2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Yuseok Jeon(yuseok.jeon@samsung.com)
20 * @brief new and free methods for the struct of CAPI
27 #include <ckm/ckm-type.h>
28 #include <ckmc/ckmc-type.h>
29 #include <ckmc/ckmc-error.h>
30 #include <ckmc-type-converter.h>
31 #include <openssl/x509v3.h>
32 #include <openssl/pkcs12.h>
33 #include <openssl/evp.h>
34 #include <openssl/pem.h>
36 int _ckmc_load_cert_from_x509(X509 *xCert, ckmc_cert_s **cert);
39 int ckmc_key_new(unsigned char *raw_key, size_t key_size, ckmc_key_type_e key_type, char *password, ckmc_key_s **ppkey)
43 if(raw_key == NULL || key_size <= 0 || ppkey == NULL) {
44 return CKMC_ERROR_INPUT_PARAM;
47 pkey = new ckmc_key_s;
49 return CKMC_ERROR_OUT_OF_MEMORY;
51 pkey->raw_key = reinterpret_cast<unsigned char*>(malloc(key_size));
52 if(pkey->raw_key == NULL) {
54 return CKMC_ERROR_OUT_OF_MEMORY;
56 memcpy(pkey->raw_key, raw_key, key_size);
58 pkey->key_size = key_size;
59 pkey->key_type = key_type;
61 if(password != NULL) {
62 pkey->password = reinterpret_cast<char*>(malloc(strlen(password) +1));
63 if(pkey->password == NULL) {
66 return CKMC_ERROR_OUT_OF_MEMORY;
68 memset(pkey->password, 0, strlen(password) +1);
69 strncpy(pkey->password, password, strlen(password));
71 pkey->password = NULL;
80 void ckmc_key_free(ckmc_key_s *key)
85 if(key->password != NULL)
87 if(key->raw_key != NULL) {
88 memset(key->raw_key, 0, key->key_size);
96 int ckmc_buffer_new(unsigned char *data, size_t size,ckmc_raw_buffer_s **ppbuffer)
98 ckmc_raw_buffer_s *pbuff;
100 if(data == NULL || size <= 0 || ppbuffer == NULL) {
101 return CKMC_ERROR_INPUT_PARAM;
104 pbuff = new ckmc_raw_buffer_s;
106 return CKMC_ERROR_OUT_OF_MEMORY;
108 pbuff->data = reinterpret_cast<unsigned char*>(malloc(size));
109 if(pbuff->data == NULL) {
111 return CKMC_ERROR_OUT_OF_MEMORY;
113 memcpy(pbuff->data, data, size);
122 void ckmc_buffer_free(ckmc_raw_buffer_s *buffer)
127 if(buffer->data != NULL) {
128 memset(buffer->data, 0, buffer->size);
135 int ckmc_cert_new(unsigned char *raw_cert, size_t cert_size, ckmc_data_format_e data_format, ckmc_cert_s **ppcert)
139 if(raw_cert == NULL || cert_size <= 0 || ppcert == NULL) {
140 return CKMC_ERROR_INPUT_PARAM;
143 pcert = new ckmc_cert_s;
145 return CKMC_ERROR_OUT_OF_MEMORY;
147 pcert->raw_cert = reinterpret_cast<unsigned char*>(malloc(cert_size));
148 if(pcert->raw_cert == NULL) {
150 return CKMC_ERROR_OUT_OF_MEMORY;
152 memcpy(pcert->raw_cert, raw_cert, cert_size);
154 pcert->cert_size = cert_size;
155 pcert->data_format = data_format;
162 int ckmc_load_cert_from_file(const char *file_path, ckmc_cert_s **cert)
164 OpenSSL_add_all_algorithms();
166 FILE *fp = fopen(file_path, "r");
168 return CKMC_ERROR_FILE_ACCESS_DENIED;
170 if(!(pcert = d2i_X509_fp(fp, NULL))) {
171 fseek(fp, 0, SEEK_SET);
172 pcert = PEM_read_X509(fp, NULL, NULL, NULL);
176 return CKMC_ERROR_INVALID_FORMAT;
179 int ret = _ckmc_load_cert_from_x509(pcert, cert);
180 if(ret != CKMC_SUCCESS) {
187 int ckmc_load_from_pkcs12_file(const char *file_path, const char *passphrase, ckmc_key_s **private_key, ckmc_cert_s **ckmcert, ckmc_cert_list_s **ca_cert_list)
189 class Pkcs12Converter {
199 ckmc_key_s *retPrivateKey;
200 ckmc_cert_s *retCkmCert;
201 ckmc_cert_list_s *retCaCertList;
210 retPrivateKey = NULL;
212 retCaCertList = NULL;
224 sk_X509_pop_free(ca, X509_free);
227 if(ret != CKMC_SUCCESS) {
228 if(retPrivateKey != NULL){
229 ckmc_key_free(retPrivateKey);
230 retPrivateKey = NULL;
232 if(retCkmCert != NULL) {
233 ckmc_cert_free(retCkmCert);
236 if(retCaCertList != NULL) {
237 ckmc_cert_list_all_free(retCaCertList);
238 retCaCertList = NULL;
243 int parsePkcs12(const char *filePath, const char *pass) {
245 if(!(fp_in = fopen(filePath, "rb"))) {
246 return CKMC_ERROR_FILE_ACCESS_DENIED;
249 if(!(p12 = d2i_PKCS12_fp(fp_in, NULL))) {
250 return CKMC_ERROR_INVALID_FORMAT;
253 /* parse PKCS#12 certificate */
254 if((ret = PKCS12_parse(p12, pass, &pkey, &x509Cert, &ca)) != 1) {
255 return CKMC_ERROR_INVALID_FORMAT;
261 if( (ret =_ckmc_load_cert_from_x509(x509Cert,&retCkmCert)) != CKMC_SUCCESS) {
268 BIO *bkey = BIO_new(BIO_s_mem());
270 i2d_PrivateKey_bio(bkey, pkey);
272 CKM::RawBuffer output(8196);
273 int size = BIO_read(bkey, output.data(), output.size());
276 return CKMC_ERROR_INVALID_FORMAT;
280 int type = EVP_PKEY_type(pkey->type);
281 ckmc_key_type_e key_type = CKMC_KEY_NONE;
284 key_type = CKMC_KEY_RSA_PRIVATE;
287 key_type = CKMC_KEY_ECDSA_PRIVATE;
290 if(key_type == CKMC_KEY_NONE) {
291 return CKMC_ERROR_INVALID_FORMAT;
294 char *nullPassword = NULL;
296 return ckmc_key_new(output.data(), size, key_type, nullPassword, &retPrivateKey);
299 int toCaCkmCertList() {
301 X509* popedCert = NULL;
302 ckmc_cert_s *popedCkmCert = NULL;
303 ckmc_cert_list_s *tmpCertList = NULL;
304 while((popedCert = sk_X509_pop(ca)) != NULL) {
305 if( (tmpRet =_ckmc_load_cert_from_x509(popedCert, &popedCkmCert)) != CKMC_SUCCESS) {
306 return CKMC_ERROR_OUT_OF_MEMORY;
308 if(tmpCertList == NULL) { // first
309 tmpRet = ckmc_cert_list_new(popedCkmCert, &tmpCertList);
310 retCaCertList = tmpCertList;
312 tmpRet = ckmc_cert_list_add(tmpCertList, popedCkmCert, &tmpCertList);
314 if(tmpRet != CKMC_SUCCESS) {
315 ckmc_cert_list_all_free(retCaCertList);
316 retCaCertList = NULL;
325 int ret = CKMC_SUCCESS;
327 Pkcs12Converter converter;
328 if((ret = converter.parsePkcs12(file_path, passphrase)) != CKMC_SUCCESS) {
331 if((ret = converter.toCkmCert()) != CKMC_SUCCESS) {
334 if((ret = converter.toCkmKey()) != CKMC_SUCCESS) {
337 if((ret = converter.toCaCkmCertList()) != CKMC_SUCCESS) {
341 *private_key = converter.retPrivateKey;
342 *ckmcert = converter.retCkmCert;
343 *ca_cert_list = converter.retCaCertList;
349 void ckmc_cert_free(ckmc_cert_s *cert)
354 if(cert->raw_cert != NULL) {
355 memset(cert->raw_cert, 0, cert->cert_size);
356 free(cert->raw_cert);
362 int ckmc_alias_list_new(char *alias, ckmc_alias_list_s **ppalias_list)
364 ckmc_alias_list_s *previous = NULL;
365 return ckmc_alias_list_add(previous, alias, ppalias_list);
369 int ckmc_alias_list_add(ckmc_alias_list_s *previous, char *alias, ckmc_alias_list_s **pplast)
371 ckmc_alias_list_s *plist;
373 if(alias == NULL || pplast == NULL) {
374 return CKMC_ERROR_INPUT_PARAM;
377 plist = new ckmc_alias_list_s;
379 return CKMC_ERROR_OUT_OF_MEMORY;
382 plist->alias = alias;
385 if(previous != NULL) {
386 previous->next = plist;
394 void ckmc_alias_list_free(ckmc_alias_list_s *first)
399 ckmc_alias_list_s *current = NULL;
400 ckmc_alias_list_s *next = first;
403 next = current->next;
405 }while(next != NULL);
409 void ckmc_alias_list_all_free(ckmc_alias_list_s *first)
413 ckmc_alias_list_s *current = NULL;
414 ckmc_alias_list_s *next = first;
417 next = current->next;
418 if((current->alias)!=NULL) {
419 free(current->alias);
422 }while(next != NULL);
426 int ckmc_cert_list_new(ckmc_cert_s *cert, ckmc_cert_list_s **ppalias_list)
428 ckmc_cert_list_s *previous = NULL;
429 return ckmc_cert_list_add(previous, cert, ppalias_list);
433 int ckmc_cert_list_add(ckmc_cert_list_s *previous, ckmc_cert_s *cert, ckmc_cert_list_s **pplast)
435 ckmc_cert_list_s *plist;
437 if(cert == NULL || pplast == NULL) {
438 return CKMC_ERROR_INPUT_PARAM;
441 plist = new ckmc_cert_list_s;
443 return CKMC_ERROR_OUT_OF_MEMORY;
448 if(previous != NULL) {
449 previous->next = plist;
458 void ckmc_cert_list_free(ckmc_cert_list_s *first)
463 ckmc_cert_list_s *current = NULL;
464 ckmc_cert_list_s *next = first;
467 next = current->next;
469 }while(next != NULL);
473 void ckmc_cert_list_all_free(ckmc_cert_list_s *first)
478 ckmc_cert_list_s *current = NULL;
479 ckmc_cert_list_s *next = first;
482 next = current->next;
483 if((current->cert)!=NULL) {
484 ckmc_cert_free(current->cert);
487 }while(next != NULL);
490 int _ckmc_load_cert_from_x509(X509 *xCert, ckmc_cert_s **cert)
493 return CKMC_ERROR_INVALID_FORMAT;
496 BIO *bcert = BIO_new(BIO_s_mem());
498 i2d_X509_bio(bcert, xCert);
500 CKM::RawBuffer output(8196);
501 int size = BIO_read(bcert, output.data(), output.size());
504 return CKMC_ERROR_INVALID_FORMAT;
508 return ckmc_cert_new(output.data(), output.size(), CKMC_FORM_DER, cert);
511 int to_ckmc_error(int ckm_error) {
513 case CKM_API_SUCCESS: return CKMC_SUCCESS;
514 case CKM_API_ERROR_SOCKET: return CKMC_ERROR_SOCKET;
515 case CKM_API_ERROR_BAD_REQUEST: return CKMC_ERROR_BAD_REQUEST;
516 case CKM_API_ERROR_BAD_RESPONSE: return CKMC_ERROR_BAD_RESPONSE;
517 case CKM_API_ERROR_SEND_FAILED: return CKMC_ERROR_SEND_FAILED;
518 case CKM_API_ERROR_RECV_FAILED: return CKMC_ERROR_RECV_FAILED;
519 case CKM_API_ERROR_AUTHENTICATION_FAILED: return CKMC_ERROR_AUTHENTICATION_FAILED;
520 case CKM_API_ERROR_INPUT_PARAM: return CKMC_ERROR_INPUT_PARAM;
521 case CKM_API_ERROR_BUFFER_TOO_SMALL: return CKMC_ERROR_BUFFER_TOO_SMALL;
522 case CKM_API_ERROR_OUT_OF_MEMORY: return CKMC_ERROR_OUT_OF_MEMORY;
523 case CKM_API_ERROR_ACCESS_DENIED: return CKMC_ERROR_ACCESS_DENIED;
524 case CKM_API_ERROR_SERVER_ERROR: return CKMC_ERROR_SERVER_ERROR;
525 case CKM_API_ERROR_DB_LOCKED: return CKMC_ERROR_DB_LOCKED;
526 case CKM_API_ERROR_DB_ERROR: return CKMC_ERROR_DB_ERROR;
527 case CKM_API_ERROR_DB_ALIAS_EXISTS: return CKMC_ERROR_DB_ALIAS_EXISTS;
528 case CKM_API_ERROR_DB_ALIAS_UNKNOWN: return CKMC_ERROR_DB_ALIAS_UNKNOWN;
529 case CKM_API_ERROR_VERIFICATION_FAILED: return CKMC_ERROR_VERIFICATION_FAILED;
530 case CKM_API_ERROR_INVALID_FORMAT: return CKMC_ERROR_INVALID_FORMAT;
531 case CKM_API_ERROR_FILE_ACCESS_DENIED: return CKMC_ERROR_FILE_ACCESS_DENIED;
532 case CKM_API_ERROR_UNKNOWN: return CKMC_ERROR_UNKNOWN;
534 return CKMC_ERROR_UNKNOWN;
projects / platform / core / security / key-manager.git / blob