privateKeyAlias);
643 AliasSupport publicHelper(publicKeyAlias);
644 auto send = SerializeMessage(static_cast<int>(LogicCommand::CREATE_KEY_PAIR),
646 CryptoAlgorithmSerializable(keyGenAlgorithm),
647 PolicySerializable(policyPrivateKey),
648 PolicySerializable(policyPublicKey),
649 privateHelper.getName(),
650 privateHelper.getOwner(),
651 publicHelper.getName(),
652 publicHelper.getOwner());
654 int retCode = m_storageConnection.processRequest(send, recv);
656 if (CKM_API_SUCCESS != retCode)
659 return deserialize(msgId, recv);
664 int Manager::Impl::getCertificateChain(
665 const CertificateShPtr &certificate,
666 const CertificateShPtrVector &untrustedCertificates,
667 const CertificateShPtrVector &trustedCertificates,
668 bool useTrustedSystemCertificates,
669 CertificateShPtrVector &certificateChainVector)
671 RawBufferVector untrustedVector;
672 RawBufferVector trustedVector;
674 if (!certificate || certificate->empty())
675 return CKM_API_ERROR_INPUT_PARAM;
677 for (auto &e : untrustedCertificates) {
678 if (!e || e->empty())
679 return CKM_API_ERROR_INPUT_PARAM;
680 untrustedVector.push_back(e->getDER());
683 for (auto &e : trustedCertificates) {
684 if (!e || e->empty())
685 return CKM_API_ERROR_INPUT_PARAM;
686 trustedVector.push_back(e->getDER());
691 LogicCommand::GET_CHAIN_CERT,
696 useTrustedSystemCertificates,
697 certificateChainVector);
700 int Manager::Impl::getCertificateChain(
701 const CertificateShPtr &certificate,
702 const AliasVector &untrustedCertificates,
703 const AliasVector &trustedCertificates,
704 bool useTrustedSystemCertificates,
705 CertificateShPtrVector &certificateChainVector)
707 OwnerNameVector untrustedVector;
708 OwnerNameVector trustedVector;
710 if (!certificate || certificate->empty())
711 return CKM_API_ERROR_INPUT_PARAM;
713 for (auto &e : untrustedCertificates) {
714 AliasSupport helper(e);
715 untrustedVector.push_back(std::make_pair(helper.getOwner(), helper.getName()));
718 for (auto &e : trustedCertificates) {
719 AliasSupport helper(e);
720 trustedVector.push_back(std::make_pair(helper.getOwner(), helper.getName()));
725 LogicCommand::GET_CHAIN_ALIAS,
730 useTrustedSystemCertificates,
731 certificateChainVector);
734 int Manager::Impl::createSignature(
735 const Alias &privateKeyAlias,
736 const Password &password, // password for private_key
737 const RawBuffer &message,
738 const CryptoAlgorithm &cAlgorithm,
739 RawBuffer &signature)
741 int msgId = ++m_counter;
743 EXCEPTION_GUARD_START_CPPAPI
746 AliasSupport helper(privateKeyAlias);
747 auto send = SerializeMessage(static_cast<int>(LogicCommand::CREATE_SIGNATURE),
753 CryptoAlgorithmSerializable(cAlgorithm));
755 int retCode = m_storageConnection.processRequest(send, recv);
757 if (CKM_API_SUCCESS != retCode)
760 return deserialize(msgId, recv, signature);
765 int Manager::Impl::verifySignature(
766 const Alias &publicKeyOrCertAlias,
767 const Password &password, // password for public_key (optional)
768 const RawBuffer &message,
769 const RawBuffer &signature,
770 const CryptoAlgorithm &cAlg)
772 int msgId = ++m_counter;
774 EXCEPTION_GUARD_START_CPPAPI
777 AliasSupport helper(publicKeyOrCertAlias);
778 auto send = SerializeMessage(static_cast<int>(LogicCommand::VERIFY_SIGNATURE),
785 CryptoAlgorithmSerializable(cAlg));
787 int retCode = m_storageConnection.processRequest(send, recv);
789 if (CKM_API_SUCCESS != retCode)
792 return deserialize(msgId, recv);
797 int Manager::Impl::ocspCheck(const CertificateShPtrVector &certChain,
800 EXCEPTION_GUARD_START_CPPAPI
802 int msgId = ++m_counter;
805 RawBufferVector rawCertChain;
807 for (auto &e : certChain) {
808 if (!e || e->empty()) {
809 LogError("Empty certificate");
810 return CKM_API_ERROR_INPUT_PARAM;
813 rawCertChain.push_back(e->getDER());
816 auto send = SerializeMessage(msgId, rawCertChain);
818 int retCode = m_ocspConnection.processRequest(send, recv);
820 if (CKM_API_SUCCESS != retCode)
823 return deserialize(msgId, recv, ocspStatus);
828 int Manager::Impl::setPermission(const Alias &alias,
829 const ClientId &accessor,
830 PermissionMask permissionMask)
832 int msgId = ++m_counter;
834 EXCEPTION_GUARD_START_CPPAPI
837 AliasSupport helper(alias);
838 auto send = SerializeMessage(static_cast<int>(LogicCommand::SET_PERMISSION),
845 int retCode = m_storageConnection.processRequest(send, recv);
847 if (CKM_API_SUCCESS != retCode)
850 return deserialize(msgId, recv);
855 int Manager::Impl::crypt(EncryptionCommand command,
856 const CryptoAlgorithm &algo,
857 const Alias &keyAlias,
858 const Password &password,
859 const RawBuffer &input,
862 int msgId = ++m_counter;
864 EXCEPTION_GUARD_START_CPPAPI
867 AliasSupport helper(keyAlias);
868 CryptoAlgorithmSerializable cas(algo);
869 auto send = SerializeMessage(static_cast<int>(command),
877 int retCode = m_encryptionConnection.processRequest(send, recv);
879 if (CKM_API_SUCCESS != retCode)
882 return deserialize(msgId, recv, output);
887 int Manager::Impl::encrypt(const CryptoAlgorithm &algo,
888 const Alias &keyAlias,
889 const Password &password,
890 const RawBuffer &plain,
891 RawBuffer &encrypted)
893 return crypt(EncryptionCommand::ENCRYPT, algo, keyAlias, password, plain,
897 int Manager::Impl::decrypt(const CryptoAlgorithm &algo,
898 const Alias &keyAlias,
899 const Password &password,
900 const RawBuffer &encrypted,
901 RawBuffer &decrypted)
903 return crypt(EncryptionCommand::DECRYPT, algo, keyAlias, password, encrypted,