2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file ckmc-control.h
18 * @author Yuseok Jeon(yuseok.jeon@samsung.com)
20 * @brief provides conversion methods to C from C++ for key-manager control functions.
23 #include <ckm/ckm-type.h>
24 #include <ckm/ckm-manager.h>
25 #include <ckmc/ckmc-type.h>
26 #include <ckmc/ckmc-manager.h>
27 #include <ckmc/ckmc-error.h>
31 bool _toBool(ckmc_bool ckmBool)
33 if(ckmBool == CKMC_TRUE) {
39 std::string _tostring(const char *str)
43 return std::string(str);
46 CKM::Certificate _toCkmCertificate(const ckmc_cert *cert)
48 CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size);
49 CKM::DataFormat dataFormat = static_cast<CKM::DataFormat>(static_cast<int>(cert->data_format));
50 CKM::Certificate ckmCert(buffer, dataFormat);
54 ckmc_cert_list *_toNewCkmCertList(CKM::CertificateVector &certVector)
56 ckmc_cert_list *start = NULL;
57 ckmc_cert_list *plist = NULL;
58 CKM::CertificateVector::iterator it;
59 for(it = certVector.begin(); it != certVector.end(); it++) {
60 CKM::RawBuffer rawBuffer = it->getDER();
61 unsigned char *rawCert = (unsigned char *) malloc(rawBuffer.size());
62 memcpy(rawCert, rawBuffer.data(), rawBuffer.size());
63 ckmc_cert *pcert = ckmc_cert_new( rawCert, rawBuffer.size(), CKMC_FORM_DER);
68 plist = ckmc_cert_list_new(pcert);
69 start = plist; // save the pointer of the first element
71 plist = ckmc_cert_list_add(plist, pcert);
78 int ckmc_save_key(const char *alias, const ckmc_key key, const ckmc_policy policy)
83 return CKMC_API_ERROR_INPUT_PARAM;
85 CKM::Alias ckmAlias(alias);
87 if(key.raw_key == NULL || key.key_size <= 0) {
88 return CKMC_API_ERROR_INPUT_PARAM;
90 CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size);
91 CKM::Key ckmKey(buffer, _tostring(key.password));
93 if(ckmKey.getDER().size() <= 0) {
94 return CKMC_API_ERROR_INVALID_FORMAT;
97 CKM::Policy storePolicy(_tostring(policy.password), _toBool(policy.extractable), _toBool(policy.restricted));
99 return mgr.saveKey(ckmAlias, ckmKey, storePolicy);
104 int ckmc_remove_key(const char *alias)
109 return CKMC_API_ERROR_INPUT_PARAM;
111 CKM::Alias ckmAlias(alias);
113 return mgr.removeKey(ckmAlias);
117 int ckmc_get_key(const char *alias, const char *password, ckmc_key **key)
122 if(alias == NULL || key == NULL) {
123 return CKMC_API_ERROR_INPUT_PARAM;
125 CKM::Alias ckmAlias(alias);
128 if( (ret = mgr.getKey(ckmAlias, _tostring(password), ckmKey)) != CKMC_API_SUCCESS) {
132 unsigned char *rawKey = reinterpret_cast<unsigned char*>(ckmKey.getDER().data());
133 ckmc_key_type keyType = static_cast<ckmc_key_type>(static_cast<int>(ckmKey.getType()));
134 *key = ckmc_key_new( rawKey, ckmKey.getDER().size(), keyType, NULL);
136 return CKMC_API_ERROR_OUT_OF_MEMORY;
138 return CKMC_API_SUCCESS;
143 int ckmc_get_key_alias_list(ckmc_alias_list** alias_list)
148 if(alias_list == NULL) {
149 return CKMC_API_ERROR_INPUT_PARAM;
152 CKM::AliasVector aliasVector;
154 if( (ret = mgr.getKeyAliasVector(aliasVector)) != CKMC_API_SUCCESS) {
158 ckmc_alias_list *plist = NULL;
159 CKM::AliasVector::iterator it;
160 for(it = aliasVector.begin(); it != aliasVector.end(); it++) {
161 char *alias = (char *)malloc(it->size() + 1);
162 memset(alias, 0, it->size() +1 );
163 memcpy(alias, it->c_str(), it->size());
164 if(plist == NULL) { // first
165 plist = ckmc_alias_list_new(alias);
166 *alias_list = plist; // save the pointer of the first element
168 plist = ckmc_alias_list_add(plist, alias);
172 return CKMC_API_SUCCESS;
176 int ckmc_save_cert(const char *alias, const ckmc_cert cert, const ckmc_policy policy)
179 return CKMC_API_ERROR_INPUT_PARAM;
181 CKM::Alias ckmAlias(alias);
183 if(cert.raw_cert == NULL || cert.cert_size <= 0) {
184 return CKMC_API_ERROR_INPUT_PARAM;
186 CKM::Certificate ckmCert = _toCkmCertificate(&cert);
187 if(ckmCert.getDER().size() <= 0) {
188 return CKMC_API_ERROR_INVALID_FORMAT;
191 CKM::Policy storePolicy(_tostring(policy.password), _toBool(policy.extractable), _toBool(policy.restricted));
194 return mgr.saveCertificate(ckmAlias, ckmCert, storePolicy);
198 int ckmc_remove_cert(const char *alias)
201 return CKMC_API_ERROR_INPUT_PARAM;
203 CKM::Alias ckmAlias(alias);
206 return mgr.removeCertificate(ckmAlias);
210 int ckmc_get_cert(const char *alias, const char *password, ckmc_cert **cert)
212 CKM::Certificate ckmCert;
215 if(alias == NULL || cert == NULL) {
216 return CKMC_API_ERROR_INPUT_PARAM;
218 CKM::Alias ckmAlias(alias);
221 if( (ret = mgr.getCertificate(ckmAlias, _tostring(password), ckmCert)) != CKMC_API_SUCCESS) {
225 unsigned char *rawCert = reinterpret_cast<unsigned char*>(ckmCert.getDER().data());
226 *cert = ckmc_cert_new( rawCert, ckmCert.getDER().size(), CKMC_FORM_DER);
228 return CKMC_API_ERROR_OUT_OF_MEMORY;
230 return CKMC_API_SUCCESS;
235 int ckmc_get_cert_alias_list(ckmc_alias_list** alias_list) {
239 if(alias_list == NULL) {
240 return CKMC_API_ERROR_INPUT_PARAM;
243 CKM::AliasVector aliasVector;
245 if( (ret = mgr.getCertificateAliasVector(aliasVector)) != CKMC_API_SUCCESS) {
249 ckmc_alias_list *plist = NULL;
250 CKM::AliasVector::iterator it;
251 for(it = aliasVector.begin(); it != aliasVector.end(); it++) {
252 char *alias = (char *)malloc(it->size() + 1);
253 memset(alias, 0, it->size() +1 );
254 memcpy(alias, it->c_str(), it->size());
255 if(plist == NULL) { // first
256 plist = ckmc_alias_list_new(alias);
257 *alias_list = plist; // save the pointer of the first element
259 plist = ckmc_alias_list_add(plist, alias);
263 return CKMC_API_SUCCESS;
267 int ckmc_save_data(const char *alias, ckmc_raw_buffer data, const ckmc_policy policy)
270 return CKMC_API_ERROR_INPUT_PARAM;
272 CKM::Alias ckmAlias(alias);
274 if(data.data == NULL || data.size <= 0) {
275 return CKMC_API_ERROR_INPUT_PARAM;
277 CKM::RawBuffer buffer(data.data, data.data + data.size);
279 CKM::Policy storePolicy(_tostring(policy.password), _toBool(policy.extractable), _toBool(policy.restricted));
282 return mgr.saveData(ckmAlias, buffer, storePolicy);
286 int ckmc_remove_data(const char *alias)
289 return CKMC_API_ERROR_INPUT_PARAM;
291 CKM::Alias ckmAlias(alias);
294 return mgr.removeData(ckmAlias);
298 int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer **data)
300 CKM::RawBuffer ckmBuff;
303 if(alias == NULL || data == NULL) {
304 return CKMC_API_ERROR_INPUT_PARAM;
306 CKM::Alias ckmAlias(alias);
309 if( (ret = mgr.getData(ckmAlias, _tostring(password), ckmBuff)) != CKMC_API_SUCCESS) {
313 unsigned char *rawBuff = reinterpret_cast<unsigned char*>(ckmBuff.data());
314 *data = ckmc_buffer_new( rawBuff, ckmBuff.size());
316 return CKMC_API_ERROR_OUT_OF_MEMORY;
318 return CKMC_API_SUCCESS;
323 int ckmc_get_data_alias_list(ckmc_alias_list** alias_list){
327 if(alias_list == NULL) {
328 return CKMC_API_ERROR_INPUT_PARAM;
331 CKM::AliasVector aliasVector;
333 if( (ret = mgr.getDataAliasVector(aliasVector)) != CKMC_API_SUCCESS) {
337 ckmc_alias_list *plist = NULL;
338 CKM::AliasVector::iterator it;
339 for(it = aliasVector.begin(); it != aliasVector.end(); it++) {
340 char *alias = (char *)malloc(it->size() + 1);
341 memset(alias, 0, it->size() +1 );
342 memcpy(alias, it->c_str(), it->size());
343 if(plist == NULL) { // first
344 plist = ckmc_alias_list_new(alias);
345 *alias_list = plist; // save the pointer of the first element
347 plist = ckmc_alias_list_add(plist, alias);
351 return CKMC_API_SUCCESS;
355 int ckmc_create_key_pair_rsa(const size_t size,
356 const char *private_key_alias,
357 const char *public_key_alias,
358 const ckmc_policy policy_private_key,
359 const ckmc_policy policy_public_key)
364 if(private_key_alias == NULL || public_key_alias == NULL) {
365 return CKMC_API_ERROR_INPUT_PARAM;
368 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
369 CKM::Alias ckmPublicKeyAlias(public_key_alias);
370 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), _toBool(policy_private_key.extractable), _toBool(policy_private_key.restricted));
371 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), _toBool(policy_public_key.extractable), _toBool(policy_public_key.restricted));
373 if( (ret = mgr.createKeyPairRSA(size, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy))
374 != CKMC_API_SUCCESS) {
378 return CKMC_API_SUCCESS;
382 int ckmc_create_key_pair_ecdsa(const ckmc_ec_type type,
383 const char *private_key_alias,
384 const char *public_key_alias,
385 const ckmc_policy policy_private_key,
386 const ckmc_policy policy_public_key)
391 if(private_key_alias == NULL || public_key_alias == NULL) {
392 return CKMC_API_ERROR_INPUT_PARAM;
395 CKM::ElipticCurve ckmType = static_cast<CKM::ElipticCurve>(static_cast<int>(type));
396 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
397 CKM::Alias ckmPublicKeyAlias(public_key_alias);
398 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), _toBool(policy_private_key.extractable), _toBool(policy_private_key.restricted));
399 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), _toBool(policy_public_key.extractable), _toBool(policy_public_key.restricted));
401 if( (ret - mgr.createKeyPairECDSA(ckmType, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy))
402 != CKMC_API_SUCCESS) {
406 return CKMC_API_SUCCESS;
410 int ckmc_create_signature(const char *private_key_alias,
411 const char *password,
412 const ckmc_raw_buffer message,
413 const ckmc_hash_algo hash,
414 const ckmc_rsa_padding_algo padding,
415 ckmc_raw_buffer **signature)
419 CKM::RawBuffer ckmSignature;
421 if(private_key_alias == NULL || signature == NULL) {
422 return CKMC_API_ERROR_INPUT_PARAM;
425 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
426 CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
427 CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
428 CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
430 if( (ret = mgr.createSignature(
436 ckmSignature)) != CKMC_API_SUCCESS) {
440 unsigned char *rawBuff = reinterpret_cast<unsigned char*>(ckmSignature.data());
441 *signature = ckmc_buffer_new( rawBuff, ckmSignature.size());
442 if(*signature == NULL) {
443 return CKMC_API_ERROR_OUT_OF_MEMORY;
445 return CKMC_API_SUCCESS;
448 return CKMC_API_SUCCESS;
452 int ckmc_verify_signature(const char *public_key_alias,
453 const char *password,
454 const ckmc_raw_buffer message,
455 const ckmc_raw_buffer signature,
456 const ckmc_hash_algo hash,
457 const ckmc_rsa_padding_algo padding)
462 if(public_key_alias == NULL) {
463 return CKMC_API_ERROR_INPUT_PARAM;
466 CKM::Alias ckmPublicKeyAlias(public_key_alias);
467 CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
468 CKM::RawBuffer ckmSignature(signature.data, signature.data + signature.size);
469 CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
470 CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
472 if( (ret = mgr.verifySignature(
478 ckmPadding)) != CKMC_API_SUCCESS) {
482 return CKMC_API_SUCCESS;
486 int ckmc_get_cert_chain(const ckmc_cert *cert, const ckmc_cert_list *untrustedcerts, ckmc_cert_list **cert_chain_list)
490 CKM::CertificateVector ckmCertChain;
492 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) {
493 return CKMC_API_ERROR_INPUT_PARAM;
496 CKM::Certificate ckmCert = _toCkmCertificate(cert);
498 CKM::CertificateVector ckmUntrustedCerts;
499 if(untrustedcerts != NULL) {
500 ckmc_cert_list *current = NULL;
501 ckmc_cert_list *next = const_cast<ckmc_cert_list *>(untrustedcerts);
504 next = current->next;
506 if(current->cert == NULL){
510 CKM::Certificate tmpCkmCert = _toCkmCertificate(current->cert);
511 ckmUntrustedCerts.push_back(tmpCkmCert);
512 }while(next != NULL);
515 ret = mgr.getCertificateChain(ckmCert, ckmUntrustedCerts, ckmCertChain);
516 if( ret != CKMC_API_SUCCESS) {
520 *cert_chain_list = _toNewCkmCertList(ckmCertChain);
522 return CKMC_API_SUCCESS;
526 int ckmc_get_cert_chain_with_alias(const ckmc_cert *cert, const ckmc_alias_list *untrustedcerts, ckmc_cert_list **cert_chain_list)
530 CKM::CertificateVector ckmCertChain;
533 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) {
534 return CKMC_API_ERROR_INPUT_PARAM;
536 CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size);
537 CKM::DataFormat dataFormat = static_cast<CKM::DataFormat>(static_cast<int>(cert->data_format));
538 CKM::Certificate ckmCert(buffer, dataFormat);
540 CKM::AliasVector ckmUntrustedAliases;
541 if(untrustedcerts != NULL) {
542 ckmc_alias_list *current = NULL;
543 ckmc_alias_list *next = const_cast<ckmc_alias_list *>(untrustedcerts);
546 next = current->next;
548 if(current->alias == NULL){
549 return CKMC_API_ERROR_INPUT_PARAM;
551 CKM::Alias ckmAlias(current->alias);
552 ckmUntrustedAliases.push_back(ckmAlias);
553 }while(next != NULL);
556 if( (ret = mgr.getCertificateChain(ckmCert, ckmUntrustedAliases, ckmCertChain)) != CKMC_API_SUCCESS) {
560 *cert_chain_list = _toNewCkmCertList(ckmCertChain);
562 return CKMC_API_SUCCESS;