#include <ckmc/ckmc-type.h>
#include <ckmc/ckmc-manager.h>
#include <ckmc/ckmc-error.h>
+#include <ckmc-type-converter.h>
+#include <client-common.h>
#include <iostream>
+#include <string.h>
-bool _toBool(ckm_bool ckmBool)
+namespace
{
- if(ckmBool == CKM_TRUE) {
- return true;
- }
- return false;
+const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR;
+const CKM::AliasVector EMPTY_ALIAS_VECTOR;
+
+CKM::Password _tostring(const char *str)
+{
+ if(str == NULL)
+ return CKM::Password();
+ return CKM::Password(str);
}
-std::string _tostring(const char *str)
+CKM::KeyShPtr _toCkmKey(const ckmc_key_s *key)
{
- if(str == NULL)
- return std::string();
- return std::string(str);
+ if(key)
+ {
+ CKM::RawBuffer buffer(key->raw_key, key->raw_key + key->key_size);
+ return CKM::Key::create(buffer, _tostring(key->password));
+ }
+ return CKM::KeyShPtr();
}
-CKM::Certificate _toCkmCertificate(const ckm_cert *cert)
+CKM::CertificateShPtr _toCkmCertificate(const ckmc_cert_s *cert)
{
- CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size);
- CKM::DataFormat dataFormat = static_cast<CKM::DataFormat>(static_cast<int>(cert->data_format));
- CKM::Certificate ckmCert(buffer, dataFormat);
- return ckmCert;
+ if(cert)
+ {
+ CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size);
+ CKM::DataFormat dataFormat = static_cast<CKM::DataFormat>(static_cast<int>(cert->data_format));
+ return CKM::Certificate::create(buffer, dataFormat);
+ }
+ return CKM::CertificateShPtr();
}
-ckm_cert_list *_toNewCkmCertList(CKM::CertificateVector &certVector)
+CKM::CertificateShPtrVector _toCkmCertificateVector(const ckmc_cert_list_s *list)
{
- ckm_cert_list *start = NULL;
- ckm_cert_list *plist = NULL;
- CKM::CertificateVector::iterator it;
- for(it = certVector.begin(); it != certVector.end(); it++) {
- CKM::RawBuffer rawBuffer = it->getDER();
- unsigned char *rawCert = reinterpret_cast<unsigned char*>(rawBuffer.data());
- ckm_cert *pcert = ckm_cert_new( rawCert, rawBuffer.size(), CKM_FORM_DER);
- if(pcert == NULL) {
- return NULL;
- }
- if(plist == NULL) {
- plist = ckm_cert_list_new(pcert);
- start = plist; // save the pointer of the first element
- }else {
- plist = ckm_cert_list_add(plist, pcert);
- }
- }
- return start;
+ CKM::CertificateShPtrVector certs;
+ ckmc_cert_list_s *current = const_cast<ckmc_cert_list_s *>(list);
+ while (current != NULL)
+ {
+ if (current->cert != NULL)
+ certs.push_back(_toCkmCertificate(current->cert));
+ current = current->next;
+ }
+ return certs;
}
-KEY_MANAGER_CAPI
-int ckm_save_key(const char *alias, const ckm_key key, const ckm_policy policy)
+CKM::AliasVector _toCkmAliasVector(const ckmc_alias_list_s *list)
+{
+ CKM::AliasVector aliases;
+ ckmc_alias_list_s *current = const_cast<ckmc_alias_list_s *>(list);
+ while (current != NULL)
+ {
+ if (current->alias != NULL)
+ aliases.push_back(CKM::Alias(current->alias));
+ current = current->next;
+ }
+ return aliases;
+}
+
+ckmc_cert_list_s *_toNewCkmCertList(const CKM::CertificateShPtrVector &certVector)
+{
+ int ret;
+ ckmc_cert_list_s *start = NULL;
+ ckmc_cert_list_s *plist = NULL;
+ for(const auto &e : certVector) {
+ CKM::RawBuffer rawBuffer = e->getDER();
+ ckmc_cert_s *pcert = NULL;
+ ret = ckmc_cert_new(rawBuffer.data(), rawBuffer.size(), CKMC_FORM_DER, &pcert);
+ if(pcert == NULL) {
+ ckmc_cert_list_all_free(start);
+ return NULL;
+ }
+ if(plist == NULL) {
+ ret = ckmc_cert_list_new(pcert, &plist);
+ start = plist; // save the pointer of the first element
+ }else {
+ ret = ckmc_cert_list_add(plist, pcert, &plist);
+ }
+ if(ret != CKMC_ERROR_NONE) {
+ ckmc_cert_list_all_free(start);
+ return NULL;
+ }
+ }
+ return start;
+}
+
+typedef int (CKM::Manager::*cryptoFn)(const CKM::CryptoAlgorithm&,
+ const CKM::Alias&,
+ const CKM::Password&,
+ const CKM::RawBuffer&,
+ CKM::RawBuffer&);
+
+int _cryptoOperation(cryptoFn operation,
+ ckmc_param_list_h params,
+ const char *key_alias,
+ const char *password,
+ const ckmc_raw_buffer_s in,
+ ckmc_raw_buffer_s **ppout)
{
- CKM::Manager mgr;
+ if(!params || !key_alias || !ppout)
+ return CKMC_ERROR_INVALID_PARAMETER;
- if(alias == NULL) {
- return CKM_API_ERROR_INPUT_PARAM;
- }
- CKM::Alias ckmAlias(alias);
+ // params
+ const CKM::CryptoAlgorithm* ca = reinterpret_cast<const CKM::CryptoAlgorithm*>(params);
- if(key.raw_key == NULL || key.key_size <= 0) {
- return CKM_API_ERROR_INPUT_PARAM;
- }
- CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size);
- CKM::Key ckmKey(buffer, _tostring(key.password));
+ // password
+ CKM::Password pass;
+ if (password)
+ pass = password;
- CKM::Policy storePolicy(_tostring(policy.password), _toBool(policy.extractable), _toBool(policy.restricted));
+ // buffers
+ CKM::RawBuffer inBuffer(in.data, in.data + in.size);
+ CKM::RawBuffer outBuffer;
+
+ // operation
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ int ret = ((*mgr).*operation)(*ca, key_alias, pass, inBuffer, outBuffer);
+ if (ret != CKM_API_SUCCESS)
+ return to_ckmc_error(ret);
+
+ return ckmc_buffer_new(outBuffer.data(), outBuffer.size(), ppout);
+}
- return mgr.saveKey(ckmAlias, ckmKey, storePolicy);
}
KEY_MANAGER_CAPI
-int ckm_remove_key(const char *alias)
+int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy)
{
- CKM::Manager mgr;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+
+ if(alias == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+ CKM::Alias ckmAlias(alias);
+
+ if(key.raw_key == NULL || key.key_size <= 0) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+ CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size);
+
+ CKM::KeyShPtr ckmKey;
+ if(key.key_type == CKMC_KEY_AES)
+ {
+ if(key.password)
+ return CKMC_ERROR_INVALID_PARAMETER;
+ ckmKey = CKM::Key::createAES(buffer);
+ }
+ else
+ ckmKey = CKM::Key::create(buffer, _tostring(key.password));
+ if(ckmKey.get() == NULL) {
+ return CKMC_ERROR_INVALID_FORMAT;
+ }
+
+ CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
+
+ int ret = mgr->saveKey(ckmAlias, ckmKey, storePolicy);
+ return to_ckmc_error(ret);
+}
- if(alias == NULL) {
- return CKM_API_ERROR_INPUT_PARAM;
- }
- CKM::Alias ckmAlias(alias);
- return mgr.removeKey(ckmAlias);
+KEY_MANAGER_CAPI
+int ckmc_remove_key(const char *alias)
+{
+ return ckmc_remove_alias(alias);
}
KEY_MANAGER_CAPI
-int ckm_get_key(const char *alias, const char *password, ckm_key **key)
+int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **key)
{
- int ret;
- CKM::Key ckmKey;
+ int ret;
+ CKM::KeyShPtr ckmKey;
+
+ if(alias == NULL || key == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
- if(alias == NULL) {
- return CKM_API_ERROR_INPUT_PARAM;
- }
- CKM::Alias ckmAlias(alias);
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ if( (ret = mgr->getKey(alias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) {
+ return to_ckmc_error(ret);
+ }
- CKM::Manager mgr;
- if( (ret = mgr.getKey(ckmAlias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) {
- return ret;
- }
+ CKM::RawBuffer buffer = ckmKey->getDER();
+ ckmc_key_type_e keyType = static_cast<ckmc_key_type_e>(static_cast<int>(ckmKey->getType()));
- unsigned char *rawKey = reinterpret_cast<unsigned char*>(ckmKey.getDER().data());
- ckm_key_type keyType = static_cast<ckm_key_type>(static_cast<int>(ckmKey.getType()));
- *key = ckm_key_new( rawKey, ckmKey.getDER().size(), keyType, NULL);
- if(*key == NULL) {
- return CKM_API_ERROR_OUT_OF_MEMORY;
- }else {
- return CKM_API_SUCCESS;
- }
+ ret = ckmc_key_new( buffer.data(), buffer.size(), keyType, NULL, key);
+
+ return to_ckmc_error(ret);
}
KEY_MANAGER_CAPI
-int ckm_get_key_alias_list(ckm_alias_list** alias_list)
+int ckmc_get_key_alias_list(ckmc_alias_list_s** alias_list)
{
- int ret;
- CKM::Key ckmKey;
+ int ret;
+
+ if (alias_list == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+
+ CKM::AliasVector aliasVector;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+
+ if ((ret = mgr->getKeyAliasVector(aliasVector)) != CKM_API_SUCCESS) {
+ return to_ckmc_error(ret);
+ }
+
+ ckmc_alias_list_s *plist = NULL;
- CKM::AliasVector aliasVector;
- CKM::Manager mgr;
- if( (ret = mgr.getKeyAliasVector(aliasVector)) != CKM_API_SUCCESS) {
- return ret;
- }
+ for (const auto it : aliasVector) {
+ char *alias = strndup(it.c_str(), it.size());
- ckm_alias_list *plist = NULL;
- CKM::AliasVector::iterator it;
- for(it = aliasVector.begin(); it != aliasVector.end(); it++) {
- if(plist == NULL) { // first
- plist = ckm_alias_list_new(const_cast<char *>(it->c_str()));
- *alias_list = plist; // save the pointer of the first element
- }else {
- plist = ckm_alias_list_add(plist, const_cast<char *>(it->c_str()));
- }
- }
+ if (plist == NULL) { // first
+ ret = ckmc_alias_list_new(alias, &plist);
+ *alias_list = plist; // save the pointer of the first element
+ } else {
+ ret = ckmc_alias_list_add(plist, alias, &plist);
+ }
- return CKM_API_SUCCESS;
+ if (ret != CKMC_ERROR_NONE) {
+ free(alias);
+ ckmc_alias_list_all_free(*alias_list);
+ return ret;
+ }
+ }
+
+ if(plist == NULL) { // if the alias_list size is zero
+ return CKMC_ERROR_DB_ALIAS_UNKNOWN;
+ }
+
+ return CKMC_ERROR_NONE;
}
KEY_MANAGER_CAPI
-int ckm_save_cert(const char *alias, const ckm_cert cert, const ckm_policy policy)
+int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy)
{
- if(alias == NULL) {
- return CKM_API_ERROR_INPUT_PARAM;
- }
- CKM::Alias ckmAlias(alias);
+ if(alias == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+ CKM::Alias ckmAlias(alias);
- if(cert.raw_cert == NULL || cert.cert_size <= 0) {
- return CKM_API_ERROR_INPUT_PARAM;
- }
- CKM::Certificate ckmCert = _toCkmCertificate(&cert);
+ if(cert.raw_cert == NULL || cert.cert_size <= 0) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+ CKM::CertificateShPtr ckmCert = _toCkmCertificate(&cert);
+ if(ckmCert.get() == NULL) {
+ return CKMC_ERROR_INVALID_FORMAT;
+ }
- CKM::Policy storePolicy(_tostring(policy.password), _toBool(policy.extractable), _toBool(policy.restricted));
+ CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
- CKM::Manager mgr;
- return mgr.saveCertificate(ckmAlias, ckmCert, storePolicy);
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ int ret = mgr->saveCertificate(ckmAlias, ckmCert, storePolicy);
+
+ return to_ckmc_error(ret);
+}
+
+KEY_MANAGER_CAPI
+int ckmc_remove_cert(const char *alias)
+{
+ return ckmc_remove_alias(alias);
}
KEY_MANAGER_CAPI
-int ckm_remove_cert(const char *alias)
+int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **cert)
{
- if(alias == NULL) {
- return CKM_API_ERROR_INPUT_PARAM;
- }
- CKM::Alias ckmAlias(alias);
+ CKM::CertificateShPtr ckmCert;
+ int ret;
- CKM::Manager mgr;
- return mgr.removeCertificate(ckmAlias);
+ if(alias == NULL || cert == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ if( (ret = mgr->getCertificate(alias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) {
+ return to_ckmc_error(ret);
+ }
+
+ CKM::RawBuffer buffer = ckmCert->getDER();
+ ret = ckmc_cert_new( buffer.data(), buffer.size(), CKMC_FORM_DER, cert);
+
+ return ret;
+}
+
+KEY_MANAGER_CAPI
+int ckmc_get_cert_alias_list(ckmc_alias_list_s** alias_list) {
+ int ret;
+
+ if (alias_list == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+
+ *alias_list = NULL;
+
+ CKM::AliasVector aliasVector;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ if ((ret = mgr->getCertificateAliasVector(aliasVector)) != CKM_API_SUCCESS) {
+ return to_ckmc_error(ret);
+ }
+
+ ckmc_alias_list_s *plist = NULL;
+
+ for (const auto it : aliasVector) {
+ char *alias = strndup(it.c_str(), it.size());
+
+ if (plist == NULL) { // first
+ ret = ckmc_alias_list_new(alias, &plist);
+ *alias_list = plist; // save the pointer of the first element
+ } else {
+ ret = ckmc_alias_list_add(plist, alias, &plist);
+ }
+
+ if (ret != CKMC_ERROR_NONE) {
+ free(alias);
+ ckmc_alias_list_all_free(*alias_list);
+ return ret;
+ }
+ }
+
+ if(plist == NULL) { // if the alias_list size is zero
+ return CKMC_ERROR_DB_ALIAS_UNKNOWN;
+ }
+
+ return CKMC_ERROR_NONE;
}
KEY_MANAGER_CAPI
-int ckm_get_cert(const char *alias, const char *password, const ckm_cert **cert)
+int ckmc_save_pkcs12(const char *alias, const ckmc_pkcs12_s *ppkcs, const ckmc_policy_s key_policy, const ckmc_policy_s cert_policy)
{
- CKM::Certificate ckmCert;
- int ret;
+ CKM::KeyShPtr private_key;
+ CKM::CertificateShPtr cert;
+ CKM::CertificateShPtrVector ca_cert_list;
+
+ if(alias==NULL || ppkcs==NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+ CKM::Alias ckmAlias(alias);
+ private_key = _toCkmKey(ppkcs->priv_key);
+ cert = _toCkmCertificate(ppkcs->cert);
+ ca_cert_list = _toCkmCertificateVector(ppkcs->ca_chain);
- if(alias == NULL) {
- return CKM_API_ERROR_INPUT_PARAM;
- }
- CKM::Alias ckmAlias(alias);
+ CKM::Policy keyPolicy(_tostring(key_policy.password), key_policy.extractable);
+ CKM::Policy certPolicy(_tostring(cert_policy.password), cert_policy.extractable);
- CKM::Manager mgr;
- if( (ret = mgr.getCertificate(ckmAlias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) {
- return ret;
- }
+ CKM::PKCS12ShPtr pkcs12(new CKM::PKCS12Impl(private_key, cert, ca_cert_list));
- unsigned char *rawCert = reinterpret_cast<unsigned char*>(ckmCert.getDER().data());
- *cert = ckm_cert_new( rawCert, ckmCert.getDER().size(), CKM_FORM_DER);
- if(*cert == NULL) {
- return CKM_API_ERROR_OUT_OF_MEMORY;
- }else {
- return CKM_API_SUCCESS;
- }
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ int ret = mgr->savePKCS12(ckmAlias, pkcs12, keyPolicy, certPolicy);
+
+ return to_ckmc_error(ret);
}
KEY_MANAGER_CAPI
-int ckm_get_cert_alias_list(ckm_alias_list** alias_list) {
- int ret;
- CKM::Key ckmKey;
-
- CKM::AliasVector aliasVector;
- CKM::Manager mgr;
- if( (ret = mgr.getCertificateAliasVector(aliasVector)) != CKM_API_SUCCESS) {
- return ret;
- }
-
- ckm_alias_list *plist = NULL;
- CKM::AliasVector::iterator it;
- for(it = aliasVector.begin(); it != aliasVector.end(); it++) {
- if(plist == NULL) { // first
- plist = ckm_alias_list_new(const_cast<char *>(it->c_str()));
- *alias_list = plist; // save the pointer of the first element
- }else {
- plist = ckm_alias_list_add(plist, const_cast<char *>(it->c_str()));
- }
- }
-
- return CKM_API_SUCCESS;
+int ckmc_get_pkcs12(const char *alias, const char *key_password, const char *cert_password, ckmc_pkcs12_s **pkcs12)
+{
+ int ret;
+ CKM::PKCS12ShPtr pkcs;
+ CKM::Password keyPass, certPass;
+ ckmc_key_s *private_key = NULL;
+ ckmc_cert_s *cert = NULL;
+ ckmc_cert_list_s *ca_cert_list = 0;
+
+ if(!alias || !pkcs12) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+
+ if (key_password)
+ keyPass = key_password;
+
+ if (cert_password)
+ certPass = cert_password;
+
+ auto mgr = CKM::Manager::create();
+
+ if((ret = mgr->getPKCS12(alias, keyPass, certPass, pkcs)) != CKM_API_SUCCESS) {
+ return to_ckmc_error(ret);
+ }
+
+ if(!pkcs)
+ return CKMC_ERROR_BAD_RESPONSE;
+
+ auto pkcsKey = pkcs->getKey();
+ if(pkcsKey)
+ {
+ CKM::RawBuffer buffer = pkcsKey->getDER();
+ ckmc_key_type_e keyType = static_cast<ckmc_key_type_e>(pkcsKey->getType());
+ ret = ckmc_key_new(buffer.data(), buffer.size(), keyType, NULL, &private_key);
+ if(ret != CKMC_ERROR_NONE)
+ return ret;
+ }
+
+ auto pkcsCert = pkcs->getCertificate();
+ if(pkcsCert)
+ {
+ CKM::RawBuffer buffer = pkcsCert->getDER();
+ ret = ckmc_cert_new(buffer.data(), buffer.size(), CKMC_FORM_DER, &cert);
+ if(ret != CKMC_ERROR_NONE) {
+ ckmc_key_free(private_key);
+ return ret;
+ }
+ }
+
+ ca_cert_list = _toNewCkmCertList(pkcs->getCaCertificateShPtrVector());
+
+ ret = ckmc_pkcs12_new(private_key, cert, ca_cert_list, pkcs12);
+ if(ret != CKMC_ERROR_NONE)
+ {
+ ckmc_key_free(private_key);
+ ckmc_cert_free(cert);
+ ckmc_cert_list_free(ca_cert_list);
+ }
+ return ret;
}
+
KEY_MANAGER_CAPI
-int ckm_save_data(const char *alias, ckm_raw_buffer data, const ckm_policy policy)
+int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy)
{
- if(alias == NULL) {
- return CKM_API_ERROR_INPUT_PARAM;
- }
- CKM::Alias ckmAlias(alias);
+ if(alias == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+ CKM::Alias ckmAlias(alias);
+
+ if(data.data == NULL || data.size <= 0) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+ CKM::RawBuffer buffer(data.data, data.data + data.size);
+
+ CKM::Policy storePolicy(_tostring(policy.password), policy.extractable);
- if(data.data == NULL || data.size <= 0) {
- return CKM_API_ERROR_INPUT_PARAM;
- }
- CKM::RawBuffer buffer(data.data, data.data + data.size);
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ int ret = mgr->saveData(ckmAlias, buffer, storePolicy);
- CKM::Policy storePolicy(_tostring(policy.password), _toBool(policy.extractable), _toBool(policy.restricted));
+ return to_ckmc_error(ret);
+}
- CKM::Manager mgr;
- return mgr.saveData(ckmAlias, buffer, storePolicy);
+KEY_MANAGER_CAPI
+int ckmc_remove_data(const char *alias)
+{
+ return ckmc_remove_alias(alias);
}
KEY_MANAGER_CAPI
-int ckm_remove_data(const char *alias)
+int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **data)
{
- if(alias == NULL) {
- return CKM_API_ERROR_INPUT_PARAM;
- }
- CKM::Alias ckmAlias(alias);
+ CKM::RawBuffer ckmBuff;
+ int ret;
+
+ if(alias == NULL || data == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ if( (ret = mgr->getData(alias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) {
+ return to_ckmc_error(ret);
+ }
+
+ ret = ckmc_buffer_new(ckmBuff.data(), ckmBuff.size(), data);
+
+ return ret;
+}
+
+KEY_MANAGER_CAPI
+int ckmc_get_data_alias_list(ckmc_alias_list_s** alias_list){
+ int ret;
+
+ if(alias_list == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+
+ *alias_list = NULL;
+
+ CKM::AliasVector aliasVector;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ if( (ret = mgr->getDataAliasVector(aliasVector)) != CKM_API_SUCCESS) {
+ return to_ckmc_error(ret);
+ }
+
+ ckmc_alias_list_s *plist = NULL;
- CKM::Manager mgr;
- return mgr.removeData(ckmAlias);
+ for (const auto it : aliasVector) {
+ char *alias = strndup(it.c_str(), it.size());
+
+ if (plist == NULL) { // first
+ ret = ckmc_alias_list_new(alias, &plist);
+ *alias_list = plist; // save the pointer of the first element
+ } else {
+ ret = ckmc_alias_list_add(plist, alias, &plist);
+ }
+
+ if (ret != CKMC_ERROR_NONE) {
+ free(alias);
+ ckmc_alias_list_all_free(*alias_list);
+ return ret;
+ }
+ }
+
+ if(plist == NULL) { // if the alias_list size is zero
+ return CKMC_ERROR_DB_ALIAS_UNKNOWN;
+ }
+
+ return CKMC_ERROR_NONE;
}
KEY_MANAGER_CAPI
-int ckm_get_data(const char *alias, const char *password, ckm_raw_buffer **data)
+int ckmc_create_key_pair_rsa(const size_t size,
+ const char *private_key_alias,
+ const char *public_key_alias,
+ const ckmc_policy_s policy_private_key,
+ const ckmc_policy_s policy_public_key)
{
- CKM::RawBuffer ckmBuff;
- int ret;
+ int ret;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
- if(alias == NULL) {
- return CKM_API_ERROR_INPUT_PARAM;
- }
- CKM::Alias ckmAlias(alias);
+ if(private_key_alias == NULL || public_key_alias == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
- CKM::Manager mgr;
- if( (ret = mgr.getData(ckmAlias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) {
- return ret;
- }
+ CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
+ CKM::Alias ckmPublicKeyAlias(public_key_alias);
+ CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable);
+ CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable);
- unsigned char *rawBuff = reinterpret_cast<unsigned char*>(ckmBuff.data());
- *data = ckm_buffer_new( rawBuff, ckmBuff.size());
- if(*data == NULL) {
- return CKM_API_ERROR_OUT_OF_MEMORY;
- }else {
- return CKM_API_SUCCESS;
- }
+ ret = mgr->createKeyPairRSA(static_cast<int>(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
+ return to_ckmc_error(ret);
}
KEY_MANAGER_CAPI
-int ckm_get_data_alias_list(ckm_alias_list** alias_list){
- int ret;
- CKM::Key ckmKey;
-
- CKM::AliasVector aliasVector;
- CKM::Manager mgr;
- if( (ret = mgr.getDataAliasVector(aliasVector)) != CKM_API_SUCCESS) {
- return ret;
- }
-
- ckm_alias_list *plist = NULL;
- CKM::AliasVector::iterator it;
- for(it = aliasVector.begin(); it != aliasVector.end(); it++) {
- if(plist == NULL) { // first
- plist = ckm_alias_list_new(const_cast<char *>(it->c_str()));
- *alias_list = plist; // save the pointer of the first element
- }else {
- plist = ckm_alias_list_add(plist, const_cast<char *>(it->c_str()));
- }
- }
-
- return CKM_API_SUCCESS;
+int ckmc_create_key_pair_dsa(const size_t size,
+ const char *private_key_alias,
+ const char *public_key_alias,
+ const ckmc_policy_s policy_private_key,
+ const ckmc_policy_s policy_public_key)
+{
+ int ret;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+
+ if(private_key_alias == NULL || public_key_alias == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+
+ CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
+ CKM::Alias ckmPublicKeyAlias(public_key_alias);
+ CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable);
+ CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable);
+
+ ret = mgr->createKeyPairDSA(static_cast<int>(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
+ return to_ckmc_error(ret);
}
KEY_MANAGER_CAPI
-int ckm_create_key_pair_rsa(const size_t size,
- const char *private_key_alias,
- const char *public_key_alias,
- const ckm_policy policy_private_key,
- const ckm_policy policy_public_key)
+int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type,
+ const char *private_key_alias,
+ const char *public_key_alias,
+ const ckmc_policy_s policy_private_key,
+ const ckmc_policy_s policy_public_key)
{
- int ret;
- CKM::Manager mgr;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
- CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
- CKM::Alias ckmPublicKeyAlias(public_key_alias);
- CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), _toBool(policy_private_key.extractable), _toBool(policy_private_key.restricted));
- CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), _toBool(policy_public_key.extractable), _toBool(policy_public_key.restricted));
+ if(private_key_alias == NULL || public_key_alias == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
- if( (ret = mgr.createKeyPairRSA(size, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy))
- != CKM_API_SUCCESS) {
- return ret;
- }
+ CKM::ElipticCurve ckmType = static_cast<CKM::ElipticCurve>(static_cast<int>(type));
+ CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
+ CKM::Alias ckmPublicKeyAlias(public_key_alias);
+ CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable);
+ CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable);
- return CKM_API_SUCCESS;
+ int ret = mgr->createKeyPairECDSA(ckmType, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
+ return to_ckmc_error(ret);
}
KEY_MANAGER_CAPI
-int ckm_create_key_pair_ecdsa(const ckm_ec_type type,
- const char *private_key_alias,
- const char *public_key_alias,
- const ckm_policy policy_private_key,
- const ckm_policy policy_public_key)
+int ckmc_create_key_aes(size_t size,
+ const char *key_alias,
+ ckmc_policy_s key_policy)
{
- int ret;
- CKM::Manager mgr;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
- CKM::ElipticCurve ckmType = static_cast<CKM::ElipticCurve>(static_cast<int>(type));
- CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
- CKM::Alias ckmPublicKeyAlias(public_key_alias);
- CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), _toBool(policy_private_key.extractable), _toBool(policy_private_key.restricted));
- CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), _toBool(policy_public_key.extractable), _toBool(policy_public_key.restricted));
+ if(key_alias == NULL)
+ return CKMC_ERROR_INVALID_PARAMETER;
- if( (ret = mgr.createKeyPairECDSA(ckmType, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy))
- != CKM_API_SUCCESS) {
- return ret;
- }
+ CKM::Alias ckmKeyAlias(key_alias);
+ CKM::Policy ckmKeyPolicy(_tostring(key_policy.password), key_policy.extractable);
- return CKM_API_SUCCESS;
+ int ret = mgr->createKeyAES(size, ckmKeyAlias, ckmKeyPolicy);
+ return to_ckmc_error(ret);
}
KEY_MANAGER_CAPI
-int ckm_create_signature(const char *private_key_alias,
- const char *password,
- const ckm_raw_buffer message,
- const ckm_hash_algo hash,
- const ckm_rsa_padding_algo padding,
- ckm_raw_buffer **signature)
-{
- int ret;
- CKM::Manager mgr;
- CKM::RawBuffer ckmSignature;
-
- CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
- CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
- CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
- CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
-
- if( (ret = mgr.createSignature(
- ckmPrivakeKeyAlias,
- _tostring(password),
- ckmMessage,
- ckmHashAlgo,
- ckmPadding,
- ckmSignature)) != CKM_API_SUCCESS) {
- return ret;
- }
-
- unsigned char *rawBuff = reinterpret_cast<unsigned char*>(ckmSignature.data());
- *signature = ckm_buffer_new( rawBuff, ckmSignature.size());
- if(*signature == NULL) {
- return CKM_API_ERROR_OUT_OF_MEMORY;
- }else {
- return CKM_API_SUCCESS;
- }
-
- return CKM_API_SUCCESS;
+int ckmc_create_signature(const char *private_key_alias,
+ const char *password,
+ const ckmc_raw_buffer_s message,
+ const ckmc_hash_algo_e hash,
+ const ckmc_rsa_padding_algo_e padding,
+ ckmc_raw_buffer_s **signature)
+{
+ int ret;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ CKM::RawBuffer ckmSignature;
+
+ if(private_key_alias == NULL || signature == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+
+ CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
+ CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
+ CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
+ CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
+
+ if( (ret = mgr->createSignature(
+ ckmPrivakeKeyAlias,
+ _tostring(password),
+ ckmMessage,
+ ckmHashAlgo,
+ ckmPadding,
+ ckmSignature)) != CKM_API_SUCCESS) {
+ return to_ckmc_error(ret);
+ }
+
+ ret = ckmc_buffer_new( ckmSignature.data(), ckmSignature.size(), signature);
+
+ return ret;
}
KEY_MANAGER_CAPI
-int ckm_verify_signature(const char *public_key_alias,
- const char *password,
- const ckm_raw_buffer message,
- const ckm_raw_buffer signature,
- const ckm_hash_algo hash,
- const ckm_rsa_padding_algo padding)
-{
- int ret;
- CKM::Manager mgr;
-
- CKM::Alias ckmPublicKeyAlias(public_key_alias);
- CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
- CKM::RawBuffer ckmSignature(signature.data, signature.data + signature.size);
- CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
- CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
-
- if( (ret = mgr.verifySignature(
- ckmPublicKeyAlias,
- _tostring(password),
- ckmMessage,
- ckmSignature,
- ckmHashAlgo,
- ckmPadding)) != CKM_API_SUCCESS) {
- return ret;
- }
-
- return CKM_API_SUCCESS;
+int ckmc_verify_signature(const char *public_key_alias,
+ const char *password,
+ const ckmc_raw_buffer_s message,
+ const ckmc_raw_buffer_s signature,
+ const ckmc_hash_algo_e hash,
+ const ckmc_rsa_padding_algo_e padding)
+{
+ int ret;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+
+ if(public_key_alias == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+
+ CKM::Alias ckmPublicKeyAlias(public_key_alias);
+ CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
+ CKM::RawBuffer ckmSignature(signature.data, signature.data + signature.size);
+ CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
+ CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
+
+ if( (ret = mgr->verifySignature(
+ ckmPublicKeyAlias,
+ _tostring(password),
+ ckmMessage,
+ ckmSignature,
+ ckmHashAlgo,
+ ckmPadding)) != CKM_API_SUCCESS) {
+ return to_ckmc_error(ret);
+ }
+
+ return CKMC_ERROR_NONE;
+}
+
+KEY_MANAGER_CAPI
+int ckmc_get_cert_chain(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list)
+{
+ int ret;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ CKM::CertificateShPtrVector ckmCertChain;
+
+ if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+
+ CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert);
+
+ CKM::CertificateShPtrVector ckmUntrustedCerts = _toCkmCertificateVector(untrustedcerts);
+
+ ret = mgr->getCertificateChain(ckmCert, ckmUntrustedCerts, EMPTY_CERT_VECTOR, true, ckmCertChain);
+ if( ret != CKM_API_SUCCESS) {
+ return to_ckmc_error(ret);
+ }
+
+ *cert_chain_list = _toNewCkmCertList(ckmCertChain);
+
+ return CKMC_ERROR_NONE;
}
KEY_MANAGER_CAPI
-int ckm_get_cert_chain(const ckm_cert *cert, const ckm_cert_list *untrustedcerts, ckm_cert_list **cert_chain_list)
+int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list)
{
- int ret;
- CKM::Manager mgr;
- CKM::CertificateVector ckmCertChain;
+ int ret;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ CKM::CertificateShPtrVector ckmCertChain;
+
- if(cert->raw_cert == NULL || cert->cert_size <= 0) {
- return CKM_API_ERROR_INPUT_PARAM;
- }
+ if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
- CKM::Certificate ckmCert = _toCkmCertificate(cert);
+ CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert);
+ if(ckmCert.get() == NULL) {
+ return CKMC_ERROR_INVALID_FORMAT;
+ }
- CKM::CertificateVector ckmUntrustedCerts;
- if(untrustedcerts != NULL) {
- ckm_cert_list *current = NULL;
- ckm_cert_list *next = const_cast<ckm_cert_list *>(untrustedcerts);
- do {
- current = next;
- next = current->next;
+ CKM::AliasVector ckmUntrustedAliases = _toCkmAliasVector(untrustedcerts);
- if(current->cert == NULL){
- continue;
- }
+ ret = mgr->getCertificateChain(ckmCert, ckmUntrustedAliases, EMPTY_ALIAS_VECTOR, true, ckmCertChain);
+ if( ret != CKM_API_SUCCESS) {
+ return to_ckmc_error(ret);
+ }
- CKM::Certificate tmpCkmCert = _toCkmCertificate(current->cert);
- ckmUntrustedCerts.push_back(tmpCkmCert);
- }while(next != NULL);
- }
+ *cert_chain_list = _toNewCkmCertList(ckmCertChain);
- ret = mgr.getCertificateChain(ckmCert, ckmUntrustedCerts, ckmCertChain);
- if( ret != CKM_API_SUCCESS) {
- return ret;
- }
+ return CKMC_ERROR_NONE;
+}
+
+KEY_MANAGER_CAPI
+int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s* cert,
+ const ckmc_cert_list_s* untrustedcerts,
+ const ckmc_cert_list_s* trustedcerts,
+ const bool sys_certs,
+ ckmc_cert_list_s** ppcert_chain_list)
+{
+ int ret;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ CKM::CertificateShPtrVector ckm_cert_chain;
+
+ if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+
+ CKM::CertificateShPtr ckm_cert = _toCkmCertificate(cert);
+ if(ckm_cert.get() == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+
+ CKM::CertificateShPtrVector ckm_untrusted = _toCkmCertificateVector(untrustedcerts);
+ CKM::CertificateShPtrVector ckm_trusted = _toCkmCertificateVector(trustedcerts);
- *cert_chain_list = _toNewCkmCertList(ckmCertChain);
+ ret = mgr->getCertificateChain(ckm_cert, ckm_untrusted, ckm_trusted, sys_certs, ckm_cert_chain);
+ if( ret != CKM_API_SUCCESS) {
+ return to_ckmc_error(ret);
+ }
- return CKM_API_SUCCESS;
+ *ppcert_chain_list = _toNewCkmCertList(ckm_cert_chain);
+
+ return CKMC_ERROR_NONE;
}
KEY_MANAGER_CAPI
-int ckm_get_cert_chain_with_alias(const ckm_cert *cert, const ckm_alias_list *untrustedcerts, ckm_cert_list **cert_chain_list)
+int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status)
{
- int ret;
- CKM::Manager mgr;
- CKM::CertificateVector ckmCertChain;
+ if (pcert_chain_list == NULL
+ || pcert_chain_list->cert == NULL
+ || pcert_chain_list->cert->raw_cert == NULL
+ || pcert_chain_list->cert->cert_size <= 0
+ || ocsp_status == NULL) {
+ return CKMC_ERROR_INVALID_PARAMETER;
+ }
+
+ int tmpOcspStatus = -1;
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ CKM::CertificateShPtrVector ckmCertChain = _toCkmCertificateVector(pcert_chain_list);
+
+ int ret = mgr->ocspCheck(ckmCertChain, tmpOcspStatus);
+ *ocsp_status = to_ckmc_ocsp_status(tmpOcspStatus);
+ return to_ckmc_error(ret);
+}
+
+KEY_MANAGER_CAPI
+int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted)
+{
+ int ec, permissionMask;
+ ec = access_to_permission_mask(granted, permissionMask);
+ if(ec != CKMC_ERROR_NONE)
+ return ec;
+
+ return ckmc_set_permission(alias, accessor, permissionMask);
+}
+KEY_MANAGER_CAPI
+int ckmc_set_permission(const char *alias, const char *accessor, int permissions)
+{
+ if (!alias || !accessor)
+ return CKMC_ERROR_INVALID_PARAMETER;
- if(cert->raw_cert == NULL || cert->cert_size <= 0) {
- return CKM_API_ERROR_INPUT_PARAM;
- }
- CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size);
- CKM::DataFormat dataFormat = static_cast<CKM::DataFormat>(static_cast<int>(cert->data_format));
- CKM::Certificate ckmCert(buffer, dataFormat);
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ return to_ckmc_error(mgr->setPermission(alias, accessor, permissions));
+}
- CKM::AliasVector ckmUntrustedAliases;
- if(untrustedcerts != NULL) {
- ckm_alias_list *current = NULL;
- ckm_alias_list *next = const_cast<ckm_alias_list *>(untrustedcerts);
- do {
- current = next;
- next = current->next;
+KEY_MANAGER_CAPI
+int ckmc_deny_access(const char *alias, const char *accessor)
+{
+ if (!alias || !accessor)
+ return CKMC_ERROR_INVALID_PARAMETER;
- if(current->alias == NULL){
- return CKM_API_ERROR_INPUT_PARAM;
- }
- CKM::Alias ckmAlias(current->alias);
- ckmUntrustedAliases.push_back(ckmAlias);
- }while(next != NULL);
- }
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ return to_ckmc_error(mgr->setPermission(alias, accessor, CKM::Permission::NONE));
+}
- if( (ret = mgr.getCertificateChain(ckmCert, ckmUntrustedAliases, ckmCertChain)) != CKM_API_SUCCESS) {
- return ret;
- }
+KEY_MANAGER_CAPI
+int ckmc_remove_alias(const char *alias)
+{
+ if(!alias)
+ return CKMC_ERROR_INVALID_PARAMETER;
- *cert_chain_list = _toNewCkmCertList(ckmCertChain);
+ CKM::ManagerShPtr mgr = CKM::Manager::create();
+ int ret = mgr->removeAlias(alias);
+ return to_ckmc_error(ret);
+}
- return CKM_API_SUCCESS;
+KEY_MANAGER_CAPI
+int ckmc_encrypt_data(ckmc_param_list_h params,
+ const char *key_alias,
+ const char *password,
+ const ckmc_raw_buffer_s decrypted,
+ ckmc_raw_buffer_s **ppencrypted)
+{
+ return _cryptoOperation(&CKM::Manager::encrypt,
+ params,
+ key_alias,
+ password,
+ decrypted,
+ ppencrypted);
}
+KEY_MANAGER_CAPI
+int ckmc_decrypt_data(ckmc_param_list_h params,
+ const char *key_alias,
+ const char *password,
+ const ckmc_raw_buffer_s encrypted,
+ ckmc_raw_buffer_s **ppdecrypted)
+{
+ return _cryptoOperation(&CKM::Manager::decrypt,
+ params,
+ key_alias,
+ password,
+ encrypted,
+ ppdecrypted);
+}