projects / platform / core / security / key-manager.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Added DSA keys support.
[platform/core/security/key-manager.git] / src / manager / client-capi / ckmc-type.cpp
1 /*
2  *  Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
3  *
4  *  Licensed under the Apache License, Version 2.0 (the "License");
5  *  you may not use this file except in compliance with the License.
6  *  You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  *  Unless required by applicable law or agreed to in writing, software
11  *  distributed under the License is distributed on an "AS IS" BASIS,
12  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  *  See the License for the specific language governing permissions and
14  *  limitations under the License
15  *
16  *
17  * @file        ckmc-type.h
18  * @author      Yuseok Jeon(yuseok.jeon@samsung.com)
19  * @version     1.0
20  * @brief       new and free methods for the struct of CAPI
21  */
22
23
24 #include <string.h>
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <ckm/ckm-type.h>
28 #include <ckmc/ckmc-type.h>
29 #include <ckmc/ckmc-error.h>
30 #include <ckmc-type-converter.h>
31 #include <openssl/x509v3.h>
32 #include <openssl/pkcs12.h>
33 #include <openssl/evp.h>
34 #include <openssl/pem.h>
35
36 int _ckmc_load_cert_from_x509(X509 *xCert, ckmc_cert_s **cert);
37
38 KEY_MANAGER_CAPI
39 int ckmc_key_new(unsigned char *raw_key, size_t key_size, ckmc_key_type_e key_type, char *password, ckmc_key_s **ppkey)
40 {
41     ckmc_key_s *pkey;
42
43     if(raw_key == NULL || key_size <= 0 || ppkey == NULL) {
44         return CKMC_ERROR_INVALID_PARAMETER;
45     }
46
47     pkey = static_cast<ckmc_key_s*>(malloc(sizeof(ckmc_key_s)));
48     if(pkey == NULL) {
49         return CKMC_ERROR_OUT_OF_MEMORY;
50     }
51     pkey->raw_key = reinterpret_cast<unsigned char*>(malloc(key_size));
52     if(pkey->raw_key == NULL) {
53         free(pkey);
54         return CKMC_ERROR_OUT_OF_MEMORY;
55     }
56     memcpy(pkey->raw_key, raw_key, key_size);
57
58     pkey->key_size = key_size;
59     pkey->key_type = key_type;
60
61     if(password != NULL) {
62         pkey->password = reinterpret_cast<char*>(malloc(strlen(password) +1));
63         if(pkey->password == NULL) {
64             free(pkey->raw_key);
65             free(pkey);
66             return CKMC_ERROR_OUT_OF_MEMORY;
67         }
68         memset(pkey->password, 0, strlen(password) +1);
69         strncpy(pkey->password, password, strlen(password));
70     }else {
71         pkey->password = NULL;
72     }
73
74     *ppkey = pkey;
75
76     return CKMC_ERROR_NONE;
77 }
78
79 KEY_MANAGER_CAPI
80 void ckmc_key_free(ckmc_key_s *key)
81 {
82     if(key == NULL)
83         return;
84
85     if(key->password != NULL)
86         free(key->password);
87     if(key->raw_key != NULL) {
88         memset(key->raw_key, 0, key->key_size);
89         free(key->raw_key);
90     }
91
92     free(key);
93 }
94
95 KEY_MANAGER_CAPI
96 int ckmc_buffer_new(unsigned char *data, size_t size,ckmc_raw_buffer_s **ppbuffer)
97 {
98     ckmc_raw_buffer_s *pbuff;
99
100     if(data == NULL || size <= 0 || ppbuffer == NULL) {
101         return CKMC_ERROR_INVALID_PARAMETER;
102     }
103
104     pbuff = static_cast<ckmc_raw_buffer_s*>(malloc(sizeof(ckmc_raw_buffer_s)));
105     if(pbuff == NULL)
106             return CKMC_ERROR_OUT_OF_MEMORY;
107
108     pbuff->data = reinterpret_cast<unsigned char*>(malloc(size));
109     if(pbuff->data == NULL) {
110         free(pbuff);
111         return CKMC_ERROR_OUT_OF_MEMORY;
112     }
113     memcpy(pbuff->data, data, size);
114
115     pbuff->size = size;
116     *ppbuffer = pbuff;
117
118     return CKMC_ERROR_NONE;
119 }
120
121 KEY_MANAGER_CAPI
122 void ckmc_buffer_free(ckmc_raw_buffer_s *buffer)
123 {
124     if(buffer == NULL)
125         return;
126
127     if(buffer->data != NULL) {
128         memset(buffer->data, 0, buffer->size);
129         free(buffer->data);
130     }
131     free(buffer);
132 }
133
134 KEY_MANAGER_CAPI
135 int ckmc_cert_new(unsigned char *raw_cert, size_t cert_size, ckmc_data_format_e data_format, ckmc_cert_s **ppcert)
136 {
137     ckmc_cert_s *pcert;
138
139     if(raw_cert == NULL || cert_size <= 0 || ppcert == NULL) {
140         return CKMC_ERROR_INVALID_PARAMETER;
141     }
142
143     pcert = static_cast<ckmc_cert_s*>(malloc(sizeof(ckmc_cert_s)));
144     if(pcert == NULL) {
145         return CKMC_ERROR_OUT_OF_MEMORY;
146     }
147     pcert->raw_cert = reinterpret_cast<unsigned char*>(malloc(cert_size));
148     if(pcert->raw_cert == NULL) {
149         free(pcert);
150         return CKMC_ERROR_OUT_OF_MEMORY;
151     }
152     memcpy(pcert->raw_cert, raw_cert, cert_size);
153
154     pcert->cert_size = cert_size;
155     pcert->data_format = data_format;
156
157     *ppcert = pcert;
158     return CKMC_ERROR_NONE;
159 }
160
161 KEY_MANAGER_CAPI
162 int ckmc_load_cert_from_file(const char *file_path, ckmc_cert_s **cert)
163 {
164     OpenSSL_add_all_algorithms();
165
166     FILE *fp = fopen(file_path, "r");
167     if(fp == NULL)
168         return CKMC_ERROR_FILE_ACCESS_DENIED;
169     X509 *pcert = NULL;
170     if(!(pcert = d2i_X509_fp(fp, NULL))) {
171         fseek(fp, 0, SEEK_SET);
172         pcert = PEM_read_X509(fp, NULL, NULL, NULL);
173     }
174     fclose(fp);
175     if(pcert == NULL) {
176         return CKMC_ERROR_INVALID_FORMAT;
177     }
178
179     int ret = _ckmc_load_cert_from_x509(pcert, cert);
180     if(ret != CKMC_ERROR_NONE) {
181         X509_free(pcert);
182     }
183     return ret;
184 }
185
186 KEY_MANAGER_CAPI
187 int ckmc_load_from_pkcs12_file(const char *file_path, const char *passphrase, ckmc_key_s **private_key, ckmc_cert_s **ckmcert, ckmc_cert_list_s **ca_cert_list)
188 {
189     class Pkcs12Converter {
190     private:
191         FILE* fp_in;
192         PKCS12* p12;
193         EVP_PKEY* pkey;
194         X509* x509Cert;
195         STACK_OF(X509)* ca;
196
197         int ret;
198     public:
199         ckmc_key_s *retPrivateKey;
200         ckmc_cert_s *retCkmCert;
201         ckmc_cert_list_s *retCaCertList;
202
203         Pkcs12Converter(){
204             fp_in = NULL;
205             p12 = NULL;
206             pkey = NULL;
207             x509Cert = NULL;
208             ca = NULL;
209             ret = CKMC_ERROR_NONE;
210             retPrivateKey = NULL;
211             retCkmCert = NULL;
212             retCaCertList = NULL;
213         };
214         ~Pkcs12Converter(){
215             if(fp_in != NULL)
216                 fclose(fp_in);
217             if(p12 != NULL)
218                 PKCS12_free(p12);
219             if(x509Cert != NULL)
220                 X509_free(x509Cert);
221             if(pkey != NULL)
222                 EVP_PKEY_free(pkey);
223             if(ca != NULL)
224                 sk_X509_pop_free(ca, X509_free);
225
226             if(ret != CKMC_ERROR_NONE) {
227                 if(retPrivateKey != NULL){
228                     ckmc_key_free(retPrivateKey);
229                     retPrivateKey = NULL;
230                 }
231                 if(retCkmCert != NULL) {
232                     ckmc_cert_free(retCkmCert);
233                     retCkmCert = NULL;
234                 }
235                 if(retCaCertList != NULL) {
236                     ckmc_cert_list_all_free(retCaCertList);
237                     retCaCertList = NULL;
238                 }
239             }
240         };
241
242         int parsePkcs12(const char *filePath, const char *pass) {
243             fp_in = NULL;
244             if(!(fp_in = fopen(filePath, "rb"))) {
245                 return CKMC_ERROR_FILE_ACCESS_DENIED;
246             }
247
248             if(!(p12 = d2i_PKCS12_fp(fp_in, NULL))) {
249                 return CKMC_ERROR_INVALID_FORMAT;
250             }
251
252             /* parse PKCS#12 certificate */
253             if((ret = PKCS12_parse(p12, pass, &pkey, &x509Cert, &ca)) != 1) {
254                 return CKMC_ERROR_INVALID_FORMAT;
255             }
256             return CKMC_ERROR_NONE;
257         }
258
259         int toCkmCert() {
260             if( (ret =_ckmc_load_cert_from_x509(x509Cert,&retCkmCert)) != CKMC_ERROR_NONE) {
261                 return ret;
262             }
263             return CKMC_ERROR_NONE;
264         }
265
266         int toCkmKey() {
267             BIO *bkey = BIO_new(BIO_s_mem());
268
269             i2d_PrivateKey_bio(bkey, pkey);
270
271             CKM::RawBuffer output(8196);
272             int size = BIO_read(bkey, output.data(), output.size());
273             BIO_free_all(bkey);
274             if (size <= 0) {
275                 return CKMC_ERROR_INVALID_FORMAT;
276             }
277             output.resize(size);
278
279             int type = EVP_PKEY_type(pkey->type);
280             ckmc_key_type_e key_type = CKMC_KEY_NONE;
281             switch(type) {
282             case EVP_PKEY_RSA :
283                 key_type = CKMC_KEY_RSA_PRIVATE;
284                 break;
285             case EVP_PKEY_DSA :
286                 key_type = CKMC_KEY_DSA_PRIVATE;
287                 break;
288             case EVP_PKEY_EC :
289                 key_type = CKMC_KEY_ECDSA_PRIVATE;
290                 break;
291             }
292             if(key_type == CKMC_KEY_NONE) {
293                 return CKMC_ERROR_INVALID_FORMAT;
294             }
295
296             char *nullPassword = NULL;
297
298             return ckmc_key_new(output.data(), size, key_type, nullPassword, &retPrivateKey);
299         }
300
301         int toCaCkmCertList() {
302             int tmpRet;
303             X509* popedCert = NULL;
304             ckmc_cert_s *popedCkmCert = NULL;
305             ckmc_cert_list_s *tmpCertList = NULL;
306             while((popedCert = sk_X509_pop(ca)) != NULL) {
307                 if( (tmpRet =_ckmc_load_cert_from_x509(popedCert, &popedCkmCert)) != CKMC_ERROR_NONE) {
308                     return CKMC_ERROR_OUT_OF_MEMORY;
309                 }
310                 if(tmpCertList == NULL) { // first
311                     tmpRet = ckmc_cert_list_new(popedCkmCert, &tmpCertList);
312                     retCaCertList = tmpCertList;
313                 }else {
314                     tmpRet = ckmc_cert_list_add(tmpCertList, popedCkmCert, &tmpCertList);
315                 }
316                 if(tmpRet != CKMC_ERROR_NONE) {
317                     ckmc_cert_list_all_free(retCaCertList);
318                     retCaCertList = NULL;
319                     return tmpRet;
320                 }
321             }
322             return CKMC_ERROR_NONE;
323         }
324
325     };
326
327     OpenSSL_add_all_algorithms();
328
329     int ret = CKMC_ERROR_NONE;
330
331     Pkcs12Converter converter;
332     if((ret = converter.parsePkcs12(file_path, passphrase)) != CKMC_ERROR_NONE) {
333         return ret;
334     }
335     if((ret = converter.toCkmCert()) != CKMC_ERROR_NONE) {
336         return ret;
337     }
338     if((ret = converter.toCkmKey()) != CKMC_ERROR_NONE) {
339         return ret;
340     }
341     if((ret = converter.toCaCkmCertList()) != CKMC_ERROR_NONE) {
342         return ret;
343     }
344
345     *private_key = converter.retPrivateKey;
346     *ckmcert = converter.retCkmCert;
347     *ca_cert_list = converter.retCaCertList;
348
349     return CKMC_ERROR_NONE;
350 }
351
352 KEY_MANAGER_CAPI
353 void ckmc_cert_free(ckmc_cert_s *cert)
354 {
355     if(cert == NULL)
356         return;
357
358     if(cert->raw_cert != NULL) {
359         memset(cert->raw_cert, 0, cert->cert_size);
360         free(cert->raw_cert);
361     }
362     free(cert);
363 }
364
365 KEY_MANAGER_CAPI
366 int ckmc_alias_list_new(char *alias, ckmc_alias_list_s **ppalias_list)
367 {
368     ckmc_alias_list_s *previous = NULL;
369     return ckmc_alias_list_add(previous, alias, ppalias_list);
370 }
371
372 KEY_MANAGER_CAPI
373 int ckmc_alias_list_add(ckmc_alias_list_s *previous, char *alias, ckmc_alias_list_s **pplast)
374 {
375     ckmc_alias_list_s *plist;
376
377     if(alias == NULL || pplast == NULL) {
378         return CKMC_ERROR_INVALID_PARAMETER;
379     }
380
381     plist = static_cast<ckmc_alias_list_s*>(malloc(sizeof(ckmc_alias_list_s)));
382     if(plist == NULL) {
383         return CKMC_ERROR_OUT_OF_MEMORY;
384     }
385
386     plist->alias = alias;
387     plist->next = NULL;
388
389     if(previous != NULL) {
390         previous->next = plist;
391     }
392     *pplast = plist;
393
394     return CKMC_ERROR_NONE;
395 }
396
397 KEY_MANAGER_CAPI
398 void ckmc_alias_list_free(ckmc_alias_list_s *first)
399 {
400     ckmc_alias_list_s *next = first;
401     while (next) {
402         ckmc_alias_list_s *current = next;
403         next = current->next;
404         free(current);
405     }
406 }
407
408 KEY_MANAGER_CAPI
409 void ckmc_alias_list_all_free(ckmc_alias_list_s *first)
410 {
411     ckmc_alias_list_s *next = first;
412     while (next) {
413         ckmc_alias_list_s *current = next;
414         next = current->next;
415         free(current->alias);
416         free(current);
417     }
418 }
419
420 KEY_MANAGER_CAPI
421 int ckmc_cert_list_new(ckmc_cert_s *cert, ckmc_cert_list_s **ppalias_list)
422 {
423     ckmc_cert_list_s *previous = NULL;
424     return ckmc_cert_list_add(previous, cert, ppalias_list);
425 }
426
427 KEY_MANAGER_CAPI
428 int ckmc_cert_list_add(ckmc_cert_list_s *previous, ckmc_cert_s *cert, ckmc_cert_list_s **pplast)
429 {
430     ckmc_cert_list_s *plist;
431
432     if(cert == NULL || pplast == NULL) {
433         return CKMC_ERROR_INVALID_PARAMETER;
434     }
435
436     plist = static_cast<ckmc_cert_list_s*>(malloc(sizeof(ckmc_cert_list_s)));
437     if(plist == NULL) {
438         return CKMC_ERROR_OUT_OF_MEMORY;
439     }
440     plist->cert = cert;
441     plist->next = NULL;
442
443     if(previous != NULL) {
444         previous->next = plist;
445     }
446
447     *pplast = plist;
448
449     return CKMC_ERROR_NONE;
450 }
451
452 KEY_MANAGER_CAPI
453 void ckmc_cert_list_free(ckmc_cert_list_s *first)
454 {
455     ckmc_cert_list_s *next = first;
456     while (next) {
457         ckmc_cert_list_s *current = next;
458         next = current->next;
459         free(current);
460     }
461 }
462
463 KEY_MANAGER_CAPI
464 void ckmc_cert_list_all_free(ckmc_cert_list_s *first)
465 {
466     ckmc_cert_list_s *next = first;
467     while (next) {
468         ckmc_cert_list_s *current = next;
469         next = current->next;
470         ckmc_cert_free(current->cert);
471         free(current);
472     }
473 }
474
475 int _ckmc_load_cert_from_x509(X509 *xCert, ckmc_cert_s **cert)
476 {
477     if(xCert == NULL) {
478         return CKMC_ERROR_INVALID_FORMAT;
479     }
480
481     BIO *bcert = BIO_new(BIO_s_mem());
482
483     i2d_X509_bio(bcert, xCert);
484
485     CKM::RawBuffer output(8196);
486     int size = BIO_read(bcert, output.data(), output.size());
487     BIO_free_all(bcert);
488     if (size <= 0) {
489         return CKMC_ERROR_INVALID_FORMAT;
490     }
491     output.resize(size);
492
493     return ckmc_cert_new(output.data(), output.size(), CKMC_FORM_DER, cert);
494 }
495
Domain: Security / Utilities;