2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file ckmc-control.h
18 * @author Yuseok Jeon(yuseok.jeon@samsung.com)
20 * @brief provides conversion methods to C from C++ for key-manager control functions.
23 #include <ckm/ckm-type.h>
24 #include <ckm/ckm-manager.h>
25 #include <ckmc/ckmc-type.h>
26 #include <ckmc/ckmc-manager.h>
27 #include <ckmc/ckmc-error.h>
28 #include <ckmc-type-converter.h>
29 #include <client-common.h>
35 CKM::Password _tostring(const char *str)
38 return CKM::Password();
39 return CKM::Password(str);
42 CKM::CertificateShPtr _toCkmCertificate(const ckmc_cert_s *cert)
44 CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size);
45 CKM::DataFormat dataFormat = static_cast<CKM::DataFormat>(static_cast<int>(cert->data_format));
46 return CKM::Certificate::create(buffer, dataFormat);
49 ckmc_cert_list_s *_toNewCkmCertList(CKM::CertificateShPtrVector &certVector)
52 ckmc_cert_list_s *start = NULL;
53 ckmc_cert_list_s *plist = NULL;
54 CKM::CertificateShPtrVector::iterator it;
55 for(it = certVector.begin(); it != certVector.end(); it++) {
56 CKM::RawBuffer rawBuffer = (*it)->getDER();
57 unsigned char *rawCert = static_cast<unsigned char *>(malloc(rawBuffer.size()));
58 memcpy(rawCert, rawBuffer.data(), rawBuffer.size());
60 ret = ckmc_cert_new(rawCert, rawBuffer.size(), CKMC_FORM_DER, &pcert);
63 ckmc_cert_list_all_free(start);
67 ret = ckmc_cert_list_new(pcert, &plist);
68 start = plist; // save the pointer of the first element
70 ret = ckmc_cert_list_add(plist, pcert, &plist);
72 if(ret != CKMC_ERROR_NONE) {
73 ckmc_cert_list_all_free(start);
84 int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy)
86 CKM::ManagerShPtr mgr = CKM::Manager::create();
89 return CKMC_ERROR_INVALID_PARAMETER;
91 CKM::Alias ckmAlias(alias);
93 if(key.raw_key == NULL || key.key_size <= 0) {
94 return CKMC_ERROR_INVALID_PARAMETER;
96 CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size);
97 CKM::KeyShPtr ckmKey = CKM::Key::create(buffer, _tostring(key.password));
99 if(ckmKey.get() == NULL) {
100 return CKMC_ERROR_INVALID_FORMAT;
103 CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
105 int ret = mgr->saveKey(ckmAlias, ckmKey, storePolicy);
106 return to_ckmc_error(ret);
111 int ckmc_remove_key(const char *alias)
113 CKM::ManagerShPtr mgr = CKM::Manager::create();
116 return CKMC_ERROR_INVALID_PARAMETER;
119 int ret = mgr->removeAlias(alias);
120 return to_ckmc_error(ret);
124 int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **key)
127 CKM::KeyShPtr ckmKey;
129 if(alias == NULL || key == NULL) {
130 return CKMC_ERROR_INVALID_PARAMETER;
133 CKM::ManagerShPtr mgr = CKM::Manager::create();
134 if( (ret = mgr->getKey(alias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) {
135 return to_ckmc_error(ret);
138 unsigned char *rawKey = reinterpret_cast<unsigned char*>(ckmKey->getDER().data());
139 ckmc_key_type_e keyType = static_cast<ckmc_key_type_e>(static_cast<int>(ckmKey->getType()));
141 ret = ckmc_key_new( rawKey, ckmKey->getDER().size(), keyType, NULL, key);
143 return to_ckmc_error(ret);
147 int ckmc_get_key_alias_list(ckmc_alias_list_s** alias_list)
151 if (alias_list == NULL) {
152 return CKMC_ERROR_INVALID_PARAMETER;
155 CKM::AliasVector aliasVector;
156 CKM::ManagerShPtr mgr = CKM::Manager::create();
158 if ((ret = mgr->getKeyAliasVector(aliasVector)) != CKM_API_SUCCESS) {
159 return to_ckmc_error(ret);
162 ckmc_alias_list_s *plist = NULL;
164 for (const auto it : aliasVector) {
165 char *alias = strndup(it.c_str(), it.size());
167 if (plist == NULL) { // first
168 ret = ckmc_alias_list_new(alias, &plist);
169 *alias_list = plist; // save the pointer of the first element
171 ret = ckmc_alias_list_add(plist, alias, &plist);
174 if (ret != CKMC_ERROR_NONE) {
176 ckmc_alias_list_all_free(*alias_list);
181 if(plist == NULL) { // if the alias_list size is zero
182 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
185 return CKMC_ERROR_NONE;
189 int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy)
192 return CKMC_ERROR_INVALID_PARAMETER;
194 CKM::Alias ckmAlias(alias);
196 if(cert.raw_cert == NULL || cert.cert_size <= 0) {
197 return CKMC_ERROR_INVALID_PARAMETER;
199 CKM::CertificateShPtr ckmCert = _toCkmCertificate(&cert);
200 if(ckmCert.get() == NULL) {
201 return CKMC_ERROR_INVALID_FORMAT;
204 CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
206 CKM::ManagerShPtr mgr = CKM::Manager::create();
207 int ret = mgr->saveCertificate(ckmAlias, ckmCert, storePolicy);
209 return to_ckmc_error(ret);
213 int ckmc_remove_cert(const char *alias)
216 return CKMC_ERROR_INVALID_PARAMETER;
219 CKM::ManagerShPtr mgr = CKM::Manager::create();
220 int ret = mgr->removeAlias(alias);
222 return to_ckmc_error(ret);
226 int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **cert)
228 CKM::CertificateShPtr ckmCert;
231 if(alias == NULL || cert == NULL) {
232 return CKMC_ERROR_INVALID_PARAMETER;
235 CKM::ManagerShPtr mgr = CKM::Manager::create();
236 if( (ret = mgr->getCertificate(alias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) {
237 return to_ckmc_error(ret);
240 unsigned char *rawCert = reinterpret_cast<unsigned char*>(ckmCert->getDER().data());
241 ret = ckmc_cert_new( rawCert, ckmCert->getDER().size(), CKMC_FORM_DER, cert);
247 int ckmc_get_cert_alias_list(ckmc_alias_list_s** alias_list) {
250 if (alias_list == NULL) {
251 return CKMC_ERROR_INVALID_PARAMETER;
256 CKM::AliasVector aliasVector;
257 CKM::ManagerShPtr mgr = CKM::Manager::create();
258 if ((ret = mgr->getCertificateAliasVector(aliasVector)) != CKM_API_SUCCESS) {
259 return to_ckmc_error(ret);
262 ckmc_alias_list_s *plist = NULL;
264 for (const auto it : aliasVector) {
265 char *alias = strndup(it.c_str(), it.size());
267 if (plist == NULL) { // first
268 ret = ckmc_alias_list_new(alias, &plist);
269 *alias_list = plist; // save the pointer of the first element
271 ret = ckmc_alias_list_add(plist, alias, &plist);
274 if (ret != CKMC_ERROR_NONE) {
276 ckmc_alias_list_all_free(*alias_list);
281 if(plist == NULL) { // if the alias_list size is zero
282 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
285 return CKMC_ERROR_NONE;
289 int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy)
292 return CKMC_ERROR_INVALID_PARAMETER;
294 CKM::Alias ckmAlias(alias);
296 if(data.data == NULL || data.size <= 0) {
297 return CKMC_ERROR_INVALID_PARAMETER;
299 CKM::RawBuffer buffer(data.data, data.data + data.size);
301 CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
303 CKM::ManagerShPtr mgr = CKM::Manager::create();
304 int ret = mgr->saveData(ckmAlias, buffer, storePolicy);
306 return to_ckmc_error(ret);
310 int ckmc_remove_data(const char *alias)
313 return CKMC_ERROR_INVALID_PARAMETER;
316 CKM::ManagerShPtr mgr = CKM::Manager::create();
317 int ret = mgr->removeAlias(alias);
318 return to_ckmc_error(ret);
322 int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **data)
324 CKM::RawBuffer ckmBuff;
327 if(alias == NULL || data == NULL) {
328 return CKMC_ERROR_INVALID_PARAMETER;
331 CKM::ManagerShPtr mgr = CKM::Manager::create();
332 if( (ret = mgr->getData(alias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) {
333 return to_ckmc_error(ret);
336 unsigned char *rawBuff = reinterpret_cast<unsigned char*>(ckmBuff.data());
337 ret = ckmc_buffer_new(rawBuff, ckmBuff.size(), data);
343 int ckmc_get_data_alias_list(ckmc_alias_list_s** alias_list){
346 if(alias_list == NULL) {
347 return CKMC_ERROR_INVALID_PARAMETER;
352 CKM::AliasVector aliasVector;
353 CKM::ManagerShPtr mgr = CKM::Manager::create();
354 if( (ret = mgr->getDataAliasVector(aliasVector)) != CKM_API_SUCCESS) {
355 return to_ckmc_error(ret);
358 ckmc_alias_list_s *plist = NULL;
360 for (const auto it : aliasVector) {
361 char *alias = strndup(it.c_str(), it.size());
363 if (plist == NULL) { // first
364 ret = ckmc_alias_list_new(alias, &plist);
365 *alias_list = plist; // save the pointer of the first element
367 ret = ckmc_alias_list_add(plist, alias, &plist);
370 if (ret != CKMC_ERROR_NONE) {
372 ckmc_alias_list_all_free(*alias_list);
377 if(plist == NULL) { // if the alias_list size is zero
378 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
381 return CKMC_ERROR_NONE;
385 int ckmc_create_key_pair_rsa(const size_t size,
386 const char *private_key_alias,
387 const char *public_key_alias,
388 const ckmc_policy_s policy_private_key,
389 const ckmc_policy_s policy_public_key)
392 CKM::ManagerShPtr mgr = CKM::Manager::create();
394 if(private_key_alias == NULL || public_key_alias == NULL) {
395 return CKMC_ERROR_INVALID_PARAMETER;
398 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
399 CKM::Alias ckmPublicKeyAlias(public_key_alias);
400 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable);
401 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable);
403 ret = mgr->createKeyPairRSA(static_cast<int>(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
404 return to_ckmc_error(ret);
408 int ckmc_create_key_pair_dsa(const size_t size,
409 const char *private_key_alias,
410 const char *public_key_alias,
411 const ckmc_policy_s policy_private_key,
412 const ckmc_policy_s policy_public_key)
415 CKM::ManagerShPtr mgr = CKM::Manager::create();
417 if(private_key_alias == NULL || public_key_alias == NULL) {
418 return CKMC_ERROR_INVALID_PARAMETER;
421 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
422 CKM::Alias ckmPublicKeyAlias(public_key_alias);
423 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable);
424 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable);
426 ret = mgr->createKeyPairDSA(static_cast<int>(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
427 return to_ckmc_error(ret);
431 int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type,
432 const char *private_key_alias,
433 const char *public_key_alias,
434 const ckmc_policy_s policy_private_key,
435 const ckmc_policy_s policy_public_key)
437 CKM::ManagerShPtr mgr = CKM::Manager::create();
439 if(private_key_alias == NULL || public_key_alias == NULL) {
440 return CKMC_ERROR_INVALID_PARAMETER;
443 CKM::ElipticCurve ckmType = static_cast<CKM::ElipticCurve>(static_cast<int>(type));
444 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
445 CKM::Alias ckmPublicKeyAlias(public_key_alias);
446 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable);
447 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable);
449 int ret = mgr->createKeyPairECDSA(ckmType, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
450 return to_ckmc_error(ret);
454 int ckmc_create_signature(const char *private_key_alias,
455 const char *password,
456 const ckmc_raw_buffer_s message,
457 const ckmc_hash_algo_e hash,
458 const ckmc_rsa_padding_algo_e padding,
459 ckmc_raw_buffer_s **signature)
462 CKM::ManagerShPtr mgr = CKM::Manager::create();
463 CKM::RawBuffer ckmSignature;
465 if(private_key_alias == NULL || signature == NULL) {
466 return CKMC_ERROR_INVALID_PARAMETER;
469 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
470 CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
471 CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
472 CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
474 if( (ret = mgr->createSignature(
480 ckmSignature)) != CKM_API_SUCCESS) {
481 return to_ckmc_error(ret);
484 unsigned char *rawBuff = reinterpret_cast<unsigned char*>(ckmSignature.data());
485 ret = ckmc_buffer_new( rawBuff, ckmSignature.size(), signature);
491 int ckmc_verify_signature(const char *public_key_alias,
492 const char *password,
493 const ckmc_raw_buffer_s message,
494 const ckmc_raw_buffer_s signature,
495 const ckmc_hash_algo_e hash,
496 const ckmc_rsa_padding_algo_e padding)
499 CKM::ManagerShPtr mgr = CKM::Manager::create();
501 if(public_key_alias == NULL) {
502 return CKMC_ERROR_INVALID_PARAMETER;
505 CKM::Alias ckmPublicKeyAlias(public_key_alias);
506 CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
507 CKM::RawBuffer ckmSignature(signature.data, signature.data + signature.size);
508 CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
509 CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
511 if( (ret = mgr->verifySignature(
517 ckmPadding)) != CKM_API_SUCCESS) {
518 return to_ckmc_error(ret);
521 return CKMC_ERROR_NONE;
525 int ckmc_get_cert_chain(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list)
528 CKM::ManagerShPtr mgr = CKM::Manager::create();
529 CKM::CertificateShPtrVector ckmCertChain;
531 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) {
532 return CKMC_ERROR_INVALID_PARAMETER;
535 CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert);
537 CKM::CertificateShPtrVector ckmUntrustedCerts;
538 if(untrustedcerts != NULL) {
539 ckmc_cert_list_s *current = NULL;
540 ckmc_cert_list_s *next = const_cast<ckmc_cert_list_s *>(untrustedcerts);
543 next = current->next;
545 if(current->cert == NULL){
549 CKM::CertificateShPtr tmpCkmCert = _toCkmCertificate(current->cert);
550 ckmUntrustedCerts.push_back(tmpCkmCert);
551 }while(next != NULL);
554 ret = mgr->getCertificateChain(ckmCert, ckmUntrustedCerts, ckmCertChain);
555 if( ret != CKM_API_SUCCESS) {
556 return to_ckmc_error(ret);
559 *cert_chain_list = _toNewCkmCertList(ckmCertChain);
561 return CKMC_ERROR_NONE;
565 int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list)
568 CKM::ManagerShPtr mgr = CKM::Manager::create();
569 CKM::CertificateShPtrVector ckmCertChain;
572 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) {
573 return CKMC_ERROR_INVALID_PARAMETER;
576 CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert);
577 if(ckmCert.get() == NULL) {
578 return CKMC_ERROR_INVALID_FORMAT;
581 CKM::AliasVector ckmUntrustedAliases;
582 if(untrustedcerts != NULL) {
583 ckmc_alias_list_s *current = NULL;
584 ckmc_alias_list_s *next = const_cast<ckmc_alias_list_s *>(untrustedcerts);
587 next = current->next;
589 if(current->alias == NULL){
590 return CKMC_ERROR_INVALID_PARAMETER;
592 CKM::Alias ckmAlias(current->alias);
593 ckmUntrustedAliases.push_back(ckmAlias);
594 }while(next != NULL);
597 if( (ret = mgr->getCertificateChain(ckmCert, ckmUntrustedAliases, ckmCertChain)) != CKM_API_SUCCESS) {
598 return to_ckmc_error(ret);
601 *cert_chain_list = _toNewCkmCertList(ckmCertChain);
603 return CKMC_ERROR_NONE;
607 int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted)
609 if (!alias || !accessor)
610 return CKMC_ERROR_INVALID_PARAMETER;
612 CKM::ManagerShPtr mgr = CKM::Manager::create();
614 CKM::Permission ar = static_cast<CKM::Permission>(static_cast<int>(granted));
615 return to_ckmc_error(mgr->setPermission(alias, accessor, ar));
619 int ckmc_deny_access(const char *alias, const char *accessor)
621 if (!alias || !accessor)
622 return CKMC_ERROR_INVALID_PARAMETER;
624 CKM::ManagerShPtr mgr = CKM::Manager::create();
626 return to_ckmc_error(mgr->setPermission(alias, accessor, CKM::Permission::NONE));