1 /* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License
16 * @file client-manager-impl.cpp
17 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
19 * @brief Manager implementation.
21 #include <openssl/evp.h>
23 #include <dpl/serialization.h>
24 #include <dpl/log/log.h>
26 #include <client-manager-impl.h>
27 #include <client-common.h>
28 #include <message-buffer.h>
29 #include <protocols.h>
31 #include <certificate-impl.h>
35 void clientInitialize(void) {
36 OpenSSL_add_all_ciphers();
37 OpenSSL_add_all_algorithms();
38 OpenSSL_add_all_digests();
41 } // namespace anonymous
45 bool ManagerImpl::s_isInit = false;
47 ManagerImpl::ManagerImpl()
48 : m_counter(0), m_storageConnection(SERVICE_SOCKET_CKM_STORAGE), m_ocspConnection(SERVICE_SOCKET_OCSP)
50 // TODO secure with mutex
58 int ManagerImpl::saveBinaryData(
61 const RawBuffer &rawData,
66 return try_catch([&] {
67 if (alias.empty() || rawData.empty())
68 return CKM_API_ERROR_INPUT_PARAM;
71 AliasSupport helper(alias);
72 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SAVE),
74 static_cast<int>(dataType),
78 PolicySerializable(policy));
80 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
81 if (CKM_API_SUCCESS != retCode)
87 recv.Deserialize(command, counter, retCode, opType);
89 if (counter != m_counter) {
90 return CKM_API_ERROR_UNKNOWN;
97 int ManagerImpl::saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) {
98 if (key.get() == NULL)
99 return CKM_API_ERROR_INPUT_PARAM;
100 return saveBinaryData(alias, toDBDataType(key->getType()), key->getDER(), policy);
103 int ManagerImpl::saveCertificate(
105 const CertificateShPtr &cert,
106 const Policy &policy)
108 if (cert.get() == NULL)
109 return CKM_API_ERROR_INPUT_PARAM;
110 return saveBinaryData(alias, DBDataType::CERTIFICATE, cert->getDER(), policy);
113 int ManagerImpl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy) {
114 if (!policy.extractable)
115 return CKM_API_ERROR_INPUT_PARAM;
116 return saveBinaryData(alias, DBDataType::BINARY_DATA, rawData, policy);
119 int ManagerImpl::removeBinaryData(const Alias &alias, DBDataType dataType)
121 return try_catch([&] {
123 return CKM_API_ERROR_INPUT_PARAM;
126 AliasSupport helper(alias);
127 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::REMOVE),
129 static_cast<int>(dataType),
133 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
134 if (CKM_API_SUCCESS != retCode)
140 recv.Deserialize(command, counter, retCode, opType);
142 if (counter != m_counter) {
143 return CKM_API_ERROR_UNKNOWN;
150 int ManagerImpl::removeKey(const Alias &alias) {
151 return removeBinaryData(alias, DBDataType::KEY_RSA_PUBLIC);
154 int ManagerImpl::removeCertificate(const Alias &alias) {
155 return removeBinaryData(alias, DBDataType::CERTIFICATE);
158 int ManagerImpl::removeData(const Alias &alias) {
159 return removeBinaryData(alias, DBDataType::BINARY_DATA);
162 int ManagerImpl::getBinaryData(
164 DBDataType sendDataType,
165 const Password &password,
166 DBDataType &recvDataType,
169 return try_catch([&] {
171 return CKM_API_ERROR_INPUT_PARAM;
174 AliasSupport helper(alias);
175 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET),
177 static_cast<int>(sendDataType),
182 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
183 if (CKM_API_SUCCESS != retCode)
189 recv.Deserialize(command, counter, retCode, tmpDataType, rawData);
190 recvDataType = static_cast<DBDataType>(tmpDataType);
192 if (counter != m_counter) {
193 return CKM_API_ERROR_UNKNOWN;
200 int ManagerImpl::getKey(const Alias &alias, const Password &password, KeyShPtr &key) {
201 DBDataType recvDataType;
204 int retCode = getBinaryData(
206 DBDataType::KEY_RSA_PUBLIC,
211 if (retCode != CKM_API_SUCCESS)
214 KeyShPtr keyParsed(new KeyImpl(rawData));
216 if (keyParsed->empty()) {
217 LogDebug("Key empty - failed to parse!");
218 return CKM_API_ERROR_BAD_RESPONSE;
223 return CKM_API_SUCCESS;
226 int ManagerImpl::getCertificate(const Alias &alias, const Password &password, CertificateShPtr &cert)
228 DBDataType recvDataType = DBDataType::CERTIFICATE;
231 int retCode = getBinaryData(
233 DBDataType::CERTIFICATE,
238 if (retCode != CKM_API_SUCCESS)
241 if (recvDataType != DBDataType::CERTIFICATE)
242 return CKM_API_ERROR_BAD_RESPONSE;
244 CertificateShPtr certParsed(new CertificateImpl(rawData, DataFormat::FORM_DER));
246 if (certParsed->empty())
247 return CKM_API_ERROR_BAD_RESPONSE;
251 return CKM_API_SUCCESS;
254 int ManagerImpl::getData(const Alias &alias, const Password &password, RawBuffer &rawData)
256 DBDataType recvDataType = DBDataType::BINARY_DATA;
258 int retCode = getBinaryData(
260 DBDataType::BINARY_DATA,
265 if (retCode != CKM_API_SUCCESS)
268 if (recvDataType != DBDataType::BINARY_DATA)
269 return CKM_API_ERROR_BAD_RESPONSE;
271 return CKM_API_SUCCESS;
274 int ManagerImpl::getBinaryDataAliasVector(DBDataType dataType, AliasVector &aliasVector)
276 return try_catch([&] {
279 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_LIST),
281 static_cast<int>(dataType));
283 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
284 if (CKM_API_SUCCESS != retCode)
290 LabelNameVector labelNameVector;
291 recv.Deserialize(command, counter, retCode, tmpDataType, labelNameVector);
292 if ((command != static_cast<int>(LogicCommand::GET_LIST)) || (counter != m_counter)) {
293 return CKM_API_ERROR_UNKNOWN;
296 for(const auto &it : labelNameVector)
297 aliasVector.push_back( AliasSupport::merge(it.first, it.second) );
303 int ManagerImpl::getKeyAliasVector(AliasVector &aliasVector) {
304 // in fact datatype has no meaning here - if not certificate or binary data
305 // then manager decides to list all between DB_KEY_FIRST and DB_KEY_LAST
306 return getBinaryDataAliasVector(DBDataType::DB_KEY_LAST, aliasVector);
309 int ManagerImpl::getCertificateAliasVector(AliasVector &aliasVector) {
310 return getBinaryDataAliasVector(DBDataType::CERTIFICATE, aliasVector);
313 int ManagerImpl::getDataAliasVector(AliasVector &aliasVector) {
314 return getBinaryDataAliasVector(DBDataType::BINARY_DATA, aliasVector);
317 int ManagerImpl::createKeyPairRSA(
319 const Alias &privateKeyAlias,
320 const Alias &publicKeyAlias,
321 const Policy &policyPrivateKey,
322 const Policy &policyPublicKey)
324 return this->createKeyPair(CKM::KeyType::KEY_RSA_PUBLIC, size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
327 int ManagerImpl::createKeyPairDSA(
329 const Alias &privateKeyAlias,
330 const Alias &publicKeyAlias,
331 const Policy &policyPrivateKey,
332 const Policy &policyPublicKey)
334 return this->createKeyPair(CKM::KeyType::KEY_DSA_PUBLIC, size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
337 int ManagerImpl::createKeyPairECDSA(
339 const Alias &privateKeyAlias,
340 const Alias &publicKeyAlias,
341 const Policy &policyPrivateKey,
342 const Policy &policyPublicKey)
344 return this->createKeyPair(CKM::KeyType::KEY_ECDSA_PUBLIC, static_cast<int>(type), privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
347 int ManagerImpl::createKeyPair(
348 const KeyType key_type,
349 const int additional_param,
350 const Alias &privateKeyAlias,
351 const Alias &publicKeyAlias,
352 const Policy &policyPrivateKey,
353 const Policy &policyPublicKey)
356 LogicCommand cmd_type;
359 case KeyType::KEY_RSA_PUBLIC:
360 case KeyType::KEY_RSA_PRIVATE:
361 cmd_type = LogicCommand::CREATE_KEY_PAIR_RSA;
364 case KeyType::KEY_DSA_PUBLIC:
365 case KeyType::KEY_DSA_PRIVATE:
366 cmd_type = LogicCommand::CREATE_KEY_PAIR_DSA;
369 case KeyType::KEY_ECDSA_PUBLIC:
370 case KeyType::KEY_ECDSA_PRIVATE:
371 cmd_type = LogicCommand::CREATE_KEY_PAIR_ECDSA;
375 return CKM_API_ERROR_INPUT_PARAM;
378 // proceed with sending request
380 int my_counter = m_counter;
381 return try_catch([&] {
384 auto send = MessageBuffer::Serialize(static_cast<int>(cmd_type),
386 static_cast<int>(additional_param),
387 PolicySerializable(policyPrivateKey),
388 PolicySerializable(policyPublicKey),
392 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
393 if (CKM_API_SUCCESS != retCode)
398 recv.Deserialize(command, counter, retCode);
399 if (counter != my_counter) {
400 return CKM_API_ERROR_UNKNOWN;
410 LogicCommand command,
412 const CertificateShPtr &certificate,
414 CertificateShPtrVector &certificateChainVector,
415 ServiceConnection & service_connection)
417 return try_catch([&] {
420 auto send = MessageBuffer::Serialize(static_cast<int>(command),
422 certificate->getDER(),
425 int retCode = service_connection.processRequest(send.Pop(), recv);
426 if (CKM_API_SUCCESS != retCode)
431 RawBufferVector rawBufferVector;
432 recv.Deserialize(retCommand, retCounter, retCode, rawBufferVector);
434 if ((counter != retCounter) || (static_cast<int>(command) != retCommand)) {
435 return CKM_API_ERROR_UNKNOWN;
438 if (retCode != CKM_API_SUCCESS) {
442 for (auto &e: rawBufferVector) {
443 CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
445 return CKM_API_ERROR_BAD_RESPONSE;
446 certificateChainVector.push_back(cert);
454 int ManagerImpl::getCertificateChain(
455 const CertificateShPtr &certificate,
456 const CertificateShPtrVector &untrustedCertificates,
457 CertificateShPtrVector &certificateChainVector)
459 RawBufferVector rawBufferVector;
461 for (auto &e: untrustedCertificates) {
462 rawBufferVector.push_back(e->getDER());
466 LogicCommand::GET_CHAIN_CERT,
470 certificateChainVector,
471 m_storageConnection);
474 int ManagerImpl::getCertificateChain(
475 const CertificateShPtr &certificate,
476 const AliasVector &untrustedCertificates,
477 CertificateShPtrVector &certificateChainVector)
479 LabelNameVector untrusted_certs;
480 for (auto &e: untrustedCertificates) {
481 AliasSupport helper(e);
482 untrusted_certs.push_back(std::make_pair(helper.getLabel(), helper.getName()));
486 LogicCommand::GET_CHAIN_ALIAS,
490 certificateChainVector,
491 m_storageConnection);
494 int ManagerImpl::createSignature(
495 const Alias &privateKeyAlias,
496 const Password &password, // password for private_key
497 const RawBuffer &message,
498 const HashAlgorithm hash,
499 const RSAPaddingAlgorithm padding,
500 RawBuffer &signature)
503 int my_counter = m_counter;
504 return try_catch([&] {
507 AliasSupport helper(privateKeyAlias);
508 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_SIGNATURE),
514 static_cast<int>(hash),
515 static_cast<int>(padding));
517 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
518 if (CKM_API_SUCCESS != retCode)
523 recv.Deserialize(command, counter, retCode, signature);
525 if ((command != static_cast<int>(LogicCommand::CREATE_SIGNATURE))
526 || (counter != my_counter))
528 return CKM_API_ERROR_UNKNOWN;
535 int ManagerImpl::verifySignature(
536 const Alias &publicKeyOrCertAlias,
537 const Password &password, // password for public_key (optional)
538 const RawBuffer &message,
539 const RawBuffer &signature,
540 const HashAlgorithm hash,
541 const RSAPaddingAlgorithm padding)
544 int my_counter = m_counter;
545 return try_catch([&] {
548 AliasSupport helper(publicKeyOrCertAlias);
549 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::VERIFY_SIGNATURE),
556 static_cast<int>(hash),
557 static_cast<int>(padding));
559 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
560 if (CKM_API_SUCCESS != retCode)
565 recv.Deserialize(command, counter, retCode);
567 if ((command != static_cast<int>(LogicCommand::VERIFY_SIGNATURE))
568 || (counter != my_counter))
570 return CKM_API_ERROR_UNKNOWN;
577 int ManagerImpl::ocspCheck(const CertificateShPtrVector &certChain, int &ocspStatus)
579 return try_catch([&] {
580 int my_counter = ++m_counter;
583 RawBufferVector rawCertChain;
584 for (auto &e: certChain) {
585 rawCertChain.push_back(e->getDER());
588 auto send = MessageBuffer::Serialize(my_counter, rawCertChain);
590 int retCode = m_ocspConnection.processRequest(send.Pop(), recv);
591 if (CKM_API_SUCCESS != retCode)
595 recv.Deserialize(counter, retCode, ocspStatus);
597 if (my_counter != counter) {
598 return CKM_API_ERROR_UNKNOWN;
605 int ManagerImpl::setPermission(const Alias &alias,
606 const Label &accessor,
607 Permission newPermission)
610 int my_counter = m_counter;
611 return try_catch([&] {
613 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SET_PERMISSION),
617 static_cast<int>(newPermission));
619 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
620 if (CKM_API_SUCCESS != retCode)
625 recv.Deserialize(command, counter, retCode);
627 if (my_counter != counter) {
628 return CKM_API_ERROR_UNKNOWN;
635 ManagerShPtr Manager::create() {
637 return std::make_shared<ManagerImpl>();
638 } catch (const std::bad_alloc &) {
639 LogDebug("Bad alloc was caught during ManagerImpl creation.");
641 LogError("Critical error: Unknown exception was caught during ManagerImpl creation!");
643 return ManagerShPtr();