1 /* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License
16 * @file client-manager-impl.cpp
17 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
19 * @brief Manager implementation.
21 #include <openssl/evp.h>
23 #include <dpl/serialization.h>
24 #include <dpl/log/log.h>
26 #include <crypto-init.h>
27 #include <client-manager-impl.h>
28 #include <client-common.h>
29 #include <message-buffer.h>
30 #include <protocols.h>
32 #include <key-aes-impl.h>
33 #include <certificate-impl.h>
40 ServiceConnection & serviceConnection,
43 const CertificateShPtr &certificate,
44 const T &untrustedVector,
45 const T &trustedVector,
46 bool useTrustedSystemCertificates,
47 CertificateShPtrVector &certificateChainVector)
49 return try_catch([&] {
51 auto send = MessageBuffer::Serialize(static_cast<int>(command),
53 certificate->getDER(),
56 useTrustedSystemCertificates);
58 int retCode = serviceConnection.processRequest(send.Pop(), recv);
59 if (CKM_API_SUCCESS != retCode)
64 RawBufferVector rawBufferVector;
65 recv.Deserialize(retCommand, retCounter, retCode, rawBufferVector);
67 if ((counter != retCounter) || (static_cast<int>(command) != retCommand))
68 return CKM_API_ERROR_UNKNOWN;
70 if (retCode != CKM_API_SUCCESS)
73 for (auto &e: rawBufferVector) {
74 CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
76 return CKM_API_ERROR_BAD_RESPONSE;
77 certificateChainVector.push_back(cert);
84 } // namespace anonymous
88 m_storageConnection(SERVICE_SOCKET_CKM_STORAGE),
89 m_ocspConnection(SERVICE_SOCKET_OCSP),
90 m_encryptionConnection(SERVICE_SOCKET_ENCRYPTION)
96 int Manager::Impl::saveBinaryData(
99 const RawBuffer &rawData,
100 const Policy &policy)
102 int my_counter = ++m_counter;
104 return try_catch([&] {
105 if (alias.empty() || rawData.empty())
106 return CKM_API_ERROR_INPUT_PARAM;
109 AliasSupport helper(alias);
110 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SAVE),
112 static_cast<int>(dataType),
116 PolicySerializable(policy));
118 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
119 if (CKM_API_SUCCESS != retCode)
125 recv.Deserialize(command, counter, retCode, opType);
127 if (counter != my_counter)
128 return CKM_API_ERROR_UNKNOWN;
134 int Manager::Impl::saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy)
136 if (key.get() == NULL)
137 return CKM_API_ERROR_INPUT_PARAM;
139 return saveBinaryData(alias, DataType(key->getType()), key->getDER(), policy);
140 } Catch(DataType::Exception::Base) {
141 LogError("Error in key conversion. Could not convert KeyType::NONE to DBDataType!");
143 return CKM_API_ERROR_INPUT_PARAM;
146 int Manager::Impl::saveCertificate(
148 const CertificateShPtr &cert,
149 const Policy &policy)
151 if (cert.get() == NULL)
152 return CKM_API_ERROR_INPUT_PARAM;
153 return saveBinaryData(alias, DataType::CERTIFICATE, cert->getDER(), policy);
156 int Manager::Impl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy)
158 if (!policy.extractable)
159 return CKM_API_ERROR_INPUT_PARAM;
160 return saveBinaryData(alias, DataType::BINARY_DATA, rawData, policy);
164 int Manager::Impl::savePKCS12(
166 const PKCS12ShPtr &pkcs,
167 const Policy &keyPolicy,
168 const Policy &certPolicy)
170 if (alias.empty() || pkcs.get() == NULL)
171 return CKM_API_ERROR_INPUT_PARAM;
173 int my_counter = ++m_counter;
175 return try_catch([&] {
177 AliasSupport helper(alias);
178 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SAVE_PKCS12),
182 PKCS12Serializable(*pkcs.get()),
183 PolicySerializable(keyPolicy),
184 PolicySerializable(certPolicy));
186 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
187 if (CKM_API_SUCCESS != retCode)
192 recv.Deserialize(command, counter, retCode);
194 if (counter != my_counter)
195 return CKM_API_ERROR_UNKNOWN;
201 int Manager::Impl::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs)
203 return getPKCS12(alias, Password(), Password(), pkcs);
206 int Manager::Impl::getPKCS12(const Alias &alias, const Password &keyPass, const Password &certPass, PKCS12ShPtr &pkcs)
209 return CKM_API_ERROR_INPUT_PARAM;
211 int my_counter = ++m_counter;
213 return try_catch([&] {
215 AliasSupport helper(alias);
216 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_PKCS12),
223 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
224 if (CKM_API_SUCCESS != retCode)
229 PKCS12Serializable gotPkcs;
230 recv.Deserialize(command, counter, retCode, gotPkcs);
232 if (counter != my_counter)
233 return CKM_API_ERROR_UNKNOWN;
235 pkcs = std::make_shared<PKCS12Impl>(std::move(gotPkcs));
242 int Manager::Impl::removeAlias(const Alias &alias)
245 return CKM_API_ERROR_INPUT_PARAM;
247 int my_counter = ++m_counter;
249 return try_catch([&] {
251 AliasSupport helper(alias);
252 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::REMOVE),
257 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
258 if (CKM_API_SUCCESS != retCode)
263 recv.Deserialize(command, counter, retCode);
265 if (counter != my_counter)
266 return CKM_API_ERROR_UNKNOWN;
272 int Manager::Impl::getBinaryData(
274 DataType sendDataType,
275 const Password &password,
276 DataType &recvDataType,
280 return CKM_API_ERROR_INPUT_PARAM;
282 int my_counter = ++m_counter;
284 return try_catch([&] {
286 AliasSupport helper(alias);
287 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET),
289 static_cast<int>(sendDataType),
294 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
295 if (CKM_API_SUCCESS != retCode)
301 recv.Deserialize(command, counter, retCode, tmpDataType, rawData);
302 recvDataType = DataType(tmpDataType);
304 if (counter != my_counter)
305 return CKM_API_ERROR_UNKNOWN;
311 int Manager::Impl::getKey(const Alias &alias, const Password &password, KeyShPtr &key)
313 DataType recvDataType;
316 int retCode = getBinaryData(
318 DataType::KEY_RSA_PUBLIC,
323 if (retCode != CKM_API_SUCCESS)
327 if (DataType::KEY_AES == recvDataType)
328 keyParsed = KeyShPtr(new KeyAESImpl(rawData));
330 keyParsed = KeyShPtr(new KeyImpl(rawData));
332 if (keyParsed->empty()) {
333 LogDebug("Key empty - failed to parse!");
334 return CKM_API_ERROR_BAD_RESPONSE;
339 return CKM_API_SUCCESS;
342 int Manager::Impl::getCertificate(const Alias &alias, const Password &password, CertificateShPtr &cert)
344 DataType recvDataType;
347 int retCode = getBinaryData(
349 DataType::CERTIFICATE,
354 if (retCode != CKM_API_SUCCESS)
357 if (recvDataType != DataType::CERTIFICATE)
358 return CKM_API_ERROR_BAD_RESPONSE;
360 CertificateShPtr certParsed(new CertificateImpl(rawData, DataFormat::FORM_DER));
362 if (certParsed->empty())
363 return CKM_API_ERROR_BAD_RESPONSE;
367 return CKM_API_SUCCESS;
370 int Manager::Impl::getData(const Alias &alias, const Password &password, RawBuffer &rawData)
372 DataType recvDataType = DataType::BINARY_DATA;
374 int retCode = getBinaryData(
376 DataType::BINARY_DATA,
381 if (retCode != CKM_API_SUCCESS)
384 if (recvDataType != DataType::BINARY_DATA)
385 return CKM_API_ERROR_BAD_RESPONSE;
387 return CKM_API_SUCCESS;
390 int Manager::Impl::getBinaryDataAliasVector(DataType dataType, AliasVector &aliasVector)
392 int my_counter = ++m_counter;
394 return try_catch([&] {
396 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_LIST),
398 static_cast<int>(dataType));
400 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
401 if (CKM_API_SUCCESS != retCode)
407 LabelNameVector labelNameVector;
408 recv.Deserialize(command, counter, retCode, tmpDataType, labelNameVector);
409 if ((command != static_cast<int>(LogicCommand::GET_LIST)) || (counter != my_counter))
410 return CKM_API_ERROR_UNKNOWN;
412 for (const auto &it : labelNameVector)
413 aliasVector.push_back(AliasSupport::merge(it.first, it.second));
419 int Manager::Impl::getKeyAliasVector(AliasVector &aliasVector)
421 // in fact datatype has no meaning here - if not certificate or binary data
422 // then manager decides to list all between DB_KEY_FIRST and DB_KEY_LAST
423 return getBinaryDataAliasVector(DataType::DB_KEY_LAST, aliasVector);
426 int Manager::Impl::getCertificateAliasVector(AliasVector &aliasVector)
428 return getBinaryDataAliasVector(DataType::CERTIFICATE, aliasVector);
431 int Manager::Impl::getDataAliasVector(AliasVector &aliasVector)
433 return getBinaryDataAliasVector(DataType::BINARY_DATA, aliasVector);
436 int Manager::Impl::createKeyPairRSA(
438 const Alias &privateKeyAlias,
439 const Alias &publicKeyAlias,
440 const Policy &policyPrivateKey,
441 const Policy &policyPublicKey)
443 return this->createKeyPair(CKM::KeyType::KEY_RSA_PUBLIC, size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
446 int Manager::Impl::createKeyPairDSA(
448 const Alias &privateKeyAlias,
449 const Alias &publicKeyAlias,
450 const Policy &policyPrivateKey,
451 const Policy &policyPublicKey)
453 return this->createKeyPair(CKM::KeyType::KEY_DSA_PUBLIC, size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
456 int Manager::Impl::createKeyPairECDSA(
458 const Alias &privateKeyAlias,
459 const Alias &publicKeyAlias,
460 const Policy &policyPrivateKey,
461 const Policy &policyPublicKey)
463 return this->createKeyPair(CKM::KeyType::KEY_ECDSA_PUBLIC, static_cast<int>(type), privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
466 int Manager::Impl::createKeyAES(
468 const Alias &keyAlias,
469 const Policy &policyKey)
471 // proceed with sending request
472 int my_counter = ++m_counter;
474 return try_catch([&] {
476 AliasSupport aliasHelper(keyAlias);
477 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_KEY_AES),
479 static_cast<int>(size),
480 PolicySerializable(policyKey),
481 aliasHelper.getName(),
482 aliasHelper.getLabel());
484 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
485 if (CKM_API_SUCCESS != retCode)
490 recv.Deserialize(command, counter, retCode);
491 if (counter != my_counter)
492 return CKM_API_ERROR_UNKNOWN;
499 int Manager::Impl::createKeyPair(
500 const KeyType key_type,
501 const int additional_param,
502 const Alias &privateKeyAlias,
503 const Alias &publicKeyAlias,
504 const Policy &policyPrivateKey,
505 const Policy &policyPublicKey)
508 CryptoAlgorithm keyGenAlgorithm;
510 case KeyType::KEY_RSA_PUBLIC:
511 case KeyType::KEY_RSA_PRIVATE:
512 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::RSA_GEN);
513 keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
516 case KeyType::KEY_DSA_PUBLIC:
517 case KeyType::KEY_DSA_PRIVATE:
518 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::DSA_GEN);
519 keyGenAlgorithm.setParam(ParamName::GEN_KEY_LEN, additional_param);
522 case KeyType::KEY_ECDSA_PUBLIC:
523 case KeyType::KEY_ECDSA_PRIVATE:
524 keyGenAlgorithm.setParam(ParamName::ALGO_TYPE, AlgoType::ECDSA_GEN);
525 keyGenAlgorithm.setParam(ParamName::GEN_EC, additional_param);
529 return CKM_API_ERROR_INPUT_PARAM;
532 // proceed with sending request
533 int my_counter = ++m_counter;
535 return try_catch([&] {
537 AliasSupport privateHelper(privateKeyAlias);
538 AliasSupport publicHelper(publicKeyAlias);
539 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_KEY_PAIR),
541 CryptoAlgorithmSerializable(keyGenAlgorithm),
542 PolicySerializable(policyPrivateKey),
543 PolicySerializable(policyPublicKey),
544 privateHelper.getName(),
545 privateHelper.getLabel(),
546 publicHelper.getName(),
547 publicHelper.getLabel());
549 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
550 if (CKM_API_SUCCESS != retCode)
555 recv.Deserialize(command, counter, retCode);
556 if (counter != my_counter)
557 return CKM_API_ERROR_UNKNOWN;
563 int Manager::Impl::getCertificateChain(
564 const CertificateShPtr &certificate,
565 const CertificateShPtrVector &untrustedCertificates,
566 const CertificateShPtrVector &trustedCertificates,
567 bool useTrustedSystemCertificates,
568 CertificateShPtrVector &certificateChainVector)
570 RawBufferVector untrustedVector;
571 RawBufferVector trustedVector;
573 if (!certificate || certificate->empty())
574 return CKM_API_ERROR_INPUT_PARAM;
576 for (auto &e: untrustedCertificates)
577 untrustedVector.push_back(e->getDER());
579 for (auto &e: trustedCertificates)
580 trustedVector.push_back(e->getDER());
584 LogicCommand::GET_CHAIN_CERT,
589 useTrustedSystemCertificates,
590 certificateChainVector);
593 int Manager::Impl::getCertificateChain(
594 const CertificateShPtr &certificate,
595 const AliasVector &untrustedCertificates,
596 const AliasVector &trustedCertificates,
597 bool useTrustedSystemCertificates,
598 CertificateShPtrVector &certificateChainVector)
600 LabelNameVector untrustedVector;
601 LabelNameVector trustedVector;
603 if (!certificate || certificate->empty())
604 return CKM_API_ERROR_INPUT_PARAM;
606 for (auto &e: untrustedCertificates) {
607 AliasSupport helper(e);
608 untrustedVector.push_back(std::make_pair(helper.getLabel(), helper.getName()));
610 for (auto &e: trustedCertificates) {
611 AliasSupport helper(e);
612 trustedVector.push_back(std::make_pair(helper.getLabel(), helper.getName()));
617 LogicCommand::GET_CHAIN_ALIAS,
622 useTrustedSystemCertificates,
623 certificateChainVector);
626 int Manager::Impl::createSignature(
627 const Alias &privateKeyAlias,
628 const Password &password, // password for private_key
629 const RawBuffer &message,
630 const CryptoAlgorithm &cAlgorithm,
631 RawBuffer &signature)
633 int my_counter = ++m_counter;
635 return try_catch([&] {
637 AliasSupport helper(privateKeyAlias);
638 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_SIGNATURE),
644 CryptoAlgorithmSerializable(cAlgorithm));
646 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
647 if (CKM_API_SUCCESS != retCode)
652 recv.Deserialize(command, counter, retCode, signature);
654 if ((command != static_cast<int>(LogicCommand::CREATE_SIGNATURE))
655 || (counter != my_counter))
656 return CKM_API_ERROR_UNKNOWN;
662 int Manager::Impl::verifySignature(
663 const Alias &publicKeyOrCertAlias,
664 const Password &password, // password for public_key (optional)
665 const RawBuffer &message,
666 const RawBuffer &signature,
667 const CryptoAlgorithm &cAlg)
669 int my_counter = ++m_counter;
671 return try_catch([&] {
673 AliasSupport helper(publicKeyOrCertAlias);
674 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::VERIFY_SIGNATURE),
681 CryptoAlgorithmSerializable(cAlg));
683 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
684 if (CKM_API_SUCCESS != retCode)
689 recv.Deserialize(command, counter, retCode);
691 if ((command != static_cast<int>(LogicCommand::VERIFY_SIGNATURE))
692 || (counter != my_counter))
693 return CKM_API_ERROR_UNKNOWN;
699 int Manager::Impl::ocspCheck(const CertificateShPtrVector &certChain, int &ocspStatus)
701 return try_catch([&] {
702 int my_counter = ++m_counter;
705 RawBufferVector rawCertChain;
706 for (auto &e: certChain) {
707 if (!e || e->empty()) {
708 LogError("Empty certificate");
709 return CKM_API_ERROR_INPUT_PARAM;
711 rawCertChain.push_back(e->getDER());
714 auto send = MessageBuffer::Serialize(my_counter, rawCertChain);
716 int retCode = m_ocspConnection.processRequest(send.Pop(), recv);
717 if (CKM_API_SUCCESS != retCode)
721 recv.Deserialize(counter, retCode, ocspStatus);
723 if (my_counter != counter)
724 return CKM_API_ERROR_UNKNOWN;
730 int Manager::Impl::setPermission(const Alias &alias,
731 const Label &accessor,
732 PermissionMask permissionMask)
734 int my_counter = ++m_counter;
736 return try_catch([&] {
738 AliasSupport helper(alias);
739 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SET_PERMISSION),
746 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
747 if (CKM_API_SUCCESS != retCode)
752 recv.Deserialize(command, counter, retCode);
754 if (my_counter != counter)
755 return CKM_API_ERROR_UNKNOWN;
761 int Manager::Impl::crypt(EncryptionCommand command,
762 const CryptoAlgorithm &algo,
763 const Alias &keyAlias,
764 const Password &password,
765 const RawBuffer& input,
768 int my_counter = ++m_counter;
770 return try_catch([&] {
772 AliasSupport helper(keyAlias);
773 CryptoAlgorithmSerializable cas(algo);
774 auto send = MessageBuffer::Serialize(static_cast<int>(command),
782 int retCode = m_encryptionConnection.processRequest(send.Pop(), recv);
783 if (CKM_API_SUCCESS != retCode)
788 recv.Deserialize(retCommand, counter, retCode, output);
790 if (my_counter != counter || retCommand != static_cast<int>(command))
791 return CKM_API_ERROR_UNKNOWN;
797 int Manager::Impl::encrypt(const CryptoAlgorithm &algo,
798 const Alias &keyAlias,
799 const Password &password,
800 const RawBuffer& plain,
801 RawBuffer& encrypted)
803 return crypt(EncryptionCommand::ENCRYPT, algo, keyAlias, password, plain, encrypted);
806 int Manager::Impl::decrypt(const CryptoAlgorithm &algo,
807 const Alias &keyAlias,
808 const Password &password,
809 const RawBuffer& encrypted,
810 RawBuffer& decrypted)
812 return crypt(EncryptionCommand::DECRYPT, algo, keyAlias, password, encrypted, decrypted);