2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file ckmc-control.h
18 * @author Yuseok Jeon(yuseok.jeon@samsung.com)
20 * @brief provides conversion methods to C from C++ for key-manager control functions.
23 #include <ckm/ckm-type.h>
24 #include <ckm/ckm-manager.h>
25 #include <ckmc/ckmc-type.h>
26 #include <ckmc/ckmc-manager.h>
27 #include <ckmc/ckmc-error.h>
28 #include <ckmc-type-converter.h>
29 #include <client-common.h>
35 CKM::Password _tostring(const char *str)
38 return CKM::Password();
39 return CKM::Password(str);
42 CKM::KeyShPtr _toCkmKey(const ckmc_key_s *key)
46 CKM::RawBuffer buffer(key->raw_key, key->raw_key + key->key_size);
47 return CKM::Key::create(buffer, _tostring(key->password));
49 return CKM::KeyShPtr();
52 CKM::CertificateShPtr _toCkmCertificate(const ckmc_cert_s *cert)
56 CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size);
57 CKM::DataFormat dataFormat = static_cast<CKM::DataFormat>(static_cast<int>(cert->data_format));
58 return CKM::Certificate::create(buffer, dataFormat);
60 return CKM::CertificateShPtr();
63 ckmc_cert_list_s *_toNewCkmCertList(const CKM::CertificateShPtrVector &certVector)
66 ckmc_cert_list_s *start = NULL;
67 ckmc_cert_list_s *plist = NULL;
68 CKM::CertificateShPtrVector::const_iterator it;
69 for(it = certVector.begin(); it != certVector.end(); it++) {
70 CKM::RawBuffer rawBuffer = (*it)->getDER();
71 unsigned char *rawCert = static_cast<unsigned char *>(malloc(rawBuffer.size()));
72 memcpy(rawCert, rawBuffer.data(), rawBuffer.size());
74 ret = ckmc_cert_new(rawCert, rawBuffer.size(), CKMC_FORM_DER, &pcert);
77 ckmc_cert_list_all_free(start);
81 ret = ckmc_cert_list_new(pcert, &plist);
82 start = plist; // save the pointer of the first element
84 ret = ckmc_cert_list_add(plist, pcert, &plist);
86 if(ret != CKMC_ERROR_NONE) {
87 ckmc_cert_list_all_free(start);
98 int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy)
100 CKM::ManagerShPtr mgr = CKM::Manager::create();
103 return CKMC_ERROR_INVALID_PARAMETER;
105 CKM::Alias ckmAlias(alias);
107 if(key.raw_key == NULL || key.key_size <= 0) {
108 return CKMC_ERROR_INVALID_PARAMETER;
110 CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size);
111 CKM::KeyShPtr ckmKey = CKM::Key::create(buffer, _tostring(key.password));
113 if(ckmKey.get() == NULL) {
114 return CKMC_ERROR_INVALID_FORMAT;
117 CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
119 int ret = mgr->saveKey(ckmAlias, ckmKey, storePolicy);
120 return to_ckmc_error(ret);
125 int ckmc_remove_key(const char *alias)
127 return ckmc_remove_alias(alias);
131 int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **key)
134 CKM::KeyShPtr ckmKey;
136 if(alias == NULL || key == NULL) {
137 return CKMC_ERROR_INVALID_PARAMETER;
140 CKM::ManagerShPtr mgr = CKM::Manager::create();
141 if( (ret = mgr->getKey(alias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) {
142 return to_ckmc_error(ret);
145 unsigned char *rawKey = reinterpret_cast<unsigned char*>(ckmKey->getDER().data());
146 ckmc_key_type_e keyType = static_cast<ckmc_key_type_e>(static_cast<int>(ckmKey->getType()));
148 ret = ckmc_key_new( rawKey, ckmKey->getDER().size(), keyType, NULL, key);
150 return to_ckmc_error(ret);
154 int ckmc_get_key_alias_list(ckmc_alias_list_s** alias_list)
158 if (alias_list == NULL) {
159 return CKMC_ERROR_INVALID_PARAMETER;
162 CKM::AliasVector aliasVector;
163 CKM::ManagerShPtr mgr = CKM::Manager::create();
165 if ((ret = mgr->getKeyAliasVector(aliasVector)) != CKM_API_SUCCESS) {
166 return to_ckmc_error(ret);
169 ckmc_alias_list_s *plist = NULL;
171 for (const auto it : aliasVector) {
172 char *alias = strndup(it.c_str(), it.size());
174 if (plist == NULL) { // first
175 ret = ckmc_alias_list_new(alias, &plist);
176 *alias_list = plist; // save the pointer of the first element
178 ret = ckmc_alias_list_add(plist, alias, &plist);
181 if (ret != CKMC_ERROR_NONE) {
183 ckmc_alias_list_all_free(*alias_list);
188 if(plist == NULL) { // if the alias_list size is zero
189 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
192 return CKMC_ERROR_NONE;
196 int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy)
199 return CKMC_ERROR_INVALID_PARAMETER;
201 CKM::Alias ckmAlias(alias);
203 if(cert.raw_cert == NULL || cert.cert_size <= 0) {
204 return CKMC_ERROR_INVALID_PARAMETER;
206 CKM::CertificateShPtr ckmCert = _toCkmCertificate(&cert);
207 if(ckmCert.get() == NULL) {
208 return CKMC_ERROR_INVALID_FORMAT;
211 CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
213 CKM::ManagerShPtr mgr = CKM::Manager::create();
214 int ret = mgr->saveCertificate(ckmAlias, ckmCert, storePolicy);
216 return to_ckmc_error(ret);
220 int ckmc_remove_cert(const char *alias)
222 return ckmc_remove_alias(alias);
226 int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **cert)
228 CKM::CertificateShPtr ckmCert;
231 if(alias == NULL || cert == NULL) {
232 return CKMC_ERROR_INVALID_PARAMETER;
235 CKM::ManagerShPtr mgr = CKM::Manager::create();
236 if( (ret = mgr->getCertificate(alias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) {
237 return to_ckmc_error(ret);
240 unsigned char *rawCert = reinterpret_cast<unsigned char*>(ckmCert->getDER().data());
241 ret = ckmc_cert_new( rawCert, ckmCert->getDER().size(), CKMC_FORM_DER, cert);
247 int ckmc_get_cert_alias_list(ckmc_alias_list_s** alias_list) {
250 if (alias_list == NULL) {
251 return CKMC_ERROR_INVALID_PARAMETER;
256 CKM::AliasVector aliasVector;
257 CKM::ManagerShPtr mgr = CKM::Manager::create();
258 if ((ret = mgr->getCertificateAliasVector(aliasVector)) != CKM_API_SUCCESS) {
259 return to_ckmc_error(ret);
262 ckmc_alias_list_s *plist = NULL;
264 for (const auto it : aliasVector) {
265 char *alias = strndup(it.c_str(), it.size());
267 if (plist == NULL) { // first
268 ret = ckmc_alias_list_new(alias, &plist);
269 *alias_list = plist; // save the pointer of the first element
271 ret = ckmc_alias_list_add(plist, alias, &plist);
274 if (ret != CKMC_ERROR_NONE) {
276 ckmc_alias_list_all_free(*alias_list);
281 if(plist == NULL) { // if the alias_list size is zero
282 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
285 return CKMC_ERROR_NONE;
289 int ckmc_save_pkcs12(const char *alias, const ckmc_pkcs12_s *ppkcs, const ckmc_policy_s key_policy, const ckmc_policy_s cert_policy)
291 CKM::KeyShPtr private_key;
292 CKM::CertificateShPtr cert;
293 CKM::CertificateShPtrVector ca_cert_list;
295 if(alias==NULL || ppkcs==NULL) {
296 return CKMC_ERROR_INVALID_PARAMETER;
298 CKM::Alias ckmAlias(alias);
300 private_key = _toCkmKey(ppkcs->priv_key);
301 cert = _toCkmCertificate(ppkcs->cert);
302 ckmc_cert_list_s *current = NULL;
303 ckmc_cert_list_s *next = const_cast<ckmc_cert_list_s *>(ppkcs->ca_chain);
306 next = current->next;
308 if(current->cert == NULL){
312 CKM::CertificateShPtr tmpCkmCert = _toCkmCertificate(current->cert);
313 ca_cert_list.push_back(tmpCkmCert);
314 }while(next != NULL);
316 CKM::Policy keyPolicy(_tostring(key_policy.password), key_policy.extractable);
317 CKM::Policy certPolicy(_tostring(cert_policy.password), cert_policy.extractable);
319 CKM::PKCS12ShPtr pkcs12(new CKM::PKCS12Impl(private_key, cert, ca_cert_list));
321 CKM::ManagerShPtr mgr = CKM::Manager::create();
322 int ret = mgr->savePKCS12(ckmAlias, pkcs12, keyPolicy, certPolicy);
324 return to_ckmc_error(ret);
328 int ckmc_remove_pkcs12(const char *alias)
330 return ckmc_remove_alias(alias);
334 int ckmc_get_pkcs12(const char *alias, ckmc_pkcs12_s **pkcs12)
337 CKM::PKCS12ShPtr ShPkcs12;
338 CKM::PKCS12 *pkcs12Ptr = NULL;
339 ckmc_key_s *private_key = NULL;
340 ckmc_cert_s *cert = NULL;
341 ckmc_cert_list_s *ca_cert_list = 0;
343 if(alias == NULL || pkcs12 == NULL) {
344 return CKMC_ERROR_INVALID_PARAMETER;
347 CKM::ManagerShPtr mgr = CKM::Manager::create();
348 if( (ret = mgr->getPKCS12(alias, ShPkcs12)) != CKM_API_SUCCESS) {
349 return to_ckmc_error(ret);
352 pkcs12Ptr = ShPkcs12.get();
354 return CKMC_ERROR_BAD_RESPONSE;
356 if(pkcs12Ptr->getKey())
358 CKM::KeyShPtr helper = pkcs12Ptr->getKey();
360 unsigned char *rawKey = reinterpret_cast<unsigned char*>(helper->getDER().data());
361 ckmc_key_type_e keyType = static_cast<ckmc_key_type_e>(static_cast<int>(helper->getType()));
362 ret = ckmc_key_new(rawKey, helper->getDER().size(), keyType, NULL, &private_key);
363 if(ret != CKMC_ERROR_NONE)
367 if(pkcs12Ptr->getCertificate())
369 CKM::CertificateShPtr helper = pkcs12Ptr->getCertificate();
371 unsigned char *rawCert = reinterpret_cast<unsigned char*>(helper->getDER().data());
372 ret = ckmc_cert_new(rawCert, helper->getDER().size(), CKMC_FORM_DER, &cert);
373 if(ret != CKMC_ERROR_NONE) {
374 ckmc_key_free(private_key);
379 ca_cert_list = _toNewCkmCertList(pkcs12Ptr->getCaCertificateShPtrVector());
381 ret = ckmc_pkcs12_new(private_key, cert, ca_cert_list, pkcs12);
382 if(ret != CKMC_ERROR_NONE)
384 ckmc_key_free(private_key);
385 ckmc_cert_free(cert);
386 ckmc_cert_list_free(ca_cert_list);
392 int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy)
395 return CKMC_ERROR_INVALID_PARAMETER;
397 CKM::Alias ckmAlias(alias);
399 if(data.data == NULL || data.size <= 0) {
400 return CKMC_ERROR_INVALID_PARAMETER;
402 CKM::RawBuffer buffer(data.data, data.data + data.size);
404 CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
406 CKM::ManagerShPtr mgr = CKM::Manager::create();
407 int ret = mgr->saveData(ckmAlias, buffer, storePolicy);
409 return to_ckmc_error(ret);
413 int ckmc_remove_data(const char *alias)
415 return ckmc_remove_alias(alias);
419 int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **data)
421 CKM::RawBuffer ckmBuff;
424 if(alias == NULL || data == NULL) {
425 return CKMC_ERROR_INVALID_PARAMETER;
428 CKM::ManagerShPtr mgr = CKM::Manager::create();
429 if( (ret = mgr->getData(alias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) {
430 return to_ckmc_error(ret);
433 unsigned char *rawBuff = reinterpret_cast<unsigned char*>(ckmBuff.data());
434 ret = ckmc_buffer_new(rawBuff, ckmBuff.size(), data);
440 int ckmc_get_data_alias_list(ckmc_alias_list_s** alias_list){
443 if(alias_list == NULL) {
444 return CKMC_ERROR_INVALID_PARAMETER;
449 CKM::AliasVector aliasVector;
450 CKM::ManagerShPtr mgr = CKM::Manager::create();
451 if( (ret = mgr->getDataAliasVector(aliasVector)) != CKM_API_SUCCESS) {
452 return to_ckmc_error(ret);
455 ckmc_alias_list_s *plist = NULL;
457 for (const auto it : aliasVector) {
458 char *alias = strndup(it.c_str(), it.size());
460 if (plist == NULL) { // first
461 ret = ckmc_alias_list_new(alias, &plist);
462 *alias_list = plist; // save the pointer of the first element
464 ret = ckmc_alias_list_add(plist, alias, &plist);
467 if (ret != CKMC_ERROR_NONE) {
469 ckmc_alias_list_all_free(*alias_list);
474 if(plist == NULL) { // if the alias_list size is zero
475 return CKMC_ERROR_DB_ALIAS_UNKNOWN;
478 return CKMC_ERROR_NONE;
482 int ckmc_create_key_pair_rsa(const size_t size,
483 const char *private_key_alias,
484 const char *public_key_alias,
485 const ckmc_policy_s policy_private_key,
486 const ckmc_policy_s policy_public_key)
489 CKM::ManagerShPtr mgr = CKM::Manager::create();
491 if(private_key_alias == NULL || public_key_alias == NULL) {
492 return CKMC_ERROR_INVALID_PARAMETER;
495 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
496 CKM::Alias ckmPublicKeyAlias(public_key_alias);
497 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable);
498 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable);
500 ret = mgr->createKeyPairRSA(static_cast<int>(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
501 return to_ckmc_error(ret);
505 int ckmc_create_key_pair_dsa(const size_t size,
506 const char *private_key_alias,
507 const char *public_key_alias,
508 const ckmc_policy_s policy_private_key,
509 const ckmc_policy_s policy_public_key)
512 CKM::ManagerShPtr mgr = CKM::Manager::create();
514 if(private_key_alias == NULL || public_key_alias == NULL) {
515 return CKMC_ERROR_INVALID_PARAMETER;
518 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
519 CKM::Alias ckmPublicKeyAlias(public_key_alias);
520 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable);
521 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable);
523 ret = mgr->createKeyPairDSA(static_cast<int>(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
524 return to_ckmc_error(ret);
528 int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type,
529 const char *private_key_alias,
530 const char *public_key_alias,
531 const ckmc_policy_s policy_private_key,
532 const ckmc_policy_s policy_public_key)
534 CKM::ManagerShPtr mgr = CKM::Manager::create();
536 if(private_key_alias == NULL || public_key_alias == NULL) {
537 return CKMC_ERROR_INVALID_PARAMETER;
540 CKM::ElipticCurve ckmType = static_cast<CKM::ElipticCurve>(static_cast<int>(type));
541 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
542 CKM::Alias ckmPublicKeyAlias(public_key_alias);
543 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable);
544 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable);
546 int ret = mgr->createKeyPairECDSA(ckmType, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
547 return to_ckmc_error(ret);
551 int ckmc_create_signature(const char *private_key_alias,
552 const char *password,
553 const ckmc_raw_buffer_s message,
554 const ckmc_hash_algo_e hash,
555 const ckmc_rsa_padding_algo_e padding,
556 ckmc_raw_buffer_s **signature)
559 CKM::ManagerShPtr mgr = CKM::Manager::create();
560 CKM::RawBuffer ckmSignature;
562 if(private_key_alias == NULL || signature == NULL) {
563 return CKMC_ERROR_INVALID_PARAMETER;
566 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
567 CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
568 CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
569 CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
571 if( (ret = mgr->createSignature(
577 ckmSignature)) != CKM_API_SUCCESS) {
578 return to_ckmc_error(ret);
581 unsigned char *rawBuff = reinterpret_cast<unsigned char*>(ckmSignature.data());
582 ret = ckmc_buffer_new( rawBuff, ckmSignature.size(), signature);
588 int ckmc_verify_signature(const char *public_key_alias,
589 const char *password,
590 const ckmc_raw_buffer_s message,
591 const ckmc_raw_buffer_s signature,
592 const ckmc_hash_algo_e hash,
593 const ckmc_rsa_padding_algo_e padding)
596 CKM::ManagerShPtr mgr = CKM::Manager::create();
598 if(public_key_alias == NULL) {
599 return CKMC_ERROR_INVALID_PARAMETER;
602 CKM::Alias ckmPublicKeyAlias(public_key_alias);
603 CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
604 CKM::RawBuffer ckmSignature(signature.data, signature.data + signature.size);
605 CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
606 CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
608 if( (ret = mgr->verifySignature(
614 ckmPadding)) != CKM_API_SUCCESS) {
615 return to_ckmc_error(ret);
618 return CKMC_ERROR_NONE;
622 int ckmc_get_cert_chain(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list)
625 CKM::ManagerShPtr mgr = CKM::Manager::create();
626 CKM::CertificateShPtrVector ckmCertChain;
628 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) {
629 return CKMC_ERROR_INVALID_PARAMETER;
632 CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert);
634 CKM::CertificateShPtrVector ckmUntrustedCerts;
635 if(untrustedcerts != NULL) {
636 ckmc_cert_list_s *current = NULL;
637 ckmc_cert_list_s *next = const_cast<ckmc_cert_list_s *>(untrustedcerts);
640 next = current->next;
642 if(current->cert == NULL){
646 CKM::CertificateShPtr tmpCkmCert = _toCkmCertificate(current->cert);
647 ckmUntrustedCerts.push_back(tmpCkmCert);
648 }while(next != NULL);
651 ret = mgr->getCertificateChain(ckmCert, ckmUntrustedCerts, ckmCertChain);
652 if( ret != CKM_API_SUCCESS) {
653 return to_ckmc_error(ret);
656 *cert_chain_list = _toNewCkmCertList(ckmCertChain);
658 return CKMC_ERROR_NONE;
662 int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list)
665 CKM::ManagerShPtr mgr = CKM::Manager::create();
666 CKM::CertificateShPtrVector ckmCertChain;
669 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) {
670 return CKMC_ERROR_INVALID_PARAMETER;
673 CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert);
674 if(ckmCert.get() == NULL) {
675 return CKMC_ERROR_INVALID_FORMAT;
678 CKM::AliasVector ckmUntrustedAliases;
679 if(untrustedcerts != NULL) {
680 ckmc_alias_list_s *current = NULL;
681 ckmc_alias_list_s *next = const_cast<ckmc_alias_list_s *>(untrustedcerts);
684 next = current->next;
686 if(current->alias == NULL){
687 return CKMC_ERROR_INVALID_PARAMETER;
689 CKM::Alias ckmAlias(current->alias);
690 ckmUntrustedAliases.push_back(ckmAlias);
691 }while(next != NULL);
694 if( (ret = mgr->getCertificateChain(ckmCert, ckmUntrustedAliases, ckmCertChain)) != CKM_API_SUCCESS) {
695 return to_ckmc_error(ret);
698 *cert_chain_list = _toNewCkmCertList(ckmCertChain);
700 return CKMC_ERROR_NONE;
704 int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted)
706 return ckmc_set_permission(alias, accessor, static_cast<int>(granted));
710 int ckmc_set_permission(const char *alias, const char *accessor, int permissions)
712 if (!alias || !accessor)
713 return CKMC_ERROR_INVALID_PARAMETER;
715 CKM::ManagerShPtr mgr = CKM::Manager::create();
716 return to_ckmc_error(mgr->setPermission(alias, accessor, permissions));
720 int ckmc_deny_access(const char *alias, const char *accessor)
722 if (!alias || !accessor)
723 return CKMC_ERROR_INVALID_PARAMETER;
725 CKM::ManagerShPtr mgr = CKM::Manager::create();
726 return to_ckmc_error(mgr->setPermission(alias, accessor, CKM::Permission::NONE));
730 int ckmc_remove_alias(const char *alias)
733 return CKMC_ERROR_INVALID_PARAMETER;
735 CKM::ManagerShPtr mgr = CKM::Manager::create();
736 int ret = mgr->removeAlias(alias);
737 return to_ckmc_error(ret);