2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file ckmc-control.h
18 * @author Yuseok Jeon(yuseok.jeon@samsung.com)
20 * @brief provides conversion methods to C from C++ for key-manager control functions.
23 #include <ckm/ckm-type.h>
24 #include <ckm/ckm-manager.h>
25 #include <ckmc/ckmc-type.h>
26 #include <ckmc/ckmc-manager.h>
27 #include <ckmc/ckmc-error.h>
28 #include <ckmc-type-converter.h>
32 CKM::Password _tostring(const char *str)
35 return CKM::Password();
36 return CKM::Password(str);
39 CKM::CertificateShPtr _toCkmCertificate(const ckmc_cert_s *cert)
41 CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size);
42 CKM::DataFormat dataFormat = static_cast<CKM::DataFormat>(static_cast<int>(cert->data_format));
43 return CKM::Certificate::create(buffer, dataFormat);
46 ckmc_cert_list_s *_toNewCkmCertList(CKM::CertificateShPtrVector &certVector)
49 ckmc_cert_list_s *start = NULL;
50 ckmc_cert_list_s *plist = NULL;
51 CKM::CertificateShPtrVector::iterator it;
52 for(it = certVector.begin(); it != certVector.end(); it++) {
53 CKM::RawBuffer rawBuffer = (*it)->getDER();
54 unsigned char *rawCert = static_cast<unsigned char *>(malloc(rawBuffer.size()));
55 memcpy(rawCert, rawBuffer.data(), rawBuffer.size());
57 ret = ckmc_cert_new(rawCert, rawBuffer.size(), CKMC_FORM_DER, &pcert);
60 ckmc_cert_list_all_free(start);
64 ret = ckmc_cert_list_new(pcert, &plist);
65 start = plist; // save the pointer of the first element
67 ret = ckmc_cert_list_add(plist, pcert, &plist);
69 if(ret != CKMC_ERROR_NONE) {
70 ckmc_cert_list_all_free(start);
78 int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy)
80 CKM::ManagerShPtr mgr = CKM::Manager::create();
83 return CKMC_ERROR_INVALID_PARAMETER;
85 CKM::Alias ckmAlias(alias);
87 if(key.raw_key == NULL || key.key_size <= 0) {
88 return CKMC_ERROR_INVALID_PARAMETER;
90 CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size);
91 CKM::KeyShPtr ckmKey = CKM::Key::create(buffer, _tostring(key.password));
93 if(ckmKey.get() == NULL) {
94 return CKMC_ERROR_INVALID_FORMAT;
97 CKM::Policy storePolicy(_tostring(policy.password), policy.extractable, policy.restricted);
99 int ret = mgr->saveKey(ckmAlias, ckmKey, storePolicy);
100 return to_ckmc_error(ret);
105 int ckmc_remove_key(const char *alias)
107 CKM::ManagerShPtr mgr = CKM::Manager::create();
110 return CKMC_ERROR_INVALID_PARAMETER;
112 CKM::Alias ckmAlias(alias);
114 int ret = mgr->removeKey(ckmAlias);
115 return to_ckmc_error(ret);
119 int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **key)
122 CKM::KeyShPtr ckmKey;
124 if(alias == NULL || key == NULL) {
125 return CKMC_ERROR_INVALID_PARAMETER;
127 CKM::Alias ckmAlias(alias);
129 CKM::ManagerShPtr mgr = CKM::Manager::create();
130 if( (ret = mgr->getKey(ckmAlias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) {
131 return to_ckmc_error(ret);
134 unsigned char *rawKey = reinterpret_cast<unsigned char*>(ckmKey->getDER().data());
135 ckmc_key_type_e keyType = static_cast<ckmc_key_type_e>(static_cast<int>(ckmKey->getType()));
137 ret = ckmc_key_new( rawKey, ckmKey->getDER().size(), keyType, NULL, key);
139 return to_ckmc_error(ret);
143 int ckmc_get_key_alias_list(ckmc_alias_list_s** alias_list)
147 if (alias_list == NULL) {
148 return CKMC_ERROR_INVALID_PARAMETER;
151 CKM::AliasVector aliasVector;
152 CKM::ManagerShPtr mgr = CKM::Manager::create();
154 if ((ret = mgr->getKeyAliasVector(aliasVector)) != CKM_API_SUCCESS) {
155 return to_ckmc_error(ret);
158 ckmc_alias_list_s *plist = NULL;
160 for (auto it = aliasVector.begin(); it != aliasVector.end(); it++) {
161 char *alias = strndup(it->c_str(), it->size());
163 if (plist == NULL) { // first
164 ret = ckmc_alias_list_new(alias, &plist);
165 *alias_list = plist; // save the pointer of the first element
167 ret = ckmc_alias_list_add(plist, alias, &plist);
170 if (ret != CKMC_ERROR_NONE) {
172 ckmc_alias_list_all_free(*alias_list);
177 return CKMC_ERROR_NONE;
181 int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy)
184 return CKMC_ERROR_INVALID_PARAMETER;
186 CKM::Alias ckmAlias(alias);
188 if(cert.raw_cert == NULL || cert.cert_size <= 0) {
189 return CKMC_ERROR_INVALID_PARAMETER;
191 CKM::CertificateShPtr ckmCert = _toCkmCertificate(&cert);
192 if(ckmCert.get() == NULL) {
193 return CKMC_ERROR_INVALID_FORMAT;
196 CKM::Policy storePolicy(_tostring(policy.password), policy.extractable, policy.restricted);
198 CKM::ManagerShPtr mgr = CKM::Manager::create();
199 int ret = mgr->saveCertificate(ckmAlias, ckmCert, storePolicy);
201 return to_ckmc_error(ret);
205 int ckmc_remove_cert(const char *alias)
208 return CKMC_ERROR_INVALID_PARAMETER;
210 CKM::Alias ckmAlias(alias);
212 CKM::ManagerShPtr mgr = CKM::Manager::create();
213 int ret = mgr->removeCertificate(ckmAlias);
215 return to_ckmc_error(ret);
219 int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **cert)
221 CKM::CertificateShPtr ckmCert;
224 if(alias == NULL || cert == NULL) {
225 return CKMC_ERROR_INVALID_PARAMETER;
227 CKM::Alias ckmAlias(alias);
229 CKM::ManagerShPtr mgr = CKM::Manager::create();
230 if( (ret = mgr->getCertificate(ckmAlias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) {
231 return to_ckmc_error(ret);
234 unsigned char *rawCert = reinterpret_cast<unsigned char*>(ckmCert->getDER().data());
235 ret = ckmc_cert_new( rawCert, ckmCert->getDER().size(), CKMC_FORM_DER, cert);
241 int ckmc_get_cert_alias_list(ckmc_alias_list_s** alias_list) {
244 if (alias_list == NULL) {
245 return CKMC_ERROR_INVALID_PARAMETER;
250 CKM::AliasVector aliasVector;
251 CKM::ManagerShPtr mgr = CKM::Manager::create();
252 if ((ret = mgr->getCertificateAliasVector(aliasVector)) != CKM_API_SUCCESS) {
253 return to_ckmc_error(ret);
256 ckmc_alias_list_s *plist = NULL;
258 for (auto it = aliasVector.begin(); it != aliasVector.end(); it++) {
259 char *alias = strndup(it->c_str(), it->size());
261 if (plist == NULL) { // first
262 ret = ckmc_alias_list_new(alias, &plist);
263 *alias_list = plist; // save the pointer of the first element
265 ret = ckmc_alias_list_add(plist, alias, &plist);
268 if (ret != CKMC_ERROR_NONE) {
270 ckmc_alias_list_all_free(*alias_list);
275 return CKMC_ERROR_NONE;
279 int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy)
282 return CKMC_ERROR_INVALID_PARAMETER;
284 CKM::Alias ckmAlias(alias);
286 if(data.data == NULL || data.size <= 0) {
287 return CKMC_ERROR_INVALID_PARAMETER;
289 CKM::RawBuffer buffer(data.data, data.data + data.size);
291 CKM::Policy storePolicy(_tostring(policy.password), policy.extractable, policy.restricted);
293 CKM::ManagerShPtr mgr = CKM::Manager::create();
294 int ret = mgr->saveData(ckmAlias, buffer, storePolicy);
296 return to_ckmc_error(ret);
300 int ckmc_remove_data(const char *alias)
303 return CKMC_ERROR_INVALID_PARAMETER;
305 CKM::Alias ckmAlias(alias);
307 CKM::ManagerShPtr mgr = CKM::Manager::create();
308 int ret = mgr->removeData(ckmAlias);
309 return to_ckmc_error(ret);
313 int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **data)
315 CKM::RawBuffer ckmBuff;
318 if(alias == NULL || data == NULL) {
319 return CKMC_ERROR_INVALID_PARAMETER;
321 CKM::Alias ckmAlias(alias);
323 CKM::ManagerShPtr mgr = CKM::Manager::create();
324 if( (ret = mgr->getData(ckmAlias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) {
325 return to_ckmc_error(ret);
328 unsigned char *rawBuff = reinterpret_cast<unsigned char*>(ckmBuff.data());
329 ret = ckmc_buffer_new(rawBuff, ckmBuff.size(), data);
335 int ckmc_get_data_alias_list(ckmc_alias_list_s** alias_list){
338 if(alias_list == NULL) {
339 return CKMC_ERROR_INVALID_PARAMETER;
344 CKM::AliasVector aliasVector;
345 CKM::ManagerShPtr mgr = CKM::Manager::create();
346 if( (ret = mgr->getDataAliasVector(aliasVector)) != CKM_API_SUCCESS) {
347 return to_ckmc_error(ret);
350 ckmc_alias_list_s *plist = NULL;
352 for(auto it = aliasVector.begin(); it != aliasVector.end(); it++) {
353 char *alias = strndup(it->c_str(), it->size());
355 if (plist == NULL) { // first
356 ret = ckmc_alias_list_new(alias, &plist);
357 *alias_list = plist; // save the pointer of the first element
359 ret = ckmc_alias_list_add(plist, alias, &plist);
362 if (ret != CKMC_ERROR_NONE) {
364 ckmc_alias_list_all_free(*alias_list);
369 return CKMC_ERROR_NONE;
373 int ckmc_create_key_pair_rsa(const size_t size,
374 const char *private_key_alias,
375 const char *public_key_alias,
376 const ckmc_policy_s policy_private_key,
377 const ckmc_policy_s policy_public_key)
380 CKM::ManagerShPtr mgr = CKM::Manager::create();
382 if(private_key_alias == NULL || public_key_alias == NULL) {
383 return CKMC_ERROR_INVALID_PARAMETER;
386 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
387 CKM::Alias ckmPublicKeyAlias(public_key_alias);
388 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable, policy_private_key.restricted);
389 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable, policy_public_key.restricted);
391 ret = mgr->createKeyPairRSA(size, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
392 return to_ckmc_error(ret);
396 int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type,
397 const char *private_key_alias,
398 const char *public_key_alias,
399 const ckmc_policy_s policy_private_key,
400 const ckmc_policy_s policy_public_key)
402 CKM::ManagerShPtr mgr = CKM::Manager::create();
404 if(private_key_alias == NULL || public_key_alias == NULL) {
405 return CKMC_ERROR_INVALID_PARAMETER;
408 CKM::ElipticCurve ckmType = static_cast<CKM::ElipticCurve>(static_cast<int>(type));
409 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
410 CKM::Alias ckmPublicKeyAlias(public_key_alias);
411 CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable, policy_private_key.restricted);
412 CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable, policy_public_key.restricted);
414 int ret = mgr->createKeyPairECDSA(ckmType, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
415 return to_ckmc_error(ret);
419 int ckmc_create_signature(const char *private_key_alias,
420 const char *password,
421 const ckmc_raw_buffer_s message,
422 const ckmc_hash_algo_e hash,
423 const ckmc_rsa_padding_algo_e padding,
424 ckmc_raw_buffer_s **signature)
427 CKM::ManagerShPtr mgr = CKM::Manager::create();
428 CKM::RawBuffer ckmSignature;
430 if(private_key_alias == NULL || signature == NULL) {
431 return CKMC_ERROR_INVALID_PARAMETER;
434 CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
435 CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
436 CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
437 CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
439 if( (ret = mgr->createSignature(
445 ckmSignature)) != CKM_API_SUCCESS) {
446 return to_ckmc_error(ret);
449 unsigned char *rawBuff = reinterpret_cast<unsigned char*>(ckmSignature.data());
450 ret = ckmc_buffer_new( rawBuff, ckmSignature.size(), signature);
456 int ckmc_verify_signature(const char *public_key_alias,
457 const char *password,
458 const ckmc_raw_buffer_s message,
459 const ckmc_raw_buffer_s signature,
460 const ckmc_hash_algo_e hash,
461 const ckmc_rsa_padding_algo_e padding)
464 CKM::ManagerShPtr mgr = CKM::Manager::create();
466 if(public_key_alias == NULL) {
467 return CKMC_ERROR_INVALID_PARAMETER;
470 CKM::Alias ckmPublicKeyAlias(public_key_alias);
471 CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
472 CKM::RawBuffer ckmSignature(signature.data, signature.data + signature.size);
473 CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
474 CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
476 if( (ret = mgr->verifySignature(
482 ckmPadding)) != CKM_API_SUCCESS) {
483 return to_ckmc_error(ret);
486 return CKMC_ERROR_NONE;
490 int ckmc_get_cert_chain(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list)
493 CKM::ManagerShPtr mgr = CKM::Manager::create();
494 CKM::CertificateShPtrVector ckmCertChain;
496 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) {
497 return CKMC_ERROR_INVALID_PARAMETER;
500 CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert);
502 CKM::CertificateShPtrVector ckmUntrustedCerts;
503 if(untrustedcerts != NULL) {
504 ckmc_cert_list_s *current = NULL;
505 ckmc_cert_list_s *next = const_cast<ckmc_cert_list_s *>(untrustedcerts);
508 next = current->next;
510 if(current->cert == NULL){
514 CKM::CertificateShPtr tmpCkmCert = _toCkmCertificate(current->cert);
515 ckmUntrustedCerts.push_back(tmpCkmCert);
516 }while(next != NULL);
519 ret = mgr->getCertificateChain(ckmCert, ckmUntrustedCerts, ckmCertChain);
520 if( ret != CKM_API_SUCCESS) {
521 return to_ckmc_error(ret);
524 *cert_chain_list = _toNewCkmCertList(ckmCertChain);
526 return CKMC_ERROR_NONE;
530 int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list)
533 CKM::ManagerShPtr mgr = CKM::Manager::create();
534 CKM::CertificateShPtrVector ckmCertChain;
537 if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) {
538 return CKMC_ERROR_INVALID_PARAMETER;
541 CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert);
542 if(ckmCert.get() == NULL) {
543 return CKMC_ERROR_INVALID_FORMAT;
546 CKM::AliasVector ckmUntrustedAliases;
547 if(untrustedcerts != NULL) {
548 ckmc_alias_list_s *current = NULL;
549 ckmc_alias_list_s *next = const_cast<ckmc_alias_list_s *>(untrustedcerts);
552 next = current->next;
554 if(current->alias == NULL){
555 return CKMC_ERROR_INVALID_PARAMETER;
557 CKM::Alias ckmAlias(current->alias);
558 ckmUntrustedAliases.push_back(ckmAlias);
559 }while(next != NULL);
562 if( (ret = mgr->getCertificateChain(ckmCert, ckmUntrustedAliases, ckmCertChain)) != CKM_API_SUCCESS) {
563 return to_ckmc_error(ret);
566 *cert_chain_list = _toNewCkmCertList(ckmCertChain);
568 return CKMC_ERROR_NONE;