1 /* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License
16 * @file client-manager-impl.cpp
17 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
19 * @brief Manager implementation.
21 #include <openssl/evp.h>
23 #include <dpl/serialization.h>
24 #include <dpl/log/log.h>
26 #include <crypto-init.h>
27 #include <client-manager-impl.h>
28 #include <client-common.h>
29 #include <message-buffer.h>
30 #include <protocols.h>
32 #include <key-aes-impl.h>
33 #include <certificate-impl.h>
40 ServiceConnection &serviceConnection,
43 const CertificateShPtr &certificate,
44 const T &untrustedVector,
45 const T &trustedVector,
46 bool useTrustedSystemCertificates,
47 CertificateShPtrVector &certificateChainVector)
49 EXCEPTION_GUARD_START_CPPAPI
52 auto send = MessageBuffer::Serialize(static_cast<int>(command),
54 certificate->getDER(),
57 useTrustedSystemCertificates);
59 int retCode = serviceConnection.processRequest(send.Pop(), recv);
61 if (CKM_API_SUCCESS != retCode)
66 RawBufferVector rawBufferVector;
67 recv.Deserialize(retCommand, retCounter, retCode, rawBufferVector);
69 if ((counter != retCounter) || (static_cast<int>(command) != retCommand))
70 return CKM_API_ERROR_UNKNOWN;
72 if (retCode != CKM_API_SUCCESS)
75 for (auto &e : rawBufferVector) {
76 CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
79 return CKM_API_ERROR_BAD_RESPONSE;
81 certificateChainVector.push_back(cert);
89 } // namespace anonymous
93 m_storageConnection(SERVICE_SOCKET_CKM_STORAGE),
94 m_ocspConnection(SERVICE_SOCKET_OCSP),
95 m_encryptionConnection(SERVICE_SOCKET_ENCRYPTION)
101 int Manager::Impl::saveBinaryData(
104 const RawBuffer &rawData,
105 const Policy &policy)
107 int my_counter = ++m_counter;
109 EXCEPTION_GUARD_START_CPPAPI
111 if (alias.empty() || rawData.empty())
112 return CKM_API_ERROR_INPUT_PARAM;
115 AliasSupport helper(alias);
116 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SAVE),
118 static_cast<int>(dataType),
122 PolicySerializable(policy));
124 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
126 if (CKM_API_SUCCESS != retCode)
132 recv.Deserialize(command, counter, retCode, opType);
134 if (counter != my_counter)
135 return CKM_API_ERROR_UNKNOWN;
142 int Manager::Impl::saveKey(const Alias &alias, const KeyShPtr &key,
143 const Policy &policy)
145 if (key.get() == NULL)
146 return CKM_API_ERROR_INPUT_PARAM;
149 return saveBinaryData(alias, DataType(key->getType()), key->getDER(), policy);
150 } catch (const DataType::Exception::Base &) {
151 LogError("Error in key conversion. Could not convert KeyType::NONE to DBDataType!");
154 return CKM_API_ERROR_INPUT_PARAM;
157 int Manager::Impl::saveCertificate(
159 const CertificateShPtr &cert,
160 const Policy &policy)
162 if (cert.get() == NULL)
163 return CKM_API_ERROR_INPUT_PARAM;
165 return saveBinaryData(alias, DataType::CERTIFICATE, cert->getDER(), policy);
168 int Manager::Impl::saveData(const Alias &alias, const RawBuffer &rawData,
169 const Policy &policy)
171 if (!policy.extractable)
172 return CKM_API_ERROR_INPUT_PARAM;
174 return saveBinaryData(alias, DataType::BINARY_DATA, rawData, policy);
178 int Manager::Impl::savePKCS12(
180 const PKCS12ShPtr &pkcs,
181 const Policy &keyPolicy,
182 const Policy &certPolicy)
184 if (alias.empty() || pkcs.get() == NULL)
185 return CKM_API_ERROR_INPUT_PARAM;
187 int my_counter = ++m_counter;
189 EXCEPTION_GUARD_START_CPPAPI
192 AliasSupport helper(alias);
193 auto send = MessageBuffer::Serialize(static_cast<int>
194 (LogicCommand::SAVE_PKCS12),
198 PKCS12Serializable(*pkcs.get()),
199 PolicySerializable(keyPolicy),
200 PolicySerializable(certPolicy));
202 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
204 if (CKM_API_SUCCESS != retCode)
209 recv.Deserialize(command, counter, retCode);
211 if (counter != my_counter)
212 return CKM_API_ERROR_UNKNOWN;
219 int Manager::Impl::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs)
221 return getPKCS12(alias, Password(), Password(), pkcs);
224 int Manager::Impl::getPKCS12(const Alias &alias, const Password &keyPass,
225 const Password &certPass, PKCS12ShPtr &pkcs)
228 return CKM_API_ERROR_INPUT_PARAM;
230 int my_counter = ++m_counter;
232 EXCEPTION_GUARD_START_CPPAPI
235 AliasSupport helper(alias);
236 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_PKCS12),
243 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
245 if (CKM_API_SUCCESS != retCode)
250 PKCS12Serializable gotPkcs;
251 recv.Deserialize(command, counter, retCode, gotPkcs);
253 if (counter != my_counter)
254 return CKM_API_ERROR_UNKNOWN;
256 pkcs = std::make_shared<PKCS12Impl>(std::move(gotPkcs));
264 int Manager::Impl::removeAlias(const Alias &alias)
267 return CKM_API_ERROR_INPUT_PARAM;
269 int my_counter = ++m_counter;
271 EXCEPTION_GUARD_START_CPPAPI
274 AliasSupport helper(alias);
275 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::REMOVE),
280 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
282 if (CKM_API_SUCCESS != retCode)
287 recv.Deserialize(command, counter, retCode);
289 if (counter != my_counter)
290 return CKM_API_ERROR_UNKNOWN;
297 int Manager::Impl::getBinaryData(
299 DataType sendDataType,
300 const Password &password,
301 DataType &recvDataType,
305 return CKM_API_ERROR_INPUT_PARAM;
307 int my_counter = ++m_counter;
309 EXCEPTION_GUARD_START_CPPAPI
312 AliasSupport helper(alias);
313 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET),
315 static_cast<int>(sendDataType),
320 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
322 if (CKM_API_SUCCESS != retCode)
328 recv.Deserialize(command, counter, retCode, tmpDataType, rawData);
329 recvDataType = DataType(tmpDataType);
331 if (counter != my_counter)
332 return CKM_API_ERROR_UNKNOWN;
339 int Manager::Impl::getKey(const Alias &alias, const Password &password,
342 DataType recvDataType;
345 int retCode = getBinaryData(
347 DataType::KEY_RSA_PUBLIC,
352 if (retCode != CKM_API_SUCCESS)
357 if (DataType::KEY_AES == recvDataType)
358 keyParsed = KeyShPtr(new KeyAESImpl(rawData));
360 keyParsed = KeyShPtr(new KeyImpl(rawData));
362 if (keyParsed->empty()) {
363 LogDebug("Key empty - failed to parse!");
364 return CKM_API_ERROR_BAD_RESPONSE;
369 return CKM_API_SUCCESS;
372 int Manager::Impl::getCertificate(const Alias &alias, const Password &password,
373 CertificateShPtr &cert)
375 DataType recvDataType;
378 int retCode = getBinaryData(
380 DataType::CERTIFICATE,
385 if (retCode != CKM_API_SUCCESS)
388 if (recvDataType != DataType::CERTIFICATE)
389 return CKM_API_ERROR_BAD_RESPONSE;
391 CertificateShPtr certParsed(new CertificateImpl(rawData, DataFormat::FORM_DER));
393 if (certParsed->empty())
394 return CKM_API_ERROR_BAD_RESPONSE;
398 return CKM_API_SUCCESS;
401 int Manager::Impl::getData(const Alias &alias, const Password &password,
404 DataType recvDataType = DataType::BINARY_DATA;
406 int retCode = getBinaryData(
408 DataType::BINARY_DATA,
413 if (retCode != CKM_API_SUCCESS)
416 if (recvDataType != DataType::BINARY_DATA)
417 return CKM_API_ERROR_BAD_RESPONSE;
419 return CKM_API_SUCCESS;
422 int Manager::Impl::getBinaryDataAliasVector(DataType dataType,
423 AliasVector &aliasVector)
425 int my_counter = ++m_counter;
427 EXCEPTION_GUARD_START_CPPAPI
430 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_LIST),
432 static_cast<int>(dataType));
434 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
436 if (CKM_API_SUCCESS != retCode)
442 LabelNameVector labelNameVector;
443 recv.Deserialize(command, counter, retCode, tmpDataType, labelNameVector);
445 if ((command != static_cast<int>(LogicCommand::GET_LIST)) ||
446 (counter != my_counter))
447 return CKM_API_ERROR_UNKNOWN;
449 for (const auto &it : labelNameVector)
450 aliasVector.push_back(AliasSupport::merge(it.first, it.second));
457 int Manager::Impl::getKeyAliasVector(AliasVector &aliasVector)
459 // in fact datatype has no meaning here - if not certificate or binary data
460 // then manager decides to list all between DB_KEY_FIRST and DB_KEY_LAST
461 return getBinaryDataAliasVector(DataType::DB_KEY_LAST, aliasVector);
464 int Manager::Impl::getCertificateAliasVector(AliasVector &aliasVector)
466 return getBinaryDataAliasVector(DataType::CERTIFICATE, aliasVector);
469 int Manager::Impl::getDataAliasVector(AliasVector &aliasVector)
471 return getBinaryDataAliasVector(DataType::BINARY_DATA, aliasVector);
474 int Manager::Impl::createKeyPairRSA(
476 const Alias &privateKeyAlias,
477 const Alias &publicKeyAlias,
478 const Policy &policyPrivateKey,
479 const Policy &policyPublicKey)
481 return this->createKeyPair(CKM::KeyType::KEY_RSA_PUBLIC, size, privateKeyAlias,
482 publicKeyAlias, policyPrivateKey, policyPublicKey);
485 int Manager::Impl::createKeyPairDSA(
487 const Alias &privateKeyAlias,
488 const Alias &publicKeyAlias,
489 const Policy &policyPrivateKey,
490 const Policy &policyPublicKey)
492 return this->createKeyPair(CKM::KeyType::KEY_DSA_PUBLIC, size, privateKeyAlias,
493 publicKeyAlias, policyPrivateKey, policyPublicKey);
496 int Manager::Impl::createKeyPairECDSA(
498 const Alias &privateKeyAlias,
499 const Alias &publicKeyAlias,
500 const Policy &policyPrivateKey,
501 const Policy &policyPublicKey)
503 return this->createKeyPair(CKM::KeyType::KEY_ECDSA_PUBLIC,
504 static_cast<int>(type), privateKeyAlias, publicKeyAlias, policyPrivateKey,
508 int Manager::Impl::createKeyAES(
510 const Alias &keyAlias,
511 const Policy &policyKey)
513 // proceed with sending request
514 int my_counter = ++m_counter;
516 EXCEPTION_GUARD_START_CPPAPI
519 AliasSupport aliasHelper(keyAlias);
520 auto send = MessageBuffer::Serialize(static_cast<int>
521 (LogicCommand::CREATE_KEY_AES),
523 static_cast<int>(size),
524 PolicySerializable(policyKey),
525 aliasHelper.getName(),
526 aliasHelper.getLabel());
528 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
530 if (CKM_API_SUCCESS != retCode)
535 recv.Deserialize(command, counter, retCode);
537 if (counter != my_counter)
538 return CKM_API_ERROR_UNKNOWN;
546 int Manager::Impl::createKeyPair(
547 const KeyType key_type,
548 const int additional_param,
549 const Alias &privateKeyAlias,
550 const Alias &publicKeyAlias,
551 const Policy &policyPrivateKey,
552 const Policy &policyPublicKey)
555 CryptoAlgorithm keyGenAlgorithm;
558 case KeyType::KEY_RSA_PUBLIC:
559 case KeyType::KEY_RSA_PRIVATE:
560 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_GEN);
561 keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
564 case KeyType::KEY_DSA_PUBLIC:
565 case KeyType::KEY_DSA_PRIVATE:
566 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::DSA_GEN);
567 keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
570 case KeyType::KEY_ECDSA_PUBLIC:
571 case KeyType::KEY_ECDSA_PRIVATE:
572 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::ECDSA_GEN);
573 keyGenAlgorithm.setParam(ParamName::GEN_EC, additional_param);
577 return CKM_API_ERROR_INPUT_PARAM;
580 // proceed with sending request
581 int my_counter = ++m_counter;
583 EXCEPTION_GUARD_START_CPPAPI
586 AliasSupport privateHelper(privateKeyAlias);
587 AliasSupport publicHelper(publicKeyAlias);
588 auto send = MessageBuffer::Serialize(static_cast<int>
589 (LogicCommand::CREATE_KEY_PAIR),
591 CryptoAlgorithmSerializable(keyGenAlgorithm),
592 PolicySerializable(policyPrivateKey),
593 PolicySerializable(policyPublicKey),
594 privateHelper.getName(),
595 privateHelper.getLabel(),
596 publicHelper.getName(),
597 publicHelper.getLabel());
599 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
601 if (CKM_API_SUCCESS != retCode)
606 recv.Deserialize(command, counter, retCode);
608 if (counter != my_counter)
609 return CKM_API_ERROR_UNKNOWN;
616 int Manager::Impl::getCertificateChain(
617 const CertificateShPtr &certificate,
618 const CertificateShPtrVector &untrustedCertificates,
619 const CertificateShPtrVector &trustedCertificates,
620 bool useTrustedSystemCertificates,
621 CertificateShPtrVector &certificateChainVector)
623 RawBufferVector untrustedVector;
624 RawBufferVector trustedVector;
626 if (!certificate || certificate->empty())
627 return CKM_API_ERROR_INPUT_PARAM;
629 for (auto &e : untrustedCertificates)
630 untrustedVector.push_back(e->getDER());
632 for (auto &e : trustedCertificates)
633 trustedVector.push_back(e->getDER());
637 LogicCommand::GET_CHAIN_CERT,
642 useTrustedSystemCertificates,
643 certificateChainVector);
646 int Manager::Impl::getCertificateChain(
647 const CertificateShPtr &certificate,
648 const AliasVector &untrustedCertificates,
649 const AliasVector &trustedCertificates,
650 bool useTrustedSystemCertificates,
651 CertificateShPtrVector &certificateChainVector)
653 LabelNameVector untrustedVector;
654 LabelNameVector trustedVector;
656 if (!certificate || certificate->empty())
657 return CKM_API_ERROR_INPUT_PARAM;
659 for (auto &e : untrustedCertificates) {
660 AliasSupport helper(e);
661 untrustedVector.push_back(std::make_pair(helper.getLabel(), helper.getName()));
664 for (auto &e : trustedCertificates) {
665 AliasSupport helper(e);
666 trustedVector.push_back(std::make_pair(helper.getLabel(), helper.getName()));
671 LogicCommand::GET_CHAIN_ALIAS,
676 useTrustedSystemCertificates,
677 certificateChainVector);
680 int Manager::Impl::createSignature(
681 const Alias &privateKeyAlias,
682 const Password &password, // password for private_key
683 const RawBuffer &message,
684 const CryptoAlgorithm &cAlgorithm,
685 RawBuffer &signature)
687 int my_counter = ++m_counter;
689 EXCEPTION_GUARD_START_CPPAPI
692 AliasSupport helper(privateKeyAlias);
693 auto send = MessageBuffer::Serialize(static_cast<int>
694 (LogicCommand::CREATE_SIGNATURE),
700 CryptoAlgorithmSerializable(cAlgorithm));
702 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
704 if (CKM_API_SUCCESS != retCode)
709 recv.Deserialize(command, counter, retCode, signature);
711 if ((command != static_cast<int>(LogicCommand::CREATE_SIGNATURE))
712 || (counter != my_counter))
713 return CKM_API_ERROR_UNKNOWN;
720 int Manager::Impl::verifySignature(
721 const Alias &publicKeyOrCertAlias,
722 const Password &password, // password for public_key (optional)
723 const RawBuffer &message,
724 const RawBuffer &signature,
725 const CryptoAlgorithm &cAlg)
727 int my_counter = ++m_counter;
729 EXCEPTION_GUARD_START_CPPAPI
732 AliasSupport helper(publicKeyOrCertAlias);
733 auto send = MessageBuffer::Serialize(static_cast<int>
734 (LogicCommand::VERIFY_SIGNATURE),
741 CryptoAlgorithmSerializable(cAlg));
743 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
745 if (CKM_API_SUCCESS != retCode)
750 recv.Deserialize(command, counter, retCode);
752 if ((command != static_cast<int>(LogicCommand::VERIFY_SIGNATURE))
753 || (counter != my_counter))
754 return CKM_API_ERROR_UNKNOWN;
761 int Manager::Impl::ocspCheck(const CertificateShPtrVector &certChain,
764 EXCEPTION_GUARD_START_CPPAPI
766 int my_counter = ++m_counter;
769 RawBufferVector rawCertChain;
771 for (auto &e : certChain) {
772 if (!e || e->empty()) {
773 LogError("Empty certificate");
774 return CKM_API_ERROR_INPUT_PARAM;
777 rawCertChain.push_back(e->getDER());
780 auto send = MessageBuffer::Serialize(my_counter, rawCertChain);
782 int retCode = m_ocspConnection.processRequest(send.Pop(), recv);
784 if (CKM_API_SUCCESS != retCode)
788 recv.Deserialize(counter, retCode, ocspStatus);
790 if (my_counter != counter)
791 return CKM_API_ERROR_UNKNOWN;
798 int Manager::Impl::setPermission(const Alias &alias,
799 const Label &accessor,
800 PermissionMask permissionMask)
802 int my_counter = ++m_counter;
804 EXCEPTION_GUARD_START_CPPAPI
807 AliasSupport helper(alias);
808 auto send = MessageBuffer::Serialize(static_cast<int>
809 (LogicCommand::SET_PERMISSION),
816 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
818 if (CKM_API_SUCCESS != retCode)
823 recv.Deserialize(command, counter, retCode);
825 if (my_counter != counter)
826 return CKM_API_ERROR_UNKNOWN;
833 int Manager::Impl::crypt(EncryptionCommand command,
834 const CryptoAlgorithm &algo,
835 const Alias &keyAlias,
836 const Password &password,
837 const RawBuffer &input,
840 int my_counter = ++m_counter;
842 EXCEPTION_GUARD_START_CPPAPI
845 AliasSupport helper(keyAlias);
846 CryptoAlgorithmSerializable cas(algo);
847 auto send = MessageBuffer::Serialize(static_cast<int>(command),
855 int retCode = m_encryptionConnection.processRequest(send.Pop(), recv);
857 if (CKM_API_SUCCESS != retCode)
862 recv.Deserialize(retCommand, counter, retCode, output);
864 if (my_counter != counter || retCommand != static_cast<int>(command))
865 return CKM_API_ERROR_UNKNOWN;
872 int Manager::Impl::encrypt(const CryptoAlgorithm &algo,
873 const Alias &keyAlias,
874 const Password &password,
875 const RawBuffer &plain,
876 RawBuffer &encrypted)
878 return crypt(EncryptionCommand::ENCRYPT, algo, keyAlias, password, plain,
882 int Manager::Impl::decrypt(const CryptoAlgorithm &algo,
883 const Alias &keyAlias,
884 const Password &password,
885 const RawBuffer &encrypted,
886 RawBuffer &decrypted)
888 return crypt(EncryptionCommand::DECRYPT, algo, keyAlias, password, encrypted,