1 /* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License
16 * @file client-manager-impl.cpp
17 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
19 * @brief Manager implementation.
21 #include <openssl/evp.h>
23 #include <dpl/serialization.h>
24 #include <dpl/log/log.h>
26 #include <client-manager-impl.h>
27 #include <client-common.h>
28 #include <message-buffer.h>
29 #include <protocols.h>
31 #include <certificate-impl.h>
35 void clientInitialize(void) {
36 OpenSSL_add_all_ciphers();
37 OpenSSL_add_all_algorithms();
38 OpenSSL_add_all_digests();
41 } // namespace anonymous
45 bool ManagerImpl::s_isInit = false;
47 ManagerImpl::ManagerImpl()
48 : m_counter(0), m_storageConnection(SERVICE_SOCKET_CKM_STORAGE), m_ocspConnection(SERVICE_SOCKET_OCSP)
50 // TODO secure with mutex
58 int ManagerImpl::saveBinaryData(
61 const RawBuffer &rawData,
66 return try_catch([&] {
67 if (alias.empty() || rawData.empty())
68 return CKM_API_ERROR_INPUT_PARAM;
71 AliasSupport helper(alias);
72 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SAVE),
74 static_cast<int>(dataType),
78 PolicySerializable(policy));
80 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
81 if (CKM_API_SUCCESS != retCode)
87 recv.Deserialize(command, counter, retCode, opType);
89 if (counter != m_counter) {
90 return CKM_API_ERROR_UNKNOWN;
97 int ManagerImpl::saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) {
98 if (key.get() == NULL)
99 return CKM_API_ERROR_INPUT_PARAM;
100 return saveBinaryData(alias, toDBDataType(key->getType()), key->getDER(), policy);
103 int ManagerImpl::saveCertificate(
105 const CertificateShPtr &cert,
106 const Policy &policy)
108 if (cert.get() == NULL)
109 return CKM_API_ERROR_INPUT_PARAM;
110 return saveBinaryData(alias, DBDataType::CERTIFICATE, cert->getDER(), policy);
113 int ManagerImpl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy) {
114 if (!policy.extractable)
115 return CKM_API_ERROR_INPUT_PARAM;
116 return saveBinaryData(alias, DBDataType::BINARY_DATA, rawData, policy);
119 int ManagerImpl::removeBinaryData(const Alias &alias, DBDataType dataType)
121 return try_catch([&] {
123 return CKM_API_ERROR_INPUT_PARAM;
126 AliasSupport helper(alias);
127 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::REMOVE),
129 static_cast<int>(dataType),
133 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
134 if (CKM_API_SUCCESS != retCode)
140 recv.Deserialize(command, counter, retCode, opType);
142 if (counter != m_counter) {
143 return CKM_API_ERROR_UNKNOWN;
150 int ManagerImpl::removeKey(const Alias &alias) {
151 return removeBinaryData(alias, DBDataType::KEY_RSA_PUBLIC);
154 int ManagerImpl::removeCertificate(const Alias &alias) {
155 return removeBinaryData(alias, DBDataType::CERTIFICATE);
158 int ManagerImpl::removeData(const Alias &alias) {
159 return removeBinaryData(alias, DBDataType::BINARY_DATA);
162 int ManagerImpl::getBinaryData(
164 DBDataType sendDataType,
165 const Password &password,
166 DBDataType &recvDataType,
169 return try_catch([&] {
171 return CKM_API_ERROR_INPUT_PARAM;
174 AliasSupport helper(alias);
175 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET),
177 static_cast<int>(sendDataType),
182 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
183 if (CKM_API_SUCCESS != retCode)
189 recv.Deserialize(command, counter, retCode, tmpDataType, rawData);
190 recvDataType = static_cast<DBDataType>(tmpDataType);
192 if (counter != m_counter) {
193 return CKM_API_ERROR_UNKNOWN;
200 int ManagerImpl::getKey(const Alias &alias, const Password &password, KeyShPtr &key) {
201 DBDataType recvDataType;
204 int retCode = getBinaryData(
206 DBDataType::KEY_RSA_PUBLIC,
211 if (retCode != CKM_API_SUCCESS)
214 KeyShPtr keyParsed(new KeyImpl(rawData));
216 if (keyParsed->empty()) {
217 LogDebug("Key empty - failed to parse!");
218 return CKM_API_ERROR_BAD_RESPONSE;
223 return CKM_API_SUCCESS;
226 int ManagerImpl::getCertificate(const Alias &alias, const Password &password, CertificateShPtr &cert)
228 DBDataType recvDataType = DBDataType::CERTIFICATE;
231 int retCode = getBinaryData(
233 DBDataType::CERTIFICATE,
238 if (retCode != CKM_API_SUCCESS)
241 if (recvDataType != DBDataType::CERTIFICATE)
242 return CKM_API_ERROR_BAD_RESPONSE;
244 CertificateShPtr certParsed(new CertificateImpl(rawData, DataFormat::FORM_DER));
246 if (certParsed->empty())
247 return CKM_API_ERROR_BAD_RESPONSE;
251 return CKM_API_SUCCESS;
254 int ManagerImpl::getData(const Alias &alias, const Password &password, RawBuffer &rawData)
256 DBDataType recvDataType = DBDataType::BINARY_DATA;
258 int retCode = getBinaryData(
260 DBDataType::BINARY_DATA,
265 if (retCode != CKM_API_SUCCESS)
268 if (recvDataType != DBDataType::BINARY_DATA)
269 return CKM_API_ERROR_BAD_RESPONSE;
271 return CKM_API_SUCCESS;
274 int ManagerImpl::getBinaryDataAliasVector(DBDataType dataType, AliasVector &aliasVector)
276 return try_catch([&] {
279 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_LIST),
281 static_cast<int>(dataType));
283 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
284 if (CKM_API_SUCCESS != retCode)
290 LabelNameVector labelNameVector;
291 recv.Deserialize(command, counter, retCode, tmpDataType, labelNameVector);
292 if ((command != static_cast<int>(LogicCommand::GET_LIST)) || (counter != m_counter)) {
293 return CKM_API_ERROR_UNKNOWN;
296 for(const auto &it : labelNameVector)
297 aliasVector.push_back( AliasSupport::merge(it.first, it.second) );
303 int ManagerImpl::getKeyAliasVector(AliasVector &aliasVector) {
304 // in fact datatype has no meaning here - if not certificate or binary data
305 // then manager decides to list all between DB_KEY_FIRST and DB_KEY_LAST
306 return getBinaryDataAliasVector(DBDataType::DB_KEY_LAST, aliasVector);
309 int ManagerImpl::getCertificateAliasVector(AliasVector &aliasVector) {
310 return getBinaryDataAliasVector(DBDataType::CERTIFICATE, aliasVector);
313 int ManagerImpl::getDataAliasVector(AliasVector &aliasVector) {
314 return getBinaryDataAliasVector(DBDataType::BINARY_DATA, aliasVector);
317 int ManagerImpl::createKeyPairRSA(
319 const Alias &privateKeyAlias,
320 const Alias &publicKeyAlias,
321 const Policy &policyPrivateKey,
322 const Policy &policyPublicKey)
324 return this->createKeyPair(CKM::KeyType::KEY_RSA_PUBLIC, size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
327 int ManagerImpl::createKeyPairDSA(
329 const Alias &privateKeyAlias,
330 const Alias &publicKeyAlias,
331 const Policy &policyPrivateKey,
332 const Policy &policyPublicKey)
334 return this->createKeyPair(CKM::KeyType::KEY_DSA_PUBLIC, size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
337 int ManagerImpl::createKeyPairECDSA(
339 const Alias &privateKeyAlias,
340 const Alias &publicKeyAlias,
341 const Policy &policyPrivateKey,
342 const Policy &policyPublicKey)
344 return this->createKeyPair(CKM::KeyType::KEY_ECDSA_PUBLIC, static_cast<int>(type), privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
347 int ManagerImpl::createKeyPair(
348 const KeyType key_type,
349 const int additional_param,
350 const Alias &privateKeyAlias,
351 const Alias &publicKeyAlias,
352 const Policy &policyPrivateKey,
353 const Policy &policyPublicKey)
356 LogicCommand cmd_type;
359 case KeyType::KEY_RSA_PUBLIC:
360 case KeyType::KEY_RSA_PRIVATE:
361 cmd_type = LogicCommand::CREATE_KEY_PAIR_RSA;
364 case KeyType::KEY_DSA_PUBLIC:
365 case KeyType::KEY_DSA_PRIVATE:
366 cmd_type = LogicCommand::CREATE_KEY_PAIR_DSA;
369 case KeyType::KEY_ECDSA_PUBLIC:
370 case KeyType::KEY_ECDSA_PRIVATE:
371 cmd_type = LogicCommand::CREATE_KEY_PAIR_ECDSA;
375 return CKM_API_ERROR_INPUT_PARAM;
378 // proceed with sending request
380 int my_counter = m_counter;
381 return try_catch([&] {
384 AliasSupport privateHelper(privateKeyAlias);
385 AliasSupport publicHelper(publicKeyAlias);
386 auto send = MessageBuffer::Serialize(static_cast<int>(cmd_type),
388 static_cast<int>(additional_param),
389 PolicySerializable(policyPrivateKey),
390 PolicySerializable(policyPublicKey),
391 privateHelper.getName(),
392 privateHelper.getLabel(),
393 publicHelper.getName(),
394 publicHelper.getLabel());
396 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
397 if (CKM_API_SUCCESS != retCode)
402 recv.Deserialize(command, counter, retCode);
403 if (counter != my_counter) {
404 return CKM_API_ERROR_UNKNOWN;
414 LogicCommand command,
416 const CertificateShPtr &certificate,
418 CertificateShPtrVector &certificateChainVector,
419 ServiceConnection & service_connection)
421 return try_catch([&] {
424 auto send = MessageBuffer::Serialize(static_cast<int>(command),
426 certificate->getDER(),
429 int retCode = service_connection.processRequest(send.Pop(), recv);
430 if (CKM_API_SUCCESS != retCode)
435 RawBufferVector rawBufferVector;
436 recv.Deserialize(retCommand, retCounter, retCode, rawBufferVector);
438 if ((counter != retCounter) || (static_cast<int>(command) != retCommand)) {
439 return CKM_API_ERROR_UNKNOWN;
442 if (retCode != CKM_API_SUCCESS) {
446 for (auto &e: rawBufferVector) {
447 CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
449 return CKM_API_ERROR_BAD_RESPONSE;
450 certificateChainVector.push_back(cert);
458 int ManagerImpl::getCertificateChain(
459 const CertificateShPtr &certificate,
460 const CertificateShPtrVector &untrustedCertificates,
461 CertificateShPtrVector &certificateChainVector)
463 RawBufferVector rawBufferVector;
465 for (auto &e: untrustedCertificates) {
466 rawBufferVector.push_back(e->getDER());
470 LogicCommand::GET_CHAIN_CERT,
474 certificateChainVector,
475 m_storageConnection);
478 int ManagerImpl::getCertificateChain(
479 const CertificateShPtr &certificate,
480 const AliasVector &untrustedCertificates,
481 CertificateShPtrVector &certificateChainVector)
483 LabelNameVector untrusted_certs;
484 for (auto &e: untrustedCertificates) {
485 AliasSupport helper(e);
486 untrusted_certs.push_back(std::make_pair(helper.getLabel(), helper.getName()));
490 LogicCommand::GET_CHAIN_ALIAS,
494 certificateChainVector,
495 m_storageConnection);
498 int ManagerImpl::createSignature(
499 const Alias &privateKeyAlias,
500 const Password &password, // password for private_key
501 const RawBuffer &message,
502 const HashAlgorithm hash,
503 const RSAPaddingAlgorithm padding,
504 RawBuffer &signature)
507 int my_counter = m_counter;
508 return try_catch([&] {
511 AliasSupport helper(privateKeyAlias);
512 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_SIGNATURE),
518 static_cast<int>(hash),
519 static_cast<int>(padding));
521 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
522 if (CKM_API_SUCCESS != retCode)
527 recv.Deserialize(command, counter, retCode, signature);
529 if ((command != static_cast<int>(LogicCommand::CREATE_SIGNATURE))
530 || (counter != my_counter))
532 return CKM_API_ERROR_UNKNOWN;
539 int ManagerImpl::verifySignature(
540 const Alias &publicKeyOrCertAlias,
541 const Password &password, // password for public_key (optional)
542 const RawBuffer &message,
543 const RawBuffer &signature,
544 const HashAlgorithm hash,
545 const RSAPaddingAlgorithm padding)
548 int my_counter = m_counter;
549 return try_catch([&] {
552 AliasSupport helper(publicKeyOrCertAlias);
553 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::VERIFY_SIGNATURE),
560 static_cast<int>(hash),
561 static_cast<int>(padding));
563 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
564 if (CKM_API_SUCCESS != retCode)
569 recv.Deserialize(command, counter, retCode);
571 if ((command != static_cast<int>(LogicCommand::VERIFY_SIGNATURE))
572 || (counter != my_counter))
574 return CKM_API_ERROR_UNKNOWN;
581 int ManagerImpl::ocspCheck(const CertificateShPtrVector &certChain, int &ocspStatus)
583 return try_catch([&] {
584 int my_counter = ++m_counter;
587 RawBufferVector rawCertChain;
588 for (auto &e: certChain) {
589 rawCertChain.push_back(e->getDER());
592 auto send = MessageBuffer::Serialize(my_counter, rawCertChain);
594 int retCode = m_ocspConnection.processRequest(send.Pop(), recv);
595 if (CKM_API_SUCCESS != retCode)
599 recv.Deserialize(counter, retCode, ocspStatus);
601 if (my_counter != counter) {
602 return CKM_API_ERROR_UNKNOWN;
609 int ManagerImpl::setPermission(const Alias &alias,
610 const Label &accessor,
611 Permission newPermission)
614 int my_counter = m_counter;
615 return try_catch([&] {
617 AliasSupport helper(alias);
618 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SET_PERMISSION),
623 static_cast<int>(newPermission));
625 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
626 if (CKM_API_SUCCESS != retCode)
631 recv.Deserialize(command, counter, retCode);
633 if (my_counter != counter) {
634 return CKM_API_ERROR_UNKNOWN;
641 ManagerShPtr Manager::create() {
643 return std::make_shared<ManagerImpl>();
644 } catch (const std::bad_alloc &) {
645 LogDebug("Bad alloc was caught during ManagerImpl creation.");
647 LogError("Critical error: Unknown exception was caught during ManagerImpl creation!");
649 return ManagerShPtr();
projects / platform / core / security / key-manager.git / blob