2 * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file ckmc-manager.cpp
18 * @author Yuseok Jeon(yuseok.jeon@samsung.com)
20 * @brief Wrap C++ functions to provide C APIs
23 #include <dpl/log/log.h>
24 #include <ckm/ckm-type.h>
25 #include <ckm/ckm-manager.h>
26 #include <ckmc/ckmc-type.h>
27 #include <ckmc/ckmc-manager.h>
28 #include <ckmc/ckmc-error.h>
29 #include <ckmc-type-converter.h>
30 #include <client-common.h>
36 const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
37 const CKM::AliasVector EMPTY_ALIAS_VECTOR;
39 int _ckmc_alias_info_new(const char* alias, bool is_password_protected, ckmc_alias_info_s** info)
42 return CKMC_ERROR_SERVER_ERROR;
44 return CKMC_ERROR_UNKNOWN;
46 ckmc_alias_info_s* _info = NULL;
47 _info = static_cast<ckmc_alias_info_s*>(malloc(sizeof(ckmc_alias_info_s)));
50 return CKMC_ERROR_OUT_OF_MEMORY;
52 _info->alias = strdup(alias);
53 if (_info->alias == NULL)
56 return CKMC_ERROR_OUT_OF_MEMORY;
58 _info->is_password_protected = is_password_protected;
60 return CKMC_ERROR_NONE;
63 inline CKM::Password _tostring(const char *str)
65 return (str == nullptr) ? CKM::Password() : CKM::Password(str);
68 inline CKM::Policy _toCkmPolicy(const ckmc_policy_s &policy)
70 return CKM::Policy(_tostring(policy.password), policy.extractable);
73 CKM::KeyShPtr _toCkmKey(const ckmc_key_s *key)
76 return CKM::KeyShPtr();
78 auto ckmKey = CKM::Key::create(
79 CKM::RawBuffer(key->raw_key, key->raw_key + key->key_size),
80 _tostring(key->password));
82 if (!ckmKey || ckmKey->empty())
83 ThrowMsg(CKM::Exc::InvalidFormat, "Key parsing failed");
88 CKM::CertificateShPtr _toCkmCertificate(const ckmc_cert_s *cert)
91 return CKM::CertificateShPtr();
93 auto ckmCert = CKM::Certificate::create(
94 CKM::RawBuffer(cert->raw_cert, cert->raw_cert + cert->cert_size),
95 static_cast<CKM::DataFormat>(static_cast<int>(cert->data_format)));
97 if (!ckmCert || ckmCert->empty())
98 ThrowMsg(CKM::Exc::InvalidFormat, "Certificate parsing failed");
103 CKM::CertificateShPtrVector _toCkmCertificateVector(const ckmc_cert_list_s
106 CKM::CertificateShPtrVector certs;
109 while (current != nullptr) {
110 if (current->cert != nullptr)
111 certs.emplace_back(_toCkmCertificate(current->cert));
113 current = current->next;
119 CKM::AliasVector _toCkmAliasVector(const ckmc_alias_list_s *list)
121 CKM::AliasVector aliases;
124 while (current != nullptr) {
125 if (current->alias != nullptr)
126 aliases.emplace_back(CKM::Alias(current->alias));
128 current = current->next;
134 ckmc_cert_list_s *_toNewCkmCertList(const CKM::CertificateShPtrVector
137 ckmc_cert_list_s *start = nullptr;
138 ckmc_cert_list_s *plist = nullptr;
140 for (const auto &e : certVector) {
141 if (!e || e->empty())
142 ThrowMsg(CKM::Exc::BadResponse, "Empty certificate received from server");
144 auto rawBuffer = e->getDER();
145 ckmc_cert_s *pcert = nullptr;
146 int ret = ckmc_cert_new(rawBuffer.data(), rawBuffer.size(), CKMC_FORM_DER,
149 if (ret != CKMC_ERROR_NONE || pcert == nullptr) {
150 ckmc_cert_list_all_free(start);
154 ret = ckmc_cert_list_add(plist, pcert, &plist);
156 if (ret != CKMC_ERROR_NONE) {
157 ckmc_cert_free(pcert);
158 ckmc_cert_list_all_free(start);
162 if (start == nullptr)
169 typedef int (CKM::Manager::*cryptoFn)(const CKM::CryptoAlgorithm &,
171 const CKM::Password &,
172 const CKM::RawBuffer &,
175 int _cryptoOperation(cryptoFn operation,
176 ckmc_param_list_h params,
177 const char *key_alias,
178 const char *password,
179 const ckmc_raw_buffer_s in,
180 ckmc_raw_buffer_s **ppout)
182 if (!params || !key_alias || !ppout)
183 return CKMC_ERROR_INVALID_PARAMETER;
186 const CKM::CryptoAlgorithm *ca = reinterpret_cast<const CKM::CryptoAlgorithm *>
196 CKM::RawBuffer inBuffer(in.data, in.data + in.size);
197 CKM::RawBuffer outBuffer;
199 auto mgr = CKM::Manager::create();
200 int ret = ((*mgr).*operation)(*ca, key_alias, pass, inBuffer, outBuffer);
202 if (ret != CKM_API_SUCCESS)
203 return to_ckmc_error(ret);
205 return ckmc_buffer_new(outBuffer.data(), outBuffer.size(), ppout);
208 int _toNewCkmcAliasInfoList(const CKM::AliasPwdVector &aliasPwdVector,
209 ckmc_alias_info_list_s **alias_info_list)
211 int ret = CKMC_ERROR_NONE;
213 if (alias_info_list == nullptr)
214 return CKMC_ERROR_UNKNOWN;
216 if (aliasPwdVector.size() == 0)
217 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
219 ckmc_alias_info_list_s *start = nullptr;
220 ckmc_alias_info_list_s *plist = nullptr;
221 ckmc_alias_info_list_s *previous = nullptr;
223 for (const auto &it : aliasPwdVector) {
227 plist = static_cast<ckmc_alias_info_list_s*>(calloc(1, sizeof(ckmc_alias_info_list_s)));
229 if (plist == nullptr)
231 ret = CKMC_ERROR_OUT_OF_MEMORY;
235 if (start == nullptr)
238 if (previous != nullptr)
239 previous->next = plist;
241 if ((ret = _ckmc_alias_info_new(std::get<0>(it).c_str(), std::get<1>(it),
242 &plist->info) != CKMC_ERROR_NONE))
249 if (ret != CKMC_ERROR_NONE)
251 ckmc_alias_info_list_all_free(start);
255 *alias_info_list = start;
257 return CKMC_ERROR_NONE;
260 int ckmc_generic_get_alias_info_list_helper(ckmc_alias_info_list_s **alias_info_list,
261 int(CKM::Manager::*func)(CKM::AliasPwdVector&))
263 EXCEPTION_GUARD_START_CAPI
265 auto mgr = CKM::Manager::create();
268 if (alias_info_list == nullptr)
269 return CKMC_ERROR_INVALID_PARAMETER;
271 CKM::AliasPwdVector aliasPwdVector;
273 if ((ret = ((*mgr).*func)(aliasPwdVector)) != CKM_API_SUCCESS)
274 return to_ckmc_error(ret);
276 if ((ret = _toNewCkmcAliasInfoList(aliasPwdVector, alias_info_list)) != CKM_API_SUCCESS)
279 return CKMC_ERROR_NONE;
284 } // namespace anonymous
287 int ckmc_save_key(const char *alias, const ckmc_key_s key,
288 const ckmc_policy_s policy)
290 EXCEPTION_GUARD_START_CAPI
292 auto mgr = CKM::Manager::create();
294 if (alias == nullptr || key.raw_key == nullptr || key.key_size == 0)
295 return CKMC_ERROR_INVALID_PARAMETER;
297 CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size);
298 CKM::KeyShPtr ckmKey;
300 if (key.key_type == CKMC_KEY_AES) {
302 return CKMC_ERROR_INVALID_PARAMETER;
304 ckmKey = CKM::Key::createAES(buffer);
306 ckmKey = CKM::Key::create(buffer, _tostring(key.password));
310 return CKMC_ERROR_INVALID_FORMAT;
312 return to_ckmc_error(mgr->saveKey(CKM::Alias(alias), ckmKey,
313 _toCkmPolicy(policy)));
320 int ckmc_remove_key(const char *alias)
322 LogWarning("DEPRECATION WARNING: " << __func__ << "() is deprecated and will be "
323 "removed from next release. Use ckmc_remove_alias() instead.");
324 return ckmc_remove_alias(alias);
328 int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **key)
330 EXCEPTION_GUARD_START_CAPI
332 if (alias == nullptr || key == nullptr)
333 return CKMC_ERROR_INVALID_PARAMETER;
336 CKM::KeyShPtr ckmKey;
337 auto mgr = CKM::Manager::create();
339 if ((ret = mgr->getKey(alias, _tostring(password), ckmKey)) != CKM_API_SUCCESS)
340 return to_ckmc_error(ret);
342 if (!ckmKey || ckmKey->empty())
343 return CKMC_ERROR_BAD_RESPONSE;
345 auto buffer = ckmKey->getDER();
349 static_cast<ckmc_key_type_e>(static_cast<int>(ckmKey->getType())),
357 int ckmc_get_key_alias_list(ckmc_alias_list_s **alias_list)
359 EXCEPTION_GUARD_START_CAPI
363 if (alias_list == nullptr)
364 return CKMC_ERROR_INVALID_PARAMETER;
366 CKM::AliasVector aliasVector;
367 auto mgr = CKM::Manager::create();
369 if ((ret = mgr->getKeyAliasVector(aliasVector)) != CKM_API_SUCCESS)
370 return to_ckmc_error(ret);
372 ckmc_alias_list_s *start = nullptr;
373 ckmc_alias_list_s *plist = nullptr;
375 for (const auto &it : aliasVector) {
376 char *alias = strndup(it.c_str(), it.size());
378 ret = ckmc_alias_list_add(plist, alias, &plist);
380 if (ret != CKMC_ERROR_NONE) {
382 ckmc_alias_list_all_free(start);
386 if (start == nullptr)
390 if (plist == nullptr) // if the alias_list size is zero
391 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
395 return CKMC_ERROR_NONE;
402 int ckmc_get_key_alias_info_list(ckmc_alias_info_list_s **alias_info_list)
405 return ckmc_generic_get_alias_info_list_helper(alias_info_list,
406 &CKM::Manager::getKeyAliasPwdVector);
410 int ckmc_save_cert(const char *alias, const ckmc_cert_s cert,
411 const ckmc_policy_s policy)
413 EXCEPTION_GUARD_START_CAPI
415 if (alias == nullptr || cert.raw_cert == nullptr || cert.cert_size == 0)
416 return CKMC_ERROR_INVALID_PARAMETER;
418 auto mgr = CKM::Manager::create();
419 return to_ckmc_error(mgr->saveCertificate(CKM::Alias(alias),
420 _toCkmCertificate(&cert),
421 _toCkmPolicy(policy)));
427 int ckmc_remove_cert(const char *alias)
429 LogWarning("DEPRECATION WARNING: " << __func__ << "() is deprecated and will be "
430 "removed from next release. Use ckmc_remove_alias() instead.");
431 return ckmc_remove_alias(alias);
435 int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **cert)
437 EXCEPTION_GUARD_START_CAPI
439 CKM::CertificateShPtr ckmCert;
442 if (alias == nullptr || cert == nullptr)
443 return CKMC_ERROR_INVALID_PARAMETER;
445 auto mgr = CKM::Manager::create();
447 if ((ret = mgr->getCertificate(alias, _tostring(password),
448 ckmCert)) != CKM_API_SUCCESS)
449 return to_ckmc_error(ret);
451 if (!ckmCert || ckmCert->empty())
452 return CKMC_ERROR_BAD_RESPONSE;
454 auto buffer = ckmCert->getDER();
455 return ckmc_cert_new(buffer.data(), buffer.size(), CKMC_FORM_DER, cert);
461 int ckmc_get_cert_alias_list(ckmc_alias_list_s **alias_list)
463 EXCEPTION_GUARD_START_CAPI
465 if (alias_list == nullptr)
466 return CKMC_ERROR_INVALID_PARAMETER;
468 CKM::AliasVector aliasVector;
470 auto mgr = CKM::Manager::create();
472 if ((ret = mgr->getCertificateAliasVector(aliasVector)) != CKM_API_SUCCESS)
473 return to_ckmc_error(ret);
475 ckmc_alias_list_s *start = nullptr;
476 ckmc_alias_list_s *plist = nullptr;
478 for (const auto &it : aliasVector) {
479 char *alias = strndup(it.c_str(), it.size());
481 ret = ckmc_alias_list_add(plist, alias, &plist);
483 if (ret != CKMC_ERROR_NONE) {
485 ckmc_alias_list_all_free(start);
489 if (start == nullptr)
493 if (plist == nullptr) // if the alias_list size is zero
494 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
498 return CKMC_ERROR_NONE;
504 int ckmc_get_cert_alias_info_list(ckmc_alias_info_list_s **alias_info_list)
506 return ckmc_generic_get_alias_info_list_helper(alias_info_list,
507 &CKM::Manager::getCertificateAliasPwdVector);
511 int ckmc_save_pkcs12(const char *alias, const ckmc_pkcs12_s *ppkcs,
512 const ckmc_policy_s key_policy, const ckmc_policy_s cert_policy)
514 EXCEPTION_GUARD_START_CAPI
516 if (alias == nullptr || ppkcs == nullptr)
517 return CKMC_ERROR_INVALID_PARAMETER;
519 CKM::PKCS12ShPtr pkcs12(new CKM::PKCS12Impl(
520 _toCkmKey(ppkcs->priv_key),
521 _toCkmCertificate(ppkcs->cert),
522 _toCkmCertificateVector(ppkcs->ca_chain)));
524 auto mgr = CKM::Manager::create();
525 return to_ckmc_error(mgr->savePKCS12(
528 _toCkmPolicy(key_policy),
529 _toCkmPolicy(cert_policy)));
535 int ckmc_get_pkcs12(const char *alias, const char *key_password,
536 const char *cert_password, ckmc_pkcs12_s **pkcs12)
538 EXCEPTION_GUARD_START_CAPI
540 if (!alias || !pkcs12)
541 return CKMC_ERROR_INVALID_PARAMETER;
544 CKM::PKCS12ShPtr pkcs;
545 auto mgr = CKM::Manager::create();
546 std::unique_ptr<ckmc_key_s, decltype(&ckmc_key_free)> private_key_uptr(
547 NULL, ckmc_key_free);
548 std::unique_ptr<ckmc_cert_s, decltype(&ckmc_cert_free)> cert_uptr(
549 NULL, ckmc_cert_free);
551 if ((ret = mgr->getPKCS12(alias, _tostring(key_password),
552 _tostring(cert_password), pkcs)) != CKM_API_SUCCESS)
553 return to_ckmc_error(ret);
556 return CKMC_ERROR_BAD_RESPONSE;
558 auto pkcsKey = pkcs->getKey();
561 if (pkcsKey->empty())
562 return CKMC_ERROR_BAD_RESPONSE;
564 ckmc_key_s *private_key = nullptr;
565 auto buffer = pkcsKey->getDER();
566 ckmc_key_type_e keyType = static_cast<ckmc_key_type_e>(pkcsKey->getType());
567 ret = ckmc_key_new(buffer.data(), buffer.size(), keyType, nullptr,
570 if (ret != CKMC_ERROR_NONE)
573 private_key_uptr.reset(private_key);
576 auto pkcsCert = pkcs->getCertificate();
579 if (pkcsCert->empty())
580 return CKMC_ERROR_BAD_RESPONSE;
582 ckmc_cert_s *cert = nullptr;
583 CKM::RawBuffer buffer = pkcsCert->getDER();
584 ret = ckmc_cert_new(buffer.data(), buffer.size(), CKMC_FORM_DER, &cert);
586 if (ret != CKMC_ERROR_NONE) {
589 cert_uptr.reset(cert);
592 std::unique_ptr<ckmc_cert_list_s, decltype(&ckmc_cert_list_free)> cert_list_uptr(
593 _toNewCkmCertList(pkcs->getCaCertificateShPtrVector()),
594 ckmc_cert_list_free);
596 ret = ckmc_pkcs12_new(private_key_uptr.get(), cert_uptr.get(), cert_list_uptr.get(), pkcs12);
597 if (ret == CKMC_ERROR_NONE) {
598 private_key_uptr.release();
600 cert_list_uptr.release();
610 int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data,
611 const ckmc_policy_s policy)
613 EXCEPTION_GUARD_START_CAPI
615 if (alias == nullptr || data.data == nullptr || data.size == 0)
616 return CKMC_ERROR_INVALID_PARAMETER;
618 auto mgr = CKM::Manager::create();
619 return to_ckmc_error(mgr->saveData(
621 CKM::RawBuffer(data.data, data.data + data.size),
622 _toCkmPolicy(policy)));
628 int ckmc_remove_data(const char *alias)
630 LogWarning("DEPRECATION WARNING: " << __func__ << "() is deprecated and will be "
631 "removed from next release. Use ckmc_remove_alias() instead.");
632 return ckmc_remove_alias(alias);
636 int ckmc_get_data(const char *alias, const char *password,
637 ckmc_raw_buffer_s **data)
639 EXCEPTION_GUARD_START_CAPI
641 if (alias == nullptr || data == nullptr)
642 return CKMC_ERROR_INVALID_PARAMETER;
645 CKM::RawBuffer ckmBuff;
646 auto mgr = CKM::Manager::create();
648 if ((ret = mgr->getData(alias, _tostring(password),
649 ckmBuff)) != CKM_API_SUCCESS)
650 return to_ckmc_error(ret);
652 return ckmc_buffer_new(ckmBuff.data(), ckmBuff.size(), data);
658 int ckmc_get_data_alias_list(ckmc_alias_list_s **alias_list)
660 EXCEPTION_GUARD_START_CAPI
662 if (alias_list == nullptr)
663 return CKMC_ERROR_INVALID_PARAMETER;
666 CKM::AliasVector aliasVector;
667 auto mgr = CKM::Manager::create();
669 if ((ret = mgr->getDataAliasVector(aliasVector)) != CKM_API_SUCCESS)
670 return to_ckmc_error(ret);
672 ckmc_alias_list_s *start = nullptr;
673 ckmc_alias_list_s *plist = nullptr;
675 for (const auto &it : aliasVector) {
676 char *alias = strndup(it.c_str(), it.size());
678 ret = ckmc_alias_list_add(plist, alias, &plist);
680 if (ret != CKMC_ERROR_NONE) {
682 ckmc_alias_list_all_free(start);
686 if (start == nullptr)
690 if (plist == nullptr) // if the alias_list size is zero
691 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
695 return CKMC_ERROR_NONE;
701 int ckmc_get_data_alias_info_list(ckmc_alias_info_list_s **alias_info_list)
703 return ckmc_generic_get_alias_info_list_helper(alias_info_list,
704 &CKM::Manager::getDataAliasPwdVector);
708 int ckmc_create_key_pair_rsa(const size_t size,
709 const char *private_key_alias,
710 const char *public_key_alias,
711 const ckmc_policy_s policy_private_key,
712 const ckmc_policy_s policy_public_key)
714 EXCEPTION_GUARD_START_CAPI
716 auto mgr = CKM::Manager::create();
718 if (private_key_alias == nullptr || public_key_alias == nullptr)
719 return CKMC_ERROR_INVALID_PARAMETER;
721 return to_ckmc_error(mgr->createKeyPairRSA(
722 static_cast<int>(size),
723 CKM::Alias(private_key_alias),
724 CKM::Alias(public_key_alias),
725 _toCkmPolicy(policy_private_key),
726 _toCkmPolicy(policy_public_key)));
732 int ckmc_create_key_pair_dsa(const size_t size,
733 const char *private_key_alias,
734 const char *public_key_alias,
735 const ckmc_policy_s policy_private_key,
736 const ckmc_policy_s policy_public_key)
738 EXCEPTION_GUARD_START_CAPI
740 if (private_key_alias == nullptr || public_key_alias == nullptr)
741 return CKMC_ERROR_INVALID_PARAMETER;
743 auto mgr = CKM::Manager::create();
744 return to_ckmc_error(mgr->createKeyPairDSA(
745 static_cast<int>(size),
746 CKM::Alias(private_key_alias),
747 CKM::Alias(public_key_alias),
748 _toCkmPolicy(policy_private_key),
749 _toCkmPolicy(policy_public_key)));
755 int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type,
756 const char *private_key_alias,
757 const char *public_key_alias,
758 const ckmc_policy_s policy_private_key,
759 const ckmc_policy_s policy_public_key)
761 EXCEPTION_GUARD_START_CAPI
763 if (private_key_alias == nullptr || public_key_alias == nullptr)
764 return CKMC_ERROR_INVALID_PARAMETER;
766 auto mgr = CKM::Manager::create();
767 return to_ckmc_error(mgr->createKeyPairECDSA(
768 static_cast<CKM::ElipticCurve>(static_cast<int>(type)),
769 CKM::Alias(private_key_alias),
770 CKM::Alias(public_key_alias),
771 _toCkmPolicy(policy_private_key),
772 _toCkmPolicy(policy_public_key)));
778 int ckmc_create_key_aes(size_t size,
779 const char *key_alias,
780 ckmc_policy_s key_policy)
782 EXCEPTION_GUARD_START_CAPI
784 if (key_alias == nullptr)
785 return CKMC_ERROR_INVALID_PARAMETER;
787 auto mgr = CKM::Manager::create();
788 return to_ckmc_error(mgr->createKeyAES(size, CKM::Alias(key_alias),
789 _toCkmPolicy(key_policy)));
795 int ckmc_create_signature(const char *private_key_alias,
796 const char *password,
797 const ckmc_raw_buffer_s message,
798 const ckmc_hash_algo_e hash,
799 const ckmc_rsa_padding_algo_e padding,
800 ckmc_raw_buffer_s **signature)
802 EXCEPTION_GUARD_START_CAPI
804 if (private_key_alias == nullptr || signature == nullptr)
805 return CKMC_ERROR_INVALID_PARAMETER;
808 CKM::RawBuffer ckmSignature;
809 auto mgr = CKM::Manager::create();
811 if ((ret = mgr->createSignature(
812 CKM::Alias(private_key_alias),
814 CKM::RawBuffer(message.data, message.data + message.size),
815 static_cast<CKM::HashAlgorithm>(static_cast<int>(hash)),
816 static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding)),
817 ckmSignature)) != CKM_API_SUCCESS)
818 return to_ckmc_error(ret);
820 return ckmc_buffer_new(ckmSignature.data(), ckmSignature.size(), signature);
826 int ckmc_verify_signature(const char *public_key_alias,
827 const char *password,
828 const ckmc_raw_buffer_s message,
829 const ckmc_raw_buffer_s signature,
830 const ckmc_hash_algo_e hash,
831 const ckmc_rsa_padding_algo_e padding)
833 EXCEPTION_GUARD_START_CAPI
835 if (public_key_alias == nullptr)
836 return CKMC_ERROR_INVALID_PARAMETER;
839 auto mgr = CKM::Manager::create();
841 if ((ret = mgr->verifySignature(
842 CKM::Alias(public_key_alias),
844 CKM::RawBuffer(message.data, message.data + message.size),
845 CKM::RawBuffer(signature.data, signature.data + signature.size),
846 static_cast<CKM::HashAlgorithm>(static_cast<int>(hash)),
847 static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding)))) !=
849 return to_ckmc_error(ret);
851 return CKMC_ERROR_NONE;
857 int ckmc_get_cert_chain(const ckmc_cert_s *cert,
858 const ckmc_cert_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list)
860 EXCEPTION_GUARD_START_CAPI
862 if (cert == nullptr || cert->raw_cert == nullptr || cert->cert_size == 0 ||
863 cert_chain_list == nullptr)
864 return CKMC_ERROR_INVALID_PARAMETER;
866 CKM::CertificateShPtrVector ckmCertChain;
867 auto mgr = CKM::Manager::create();
868 int ret = mgr->getCertificateChain(
869 _toCkmCertificate(cert),
870 _toCkmCertificateVector(untrustedcerts),
875 if (ret != CKM_API_SUCCESS)
876 return to_ckmc_error(ret);
878 *cert_chain_list = _toNewCkmCertList(ckmCertChain);
880 return CKMC_ERROR_NONE;
886 int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert,
887 const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list)
889 EXCEPTION_GUARD_START_CAPI
891 if (cert == nullptr || cert->raw_cert == nullptr || cert->cert_size == 0 ||
892 cert_chain_list == nullptr)
893 return CKMC_ERROR_INVALID_PARAMETER;
895 CKM::CertificateShPtrVector ckmCertChain;
896 auto mgr = CKM::Manager::create();
897 int ret = mgr->getCertificateChain(_toCkmCertificate(cert),
898 _toCkmAliasVector(untrustedcerts),
899 EMPTY_ALIAS_VECTOR, true, ckmCertChain);
901 if (ret != CKM_API_SUCCESS)
902 return to_ckmc_error(ret);
904 *cert_chain_list = _toNewCkmCertList(ckmCertChain);
906 return CKMC_ERROR_NONE;
912 int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s *cert,
913 const ckmc_cert_list_s *untrustedcerts,
914 const ckmc_cert_list_s *trustedcerts,
915 const bool sys_certs,
916 ckmc_cert_list_s **ppcert_chain_list)
918 EXCEPTION_GUARD_START_CAPI
920 if (cert == nullptr || cert->raw_cert == nullptr || cert->cert_size == 0 ||
921 ppcert_chain_list == nullptr)
922 return CKMC_ERROR_INVALID_PARAMETER;
924 CKM::CertificateShPtrVector ckmCertChain;
925 auto mgr = CKM::Manager::create();
926 int ret = mgr->getCertificateChain(
927 _toCkmCertificate(cert),
928 _toCkmCertificateVector(untrustedcerts),
929 _toCkmCertificateVector(trustedcerts),
933 if (ret != CKM_API_SUCCESS)
934 return to_ckmc_error(ret);
936 *ppcert_chain_list = _toNewCkmCertList(ckmCertChain);
938 return CKMC_ERROR_NONE;
944 int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list,
945 ckmc_ocsp_status_e *ocsp_status)
947 EXCEPTION_GUARD_START_CAPI
949 if (pcert_chain_list == nullptr
950 || pcert_chain_list->cert == nullptr
951 || pcert_chain_list->cert->raw_cert == nullptr
952 || pcert_chain_list->cert->cert_size == 0
953 || ocsp_status == nullptr)
954 return CKMC_ERROR_INVALID_PARAMETER;
956 int tmpOcspStatus = -1;
957 auto mgr = CKM::Manager::create();
958 int ret = mgr->ocspCheck(_toCkmCertificateVector(pcert_chain_list),
961 *ocsp_status = to_ckmc_ocsp_status(tmpOcspStatus);
963 return to_ckmc_error(ret);
969 int ckmc_allow_access(const char *alias, const char *accessor,
970 ckmc_access_right_e granted)
972 EXCEPTION_GUARD_START_CAPI
974 LogWarning("DEPRECATION WARNING: " << __func__ << "() is deprecated and will be "
975 "removed from next release. Use ckmc_set_permission() instead.");
978 int ret = access_to_permission_mask(granted, permissionMask);
980 if (ret != CKMC_ERROR_NONE)
983 return ckmc_set_permission(alias, accessor, permissionMask);
989 int ckmc_set_permission(const char *alias, const char *accessor,
992 EXCEPTION_GUARD_START_CAPI
994 if (!alias || !accessor)
995 return CKMC_ERROR_INVALID_PARAMETER;
997 auto mgr = CKM::Manager::create();
998 return to_ckmc_error(mgr->setPermission(alias, accessor, permissions));
1004 int ckmc_deny_access(const char *alias, const char *accessor)
1006 EXCEPTION_GUARD_START_CAPI
1008 LogWarning("DEPRECATION WARNING: " << __func__ << "() is deprecated and will be "
1009 "removed from next release. Use ckmc_set_permission() instead.");
1011 if (!alias || !accessor)
1012 return CKMC_ERROR_INVALID_PARAMETER;
1014 auto mgr = CKM::Manager::create();
1015 return to_ckmc_error(mgr->setPermission(alias, accessor,
1016 CKM::Permission::NONE));
1022 int ckmc_remove_alias(const char *alias)
1024 EXCEPTION_GUARD_START_CAPI
1027 return CKMC_ERROR_INVALID_PARAMETER;
1029 auto mgr = CKM::Manager::create();
1030 return to_ckmc_error(mgr->removeAlias(alias));
1036 int ckmc_encrypt_data(ckmc_param_list_h params,
1037 const char *key_alias,
1038 const char *password,
1039 const ckmc_raw_buffer_s decrypted,
1040 ckmc_raw_buffer_s **ppencrypted)
1042 EXCEPTION_GUARD_START_CAPI
1044 return _cryptoOperation(&CKM::Manager::encrypt,
1055 int ckmc_decrypt_data(ckmc_param_list_h params,
1056 const char *key_alias,
1057 const char *password,
1058 const ckmc_raw_buffer_s encrypted,
1059 ckmc_raw_buffer_s **ppdecrypted)
1061 EXCEPTION_GUARD_START_CAPI
1063 return _cryptoOperation(&CKM::Manager::decrypt,
projects / platform / core / security / key-manager.git / blob