1 /* Copyright (c) 2014 - 2020 Samsung Electronics Co., Ltd All Rights Reserved
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License
16 * @file client-manager-impl.cpp
17 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
19 * @brief Manager implementation.
21 #include <openssl/evp.h>
23 #include <dpl/serialization.h>
24 #include <dpl/log/log.h>
26 #include <client-manager-impl.h>
27 #include <client-common.h>
28 #include <exception.h>
29 #include <message-buffer.h>
30 #include <protocols.h>
32 #include <key-aes-impl.h>
33 #include <certificate-impl.h>
40 ServiceConnection &serviceConnection,
43 const CertificateShPtr &certificate,
44 const T &untrustedVector,
45 const T &trustedVector,
46 bool useTrustedSystemCertificates,
47 CertificateShPtrVector &certificateChainVector)
49 EXCEPTION_GUARD_START_CPPAPI
52 auto send = MessageBuffer::Serialize(static_cast<int>(command),
54 certificate->getDER(),
57 useTrustedSystemCertificates);
59 int retCode = serviceConnection.processRequest(send.Pop(), recv);
61 if (CKM_API_SUCCESS != retCode)
65 RawBufferVector rawBufferVector;
66 recv.Deserialize(retMsgId, retCode, rawBufferVector);
68 if (msgId != retMsgId)
69 return CKM_API_ERROR_UNKNOWN;
71 if (retCode != CKM_API_SUCCESS)
74 for (auto &e : rawBufferVector) {
75 CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
78 return CKM_API_ERROR_BAD_RESPONSE;
80 certificateChainVector.push_back(cert);
88 } // namespace anonymous
92 m_storageConnection(SERVICE_SOCKET_CKM_STORAGE),
93 m_ocspConnection(SERVICE_SOCKET_OCSP),
94 m_encryptionConnection(SERVICE_SOCKET_ENCRYPTION)
99 int Manager::Impl::saveBinaryData(
102 const RawBuffer &rawData,
103 const Policy &policy)
105 int msgId = ++m_counter;
107 EXCEPTION_GUARD_START_CPPAPI
109 if (alias.empty() || rawData.empty())
110 return CKM_API_ERROR_INPUT_PARAM;
113 AliasSupport helper(alias);
114 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SAVE),
120 PolicySerializable(policy));
122 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
124 if (CKM_API_SUCCESS != retCode)
129 recv.Deserialize(retMsgId, retCode, opType);
131 if (retMsgId != msgId)
132 return CKM_API_ERROR_UNKNOWN;
139 int Manager::Impl::saveKey(const Alias &alias, const KeyShPtr &key,
140 const Policy &policy)
142 if (key.get() == NULL || key->empty())
143 return CKM_API_ERROR_INPUT_PARAM;
146 return saveBinaryData(alias, DataType(key->getType()), key->getDER(), policy);
147 } catch (const Exc::Exception &e) {
148 LogError("Exception: " << e.what());
153 int Manager::Impl::saveCertificate(
155 const CertificateShPtr &cert,
156 const Policy &policy)
158 if (cert.get() == NULL || cert->empty())
159 return CKM_API_ERROR_INPUT_PARAM;
161 return saveBinaryData(alias, DataType::CERTIFICATE, cert->getDER(), policy);
164 int Manager::Impl::saveData(const Alias &alias, const RawBuffer &rawData,
165 const Policy &policy)
167 if (!policy.extractable)
168 return CKM_API_ERROR_INPUT_PARAM;
170 return saveBinaryData(alias, DataType::BINARY_DATA, rawData, policy);
174 int Manager::Impl::savePKCS12(
176 const PKCS12ShPtr &pkcs,
177 const Policy &keyPolicy,
178 const Policy &certPolicy)
180 if (alias.empty() || pkcs.get() == NULL)
181 return CKM_API_ERROR_INPUT_PARAM;
183 int msgId = ++m_counter;
185 EXCEPTION_GUARD_START_CPPAPI
188 AliasSupport helper(alias);
189 auto send = MessageBuffer::Serialize(static_cast<int>
190 (LogicCommand::SAVE_PKCS12),
194 PKCS12Serializable(*pkcs.get()),
195 PolicySerializable(keyPolicy),
196 PolicySerializable(certPolicy));
198 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
200 if (CKM_API_SUCCESS != retCode)
204 recv.Deserialize(retMsgId, retCode);
206 if (retMsgId != msgId)
207 return CKM_API_ERROR_UNKNOWN;
214 int Manager::Impl::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs)
216 return getPKCS12(alias, Password(), Password(), pkcs);
219 int Manager::Impl::getPKCS12(const Alias &alias, const Password &keyPass,
220 const Password &certPass, PKCS12ShPtr &pkcs)
223 return CKM_API_ERROR_INPUT_PARAM;
225 int msgId = ++m_counter;
227 EXCEPTION_GUARD_START_CPPAPI
230 AliasSupport helper(alias);
231 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_PKCS12),
238 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
240 if (CKM_API_SUCCESS != retCode)
244 PKCS12Serializable gotPkcs;
245 recv.Deserialize(retMsgId, retCode, gotPkcs);
247 if (retMsgId != msgId)
248 return CKM_API_ERROR_UNKNOWN;
250 pkcs = std::make_shared<PKCS12Impl>(std::move(gotPkcs));
258 int Manager::Impl::removeAlias(const Alias &alias)
261 return CKM_API_ERROR_INPUT_PARAM;
263 int msgId = ++m_counter;
265 EXCEPTION_GUARD_START_CPPAPI
268 AliasSupport helper(alias);
269 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::REMOVE),
274 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
276 if (CKM_API_SUCCESS != retCode)
280 recv.Deserialize(retMsgId, retCode);
282 if (retMsgId != msgId)
283 return CKM_API_ERROR_UNKNOWN;
290 int Manager::Impl::getBinaryData(
292 DataType sendDataType,
293 const Password &password,
294 DataType &recvDataType,
298 return CKM_API_ERROR_INPUT_PARAM;
300 int msgId = ++m_counter;
302 EXCEPTION_GUARD_START_CPPAPI
305 AliasSupport helper(alias);
306 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET),
313 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
315 if (CKM_API_SUCCESS != retCode)
319 recv.Deserialize(retMsgId, retCode, recvDataType, rawData);
321 if (retMsgId != msgId)
322 return CKM_API_ERROR_UNKNOWN;
329 int Manager::Impl::getBinaryDataEncryptionStatus(const DataType sendDataType,
330 const Alias &alias, bool &status)
334 return CKM_API_ERROR_INPUT_PARAM;
336 int msgId = ++m_counter;
338 EXCEPTION_GUARD_START_CPPAPI
341 AliasSupport helper(alias);
342 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_PROTECTION_STATUS),
348 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
350 if (CKM_API_SUCCESS != retCode)
354 DataType tmpDataType;
355 bool passwordProtectionStatus;
356 recv.Deserialize(retMsgId, retCode, tmpDataType, passwordProtectionStatus);
358 if (retMsgId != msgId)
359 return CKM_API_ERROR_UNKNOWN;
361 if (retCode != CKM_API_SUCCESS) {
364 status = passwordProtectionStatus;
365 return CKM_API_SUCCESS;
370 int Manager::Impl::getKey(const Alias &alias, const Password &password,
373 DataType recvDataType;
376 int retCode = getBinaryData(
378 DataType::KEY_RSA_PUBLIC,
383 if (retCode != CKM_API_SUCCESS)
388 if (recvDataType.isSKey())
389 keyParsed = Key::createAES(rawData);
391 keyParsed = Key::create(rawData);
394 LogDebug("Key empty - failed to parse!");
395 return CKM_API_ERROR_BAD_RESPONSE;
400 return CKM_API_SUCCESS;
403 int Manager::Impl::getCertificate(const Alias &alias, const Password &password,
404 CertificateShPtr &cert)
406 DataType recvDataType;
409 int retCode = getBinaryData(
411 DataType::CERTIFICATE,
416 if (retCode != CKM_API_SUCCESS)
419 if (!recvDataType.isCertificate())
420 return CKM_API_ERROR_BAD_RESPONSE;
422 CertificateShPtr certParsed(new CertificateImpl(rawData, DataFormat::FORM_DER));
424 if (certParsed->empty())
425 return CKM_API_ERROR_BAD_RESPONSE;
429 return CKM_API_SUCCESS;
432 int Manager::Impl::getData(const Alias &alias, const Password &password,
435 DataType recvDataType = DataType::BINARY_DATA;
437 int retCode = getBinaryData(
439 DataType::BINARY_DATA,
444 if (retCode != CKM_API_SUCCESS)
447 if (!recvDataType.isBinaryData())
448 return CKM_API_ERROR_BAD_RESPONSE;
450 return CKM_API_SUCCESS;
453 int Manager::Impl::getBinaryDataAliasVectorHelper(DataType dataType,
454 OwnerNameVector &ownerNameVector)
456 int msgId = ++m_counter;
459 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_LIST),
463 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
465 if (retCode != CKM_API_SUCCESS)
469 DataType tmpDataType;
470 recv.Deserialize(retMsgId, retCode, tmpDataType, ownerNameVector);
472 if (retMsgId != msgId)
473 return CKM_API_ERROR_UNKNOWN;
475 return CKM_API_SUCCESS;
478 int Manager::Impl::getBinaryDataAliasVector(DataType dataType,
479 AliasVector &aliasVector)
481 EXCEPTION_GUARD_START_CPPAPI
482 OwnerNameVector ownerNameVector;
483 int retCode = getBinaryDataAliasVectorHelper(dataType, ownerNameVector);
485 if (retCode != CKM_API_SUCCESS)
488 for (const auto &it : ownerNameVector)
489 aliasVector.push_back(AliasSupport::merge(it.first, it.second));
491 return CKM_API_SUCCESS;
495 int Manager::Impl::getBinaryDataAliasPwdVector(DataType dataType,
496 AliasPwdVector &aliasPwdVector)
498 EXCEPTION_GUARD_START_CPPAPI
499 OwnerNameVector ownerNameVector;
500 OwnerNameEncryptionStatusVector ownerNameEncryptionStatusVector;
501 int retCode = getBinaryDataAliasVectorHelper(dataType, ownerNameVector);
503 if (retCode != CKM_API_SUCCESS)
506 for (const auto &it : ownerNameVector)
508 Alias alias = AliasSupport::merge(std::get<0>(it), std::get<1>(it));
510 retCode = getBinaryDataEncryptionStatus(dataType, alias, status);
512 if (retCode != CKM_API_SUCCESS)
515 aliasPwdVector.push_back(std::make_pair(alias, status));
517 return CKM_API_SUCCESS;
521 int Manager::Impl::getKeyAliasVector(AliasVector &aliasVector)
523 // in fact datatype has no meaning here - if not certificate or binary data
524 // then manager decides to list all between DB_KEY_FIRST and DB_KEY_LAST
525 return getBinaryDataAliasVector(DataType::DB_KEY_LAST, aliasVector);
528 int Manager::Impl::getCertificateAliasVector(AliasVector &aliasVector)
530 return getBinaryDataAliasVector(DataType::CERTIFICATE, aliasVector);
533 int Manager::Impl::getDataAliasVector(AliasVector &aliasVector)
535 return getBinaryDataAliasVector(DataType::BINARY_DATA, aliasVector);
538 int Manager::Impl::getKeyAliasPwdVector(AliasPwdVector &aliasPwdVector)
540 return getBinaryDataAliasPwdVector(DataType::DB_KEY_LAST, aliasPwdVector);
543 int Manager::Impl::getKeyEncryptionStatus(const Alias &alias, bool &status)
545 return getBinaryDataEncryptionStatus(DataType::DB_KEY_LAST, alias, status);
548 int Manager::Impl::getCertificateAliasPwdVector(AliasPwdVector &aliasPwdVector)
550 return getBinaryDataAliasPwdVector(DataType::CERTIFICATE, aliasPwdVector);
553 int Manager::Impl::getCertificateEncryptionStatus(const Alias &alias, bool &status)
555 return getBinaryDataEncryptionStatus(DataType::CERTIFICATE, alias, status);
558 int Manager::Impl::getDataAliasPwdVector(AliasPwdVector &aliasPwdVector)
560 return getBinaryDataAliasPwdVector(DataType::BINARY_DATA, aliasPwdVector);
563 int Manager::Impl::getDataEncryptionStatus(const Alias &alias, bool &status)
565 return getBinaryDataEncryptionStatus(DataType::BINARY_DATA, alias, status);
568 int Manager::Impl::createKeyPairRSA(
570 const Alias &privateKeyAlias,
571 const Alias &publicKeyAlias,
572 const Policy &policyPrivateKey,
573 const Policy &policyPublicKey)
575 return this->createKeyPair(CKM::KeyType::KEY_RSA_PUBLIC, size, privateKeyAlias,
576 publicKeyAlias, policyPrivateKey, policyPublicKey);
579 int Manager::Impl::createKeyPairDSA(
581 const Alias &privateKeyAlias,
582 const Alias &publicKeyAlias,
583 const Policy &policyPrivateKey,
584 const Policy &policyPublicKey)
586 return this->createKeyPair(CKM::KeyType::KEY_DSA_PUBLIC, size, privateKeyAlias,
587 publicKeyAlias, policyPrivateKey, policyPublicKey);
590 int Manager::Impl::createKeyPairECDSA(
592 const Alias &privateKeyAlias,
593 const Alias &publicKeyAlias,
594 const Policy &policyPrivateKey,
595 const Policy &policyPublicKey)
597 return this->createKeyPair(CKM::KeyType::KEY_ECDSA_PUBLIC,
598 static_cast<int>(type), privateKeyAlias, publicKeyAlias, policyPrivateKey,
602 int Manager::Impl::createKeyAES(
604 const Alias &keyAlias,
605 const Policy &policyKey)
607 // proceed with sending request
608 int msgId = ++m_counter;
610 EXCEPTION_GUARD_START_CPPAPI
613 AliasSupport aliasHelper(keyAlias);
614 auto send = MessageBuffer::Serialize(static_cast<int>
615 (LogicCommand::CREATE_KEY_AES),
617 static_cast<int>(size),
618 PolicySerializable(policyKey),
619 aliasHelper.getName(),
620 aliasHelper.getOwner());
622 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
624 if (CKM_API_SUCCESS != retCode)
628 recv.Deserialize(retMsgId, retCode);
630 if (retMsgId != msgId)
631 return CKM_API_ERROR_UNKNOWN;
639 int Manager::Impl::createKeyPair(
640 const KeyType key_type,
641 const int additional_param,
642 const Alias &privateKeyAlias,
643 const Alias &publicKeyAlias,
644 const Policy &policyPrivateKey,
645 const Policy &policyPublicKey)
648 CryptoAlgorithm keyGenAlgorithm;
651 case KeyType::KEY_RSA_PUBLIC:
652 case KeyType::KEY_RSA_PRIVATE:
653 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_GEN);
654 keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
657 case KeyType::KEY_DSA_PUBLIC:
658 case KeyType::KEY_DSA_PRIVATE:
659 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::DSA_GEN);
660 keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
663 case KeyType::KEY_ECDSA_PUBLIC:
664 case KeyType::KEY_ECDSA_PRIVATE:
665 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::ECDSA_GEN);
666 keyGenAlgorithm.setParam(ParamName::GEN_EC, additional_param);
670 return CKM_API_ERROR_INPUT_PARAM;
673 // proceed with sending request
674 int msgId = ++m_counter;
676 EXCEPTION_GUARD_START_CPPAPI
679 AliasSupport privateHelper(privateKeyAlias);
680 AliasSupport publicHelper(publicKeyAlias);
681 auto send = MessageBuffer::Serialize(static_cast<int>
682 (LogicCommand::CREATE_KEY_PAIR),
684 CryptoAlgorithmSerializable(keyGenAlgorithm),
685 PolicySerializable(policyPrivateKey),
686 PolicySerializable(policyPublicKey),
687 privateHelper.getName(),
688 privateHelper.getOwner(),
689 publicHelper.getName(),
690 publicHelper.getOwner());
692 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
694 if (CKM_API_SUCCESS != retCode)
698 recv.Deserialize(retMsgId, retCode);
700 if (retMsgId != msgId)
701 return CKM_API_ERROR_UNKNOWN;
708 int Manager::Impl::getCertificateChain(
709 const CertificateShPtr &certificate,
710 const CertificateShPtrVector &untrustedCertificates,
711 const CertificateShPtrVector &trustedCertificates,
712 bool useTrustedSystemCertificates,
713 CertificateShPtrVector &certificateChainVector)
715 RawBufferVector untrustedVector;
716 RawBufferVector trustedVector;
718 if (!certificate || certificate->empty())
719 return CKM_API_ERROR_INPUT_PARAM;
721 for (auto &e : untrustedCertificates) {
722 if (!e || e->empty())
723 return CKM_API_ERROR_INPUT_PARAM;
724 untrustedVector.push_back(e->getDER());
727 for (auto &e : trustedCertificates) {
728 if (!e || e->empty())
729 return CKM_API_ERROR_INPUT_PARAM;
730 trustedVector.push_back(e->getDER());
735 LogicCommand::GET_CHAIN_CERT,
740 useTrustedSystemCertificates,
741 certificateChainVector);
744 int Manager::Impl::getCertificateChain(
745 const CertificateShPtr &certificate,
746 const AliasVector &untrustedCertificates,
747 const AliasVector &trustedCertificates,
748 bool useTrustedSystemCertificates,
749 CertificateShPtrVector &certificateChainVector)
751 OwnerNameVector untrustedVector;
752 OwnerNameVector trustedVector;
754 if (!certificate || certificate->empty())
755 return CKM_API_ERROR_INPUT_PARAM;
757 for (auto &e : untrustedCertificates) {
758 AliasSupport helper(e);
759 untrustedVector.push_back(std::make_pair(helper.getOwner(), helper.getName()));
762 for (auto &e : trustedCertificates) {
763 AliasSupport helper(e);
764 trustedVector.push_back(std::make_pair(helper.getOwner(), helper.getName()));
769 LogicCommand::GET_CHAIN_ALIAS,
774 useTrustedSystemCertificates,
775 certificateChainVector);
778 int Manager::Impl::createSignature(
779 const Alias &privateKeyAlias,
780 const Password &password, // password for private_key
781 const RawBuffer &message,
782 const CryptoAlgorithm &cAlgorithm,
783 RawBuffer &signature)
785 int msgId = ++m_counter;
787 EXCEPTION_GUARD_START_CPPAPI
790 AliasSupport helper(privateKeyAlias);
791 auto send = MessageBuffer::Serialize(static_cast<int>
792 (LogicCommand::CREATE_SIGNATURE),
798 CryptoAlgorithmSerializable(cAlgorithm));
800 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
802 if (CKM_API_SUCCESS != retCode)
806 recv.Deserialize(retMsgId, retCode, signature);
808 if (retMsgId != msgId)
809 return CKM_API_ERROR_UNKNOWN;
816 int Manager::Impl::verifySignature(
817 const Alias &publicKeyOrCertAlias,
818 const Password &password, // password for public_key (optional)
819 const RawBuffer &message,
820 const RawBuffer &signature,
821 const CryptoAlgorithm &cAlg)
823 int msgId = ++m_counter;
825 EXCEPTION_GUARD_START_CPPAPI
828 AliasSupport helper(publicKeyOrCertAlias);
829 auto send = MessageBuffer::Serialize(static_cast<int>
830 (LogicCommand::VERIFY_SIGNATURE),
837 CryptoAlgorithmSerializable(cAlg));
839 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
841 if (CKM_API_SUCCESS != retCode)
845 recv.Deserialize(retMsgId, retCode);
847 if (retMsgId != msgId)
848 return CKM_API_ERROR_UNKNOWN;
855 int Manager::Impl::ocspCheck(const CertificateShPtrVector &certChain,
858 EXCEPTION_GUARD_START_CPPAPI
860 int msgId = ++m_counter;
863 RawBufferVector rawCertChain;
865 for (auto &e : certChain) {
866 if (!e || e->empty()) {
867 LogError("Empty certificate");
868 return CKM_API_ERROR_INPUT_PARAM;
871 rawCertChain.push_back(e->getDER());
874 auto send = MessageBuffer::Serialize(msgId, rawCertChain);
876 int retCode = m_ocspConnection.processRequest(send.Pop(), recv);
878 if (CKM_API_SUCCESS != retCode)
882 recv.Deserialize(retMsgId, retCode, ocspStatus);
884 if (msgId != retMsgId)
885 return CKM_API_ERROR_UNKNOWN;
892 int Manager::Impl::setPermission(const Alias &alias,
893 const ClientId &accessor,
894 PermissionMask permissionMask)
896 int msgId = ++m_counter;
898 EXCEPTION_GUARD_START_CPPAPI
901 AliasSupport helper(alias);
902 auto send = MessageBuffer::Serialize(static_cast<int>
903 (LogicCommand::SET_PERMISSION),
910 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
912 if (CKM_API_SUCCESS != retCode)
916 recv.Deserialize(retMsgId, retCode);
918 if (msgId != retMsgId)
919 return CKM_API_ERROR_UNKNOWN;
926 int Manager::Impl::crypt(EncryptionCommand command,
927 const CryptoAlgorithm &algo,
928 const Alias &keyAlias,
929 const Password &password,
930 const RawBuffer &input,
933 int msgId = ++m_counter;
935 EXCEPTION_GUARD_START_CPPAPI
938 AliasSupport helper(keyAlias);
939 CryptoAlgorithmSerializable cas(algo);
940 auto send = MessageBuffer::Serialize(static_cast<int>(command),
948 int retCode = m_encryptionConnection.processRequest(send.Pop(), recv);
950 if (CKM_API_SUCCESS != retCode)
954 recv.Deserialize(retMsgId, retCode, output);
956 if (msgId != retMsgId)
957 return CKM_API_ERROR_UNKNOWN;
964 int Manager::Impl::encrypt(const CryptoAlgorithm &algo,
965 const Alias &keyAlias,
966 const Password &password,
967 const RawBuffer &plain,
968 RawBuffer &encrypted)
970 return crypt(EncryptionCommand::ENCRYPT, algo, keyAlias, password, plain,
974 int Manager::Impl::decrypt(const CryptoAlgorithm &algo,
975 const Alias &keyAlias,
976 const Password &password,
977 const RawBuffer &encrypted,
978 RawBuffer &decrypted)
980 return crypt(EncryptionCommand::DECRYPT, algo, keyAlias, password, encrypted,