2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file ckmc-control.h
18 * @author Yuseok Jeon(yuseok.jeon@samsung.com)
20 * @brief provides conversion methods to C from C++ for key-manager control functions.
23 #include <ckm/ckm-type.h>
24 #include <ckm/ckm-manager.h>
25 #include <ckmc/ckmc-type.h>
26 #include <ckmc/ckmc-manager.h>
27 #include <ckmc/ckmc-error.h>
30 bool _toBool(ckm_bool ckmBool)
32 if(ckmBool == CKM_TRUE) {
38 std::string _tostring(const char *str)
42 return std::string(str);
45 CKM::Certificate _toCkmCertificate(const ckm_cert *cert)
47 CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size);
48 CKM::DataFormat dataFormat = static_cast<CKM::DataFormat>(static_cast<int>(cert->data_format));
49 CKM::Certificate ckmCert(buffer, dataFormat);
53 ckm_cert_list *_toNewCkmCertList(CKM::CertificateVector &certVector)
55 ckm_cert_list *start = NULL;
56 ckm_cert_list *plist = NULL;
57 CKM::CertificateVector::iterator it;
58 for(it = certVector.begin(); it != certVector.end(); it++) {
59 CKM::RawBuffer rawBuffer = it->getDER();
60 unsigned char *rawCert = reinterpret_cast<unsigned char*>(rawBuffer.data());
61 ckm_cert *pcert = ckm_cert_new( rawCert, rawBuffer.size(), CKM_FORM_DER);
66 plist = ckm_cert_list_new(pcert);
67 start = plist; // save the pointer of the first element
69 plist = ckm_cert_list_add(plist, pcert);
76 int ckm_save_key(const char *alias, const ckm_key key, const ckm_policy policy)
81 return CKM_API_ERROR_INPUT_PARAM;
83 CKM::Alias ckmAlias(alias);
85 if(key.raw_key == NULL || key.key_size <= 0) {
86 return CKM_API_ERROR_INPUT_PARAM;
88 CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size);
89 CKM::Key ckmKey(buffer, _tostring(key.password));
91 CKM::Policy storePolicy(_tostring(policy.password), _toBool(policy.extractable), _toBool(policy.restricted));
93 return mgr.saveKey(ckmAlias, ckmKey, storePolicy);
98 int ckm_remove_key(const char *alias)
103 return CKM_API_ERROR_INPUT_PARAM;
105 CKM::Alias ckmAlias(alias);
107 return mgr.removeKey(ckmAlias);
111 int ckm_get_key(const char *alias, const char *password, ckm_key **key)
117 return CKM_API_ERROR_INPUT_PARAM;
119 CKM::Alias ckmAlias(alias);
122 if( (ret = mgr.getKey(ckmAlias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) {
126 unsigned char *rawKey = reinterpret_cast<unsigned char*>(ckmKey.getDER().data());
127 ckm_key_type keyType = static_cast<ckm_key_type>(static_cast<int>(ckmKey.getType()));
128 *key = ckm_key_new( rawKey, ckmKey.getDER().size(), keyType, NULL);
130 return CKM_API_ERROR_OUT_OF_MEMORY;
132 return CKM_API_SUCCESS;
137 int ckm_get_key_alias_list(ckm_alias_list** alias_list)
142 CKM::AliasVector aliasVector;
144 if( (ret = mgr.getKeyAliasVector(aliasVector)) != CKM_API_SUCCESS) {
148 ckm_alias_list *plist = NULL;
149 CKM::AliasVector::iterator it;
150 for(it = aliasVector.begin(); it != aliasVector.end(); it++) {
151 if(plist == NULL) { // first
152 plist = ckm_alias_list_new(const_cast<char *>(it->c_str()));
153 *alias_list = plist; // save the pointer of the first element
155 plist = ckm_alias_list_add(plist, const_cast<char *>(it->c_str()));
159 return CKM_API_SUCCESS;
163 int ckm_save_cert(const char *alias, const ckm_cert cert, const ckm_policy policy)
166 return CKM_API_ERROR_INPUT_PARAM;
168 CKM::Alias ckmAlias(alias);
170 if(cert.raw_cert == NULL || cert.cert_size <= 0) {
171 return CKM_API_ERROR_INPUT_PARAM;
173 CKM::Certificate ckmCert = _toCkmCertificate(&cert);
175 CKM::Policy storePolicy(_tostring(policy.password), _toBool(policy.extractable), _toBool(policy.restricted));
178 return mgr.saveCertificate(ckmAlias, ckmCert, storePolicy);
182 int ckm_remove_cert(const char *alias)
185 return CKM_API_ERROR_INPUT_PARAM;
187 CKM::Alias ckmAlias(alias);
190 return mgr.removeCertificate(ckmAlias);
194 int ckm_get_cert(const char *alias, const char *password, const ckm_cert **cert)
196 CKM::Certificate ckmCert;
200 return CKM_API_ERROR_INPUT_PARAM;
202 CKM::Alias ckmAlias(alias);
205 if( (ret = mgr.getCertificate(ckmAlias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) {
209 unsigned char *rawCert = reinterpret_cast<unsigned char*>(ckmCert.getDER().data());
210 *cert = ckm_cert_new( rawCert, ckmCert.getDER().size(), CKM_FORM_DER);
212 return CKM_API_ERROR_OUT_OF_MEMORY;
214 return CKM_API_SUCCESS;
219 int ckm_get_cert_alias_list(ckm_alias_list** alias_list) {
223 CKM::AliasVector aliasVector;
225 if( (ret = mgr.getCertificateAliasVector(aliasVector)) != CKM_API_SUCCESS) {
229 ckm_alias_list *plist = NULL;
230 CKM::AliasVector::iterator it;
231 for(it = aliasVector.begin(); it != aliasVector.end(); it++) {
232 if(plist == NULL) { // first
233 plist = ckm_alias_list_new(const_cast<char *>(it->c_str()));
234 *alias_list = plist; // save the pointer of the first element
236 plist = ckm_alias_list_add(plist, const_cast<char *>(it->c_str()));
240 return CKM_API_SUCCESS;
244 int ckm_save_data(const char *alias, ckm_raw_buffer data, const ckm_policy policy)
247 return CKM_API_ERROR_INPUT_PARAM;
249 CKM::Alias ckmAlias(alias);
251 if(data.data == NULL || data.size <= 0) {
252 return CKM_API_ERROR_INPUT_PARAM;
254 CKM::RawBuffer buffer(data.data, data.data + data.size);
256 CKM::Policy storePolicy(_tostring(policy.password), _toBool(policy.extractable), _toBool(policy.restricted));
259 return mgr.saveData(ckmAlias, buffer, storePolicy);
263 int ckm_remove_data(const char *alias)
266 return CKM_API_ERROR_INPUT_PARAM;
268 CKM::Alias ckmAlias(alias);
271 return mgr.removeData(ckmAlias);
275 int ckm_get_data(const char *alias, const char *password, ckm_raw_buffer **data)
277 CKM::RawBuffer ckmBuff;
281 return CKM_API_ERROR_INPUT_PARAM;
283 CKM::Alias ckmAlias(alias);
286 if( (ret = mgr.getData(ckmAlias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) {
290 unsigned char *rawBuff = reinterpret_cast<unsigned char*>(ckmBuff.data());
291 *data = ckm_buffer_new( rawBuff, ckmBuff.size());
293 return CKM_API_ERROR_OUT_OF_MEMORY;
295 return CKM_API_SUCCESS;
300 int ckm_get_data_alias_list(ckm_alias_list** alias_list){
304 CKM::AliasVector aliasVector;
306 if( (ret = mgr.getDataAliasVector(aliasVector)) != CKM_API_SUCCESS) {
310 ckm_alias_list *plist = NULL;
311 CKM::AliasVector::iterator it;
312 for(it = aliasVector.begin(); it != aliasVector.end(); it++) {
313 if(plist == NULL) { // first
314 plist = ckm_alias_list_new(const_cast<char *>(it->c_str()));
315 *alias_list = plist; // save the pointer of the first element
317 plist = ckm_alias_list_add(plist, const_cast<char *>(it->c_str()));
321 return CKM_API_SUCCESS;
325 int ckm_create_key_pair_rsa(const size_t size,
326 const char *private_key_alias,
327 const char *public_key_alias,
328 const ckm_policy policy_private_key,
329 const ckm_policy policy_public_key)
334 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
335 CKM::Alias ckmPublicKeyAlias(public_key_alias);
336 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), _toBool(policy_private_key.extractable), _toBool(policy_private_key.restricted));
337 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), _toBool(policy_public_key.extractable), _toBool(policy_public_key.restricted));
339 if( (ret = mgr.createKeyPairRSA(size, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy))
340 != CKM_API_SUCCESS) {
344 return CKM_API_SUCCESS;
348 int ckm_create_key_pair_ecdsa(const ckm_ec_type type,
349 const char *private_key_alias,
350 const char *public_key_alias,
351 const ckm_policy policy_private_key,
352 const ckm_policy policy_public_key)
357 CKM::ElipticCurve ckmType = static_cast<CKM::ElipticCurve>(static_cast<int>(type));
358 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
359 CKM::Alias ckmPublicKeyAlias(public_key_alias);
360 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), _toBool(policy_private_key.extractable), _toBool(policy_private_key.restricted));
361 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), _toBool(policy_public_key.extractable), _toBool(policy_public_key.restricted));
363 if( (ret - mgr.createKeyPairECDSA(ckmType, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy))
364 != CKM_API_SUCCESS) {
368 return CKM_API_SUCCESS;
372 int ckm_create_signature(const char *private_key_alias,
373 const char *password,
374 const ckm_raw_buffer message,
375 const ckm_hash_algo hash,
376 const ckm_rsa_padding_algo padding,
377 ckm_raw_buffer **signature)
381 CKM::RawBuffer ckmSignature;
383 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
384 CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
385 CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
386 CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
388 if( (ret = mgr.createSignature(
394 ckmSignature)) != CKM_API_SUCCESS) {
398 unsigned char *rawBuff = reinterpret_cast<unsigned char*>(ckmSignature.data());
399 *signature = ckm_buffer_new( rawBuff, ckmSignature.size());
400 if(*signature == NULL) {
401 return CKM_API_ERROR_OUT_OF_MEMORY;
403 return CKM_API_SUCCESS;
406 return CKM_API_SUCCESS;
410 int ckm_verify_signature(const char *public_key_alias,
411 const char *password,
412 const ckm_raw_buffer message,
413 const ckm_raw_buffer signature,
414 const ckm_hash_algo hash,
415 const ckm_rsa_padding_algo padding)
420 CKM::Alias ckmPublicKeyAlias(public_key_alias);
421 CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
422 CKM::RawBuffer ckmSignature(signature.data, signature.data + signature.size);
423 CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
424 CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
426 if( (ret = mgr.verifySignature(
432 ckmPadding)) != CKM_API_SUCCESS) {
436 return CKM_API_SUCCESS;
440 int ckm_get_cert_chain(const ckm_cert *cert, const ckm_cert_list *untrustedcerts, ckm_cert_list **cert_chain_list)
444 CKM::CertificateVector ckmCertChain;
446 if(cert->raw_cert == NULL || cert->cert_size <= 0) {
447 return CKM_API_ERROR_INPUT_PARAM;
450 CKM::Certificate ckmCert = _toCkmCertificate(cert);
452 CKM::CertificateVector ckmUntrustedCerts;
453 if(untrustedcerts != NULL) {
454 ckm_cert_list *current = NULL;
455 ckm_cert_list *next = const_cast<ckm_cert_list *>(untrustedcerts);
458 next = current->next;
460 if(current->cert == NULL){
464 CKM::Certificate tmpCkmCert = _toCkmCertificate(current->cert);
465 ckmUntrustedCerts.push_back(tmpCkmCert);
466 }while(next != NULL);
469 ret = mgr.getCertificateChain(ckmCert, ckmUntrustedCerts, ckmCertChain);
470 if( ret != CKM_API_SUCCESS) {
474 *cert_chain_list = _toNewCkmCertList(ckmCertChain);
476 return CKM_API_SUCCESS;
480 int ckm_get_cert_chain_with_alias(const ckm_cert *cert, const ckm_alias_list *untrustedcerts, ckm_cert_list **cert_chain_list)
484 CKM::CertificateVector ckmCertChain;
487 if(cert->raw_cert == NULL || cert->cert_size <= 0) {
488 return CKM_API_ERROR_INPUT_PARAM;
490 CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size);
491 CKM::DataFormat dataFormat = static_cast<CKM::DataFormat>(static_cast<int>(cert->data_format));
492 CKM::Certificate ckmCert(buffer, dataFormat);
494 CKM::AliasVector ckmUntrustedAliases;
495 if(untrustedcerts != NULL) {
496 ckm_alias_list *current = NULL;
497 ckm_alias_list *next = const_cast<ckm_alias_list *>(untrustedcerts);
500 next = current->next;
502 if(current->alias == NULL){
503 return CKM_API_ERROR_INPUT_PARAM;
505 CKM::Alias ckmAlias(current->alias);
506 ckmUntrustedAliases.push_back(ckmAlias);
507 }while(next != NULL);
510 if( (ret = mgr.getCertificateChain(ckmCert, ckmUntrustedAliases, ckmCertChain)) != CKM_API_SUCCESS) {
514 *cert_chain_list = _toNewCkmCertList(ckmCertChain);
516 return CKM_API_SUCCESS;