2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Yuseok Jeon(yuseok.jeon@samsung.com)
20 * @brief new and free methods for the struct of CAPI
27 #include <ckm/ckm-type.h>
28 #include <ckmc/ckmc-type.h>
29 #include <ckmc/ckmc-error.h>
30 #include <openssl/x509v3.h>
31 #include <openssl/pkcs12.h>
32 #include <openssl/evp.h>
33 #include <openssl/pem.h>
35 int _ckmc_load_cert_from_x509(X509 *xCert, ckmc_cert **cert);
39 ckmc_key *ckmc_key_new(unsigned char *raw_key, size_t key_size, ckmc_key_type key_type, char *password)
41 ckmc_key *pkey = new ckmc_key;
45 pkey->raw_key = reinterpret_cast<unsigned char*>(malloc(key_size));
46 if(pkey->raw_key == NULL) {
50 memcpy(pkey->raw_key, raw_key, key_size);
52 pkey->key_size = key_size;
53 pkey->key_type = key_type;
55 if(password != NULL) {
56 pkey->password = reinterpret_cast<char*>(malloc(strlen(password) +1));
57 if(pkey->password == NULL) {
62 memset(pkey->password, 0, strlen(password) +1);
63 strncpy(pkey->password, password, strlen(password));
65 pkey->password = NULL;
72 void ckmc_key_free(ckmc_key *key)
77 if(key->password != NULL)
79 if(key->raw_key != NULL) {
80 memset(key->raw_key, 0, key->key_size);
88 ckmc_raw_buffer * ckmc_buffer_new(unsigned char *data, size_t size)
90 ckmc_raw_buffer *pbuff = new ckmc_raw_buffer;
94 pbuff->data = reinterpret_cast<unsigned char*>(malloc(size));
95 if(pbuff->data == NULL) {
99 memcpy(pbuff->data, data, size);
107 void ckmc_buffer_free(ckmc_raw_buffer *buffer)
112 if(buffer->data != NULL) {
113 memset(buffer->data, 0, buffer->size);
120 ckmc_cert *ckmc_cert_new(unsigned char *raw_cert, size_t cert_size, ckmc_data_format data_format)
122 ckmc_cert *pcert = new ckmc_cert;
126 pcert->raw_cert = reinterpret_cast<unsigned char*>(malloc(cert_size));
127 if(pcert->raw_cert == NULL) {
131 memcpy(pcert->raw_cert, raw_cert, cert_size);
133 pcert->cert_size = cert_size;
134 pcert->data_format = data_format;
140 int ckmc_load_cert_from_file(const char *file_path, ckmc_cert **cert)
142 OpenSSL_add_all_algorithms();
144 FILE *fp = fopen(file_path, "r");
146 return CKMC_API_ERROR_FILE_ACCESS_DENIED;
148 if(!(pcert = d2i_X509_fp(fp, NULL))) {
149 fseek(fp, 0, SEEK_SET);
150 pcert = PEM_read_X509(fp, NULL, NULL, NULL);
154 return CKMC_API_ERROR_INVALID_FORMAT;
157 int ret = _ckmc_load_cert_from_x509(pcert, cert);
158 if(ret != CKMC_API_SUCCESS) {
165 int ckmc_load_from_pkcs12_file(const char *file_path, const char *passphrase, ckmc_key **private_key, ckmc_cert **ckmcert, ckmc_cert_list **ca_cert_list)
167 class Pkcs12Converter {
177 ckmc_key *retPrivateKey;
178 ckmc_cert *retCkmCert;
179 ckmc_cert_list *retCaCertList;
187 ret = CKMC_API_SUCCESS;
188 retPrivateKey = NULL;
190 retCaCertList = NULL;
202 sk_X509_pop_free(ca, X509_free);
205 if(ret != CKMC_API_SUCCESS) {
206 if(retPrivateKey != NULL)
207 ckmc_key_free(retPrivateKey);
208 if(retCkmCert != NULL)
209 ckmc_cert_free(retCkmCert);
210 if(retCaCertList != NULL)
211 ckmc_cert_list_all_free(retCaCertList);
215 int parsePkcs12(const char *filePath, const char *pass) {
217 if(!(fp_in = fopen(filePath, "rb"))) {
218 return CKMC_API_ERROR_FILE_ACCESS_DENIED;
221 if(!(p12 = d2i_PKCS12_fp(fp_in, NULL))) {
222 return CKMC_API_ERROR_INVALID_FORMAT;
225 /* parse PKCS#12 certificate */
226 if((ret = PKCS12_parse(p12, pass, &pkey, &x509Cert, &ca)) != 1) {
227 return CKMC_API_ERROR_INVALID_FORMAT;
229 return CKMC_API_SUCCESS;
233 if( (ret =_ckmc_load_cert_from_x509(x509Cert,&retCkmCert)) != CKMC_API_SUCCESS) {
236 return CKMC_API_SUCCESS;
240 BIO *bkey = BIO_new(BIO_s_mem());
242 i2d_PrivateKey_bio(bkey, pkey);
244 CKM::RawBuffer output(8196);
245 int size = BIO_read(bkey, output.data(), output.size());
248 return CKMC_API_ERROR_INVALID_FORMAT;
252 int type = EVP_PKEY_type(pkey->type);
253 ckmc_key_type key_type = CKMC_KEY_NONE;
256 key_type = CKMC_KEY_RSA_PRIVATE;
259 key_type = CKMC_KEY_ECDSA_PRIVATE;
262 if(key_type == CKMC_KEY_NONE) {
263 return CKMC_API_ERROR_INVALID_FORMAT;
266 char *nullPassword = NULL;
268 retPrivateKey = ckmc_key_new(output.data(), size, key_type, nullPassword);
270 return CKMC_API_SUCCESS;
273 int toCaCkmCertList() {
274 X509* popedCert = NULL;
275 ckmc_cert *popedCkmCert = NULL;
276 ckmc_cert_list *tmpCertList = NULL;
277 while((popedCert = sk_X509_pop(ca)) != NULL) {
278 if( (ret =_ckmc_load_cert_from_x509(popedCert, &popedCkmCert)) != CKMC_API_SUCCESS) {
279 return CKMC_API_ERROR_OUT_OF_MEMORY;
281 if(tmpCertList == NULL) { // first
282 tmpCertList = ckmc_cert_list_new(popedCkmCert);
283 retCaCertList = tmpCertList;
285 tmpCertList = ckmc_cert_list_add(tmpCertList, popedCkmCert);
288 return CKMC_API_SUCCESS;
293 int ret = CKMC_API_SUCCESS;
295 Pkcs12Converter converter;
296 if((ret = converter.parsePkcs12(file_path, passphrase)) != CKMC_API_SUCCESS) {
299 if((ret = converter.toCkmCert()) != CKMC_API_SUCCESS) {
302 if((ret = converter.toCkmKey()) != CKMC_API_SUCCESS) {
305 if((ret = converter.toCaCkmCertList()) != CKMC_API_SUCCESS) {
309 *private_key = converter.retPrivateKey;
310 *ckmcert = converter.retCkmCert;
311 *ca_cert_list = converter.retCaCertList;
313 return CKMC_API_SUCCESS;
317 void ckmc_cert_free(ckmc_cert *cert)
322 if(cert->raw_cert != NULL) {
323 memset(cert->raw_cert, 0, cert->cert_size);
324 free(cert->raw_cert);
330 ckmc_alias_list *ckmc_alias_list_new(char *alias)
332 ckmc_alias_list *previous = NULL;
333 return ckmc_alias_list_add(previous, alias);
337 ckmc_alias_list *ckmc_alias_list_add(ckmc_alias_list *previous, char *alias)
339 ckmc_alias_list *plist = new ckmc_alias_list;
341 plist->alias = alias;
345 previous->next = plist;
351 void ckmc_alias_list_free(ckmc_alias_list *first)
356 ckmc_alias_list *current = NULL;
357 ckmc_alias_list *next = first;
360 next = current->next;
362 }while(next != NULL);
366 void ckmc_alias_list_all_free(ckmc_alias_list *first)
370 ckmc_alias_list *current = NULL;
371 ckmc_alias_list *next = first;
374 next = current->next;
375 if((current->alias)!=NULL) {
376 free(current->alias);
379 }while(next != NULL);
383 ckmc_cert_list *ckmc_cert_list_new(ckmc_cert *cert)
385 ckmc_cert_list *previous = NULL;
386 return ckmc_cert_list_add(previous, cert);
390 ckmc_cert_list *ckmc_cert_list_add(ckmc_cert_list *previous, ckmc_cert *cert)
392 ckmc_cert_list *plist = new ckmc_cert_list;
398 previous->next = plist;
404 void ckmc_cert_list_free(ckmc_cert_list *first)
409 ckmc_cert_list *current = NULL;
410 ckmc_cert_list *next = first;
413 next = current->next;
415 }while(next != NULL);
419 void ckmc_cert_list_all_free(ckmc_cert_list *first)
424 ckmc_cert_list *current = NULL;
425 ckmc_cert_list *next = first;
428 next = current->next;
429 if((current->cert)!=NULL) {
430 ckmc_cert_free(current->cert);
433 }while(next != NULL);
436 int _ckmc_load_cert_from_x509(X509 *xCert, ckmc_cert **cert)
439 return CKMC_API_ERROR_INVALID_FORMAT;
442 BIO *bcert = BIO_new(BIO_s_mem());
444 i2d_X509_bio(bcert, xCert);
446 CKM::RawBuffer output(8196);
447 int size = BIO_read(bcert, output.data(), output.size());
450 return CKMC_API_ERROR_INVALID_FORMAT;
454 *cert = ckmc_cert_new(output.data(), output.size(), CKMC_FORM_DER);
456 return CKMC_API_SUCCESS;