X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=src%2Fmanager%2Fclient%2Fclient-manager-impl.cpp;h=41383bf4d224c071ebd05c0eb054d5c952cf64a5;hb=50759ee25cd172d7abd2180095c355e2ebea67bd;hp=7af969fbd2d5ece8338d96de66adb787cd3445dc;hpb=d22ce2b55451a8164775c5945eb158e507a25a4d;p=platform%2Fcore%2Fsecurity%2Fkey-manager.git diff --git a/src/manager/client/client-manager-impl.cpp b/src/manager/client/client-manager-impl.cpp index 7af969f..41383bf 100644 --- a/src/manager/client/client-manager-impl.cpp +++ b/src/manager/client/client-manager-impl.cpp @@ -23,7 +23,7 @@ #include #include -#include +#include #include #include #include @@ -33,8 +33,63 @@ namespace CKM { +namespace { +template +int getCertChain( + ServiceConnection & serviceConnection, + LogicCommand command, + int counter, + const CertificateShPtr &certificate, + const T &untrustedVector, + const T &trustedVector, + bool useTrustedSystemCertificates, + CertificateShPtrVector &certificateChainVector) +{ + return try_catch([&] { + + MessageBuffer recv; + auto send = MessageBuffer::Serialize(static_cast(command), + counter, + certificate->getDER(), + untrustedVector, + trustedVector, + useTrustedSystemCertificates); + + int retCode = serviceConnection.processRequest(send.Pop(), recv); + if (CKM_API_SUCCESS != retCode) + return retCode; + + int retCommand; + int retCounter; + RawBufferVector rawBufferVector; + recv.Deserialize(retCommand, retCounter, retCode, rawBufferVector); + + if ((counter != retCounter) || (static_cast(command) != retCommand)) { + return CKM_API_ERROR_UNKNOWN; + } + + if (retCode != CKM_API_SUCCESS) { + return retCode; + } + + for (auto &e: rawBufferVector) { + CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER)); + if (cert->empty()) + return CKM_API_ERROR_BAD_RESPONSE; + certificateChainVector.push_back(cert); + } + + return retCode; + }); +} + +} // namespace anonymous + ManagerImpl::ManagerImpl() - : m_counter(0), m_storageConnection(SERVICE_SOCKET_CKM_STORAGE), m_ocspConnection(SERVICE_SOCKET_OCSP) + : m_counter(0), + m_storageConnection(SERVICE_SOCKET_CKM_STORAGE), + m_ocspConnection(SERVICE_SOCKET_OCSP), + m_encryptionConnection(SERVICE_SOCKET_ENCRYPTION) { initCryptoLib(); } @@ -42,7 +97,7 @@ ManagerImpl::ManagerImpl() int ManagerImpl::saveBinaryData( const Alias &alias, - DBDataType dataType, + DataType dataType, const RawBuffer &rawData, const Policy &policy) { @@ -82,8 +137,8 @@ int ManagerImpl::saveKey(const Alias &alias, const KeyShPtr &key, const Policy & if (key.get() == NULL) return CKM_API_ERROR_INPUT_PARAM; Try { - return saveBinaryData(alias, DBDataType(key->getType()), key->getDER(), policy); - } Catch (DBDataType::Exception::Base) { + return saveBinaryData(alias, DataType(key->getType()), key->getDER(), policy); + } Catch (DataType::Exception::Base) { LogError("Error in key conversion. Could not convert KeyType::NONE to DBDataType!"); } return CKM_API_ERROR_INPUT_PARAM; @@ -96,13 +151,13 @@ int ManagerImpl::saveCertificate( { if (cert.get() == NULL) return CKM_API_ERROR_INPUT_PARAM; - return saveBinaryData(alias, DBDataType::CERTIFICATE, cert->getDER(), policy); + return saveBinaryData(alias, DataType::CERTIFICATE, cert->getDER(), policy); } int ManagerImpl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy) { if (!policy.extractable) return CKM_API_ERROR_INPUT_PARAM; - return saveBinaryData(alias, DBDataType::BINARY_DATA, rawData, policy); + return saveBinaryData(alias, DataType::BINARY_DATA, rawData, policy); } @@ -145,6 +200,11 @@ int ManagerImpl::savePKCS12( int ManagerImpl::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs) { + return getPKCS12(alias, Password(), Password(), pkcs); +} + +int ManagerImpl::getPKCS12(const Alias &alias, const Password &keyPass, const Password &certPass, PKCS12ShPtr &pkcs) +{ if (alias.empty()) return CKM_API_ERROR_INPUT_PARAM; @@ -156,7 +216,9 @@ int ManagerImpl::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs) auto send = MessageBuffer::Serialize(static_cast(LogicCommand::GET_PKCS12), my_counter, helper.getName(), - helper.getLabel()); + helper.getLabel(), + keyPass, + certPass); int retCode = m_storageConnection.processRequest(send.Pop(), recv); if (CKM_API_SUCCESS != retCode) @@ -209,9 +271,9 @@ int ManagerImpl::removeAlias(const Alias &alias) int ManagerImpl::getBinaryData( const Alias &alias, - DBDataType sendDataType, + DataType sendDataType, const Password &password, - DBDataType &recvDataType, + DataType &recvDataType, RawBuffer &rawData) { if (alias.empty()) @@ -237,7 +299,7 @@ int ManagerImpl::getBinaryData( int counter; int tmpDataType; recv.Deserialize(command, counter, retCode, tmpDataType, rawData); - recvDataType = DBDataType(tmpDataType); + recvDataType = DataType(tmpDataType); if (counter != my_counter) return CKM_API_ERROR_UNKNOWN; @@ -247,12 +309,12 @@ int ManagerImpl::getBinaryData( } int ManagerImpl::getKey(const Alias &alias, const Password &password, KeyShPtr &key) { - DBDataType recvDataType; + DataType recvDataType; RawBuffer rawData; int retCode = getBinaryData( alias, - DBDataType::KEY_RSA_PUBLIC, + DataType::KEY_RSA_PUBLIC, password, recvDataType, rawData); @@ -274,12 +336,12 @@ int ManagerImpl::getKey(const Alias &alias, const Password &password, KeyShPtr & int ManagerImpl::getCertificate(const Alias &alias, const Password &password, CertificateShPtr &cert) { - DBDataType recvDataType; + DataType recvDataType; RawBuffer rawData; int retCode = getBinaryData( alias, - DBDataType::CERTIFICATE, + DataType::CERTIFICATE, password, recvDataType, rawData); @@ -287,7 +349,7 @@ int ManagerImpl::getCertificate(const Alias &alias, const Password &password, Ce if (retCode != CKM_API_SUCCESS) return retCode; - if (recvDataType != DBDataType::CERTIFICATE) + if (recvDataType != DataType::CERTIFICATE) return CKM_API_ERROR_BAD_RESPONSE; CertificateShPtr certParsed(new CertificateImpl(rawData, DataFormat::FORM_DER)); @@ -302,11 +364,11 @@ int ManagerImpl::getCertificate(const Alias &alias, const Password &password, Ce int ManagerImpl::getData(const Alias &alias, const Password &password, RawBuffer &rawData) { - DBDataType recvDataType = DBDataType::BINARY_DATA; + DataType recvDataType = DataType::BINARY_DATA; int retCode = getBinaryData( alias, - DBDataType::BINARY_DATA, + DataType::BINARY_DATA, password, recvDataType, rawData); @@ -314,13 +376,13 @@ int ManagerImpl::getData(const Alias &alias, const Password &password, RawBuffer if (retCode != CKM_API_SUCCESS) return retCode; - if (recvDataType != DBDataType::BINARY_DATA) + if (recvDataType != DataType::BINARY_DATA) return CKM_API_ERROR_BAD_RESPONSE; return CKM_API_SUCCESS; } -int ManagerImpl::getBinaryDataAliasVector(DBDataType dataType, AliasVector &aliasVector) +int ManagerImpl::getBinaryDataAliasVector(DataType dataType, AliasVector &aliasVector) { int my_counter = ++m_counter; @@ -353,15 +415,15 @@ int ManagerImpl::getBinaryDataAliasVector(DBDataType dataType, AliasVector &alia int ManagerImpl::getKeyAliasVector(AliasVector &aliasVector) { // in fact datatype has no meaning here - if not certificate or binary data // then manager decides to list all between DB_KEY_FIRST and DB_KEY_LAST - return getBinaryDataAliasVector(DBDataType::DB_KEY_LAST, aliasVector); + return getBinaryDataAliasVector(DataType::DB_KEY_LAST, aliasVector); } int ManagerImpl::getCertificateAliasVector(AliasVector &aliasVector) { - return getBinaryDataAliasVector(DBDataType::CERTIFICATE, aliasVector); + return getBinaryDataAliasVector(DataType::CERTIFICATE, aliasVector); } int ManagerImpl::getDataAliasVector(AliasVector &aliasVector) { - return getBinaryDataAliasVector(DBDataType::BINARY_DATA, aliasVector); + return getBinaryDataAliasVector(DataType::BINARY_DATA, aliasVector); } int ManagerImpl::createKeyPairRSA( @@ -394,6 +456,15 @@ int ManagerImpl::createKeyPairECDSA( return this->createKeyPair(CKM::KeyType::KEY_ECDSA_PUBLIC, static_cast(type), privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey); } +int ManagerImpl::createKeyAES( + const int /*size*/, + const Alias &/*keyAlias*/, + const Policy &/*policyKey*/) +{ + return 0; +} + + int ManagerImpl::createKeyPair( const KeyType key_type, const int additional_param, @@ -403,22 +474,25 @@ int ManagerImpl::createKeyPair( const Policy &policyPublicKey) { // input type check - LogicCommand cmd_type; + CryptoAlgorithm keyGenAlgorithm; switch(key_type) { case KeyType::KEY_RSA_PUBLIC: case KeyType::KEY_RSA_PRIVATE: - cmd_type = LogicCommand::CREATE_KEY_PAIR_RSA; + keyGenAlgorithm.addParam(ParamName::ALGO_TYPE, AlgoType::RSA_GEN); + keyGenAlgorithm.addParam(ParamName::GEN_KEY_LEN, additional_param); break; case KeyType::KEY_DSA_PUBLIC: case KeyType::KEY_DSA_PRIVATE: - cmd_type = LogicCommand::CREATE_KEY_PAIR_DSA; + keyGenAlgorithm.addParam(ParamName::ALGO_TYPE, AlgoType::DSA_GEN); + keyGenAlgorithm.addParam(ParamName::GEN_KEY_LEN, additional_param); break; case KeyType::KEY_ECDSA_PUBLIC: case KeyType::KEY_ECDSA_PRIVATE: - cmd_type = LogicCommand::CREATE_KEY_PAIR_ECDSA; + keyGenAlgorithm.addParam(ParamName::ALGO_TYPE, AlgoType::ECDSA_GEN); + keyGenAlgorithm.addParam(ParamName::GEN_EC, additional_param); break; default: @@ -433,9 +507,9 @@ int ManagerImpl::createKeyPair( MessageBuffer recv; AliasSupport privateHelper(privateKeyAlias); AliasSupport publicHelper(publicKeyAlias); - auto send = MessageBuffer::Serialize(static_cast(cmd_type), + auto send = MessageBuffer::Serialize(static_cast(LogicCommand::CREATE_KEY_PAIR), my_counter, - static_cast(additional_param), + CryptoAlgorithmSerializable(keyGenAlgorithm), PolicySerializable(policyPrivateKey), PolicySerializable(policyPublicKey), privateHelper.getName(), @@ -458,91 +532,62 @@ int ManagerImpl::createKeyPair( }); } - -template -int getCertChain( - LogicCommand command, - int counter, - const CertificateShPtr &certificate, - const T &sendData, - CertificateShPtrVector &certificateChainVector, - ServiceConnection & service_connection) -{ - return try_catch([&] { - - MessageBuffer recv; - auto send = MessageBuffer::Serialize(static_cast(command), - counter, - certificate->getDER(), - sendData); - - int retCode = service_connection.processRequest(send.Pop(), recv); - if (CKM_API_SUCCESS != retCode) - return retCode; - - int retCommand; - int retCounter; - RawBufferVector rawBufferVector; - recv.Deserialize(retCommand, retCounter, retCode, rawBufferVector); - - if ((counter != retCounter) || (static_cast(command) != retCommand)) { - return CKM_API_ERROR_UNKNOWN; - } - - if (retCode != CKM_API_SUCCESS) { - return retCode; - } - - for (auto &e: rawBufferVector) { - CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER)); - if (cert->empty()) - return CKM_API_ERROR_BAD_RESPONSE; - certificateChainVector.push_back(cert); - } - - return retCode; - }); -} - - int ManagerImpl::getCertificateChain( const CertificateShPtr &certificate, const CertificateShPtrVector &untrustedCertificates, + const CertificateShPtrVector &trustedCertificates, + bool useTrustedSystemCertificates, CertificateShPtrVector &certificateChainVector) { - RawBufferVector rawBufferVector; + RawBufferVector untrustedVector; + RawBufferVector trustedVector; for (auto &e: untrustedCertificates) { - rawBufferVector.push_back(e->getDER()); + untrustedVector.push_back(e->getDER()); + } + for (auto &e: trustedCertificates) { + trustedVector.push_back(e->getDER()); } return getCertChain( - LogicCommand::GET_CHAIN_CERT, - ++m_counter, - certificate, - rawBufferVector, - certificateChainVector, - m_storageConnection); + m_storageConnection, + LogicCommand::GET_CHAIN_CERT, + ++m_counter, + certificate, + untrustedVector, + trustedVector, + useTrustedSystemCertificates, + certificateChainVector); } int ManagerImpl::getCertificateChain( const CertificateShPtr &certificate, const AliasVector &untrustedCertificates, + const AliasVector &trustedCertificates, + bool useTrustedSystemCertificates, CertificateShPtrVector &certificateChainVector) { - LabelNameVector untrusted_certs; + LabelNameVector untrustedVector; + LabelNameVector trustedVector; + for (auto &e: untrustedCertificates) { AliasSupport helper(e); - untrusted_certs.push_back(std::make_pair(helper.getLabel(), helper.getName())); + untrustedVector.push_back(std::make_pair(helper.getLabel(), helper.getName())); + } + for (auto &e: trustedCertificates) { + AliasSupport helper(e); + trustedVector.push_back(std::make_pair(helper.getLabel(), helper.getName())); } return getCertChain( - LogicCommand::GET_CHAIN_ALIAS, - ++m_counter, - certificate, - untrusted_certs, - certificateChainVector, - m_storageConnection); + m_storageConnection, + LogicCommand::GET_CHAIN_ALIAS, + ++m_counter, + certificate, + untrustedVector, + trustedVector, + useTrustedSystemCertificates, + certificateChainVector); } int ManagerImpl::createSignature( @@ -656,8 +701,8 @@ int ManagerImpl::ocspCheck(const CertificateShPtrVector &certChain, int &ocspSta } int ManagerImpl::setPermission(const Alias &alias, - const Label &accessor, - Permission newPermission) + const Label &accessor, + PermissionMask permissionMask) { int my_counter = ++m_counter; @@ -669,7 +714,7 @@ int ManagerImpl::setPermission(const Alias &alias, helper.getName(), helper.getLabel(), accessor, - static_cast(newPermission)); + permissionMask); int retCode = m_storageConnection.processRequest(send.Pop(), recv); if (CKM_API_SUCCESS != retCode) @@ -687,6 +732,78 @@ int ManagerImpl::setPermission(const Alias &alias, }); } +int ManagerImpl::encrypt(const CryptoAlgorithm &algo, + const Alias &keyAlias, + const Password &password, + const RawBuffer& plain, + RawBuffer& encrypted) +{ + int my_counter = ++m_counter; + + return try_catch([&] { + MessageBuffer recv; + AliasSupport helper(keyAlias); + CryptoAlgorithmSerializable cas(algo); + auto send = MessageBuffer::Serialize(static_cast(EncryptionCommand::ENCRYPT), + my_counter, + cas, + helper.getName(), + helper.getLabel(), + password, + plain); + + int retCode = m_encryptionConnection.processRequest(send.Pop(), recv); + if (CKM_API_SUCCESS != retCode) + return retCode; + + int command; + int counter; + recv.Deserialize(command, counter, encrypted); + + if (my_counter != counter) { + return CKM_API_ERROR_UNKNOWN; + } + + return retCode; + }); +} + +int ManagerImpl::decrypt(const CryptoAlgorithm &algo, + const Alias &keyAlias, + const Password &password, + const RawBuffer& encrypted, + RawBuffer& decrypted) +{ + int my_counter = ++m_counter; + + return try_catch([&] { + MessageBuffer recv; + AliasSupport helper(keyAlias); + CryptoAlgorithmSerializable cas(algo); + auto send = MessageBuffer::Serialize(static_cast(EncryptionCommand::DECRYPT), + my_counter, + cas, + helper.getName(), + helper.getLabel(), + password, + encrypted); + + int retCode = m_encryptionConnection.processRequest(send.Pop(), recv); + if (CKM_API_SUCCESS != retCode) + return retCode; + + int command; + int counter; + recv.Deserialize(command, counter, decrypted); + + if (my_counter != counter) { + return CKM_API_ERROR_UNKNOWN; + } + + return retCode; + }); +} + ManagerShPtr Manager::create() { try { return std::make_shared();