projects / platform / core / security / key-manager.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Alias is not unique user-wide: (alias, label) pair is unique now.
[platform/core/security/key-manager.git] / src / manager / client-capi / ckmc-type.cpp
1 /*
2  *  Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
3  *
4  *  Licensed under the Apache License, Version 2.0 (the "License");
5  *  you may not use this file except in compliance with the License.
6  *  You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  *  Unless required by applicable law or agreed to in writing, software
11  *  distributed under the License is distributed on an "AS IS" BASIS,
12  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  *  See the License for the specific language governing permissions and
14  *  limitations under the License
15  *
16  *
17  * @file        ckmc-type.cpp
18  * @author      Yuseok Jeon(yuseok.jeon@samsung.com)
19  * @version     1.0
20  * @brief       new and free methods for the struct of CAPI
21  */
22
23
24 #include <string.h>
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <ckm/ckm-type.h>
28 #include <ckmc/ckmc-type.h>
29 #include <ckmc/ckmc-error.h>
30 #include <ckmc-type-converter.h>
31 #include <protocols.h>
32 #include <openssl/x509v3.h>
33 #include <openssl/pkcs12.h>
34 #include <openssl/evp.h>
35 #include <openssl/pem.h>
36
37
38 const char * const ckmc_label_alias_separator = CKM::LABEL_ALIAS_SEPARATOR;
39
40
41 int _ckmc_load_cert_from_x509(X509 *xCert, ckmc_cert_s **cert);
42
43 KEY_MANAGER_CAPI
44 int ckmc_key_new(unsigned char *raw_key, size_t key_size, ckmc_key_type_e key_type, char *password, ckmc_key_s **ppkey)
45 {
46     ckmc_key_s *pkey;
47
48     if(raw_key == NULL || key_size <= 0 || ppkey == NULL) {
49         return CKMC_ERROR_INVALID_PARAMETER;
50     }
51
52     pkey = static_cast<ckmc_key_s*>(malloc(sizeof(ckmc_key_s)));
53     if(pkey == NULL) {
54         return CKMC_ERROR_OUT_OF_MEMORY;
55     }
56     pkey->raw_key = reinterpret_cast<unsigned char*>(malloc(key_size));
57     if(pkey->raw_key == NULL) {
58         free(pkey);
59         return CKMC_ERROR_OUT_OF_MEMORY;
60     }
61     memcpy(pkey->raw_key, raw_key, key_size);
62
63     pkey->key_size = key_size;
64     pkey->key_type = key_type;
65
66     if(password != NULL) {
67         pkey->password = reinterpret_cast<char*>(malloc(strlen(password) +1));
68         if(pkey->password == NULL) {
69             free(pkey->raw_key);
70             free(pkey);
71             return CKMC_ERROR_OUT_OF_MEMORY;
72         }
73         memset(pkey->password, 0, strlen(password) +1);
74         strncpy(pkey->password, password, strlen(password));
75     }else {
76         pkey->password = NULL;
77     }
78
79     *ppkey = pkey;
80
81     return CKMC_ERROR_NONE;
82 }
83
84 KEY_MANAGER_CAPI
85 void ckmc_key_free(ckmc_key_s *key)
86 {
87     if(key == NULL)
88         return;
89
90     if(key->password != NULL)
91         free(key->password);
92     if(key->raw_key != NULL) {
93         memset(key->raw_key, 0, key->key_size);
94         free(key->raw_key);
95     }
96
97     free(key);
98 }
99
100 KEY_MANAGER_CAPI
101 int ckmc_buffer_new(unsigned char *data, size_t size,ckmc_raw_buffer_s **ppbuffer)
102 {
103     ckmc_raw_buffer_s *pbuff;
104
105     if(data == NULL || size <= 0 || ppbuffer == NULL) {
106         return CKMC_ERROR_INVALID_PARAMETER;
107     }
108
109     pbuff = static_cast<ckmc_raw_buffer_s*>(malloc(sizeof(ckmc_raw_buffer_s)));
110     if(pbuff == NULL)
111             return CKMC_ERROR_OUT_OF_MEMORY;
112
113     pbuff->data = reinterpret_cast<unsigned char*>(malloc(size));
114     if(pbuff->data == NULL) {
115         free(pbuff);
116         return CKMC_ERROR_OUT_OF_MEMORY;
117     }
118     memcpy(pbuff->data, data, size);
119
120     pbuff->size = size;
121     *ppbuffer = pbuff;
122
123     return CKMC_ERROR_NONE;
124 }
125
126 KEY_MANAGER_CAPI
127 void ckmc_buffer_free(ckmc_raw_buffer_s *buffer)
128 {
129     if(buffer == NULL)
130         return;
131
132     if(buffer->data != NULL) {
133         memset(buffer->data, 0, buffer->size);
134         free(buffer->data);
135     }
136     free(buffer);
137 }
138
139 KEY_MANAGER_CAPI
140 int ckmc_cert_new(unsigned char *raw_cert, size_t cert_size, ckmc_data_format_e data_format, ckmc_cert_s **ppcert)
141 {
142     ckmc_cert_s *pcert;
143
144     if(raw_cert == NULL || cert_size <= 0 || ppcert == NULL) {
145         return CKMC_ERROR_INVALID_PARAMETER;
146     }
147
148     pcert = static_cast<ckmc_cert_s*>(malloc(sizeof(ckmc_cert_s)));
149     if(pcert == NULL) {
150         return CKMC_ERROR_OUT_OF_MEMORY;
151     }
152     pcert->raw_cert = reinterpret_cast<unsigned char*>(malloc(cert_size));
153     if(pcert->raw_cert == NULL) {
154         free(pcert);
155         return CKMC_ERROR_OUT_OF_MEMORY;
156     }
157     memcpy(pcert->raw_cert, raw_cert, cert_size);
158
159     pcert->cert_size = cert_size;
160     pcert->data_format = data_format;
161
162     *ppcert = pcert;
163     return CKMC_ERROR_NONE;
164 }
165
166 KEY_MANAGER_CAPI
167 int ckmc_load_cert_from_file(const char *file_path, ckmc_cert_s **cert)
168 {
169     OpenSSL_add_all_algorithms();
170
171     FILE *fp = fopen(file_path, "r");
172     if(fp == NULL)
173         return CKMC_ERROR_FILE_ACCESS_DENIED;
174     X509 *pcert = NULL;
175     if(!(pcert = d2i_X509_fp(fp, NULL))) {
176         fseek(fp, 0, SEEK_SET);
177         pcert = PEM_read_X509(fp, NULL, NULL, NULL);
178     }
179     fclose(fp);
180     if(pcert == NULL) {
181         return CKMC_ERROR_INVALID_FORMAT;
182     }
183
184     int ret = _ckmc_load_cert_from_x509(pcert, cert);
185     if(ret != CKMC_ERROR_NONE) {
186         X509_free(pcert);
187     }
188     return ret;
189 }
190
191 KEY_MANAGER_CAPI
192 int ckmc_load_from_pkcs12_file(const char *file_path, const char *passphrase, ckmc_key_s **private_key, ckmc_cert_s **ckmcert, ckmc_cert_list_s **ca_cert_list)
193 {
194     class Pkcs12Converter {
195     private:
196         FILE* fp_in;
197         PKCS12* p12;
198         EVP_PKEY* pkey;
199         X509* x509Cert;
200         STACK_OF(X509)* ca;
201
202         int ret;
203     public:
204         ckmc_key_s *retPrivateKey;
205         ckmc_cert_s *retCkmCert;
206         ckmc_cert_list_s *retCaCertList;
207
208         Pkcs12Converter(){
209             fp_in = NULL;
210             p12 = NULL;
211             pkey = NULL;
212             x509Cert = NULL;
213             ca = NULL;
214             ret = CKMC_ERROR_NONE;
215             retPrivateKey = NULL;
216             retCkmCert = NULL;
217             retCaCertList = NULL;
218         };
219         ~Pkcs12Converter(){
220             if(fp_in != NULL)
221                 fclose(fp_in);
222             if(p12 != NULL)
223                 PKCS12_free(p12);
224             if(x509Cert != NULL)
225                 X509_free(x509Cert);
226             if(pkey != NULL)
227                 EVP_PKEY_free(pkey);
228             if(ca != NULL)
229                 sk_X509_pop_free(ca, X509_free);
230
231             if(ret != CKMC_ERROR_NONE) {
232                 if(retPrivateKey != NULL){
233                     ckmc_key_free(retPrivateKey);
234                     retPrivateKey = NULL;
235                 }
236                 if(retCkmCert != NULL) {
237                     ckmc_cert_free(retCkmCert);
238                     retCkmCert = NULL;
239                 }
240                 if(retCaCertList != NULL) {
241                     ckmc_cert_list_all_free(retCaCertList);
242                     retCaCertList = NULL;
243                 }
244             }
245         };
246
247         int parsePkcs12(const char *filePath, const char *pass) {
248             fp_in = NULL;
249             if(!(fp_in = fopen(filePath, "rb"))) {
250                 return CKMC_ERROR_FILE_ACCESS_DENIED;
251             }
252
253             if(!(p12 = d2i_PKCS12_fp(fp_in, NULL))) {
254                 return CKMC_ERROR_INVALID_FORMAT;
255             }
256
257             /* parse PKCS#12 certificate */
258             if((ret = PKCS12_parse(p12, pass, &pkey, &x509Cert, &ca)) != 1) {
259                 return CKMC_ERROR_INVALID_FORMAT;
260             }
261             return CKMC_ERROR_NONE;
262         }
263
264         int toCkmCert() {
265             if( (ret =_ckmc_load_cert_from_x509(x509Cert,&retCkmCert)) != CKMC_ERROR_NONE) {
266                 return ret;
267             }
268             return CKMC_ERROR_NONE;
269         }
270
271         int toCkmKey() {
272             BIO *bkey = BIO_new(BIO_s_mem());
273
274             i2d_PrivateKey_bio(bkey, pkey);
275
276             CKM::RawBuffer output(8196);
277             int size = BIO_read(bkey, output.data(), output.size());
278             BIO_free_all(bkey);
279             if (size <= 0) {
280                 return CKMC_ERROR_INVALID_FORMAT;
281             }
282             output.resize(size);
283
284             int type = EVP_PKEY_type(pkey->type);
285             ckmc_key_type_e key_type = CKMC_KEY_NONE;
286             switch(type) {
287             case EVP_PKEY_RSA :
288                 key_type = CKMC_KEY_RSA_PRIVATE;
289                 break;
290             case EVP_PKEY_DSA :
291                 key_type = CKMC_KEY_DSA_PRIVATE;
292                 break;
293             case EVP_PKEY_EC :
294                 key_type = CKMC_KEY_ECDSA_PRIVATE;
295                 break;
296             }
297             if(key_type == CKMC_KEY_NONE) {
298                 return CKMC_ERROR_INVALID_FORMAT;
299             }
300
301             char *nullPassword = NULL;
302
303             return ckmc_key_new(output.data(), size, key_type, nullPassword, &retPrivateKey);
304         }
305
306         int toCaCkmCertList() {
307             int tmpRet;
308             X509* popedCert = NULL;
309             ckmc_cert_s *popedCkmCert = NULL;
310             ckmc_cert_list_s *tmpCertList = NULL;
311             while((popedCert = sk_X509_pop(ca)) != NULL) {
312                 if( (tmpRet =_ckmc_load_cert_from_x509(popedCert, &popedCkmCert)) != CKMC_ERROR_NONE) {
313                     return CKMC_ERROR_OUT_OF_MEMORY;
314                 }
315                 if(tmpCertList == NULL) { // first
316                     tmpRet = ckmc_cert_list_new(popedCkmCert, &tmpCertList);
317                     retCaCertList = tmpCertList;
318                 }else {
319                     tmpRet = ckmc_cert_list_add(tmpCertList, popedCkmCert, &tmpCertList);
320                 }
321                 if(tmpRet != CKMC_ERROR_NONE) {
322                     ckmc_cert_list_all_free(retCaCertList);
323                     retCaCertList = NULL;
324                     return tmpRet;
325                 }
326             }
327             return CKMC_ERROR_NONE;
328         }
329
330     };
331
332     OpenSSL_add_all_algorithms();
333
334     int ret = CKMC_ERROR_NONE;
335
336     Pkcs12Converter converter;
337     if((ret = converter.parsePkcs12(file_path, passphrase)) != CKMC_ERROR_NONE) {
338         return ret;
339     }
340     if((ret = converter.toCkmCert()) != CKMC_ERROR_NONE) {
341         return ret;
342     }
343     if((ret = converter.toCkmKey()) != CKMC_ERROR_NONE) {
344         return ret;
345     }
346     if((ret = converter.toCaCkmCertList()) != CKMC_ERROR_NONE) {
347         return ret;
348     }
349
350     *private_key = converter.retPrivateKey;
351     *ckmcert = converter.retCkmCert;
352     *ca_cert_list = converter.retCaCertList;
353
354     return CKMC_ERROR_NONE;
355 }
356
357 KEY_MANAGER_CAPI
358 void ckmc_cert_free(ckmc_cert_s *cert)
359 {
360     if(cert == NULL)
361         return;
362
363     if(cert->raw_cert != NULL) {
364         memset(cert->raw_cert, 0, cert->cert_size);
365         free(cert->raw_cert);
366     }
367     free(cert);
368 }
369
370 KEY_MANAGER_CAPI
371 int ckmc_alias_list_new(char *alias, ckmc_alias_list_s **ppalias_list)
372 {
373     ckmc_alias_list_s *previous = NULL;
374     return ckmc_alias_list_add(previous, alias, ppalias_list);
375 }
376
377 KEY_MANAGER_CAPI
378 int ckmc_alias_list_add(ckmc_alias_list_s *previous, char *alias, ckmc_alias_list_s **pplast)
379 {
380     ckmc_alias_list_s *plist;
381
382     if(alias == NULL || pplast == NULL) {
383         return CKMC_ERROR_INVALID_PARAMETER;
384     }
385
386     plist = static_cast<ckmc_alias_list_s*>(malloc(sizeof(ckmc_alias_list_s)));
387     if(plist == NULL) {
388         return CKMC_ERROR_OUT_OF_MEMORY;
389     }
390
391     plist->alias = alias;
392     plist->next = NULL;
393
394     if(previous != NULL) {
395         previous->next = plist;
396     }
397     *pplast = plist;
398
399     return CKMC_ERROR_NONE;
400 }
401
402 KEY_MANAGER_CAPI
403 void ckmc_alias_list_free(ckmc_alias_list_s *first)
404 {
405     ckmc_alias_list_s *next = first;
406     while (next) {
407         ckmc_alias_list_s *current = next;
408         next = current->next;
409         free(current);
410     }
411 }
412
413 KEY_MANAGER_CAPI
414 void ckmc_alias_list_all_free(ckmc_alias_list_s *first)
415 {
416     ckmc_alias_list_s *next = first;
417     while (next) {
418         ckmc_alias_list_s *current = next;
419         next = current->next;
420         free(current->alias);
421         free(current);
422     }
423 }
424
425 KEY_MANAGER_CAPI
426 int ckmc_cert_list_new(ckmc_cert_s *cert, ckmc_cert_list_s **ppalias_list)
427 {
428     ckmc_cert_list_s *previous = NULL;
429     return ckmc_cert_list_add(previous, cert, ppalias_list);
430 }
431
432 KEY_MANAGER_CAPI
433 int ckmc_cert_list_add(ckmc_cert_list_s *previous, ckmc_cert_s *cert, ckmc_cert_list_s **pplast)
434 {
435     ckmc_cert_list_s *plist;
436
437     if(cert == NULL || pplast == NULL) {
438         return CKMC_ERROR_INVALID_PARAMETER;
439     }
440
441     plist = static_cast<ckmc_cert_list_s*>(malloc(sizeof(ckmc_cert_list_s)));
442     if(plist == NULL) {
443         return CKMC_ERROR_OUT_OF_MEMORY;
444     }
445     plist->cert = cert;
446     plist->next = NULL;
447
448     if(previous != NULL) {
449         previous->next = plist;
450     }
451
452     *pplast = plist;
453
454     return CKMC_ERROR_NONE;
455 }
456
457 KEY_MANAGER_CAPI
458 void ckmc_cert_list_free(ckmc_cert_list_s *first)
459 {
460     ckmc_cert_list_s *next = first;
461     while (next) {
462         ckmc_cert_list_s *current = next;
463         next = current->next;
464         free(current);
465     }
466 }
467
468 KEY_MANAGER_CAPI
469 void ckmc_cert_list_all_free(ckmc_cert_list_s *first)
470 {
471     ckmc_cert_list_s *next = first;
472     while (next) {
473         ckmc_cert_list_s *current = next;
474         next = current->next;
475         ckmc_cert_free(current->cert);
476         free(current);
477     }
478 }
479
480 int _ckmc_load_cert_from_x509(X509 *xCert, ckmc_cert_s **cert)
481 {
482     if(xCert == NULL) {
483         return CKMC_ERROR_INVALID_FORMAT;
484     }
485
486     BIO *bcert = BIO_new(BIO_s_mem());
487
488     i2d_X509_bio(bcert, xCert);
489
490     CKM::RawBuffer output(8196);
491     int size = BIO_read(bcert, output.data(), output.size());
492     BIO_free_all(bcert);
493     if (size <= 0) {
494         return CKMC_ERROR_INVALID_FORMAT;
495     }
496     output.resize(size);
497
498     return ckmc_cert_new(output.data(), output.size(), CKMC_FORM_DER, cert);
499 }
500
Domain: Security / Utilities;