2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Yuseok Jeon(yuseok.jeon@samsung.com)
20 * @brief new and free methods for the struct of CAPI
26 #include <ckmc/ckmc-type.h>
27 #include <ckmc/ckmc-error.h>
28 #include <openssl/x509v3.h>
29 #include <openssl/pkcs12.h>
30 #include <openssl/evp.h>
31 #include <openssl/pem.h>
33 int _ckm_load_cert_from_x509(X509 *xCert, ckm_cert **cert);
37 ckm_key *ckm_key_new(unsigned char *raw_key, unsigned int key_size, ckm_key_type key_type, char *password)
39 ckm_key *pkey = new ckm_key;
43 pkey->raw_key = reinterpret_cast<unsigned char*>(malloc(key_size));
44 if(pkey->raw_key == NULL) {
48 memcpy(pkey->raw_key, raw_key, key_size);
50 pkey->key_size = key_size;
51 pkey->key_type = key_type;
53 if(password != NULL) {
54 pkey->password = reinterpret_cast<char*>(malloc(strlen(password) +1));
55 if(pkey->password == NULL) {
60 memset(pkey->password, 0, strlen(password) +1);
61 strncpy(pkey->password, password, strlen(password));
63 pkey->password = NULL;
70 void ckm_key_free(ckm_key *key)
75 if(key->password != NULL)
77 if(key->raw_key != NULL)
84 ckm_raw_buffer * ckm_buffer_new(unsigned char *data, unsigned int size)
86 ckm_raw_buffer *pbuff = new ckm_raw_buffer;
90 pbuff->data = reinterpret_cast<unsigned char*>(malloc(size));
91 if(pbuff->data == NULL) {
95 memcpy(pbuff->data, data, size);
103 void ckm_buffer_free(ckm_raw_buffer *buffer)
108 if(buffer->data != NULL)
114 ckm_cert *ckm_cert_new(unsigned char *raw_cert, unsigned int cert_size, ckm_cert_form data_format)
116 ckm_cert *pcert = new ckm_cert;
120 pcert->raw_cert = reinterpret_cast<unsigned char*>(malloc(cert_size));
121 if(pcert->raw_cert == NULL) {
125 memcpy(pcert->raw_cert, raw_cert, cert_size);
127 pcert->cert_size = cert_size;
128 pcert->data_format = data_format;
134 int ckm_load_cert_from_file(const char *file_path, ckm_cert **cert)
136 OpenSSL_add_all_algorithms();
138 FILE *fp = fopen(file_path, "r");
140 return CKM_API_ERROR_FILE_ACCESS_DENIED;
142 if(!(pcert = d2i_X509_fp(fp, NULL))) {
143 fseek(fp, 0, SEEK_SET);
144 pcert = PEM_read_X509(fp, NULL, NULL, NULL);
148 return CKM_API_ERROR_INVALID_FORMAT;
151 int ret = _ckm_load_cert_from_x509(pcert, cert);
152 if(ret != CKM_API_SUCCESS) {
159 int ckm_load_from_pkcs12_file(const char *file_path, const char *passphrase, ckm_key **private_key, ckm_cert **ckmcert, ckm_cert_list **ca_cert_list)
161 class Pkcs12Converter {
171 ckm_key *retPrivateKey;
172 ckm_cert *retCkmCert;
173 ckm_cert_list *retCaCertList;
181 ret = CKM_API_SUCCESS;
182 retPrivateKey = NULL;
184 retCaCertList = NULL;
196 sk_X509_pop_free(ca, X509_free);
199 if(ret != CKM_API_SUCCESS) {
200 if(retPrivateKey != NULL)
201 ckm_key_free(retPrivateKey);
202 if(retCkmCert != NULL)
203 ckm_cert_free(retCkmCert);
204 if(retCaCertList != NULL)
205 ckm_cert_list_free(retCaCertList);
209 int parsePkcs12(const char *filePath, const char *pass) {
211 if(!(fp_in = fopen(filePath, "rb"))) {
212 return CKM_API_ERROR_FILE_ACCESS_DENIED;
215 if(!(p12 = d2i_PKCS12_fp(fp_in, NULL))) {
216 return CKM_API_ERROR_INVALID_FORMAT;
219 /* parse PKCS#12 certificate */
220 if((ret = PKCS12_parse(p12, pass, &pkey, &x509Cert, &ca)) != 1) {
221 return CKM_API_ERROR_INVALID_FORMAT;
223 return CKM_API_SUCCESS;
227 if( (ret =_ckm_load_cert_from_x509(x509Cert,&retCkmCert)) != CKM_API_SUCCESS) {
230 return CKM_API_SUCCESS;
235 if((prikeyLen = i2d_PrivateKey(pkey, NULL)) < 0) {
236 return CKM_API_ERROR_OUT_OF_MEMORY;
238 unsigned char arrayPrikey[sizeof(unsigned char) * prikeyLen];
239 unsigned char *pPrikey = arrayPrikey;
240 if((prikeyLen = i2d_PrivateKey(pkey, &pPrikey)) < 0) {
241 return CKM_API_ERROR_OUT_OF_MEMORY;
244 int type = EVP_PKEY_type(pkey->type);
245 ckm_key_type key_type = CKM_KEY_NONE;
248 key_type = CKM_KEY_RSA_PRIVATE;
251 key_type = CKM_KEY_ECDSA_PRIVATE;
254 if(key_type == CKM_KEY_NONE) {
255 return CKM_API_ERROR_INVALID_FORMAT;
258 char *nullPassword = NULL;
259 retPrivateKey = ckm_key_new(pPrikey, sizeof(unsigned char) * prikeyLen, key_type, nullPassword);
261 return CKM_API_SUCCESS;
264 int toCaCkmCertList() {
265 X509* popedCert = NULL;
266 ckm_cert *popedCkmCert = NULL;
267 ckm_cert_list *tmpCertList = NULL;
268 retCaCertList = tmpCertList;
269 while((popedCert = sk_X509_pop(ca)) != NULL) {
270 if( (ret =_ckm_load_cert_from_x509(popedCert, &popedCkmCert)) != CKM_API_SUCCESS) {
271 return CKM_API_ERROR_OUT_OF_MEMORY;
273 tmpCertList = ckm_cert_list_add(tmpCertList, popedCkmCert);
275 return CKM_API_SUCCESS;
280 int ret = CKM_API_SUCCESS;
282 Pkcs12Converter converter;
283 if((ret = converter.parsePkcs12(file_path, passphrase)) != CKM_API_SUCCESS) {
286 if((ret = converter.toCkmCert()) != CKM_API_SUCCESS) {
289 if((ret = converter.toCkmKey()) != CKM_API_SUCCESS) {
292 if((ret = converter.toCaCkmCertList()) != CKM_API_SUCCESS) {
295 *private_key = converter.retPrivateKey;
296 *ckmcert = converter.retCkmCert;
297 *ca_cert_list = converter.retCaCertList;
299 return CKM_API_SUCCESS;
303 void ckm_cert_free(ckm_cert *cert)
308 if(cert->raw_cert != NULL)
309 free(cert->raw_cert);
314 ckm_alias_list *ckm_alias_list_new(char *alias)
316 ckm_alias_list *previous = NULL;
317 return ckm_alias_list_add(previous, alias);
321 ckm_alias_list *ckm_alias_list_add(ckm_alias_list *previous, char *alias)
323 ckm_alias_list *plist = new ckm_alias_list;
325 plist->alias = alias;
329 previous->next = plist;
335 void ckm_alias_list_free(ckm_alias_list *first)
340 ckm_alias_list *current = NULL;
341 ckm_alias_list *next = first;
344 next = current->next;
346 }while(next != NULL);
350 void ckm_alias_list_all_free(ckm_alias_list *first)
355 ckm_alias_list *current = NULL;
356 ckm_alias_list *next = first;
359 next = current->next;
360 if((current->alias)!=NULL) {
361 free(current->alias);
364 }while(next != NULL);
368 ckm_cert_list *ckm_cert_list_new(ckm_cert *cert)
370 ckm_cert_list *previous = NULL;
371 return ckm_cert_list_add(previous, cert);
375 ckm_cert_list *ckm_cert_list_add(ckm_cert_list *previous, ckm_cert *cert)
377 ckm_cert_list *plist = new ckm_cert_list;
383 previous->next = plist;
389 void ckm_cert_list_free(ckm_cert_list *first)
394 ckm_cert_list *current = NULL;
395 ckm_cert_list *next = first;
398 next = current->next;
400 }while(next != NULL);
404 void ckm_cert_list_all_free(ckm_cert_list *first)
409 ckm_cert_list *current = NULL;
410 ckm_cert_list *next = first;
413 next = current->next;
414 if((current->cert)!=NULL) {
415 ckm_cert_free(current->cert);
418 }while(next != NULL);
421 int _ckm_load_cert_from_x509(X509 *xCert, ckm_cert **cert)
424 unsigned char* bufCert = NULL;
427 return CKM_API_ERROR_INVALID_FORMAT;
430 /* load certificate into buffer */
431 if((certLen = i2d_X509(xCert, NULL)) < 0) {
432 return CKM_API_ERROR_INVALID_FORMAT;
434 unsigned char arrayCert[sizeof(unsigned char) * certLen];
436 i2d_X509(xCert, &bufCert);
438 *cert = ckm_cert_new(bufCert, certLen, CKM_CERT_FORM_DER);
440 return CKM_API_SUCCESS;