X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=src%2Fmanager%2Fclient-capi%2Fckmc-manager.cpp;h=6565dc951b15cbb0fba6e2c9d5efcfc93a73ea01;hb=refs%2Fchanges%2F56%2F49556%2F1;hp=b942178ed88602774ada9261f7a4260e40c1c6f9;hpb=f422beb7b7ac762fc157911216d3dc06e4a6a4d2;p=platform%2Fcore%2Fsecurity%2Fkey-manager.git diff --git a/src/manager/client-capi/ckmc-manager.cpp b/src/manager/client-capi/ckmc-manager.cpp index b942178..6565dc9 100644 --- a/src/manager/client-capi/ckmc-manager.cpp +++ b/src/manager/client-capi/ckmc-manager.cpp @@ -25,531 +25,845 @@ #include #include #include +#include +#include #include #include -std::string _tostring(const char *str) +namespace { - if(str == NULL) - return std::string(); - return std::string(str); +const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR; +const CKM::AliasVector EMPTY_ALIAS_VECTOR; + +CKM::Password _tostring(const char *str) +{ + if(str == NULL) + return CKM::Password(); + return CKM::Password(str); +} + +CKM::KeyShPtr _toCkmKey(const ckmc_key_s *key) +{ + if(key) + { + CKM::RawBuffer buffer(key->raw_key, key->raw_key + key->key_size); + return CKM::Key::create(buffer, _tostring(key->password)); + } + return CKM::KeyShPtr(); } CKM::CertificateShPtr _toCkmCertificate(const ckmc_cert_s *cert) { - CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size); - CKM::DataFormat dataFormat = static_cast(static_cast(cert->data_format)); - return CKM::Certificate::create(buffer, dataFormat); -} - -ckmc_cert_list_s *_toNewCkmCertList(CKM::CertificateShPtrVector &certVector) -{ - int ret; - ckmc_cert_list_s *start = NULL; - ckmc_cert_list_s *plist = NULL; - CKM::CertificateShPtrVector::iterator it; - for(it = certVector.begin(); it != certVector.end(); it++) { - CKM::RawBuffer rawBuffer = (*it)->getDER(); - unsigned char *rawCert = (unsigned char *) malloc(rawBuffer.size()); - memcpy(rawCert, rawBuffer.data(), rawBuffer.size()); - ckmc_cert_s *pcert; - ret = ckmc_cert_new(rawCert, rawBuffer.size(), CKMC_FORM_DER, &pcert); - if(pcert == NULL) { - return NULL; - } - if(plist == NULL) { - ret = ckmc_cert_list_new(pcert, &plist); - start = plist; // save the pointer of the first element - }else { - ret = ckmc_cert_list_add(plist, pcert, &plist); - } - if(ret != CKMC_SUCCESS) { - ckmc_cert_list_all_free(start); - return NULL; - } - } - return start; + if(cert) + { + CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size); + CKM::DataFormat dataFormat = static_cast(static_cast(cert->data_format)); + return CKM::Certificate::create(buffer, dataFormat); + } + return CKM::CertificateShPtr(); } -KEY_MANAGER_CAPI -int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy) +CKM::CertificateShPtrVector _toCkmCertificateVector(const ckmc_cert_list_s *list) +{ + CKM::CertificateShPtrVector certs; + ckmc_cert_list_s *current = const_cast(list); + while (current != NULL) + { + if (current->cert != NULL) + certs.push_back(_toCkmCertificate(current->cert)); + current = current->next; + } + return certs; +} + +CKM::AliasVector _toCkmAliasVector(const ckmc_alias_list_s *list) +{ + CKM::AliasVector aliases; + ckmc_alias_list_s *current = const_cast(list); + while (current != NULL) + { + if (current->alias != NULL) + aliases.push_back(CKM::Alias(current->alias)); + current = current->next; + } + return aliases; +} + +ckmc_cert_list_s *_toNewCkmCertList(const CKM::CertificateShPtrVector &certVector) +{ + int ret; + ckmc_cert_list_s *start = NULL; + ckmc_cert_list_s *plist = NULL; + for(const auto &e : certVector) { + CKM::RawBuffer rawBuffer = e->getDER(); + ckmc_cert_s *pcert = NULL; + ret = ckmc_cert_new(rawBuffer.data(), rawBuffer.size(), CKMC_FORM_DER, &pcert); + if(pcert == NULL) { + ckmc_cert_list_all_free(start); + return NULL; + } + if(plist == NULL) { + ret = ckmc_cert_list_new(pcert, &plist); + start = plist; // save the pointer of the first element + }else { + ret = ckmc_cert_list_add(plist, pcert, &plist); + } + if(ret != CKMC_ERROR_NONE) { + ckmc_cert_list_all_free(start); + return NULL; + } + } + return start; +} + +typedef int (CKM::Manager::*cryptoFn)(const CKM::CryptoAlgorithm&, + const CKM::Alias&, + const CKM::Password&, + const CKM::RawBuffer&, + CKM::RawBuffer&); + +int _cryptoOperation(cryptoFn operation, + ckmc_param_list_h params, + const char *key_alias, + const char *password, + const ckmc_raw_buffer_s in, + ckmc_raw_buffer_s **ppout) { - CKM::ManagerShPtr mgr = CKM::Manager::create(); + if(!params || !key_alias || !ppout) + return CKMC_ERROR_INVALID_PARAMETER; + + // params + const CKM::CryptoAlgorithm* ca = reinterpret_cast(params); - if(alias == NULL) { - return CKMC_ERROR_INPUT_PARAM; - } - CKM::Alias ckmAlias(alias); + // password + CKM::Password pass; + if (password) + pass = password; - if(key.raw_key == NULL || key.key_size <= 0) { - return CKMC_ERROR_INPUT_PARAM; - } - CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size); - CKM::KeyShPtr ckmKey = CKM::Key::create(buffer, _tostring(key.password)); + // buffers + CKM::RawBuffer inBuffer(in.data, in.data + in.size); + CKM::RawBuffer outBuffer; - if(ckmKey.get() == NULL) { - return CKMC_ERROR_INVALID_FORMAT; - } + // operation + CKM::ManagerShPtr mgr = CKM::Manager::create(); + int ret = ((*mgr).*operation)(*ca, key_alias, pass, inBuffer, outBuffer); + if (ret != CKM_API_SUCCESS) + return to_ckmc_error(ret); - CKM::Policy storePolicy(_tostring(policy.password), policy.extractable, policy.restricted); + return ckmc_buffer_new(outBuffer.data(), outBuffer.size(), ppout); +} - return mgr->saveKey(ckmAlias, ckmKey, storePolicy); } KEY_MANAGER_CAPI -int ckmc_remove_key(const char *alias) +int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy) { - CKM::ManagerShPtr mgr = CKM::Manager::create(); + CKM::ManagerShPtr mgr = CKM::Manager::create(); + + if(alias == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + CKM::Alias ckmAlias(alias); + + if(key.raw_key == NULL || key.key_size <= 0) { + return CKMC_ERROR_INVALID_PARAMETER; + } + CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size); + + CKM::KeyShPtr ckmKey; + if(key.key_type == CKMC_KEY_AES) + { + if(key.password) + return CKMC_ERROR_INVALID_PARAMETER; + ckmKey = CKM::Key::createAES(buffer); + } + else + ckmKey = CKM::Key::create(buffer, _tostring(key.password)); + if(ckmKey.get() == NULL) { + return CKMC_ERROR_INVALID_FORMAT; + } + + CKM::Policy storePolicy(_tostring(policy.password), policy.extractable); + + int ret = mgr->saveKey(ckmAlias, ckmKey, storePolicy); + return to_ckmc_error(ret); +} - if(alias == NULL) { - return CKMC_ERROR_INPUT_PARAM; - } - CKM::Alias ckmAlias(alias); - return mgr->removeKey(ckmAlias); +KEY_MANAGER_CAPI +int ckmc_remove_key(const char *alias) +{ + return ckmc_remove_alias(alias); } KEY_MANAGER_CAPI int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **key) { - int ret; - CKM::KeyShPtr ckmKey; + int ret; + CKM::KeyShPtr ckmKey; - if(alias == NULL || key == NULL) { - return CKMC_ERROR_INPUT_PARAM; - } - CKM::Alias ckmAlias(alias); + if(alias == NULL || key == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - CKM::ManagerShPtr mgr = CKM::Manager::create(); - if( (ret = mgr->getKey(ckmAlias, _tostring(password), ckmKey)) != CKMC_SUCCESS) { - return ret; - } + CKM::ManagerShPtr mgr = CKM::Manager::create(); + if( (ret = mgr->getKey(alias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } - unsigned char *rawKey = reinterpret_cast(ckmKey->getDER().data()); - ckmc_key_type_e keyType = static_cast(static_cast(ckmKey->getType())); + CKM::RawBuffer buffer = ckmKey->getDER(); + ckmc_key_type_e keyType = static_cast(static_cast(ckmKey->getType())); - ret = ckmc_key_new( rawKey, ckmKey->getDER().size(), keyType, NULL, key); + ret = ckmc_key_new( buffer.data(), buffer.size(), keyType, NULL, key); - return ret; + return to_ckmc_error(ret); } KEY_MANAGER_CAPI int ckmc_get_key_alias_list(ckmc_alias_list_s** alias_list) { - int ret; - - if(alias_list == NULL) { - return CKMC_ERROR_INPUT_PARAM; - } - - CKM::AliasVector aliasVector; - CKM::ManagerShPtr mgr = CKM::Manager::create(); - if( (ret = mgr->getKeyAliasVector(aliasVector)) != CKMC_SUCCESS) { - return ret; - } - - ckmc_alias_list_s *plist = NULL; - CKM::AliasVector::iterator it; - for(it = aliasVector.begin(); it != aliasVector.end(); it++) { - char *alias = (char *)malloc(it->size() + 1); - memset(alias, 0, it->size() +1 ); - memcpy(alias, it->c_str(), it->size()); - if(plist == NULL) { // first - ret = ckmc_alias_list_new(alias, &plist); - *alias_list = plist; // save the pointer of the first element - }else { - ret = ckmc_alias_list_add(plist, alias, &plist); - } - if(ret != CKMC_SUCCESS) { - ckmc_alias_list_all_free(*alias_list); - return ret; - } - } - - return CKMC_SUCCESS; + int ret; + + if (alias_list == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + CKM::AliasVector aliasVector; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + + if ((ret = mgr->getKeyAliasVector(aliasVector)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } + + ckmc_alias_list_s *plist = NULL; + + for (const auto it : aliasVector) { + char *alias = strndup(it.c_str(), it.size()); + + if (plist == NULL) { // first + ret = ckmc_alias_list_new(alias, &plist); + *alias_list = plist; // save the pointer of the first element + } else { + ret = ckmc_alias_list_add(plist, alias, &plist); + } + + if (ret != CKMC_ERROR_NONE) { + free(alias); + ckmc_alias_list_all_free(*alias_list); + return ret; + } + } + + if(plist == NULL) { // if the alias_list size is zero + return CKMC_ERROR_DB_ALIAS_UNKNOWN; + } + + return CKMC_ERROR_NONE; } KEY_MANAGER_CAPI int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy) { - if(alias == NULL) { - return CKMC_ERROR_INPUT_PARAM; - } - CKM::Alias ckmAlias(alias); + if(alias == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + CKM::Alias ckmAlias(alias); + + if(cert.raw_cert == NULL || cert.cert_size <= 0) { + return CKMC_ERROR_INVALID_PARAMETER; + } + CKM::CertificateShPtr ckmCert = _toCkmCertificate(&cert); + if(ckmCert.get() == NULL) { + return CKMC_ERROR_INVALID_FORMAT; + } - if(cert.raw_cert == NULL || cert.cert_size <= 0) { - return CKMC_ERROR_INPUT_PARAM; - } - CKM::CertificateShPtr ckmCert = _toCkmCertificate(&cert); - if(ckmCert.get() == NULL) { - return CKMC_ERROR_INVALID_FORMAT; - } + CKM::Policy storePolicy(_tostring(policy.password), policy.extractable); - CKM::Policy storePolicy(_tostring(policy.password), policy.extractable, policy.restricted); + CKM::ManagerShPtr mgr = CKM::Manager::create(); + int ret = mgr->saveCertificate(ckmAlias, ckmCert, storePolicy); - CKM::ManagerShPtr mgr = CKM::Manager::create(); - return mgr->saveCertificate(ckmAlias, ckmCert, storePolicy); + return to_ckmc_error(ret); } KEY_MANAGER_CAPI int ckmc_remove_cert(const char *alias) { - if(alias == NULL) { - return CKMC_ERROR_INPUT_PARAM; - } - CKM::Alias ckmAlias(alias); - - CKM::ManagerShPtr mgr = CKM::Manager::create(); - return mgr->removeCertificate(ckmAlias); + return ckmc_remove_alias(alias); } KEY_MANAGER_CAPI int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **cert) { - CKM::CertificateShPtr ckmCert; - int ret; + CKM::CertificateShPtr ckmCert; + int ret; - if(alias == NULL || cert == NULL) { - return CKMC_ERROR_INPUT_PARAM; - } - CKM::Alias ckmAlias(alias); + if(alias == NULL || cert == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - CKM::ManagerShPtr mgr = CKM::Manager::create(); - if( (ret = mgr->getCertificate(ckmAlias, _tostring(password), ckmCert)) != CKMC_SUCCESS) { - return ret; - } + CKM::ManagerShPtr mgr = CKM::Manager::create(); + if( (ret = mgr->getCertificate(alias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } - unsigned char *rawCert = reinterpret_cast(ckmCert->getDER().data()); - ret = ckmc_cert_new( rawCert, ckmCert->getDER().size(), CKMC_FORM_DER, cert); + CKM::RawBuffer buffer = ckmCert->getDER(); + ret = ckmc_cert_new( buffer.data(), buffer.size(), CKMC_FORM_DER, cert); - return ret; + return ret; } KEY_MANAGER_CAPI int ckmc_get_cert_alias_list(ckmc_alias_list_s** alias_list) { - int ret; + int ret; + + if (alias_list == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + *alias_list = NULL; + + CKM::AliasVector aliasVector; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + if ((ret = mgr->getCertificateAliasVector(aliasVector)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } + + ckmc_alias_list_s *plist = NULL; + + for (const auto it : aliasVector) { + char *alias = strndup(it.c_str(), it.size()); + + if (plist == NULL) { // first + ret = ckmc_alias_list_new(alias, &plist); + *alias_list = plist; // save the pointer of the first element + } else { + ret = ckmc_alias_list_add(plist, alias, &plist); + } + + if (ret != CKMC_ERROR_NONE) { + free(alias); + ckmc_alias_list_all_free(*alias_list); + return ret; + } + } + + if(plist == NULL) { // if the alias_list size is zero + return CKMC_ERROR_DB_ALIAS_UNKNOWN; + } + + return CKMC_ERROR_NONE; +} - if(alias_list == NULL) { - return CKMC_ERROR_INPUT_PARAM; - } +KEY_MANAGER_CAPI +int ckmc_save_pkcs12(const char *alias, const ckmc_pkcs12_s *ppkcs, const ckmc_policy_s key_policy, const ckmc_policy_s cert_policy) +{ + CKM::KeyShPtr private_key; + CKM::CertificateShPtr cert; + CKM::CertificateShPtrVector ca_cert_list; - CKM::AliasVector aliasVector; - CKM::ManagerShPtr mgr = CKM::Manager::create(); - if( (ret = mgr->getCertificateAliasVector(aliasVector)) != CKMC_SUCCESS) { - return ret; - } + if(alias==NULL || ppkcs==NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + CKM::Alias ckmAlias(alias); + private_key = _toCkmKey(ppkcs->priv_key); + cert = _toCkmCertificate(ppkcs->cert); + ca_cert_list = _toCkmCertificateVector(ppkcs->ca_chain); - ckmc_alias_list_s *plist = NULL; - CKM::AliasVector::iterator it; - for(it = aliasVector.begin(); it != aliasVector.end(); it++) { - char *alias = (char *)malloc(it->size() + 1); - memset(alias, 0, it->size() +1 ); - memcpy(alias, it->c_str(), it->size()); + CKM::Policy keyPolicy(_tostring(key_policy.password), key_policy.extractable); + CKM::Policy certPolicy(_tostring(cert_policy.password), cert_policy.extractable); - if(plist == NULL) { // first - ret = ckmc_alias_list_new(alias, &plist); - *alias_list = plist; // save the pointer of the first element - }else { - ret = ckmc_alias_list_add(plist, alias, &plist); + CKM::PKCS12ShPtr pkcs12(new CKM::PKCS12Impl(private_key, cert, ca_cert_list)); - } - if(ret != CKMC_SUCCESS) { - ckmc_alias_list_all_free(*alias_list); - return ret; - } - } + CKM::ManagerShPtr mgr = CKM::Manager::create(); + int ret = mgr->savePKCS12(ckmAlias, pkcs12, keyPolicy, certPolicy); + + return to_ckmc_error(ret); +} - return CKMC_SUCCESS; +KEY_MANAGER_CAPI +int ckmc_get_pkcs12(const char *alias, const char *key_password, const char *cert_password, ckmc_pkcs12_s **pkcs12) +{ + int ret; + CKM::PKCS12ShPtr pkcs; + CKM::Password keyPass, certPass; + ckmc_key_s *private_key = NULL; + ckmc_cert_s *cert = NULL; + ckmc_cert_list_s *ca_cert_list = 0; + + if(!alias || !pkcs12) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + if (key_password) + keyPass = key_password; + + if (cert_password) + certPass = cert_password; + + auto mgr = CKM::Manager::create(); + + if((ret = mgr->getPKCS12(alias, keyPass, certPass, pkcs)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } + + if(!pkcs) + return CKMC_ERROR_BAD_RESPONSE; + + auto pkcsKey = pkcs->getKey(); + if(pkcsKey) + { + CKM::RawBuffer buffer = pkcsKey->getDER(); + ckmc_key_type_e keyType = static_cast(pkcsKey->getType()); + ret = ckmc_key_new(buffer.data(), buffer.size(), keyType, NULL, &private_key); + if(ret != CKMC_ERROR_NONE) + return ret; + } + + auto pkcsCert = pkcs->getCertificate(); + if(pkcsCert) + { + CKM::RawBuffer buffer = pkcsCert->getDER(); + ret = ckmc_cert_new(buffer.data(), buffer.size(), CKMC_FORM_DER, &cert); + if(ret != CKMC_ERROR_NONE) { + ckmc_key_free(private_key); + return ret; + } + } + + ca_cert_list = _toNewCkmCertList(pkcs->getCaCertificateShPtrVector()); + + ret = ckmc_pkcs12_new(private_key, cert, ca_cert_list, pkcs12); + if(ret != CKMC_ERROR_NONE) + { + ckmc_key_free(private_key); + ckmc_cert_free(cert); + ckmc_cert_list_free(ca_cert_list); + } + return ret; } + KEY_MANAGER_CAPI int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy) { - if(alias == NULL) { - return CKMC_ERROR_INPUT_PARAM; - } - CKM::Alias ckmAlias(alias); + if(alias == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + CKM::Alias ckmAlias(alias); + + if(data.data == NULL || data.size <= 0) { + return CKMC_ERROR_INVALID_PARAMETER; + } + CKM::RawBuffer buffer(data.data, data.data + data.size); - if(data.data == NULL || data.size <= 0) { - return CKMC_ERROR_INPUT_PARAM; - } - CKM::RawBuffer buffer(data.data, data.data + data.size); + CKM::Policy storePolicy(_tostring(policy.password), policy.extractable); - CKM::Policy storePolicy(_tostring(policy.password), policy.extractable, policy.restricted); + CKM::ManagerShPtr mgr = CKM::Manager::create(); + int ret = mgr->saveData(ckmAlias, buffer, storePolicy); - CKM::ManagerShPtr mgr = CKM::Manager::create(); - return mgr->saveData(ckmAlias, buffer, storePolicy); + return to_ckmc_error(ret); } KEY_MANAGER_CAPI int ckmc_remove_data(const char *alias) { - if(alias == NULL) { - return CKMC_ERROR_INPUT_PARAM; - } - CKM::Alias ckmAlias(alias); - - CKM::ManagerShPtr mgr = CKM::Manager::create(); - return mgr->removeData(ckmAlias); + return ckmc_remove_alias(alias); } KEY_MANAGER_CAPI int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **data) { - CKM::RawBuffer ckmBuff; - int ret; + CKM::RawBuffer ckmBuff; + int ret; - if(alias == NULL || data == NULL) { - return CKMC_ERROR_INPUT_PARAM; - } - CKM::Alias ckmAlias(alias); + if(alias == NULL || data == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - CKM::ManagerShPtr mgr = CKM::Manager::create(); - if( (ret = mgr->getData(ckmAlias, _tostring(password), ckmBuff)) != CKMC_SUCCESS) { - return ret; - } + CKM::ManagerShPtr mgr = CKM::Manager::create(); + if( (ret = mgr->getData(alias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } - unsigned char *rawBuff = reinterpret_cast(ckmBuff.data()); - ret = ckmc_buffer_new(rawBuff, ckmBuff.size(), data); + ret = ckmc_buffer_new(ckmBuff.data(), ckmBuff.size(), data); - return ret; + return ret; } KEY_MANAGER_CAPI int ckmc_get_data_alias_list(ckmc_alias_list_s** alias_list){ - int ret; - - if(alias_list == NULL) { - return CKMC_ERROR_INPUT_PARAM; - } - - CKM::AliasVector aliasVector; - CKM::ManagerShPtr mgr = CKM::Manager::create(); - if( (ret = mgr->getDataAliasVector(aliasVector)) != CKMC_SUCCESS) { - return ret; - } - - ckmc_alias_list_s *plist = NULL; - CKM::AliasVector::iterator it; - for(it = aliasVector.begin(); it != aliasVector.end(); it++) { - char *alias = (char *)malloc(it->size() + 1); - memset(alias, 0, it->size() +1 ); - memcpy(alias, it->c_str(), it->size()); - if(plist == NULL) { // first - ret = ckmc_alias_list_new(alias, &plist); - *alias_list = plist; // save the pointer of the first element - }else { - ret = ckmc_alias_list_add(plist, alias, &plist); - } - if(ret != CKMC_SUCCESS) { - ckmc_alias_list_all_free(*alias_list); - return ret; - } - } - - return CKMC_SUCCESS; + int ret; + + if(alias_list == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + *alias_list = NULL; + + CKM::AliasVector aliasVector; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + if( (ret = mgr->getDataAliasVector(aliasVector)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } + + ckmc_alias_list_s *plist = NULL; + + for (const auto it : aliasVector) { + char *alias = strndup(it.c_str(), it.size()); + + if (plist == NULL) { // first + ret = ckmc_alias_list_new(alias, &plist); + *alias_list = plist; // save the pointer of the first element + } else { + ret = ckmc_alias_list_add(plist, alias, &plist); + } + + if (ret != CKMC_ERROR_NONE) { + free(alias); + ckmc_alias_list_all_free(*alias_list); + return ret; + } + } + + if(plist == NULL) { // if the alias_list size is zero + return CKMC_ERROR_DB_ALIAS_UNKNOWN; + } + + return CKMC_ERROR_NONE; } KEY_MANAGER_CAPI int ckmc_create_key_pair_rsa(const size_t size, - const char *private_key_alias, - const char *public_key_alias, - const ckmc_policy_s policy_private_key, - const ckmc_policy_s policy_public_key) + const char *private_key_alias, + const char *public_key_alias, + const ckmc_policy_s policy_private_key, + const ckmc_policy_s policy_public_key) { - int ret; - CKM::ManagerShPtr mgr = CKM::Manager::create(); + int ret; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + + if(private_key_alias == NULL || public_key_alias == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - if(private_key_alias == NULL || public_key_alias == NULL) { - return CKMC_ERROR_INPUT_PARAM; - } + CKM::Alias ckmPrivakeKeyAlias(private_key_alias); + CKM::Alias ckmPublicKeyAlias(public_key_alias); + CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable); + CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable); - CKM::Alias ckmPrivakeKeyAlias(private_key_alias); - CKM::Alias ckmPublicKeyAlias(public_key_alias); - CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable, policy_private_key.restricted); - CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable, policy_public_key.restricted); + ret = mgr->createKeyPairRSA(static_cast(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy); + return to_ckmc_error(ret); +} + +KEY_MANAGER_CAPI +int ckmc_create_key_pair_dsa(const size_t size, + const char *private_key_alias, + const char *public_key_alias, + const ckmc_policy_s policy_private_key, + const ckmc_policy_s policy_public_key) +{ + int ret; + CKM::ManagerShPtr mgr = CKM::Manager::create(); - if( (ret = mgr->createKeyPairRSA(size, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy)) - != CKMC_SUCCESS) { - return ret; - } + if(private_key_alias == NULL || public_key_alias == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - return CKMC_SUCCESS; + CKM::Alias ckmPrivakeKeyAlias(private_key_alias); + CKM::Alias ckmPublicKeyAlias(public_key_alias); + CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable); + CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable); + + ret = mgr->createKeyPairDSA(static_cast(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy); + return to_ckmc_error(ret); } KEY_MANAGER_CAPI int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type, - const char *private_key_alias, - const char *public_key_alias, - const ckmc_policy_s policy_private_key, - const ckmc_policy_s policy_public_key) + const char *private_key_alias, + const char *public_key_alias, + const ckmc_policy_s policy_private_key, + const ckmc_policy_s policy_public_key) { - CKM::ManagerShPtr mgr = CKM::Manager::create(); + CKM::ManagerShPtr mgr = CKM::Manager::create(); - if(private_key_alias == NULL || public_key_alias == NULL) { - return CKMC_ERROR_INPUT_PARAM; - } + if(private_key_alias == NULL || public_key_alias == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - CKM::ElipticCurve ckmType = static_cast(static_cast(type)); - CKM::Alias ckmPrivakeKeyAlias(private_key_alias); - CKM::Alias ckmPublicKeyAlias(public_key_alias); - CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable, policy_private_key.restricted); - CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable, policy_public_key.restricted); + CKM::ElipticCurve ckmType = static_cast(static_cast(type)); + CKM::Alias ckmPrivakeKeyAlias(private_key_alias); + CKM::Alias ckmPublicKeyAlias(public_key_alias); + CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable); + CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable); - return mgr->createKeyPairECDSA(ckmType, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy); + int ret = mgr->createKeyPairECDSA(ckmType, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy); + return to_ckmc_error(ret); } KEY_MANAGER_CAPI -int ckmc_create_signature(const char *private_key_alias, - const char *password, - const ckmc_raw_buffer_s message, - const ckmc_hash_algo_e hash, - const ckmc_rsa_padding_algo_e padding, - ckmc_raw_buffer_s **signature) +int ckmc_create_key_aes(size_t size, + const char *key_alias, + ckmc_policy_s key_policy) { - int ret; - CKM::ManagerShPtr mgr = CKM::Manager::create(); - CKM::RawBuffer ckmSignature; + CKM::ManagerShPtr mgr = CKM::Manager::create(); - if(private_key_alias == NULL || signature == NULL) { - return CKMC_ERROR_INPUT_PARAM; - } + if(key_alias == NULL) + return CKMC_ERROR_INVALID_PARAMETER; - CKM::Alias ckmPrivakeKeyAlias(private_key_alias); - CKM::RawBuffer ckmMessage(message.data, message.data + message.size); - CKM::HashAlgorithm ckmHashAlgo = static_cast(static_cast(hash)); - CKM::RSAPaddingAlgorithm ckmPadding = static_cast(static_cast(padding)); + CKM::Alias ckmKeyAlias(key_alias); + CKM::Policy ckmKeyPolicy(_tostring(key_policy.password), key_policy.extractable); - if( (ret = mgr->createSignature( - ckmPrivakeKeyAlias, - _tostring(password), - ckmMessage, - ckmHashAlgo, - ckmPadding, - ckmSignature)) != CKMC_SUCCESS) { - return ret; - } - - unsigned char *rawBuff = reinterpret_cast(ckmSignature.data()); - ret = ckmc_buffer_new( rawBuff, ckmSignature.size(), signature); + int ret = mgr->createKeyAES(size, ckmKeyAlias, ckmKeyPolicy); + return to_ckmc_error(ret); +} - return ret; +KEY_MANAGER_CAPI +int ckmc_create_signature(const char *private_key_alias, + const char *password, + const ckmc_raw_buffer_s message, + const ckmc_hash_algo_e hash, + const ckmc_rsa_padding_algo_e padding, + ckmc_raw_buffer_s **signature) +{ + int ret; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + CKM::RawBuffer ckmSignature; + + if(private_key_alias == NULL || signature == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + CKM::Alias ckmPrivakeKeyAlias(private_key_alias); + CKM::RawBuffer ckmMessage(message.data, message.data + message.size); + CKM::HashAlgorithm ckmHashAlgo = static_cast(static_cast(hash)); + CKM::RSAPaddingAlgorithm ckmPadding = static_cast(static_cast(padding)); + + if( (ret = mgr->createSignature( + ckmPrivakeKeyAlias, + _tostring(password), + ckmMessage, + ckmHashAlgo, + ckmPadding, + ckmSignature)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } + + ret = ckmc_buffer_new( ckmSignature.data(), ckmSignature.size(), signature); + + return ret; } KEY_MANAGER_CAPI int ckmc_verify_signature(const char *public_key_alias, - const char *password, - const ckmc_raw_buffer_s message, - const ckmc_raw_buffer_s signature, - const ckmc_hash_algo_e hash, - const ckmc_rsa_padding_algo_e padding) -{ - int ret; - CKM::ManagerShPtr mgr = CKM::Manager::create(); - - if(public_key_alias == NULL) { - return CKMC_ERROR_INPUT_PARAM; - } - - CKM::Alias ckmPublicKeyAlias(public_key_alias); - CKM::RawBuffer ckmMessage(message.data, message.data + message.size); - CKM::RawBuffer ckmSignature(signature.data, signature.data + signature.size); - CKM::HashAlgorithm ckmHashAlgo = static_cast(static_cast(hash)); - CKM::RSAPaddingAlgorithm ckmPadding = static_cast(static_cast(padding)); - - if( (ret = mgr->verifySignature( - ckmPublicKeyAlias, - _tostring(password), - ckmMessage, - ckmSignature, - ckmHashAlgo, - ckmPadding)) != CKMC_SUCCESS) { - return ret; - } - - return CKMC_SUCCESS; + const char *password, + const ckmc_raw_buffer_s message, + const ckmc_raw_buffer_s signature, + const ckmc_hash_algo_e hash, + const ckmc_rsa_padding_algo_e padding) +{ + int ret; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + + if(public_key_alias == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + CKM::Alias ckmPublicKeyAlias(public_key_alias); + CKM::RawBuffer ckmMessage(message.data, message.data + message.size); + CKM::RawBuffer ckmSignature(signature.data, signature.data + signature.size); + CKM::HashAlgorithm ckmHashAlgo = static_cast(static_cast(hash)); + CKM::RSAPaddingAlgorithm ckmPadding = static_cast(static_cast(padding)); + + if( (ret = mgr->verifySignature( + ckmPublicKeyAlias, + _tostring(password), + ckmMessage, + ckmSignature, + ckmHashAlgo, + ckmPadding)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } + + return CKMC_ERROR_NONE; } KEY_MANAGER_CAPI int ckmc_get_cert_chain(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list) { - int ret; - CKM::ManagerShPtr mgr = CKM::Manager::create(); - CKM::CertificateShPtrVector ckmCertChain; - - if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) { - return CKMC_ERROR_INPUT_PARAM; - } + int ret; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + CKM::CertificateShPtrVector ckmCertChain; - CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert); + if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - CKM::CertificateShPtrVector ckmUntrustedCerts; - if(untrustedcerts != NULL) { - ckmc_cert_list_s *current = NULL; - ckmc_cert_list_s *next = const_cast(untrustedcerts); - do { - current = next; - next = current->next; - - if(current->cert == NULL){ - continue; - } + CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert); - CKM::CertificateShPtr tmpCkmCert = _toCkmCertificate(current->cert); - ckmUntrustedCerts.push_back(tmpCkmCert); - }while(next != NULL); - } + CKM::CertificateShPtrVector ckmUntrustedCerts = _toCkmCertificateVector(untrustedcerts); - ret = mgr->getCertificateChain(ckmCert, ckmUntrustedCerts, ckmCertChain); - if( ret != CKMC_SUCCESS) { - return ret; - } + ret = mgr->getCertificateChain(ckmCert, ckmUntrustedCerts, EMPTY_CERT_VECTOR, true, ckmCertChain); + if( ret != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } - *cert_chain_list = _toNewCkmCertList(ckmCertChain); + *cert_chain_list = _toNewCkmCertList(ckmCertChain); - return CKMC_SUCCESS; + return CKMC_ERROR_NONE; } KEY_MANAGER_CAPI int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list) { - int ret; - CKM::ManagerShPtr mgr = CKM::Manager::create(); - CKM::CertificateShPtrVector ckmCertChain; + int ret; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + CKM::CertificateShPtrVector ckmCertChain; - if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) { - return CKMC_ERROR_INPUT_PARAM; - } + if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert); - if(ckmCert.get() == NULL) { - return CKMC_ERROR_INVALID_FORMAT; - } + if(ckmCert.get() == NULL) { + return CKMC_ERROR_INVALID_FORMAT; + } - CKM::AliasVector ckmUntrustedAliases; - if(untrustedcerts != NULL) { - ckmc_alias_list_s *current = NULL; - ckmc_alias_list_s *next = const_cast(untrustedcerts); - do { - current = next; - next = current->next; + CKM::AliasVector ckmUntrustedAliases = _toCkmAliasVector(untrustedcerts); - if(current->alias == NULL){ - return CKMC_ERROR_INPUT_PARAM; - } - CKM::Alias ckmAlias(current->alias); - ckmUntrustedAliases.push_back(ckmAlias); - }while(next != NULL); - } + ret = mgr->getCertificateChain(ckmCert, ckmUntrustedAliases, EMPTY_ALIAS_VECTOR, true, ckmCertChain); + if( ret != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } - if( (ret = mgr->getCertificateChain(ckmCert, ckmUntrustedAliases, ckmCertChain)) != CKMC_SUCCESS) { - return ret; - } + *cert_chain_list = _toNewCkmCertList(ckmCertChain); - *cert_chain_list = _toNewCkmCertList(ckmCertChain); + return CKMC_ERROR_NONE; +} + +KEY_MANAGER_CAPI +int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s* cert, + const ckmc_cert_list_s* untrustedcerts, + const ckmc_cert_list_s* trustedcerts, + const bool sys_certs, + ckmc_cert_list_s** ppcert_chain_list) +{ + int ret; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + CKM::CertificateShPtrVector ckm_cert_chain; - return CKMC_SUCCESS; + if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + CKM::CertificateShPtr ckm_cert = _toCkmCertificate(cert); + if(ckm_cert.get() == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + CKM::CertificateShPtrVector ckm_untrusted = _toCkmCertificateVector(untrustedcerts); + CKM::CertificateShPtrVector ckm_trusted = _toCkmCertificateVector(trustedcerts); + + ret = mgr->getCertificateChain(ckm_cert, ckm_untrusted, ckm_trusted, sys_certs, ckm_cert_chain); + if( ret != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } + + *ppcert_chain_list = _toNewCkmCertList(ckm_cert_chain); + + return CKMC_ERROR_NONE; } +KEY_MANAGER_CAPI +int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status) +{ + if (pcert_chain_list == NULL + || pcert_chain_list->cert == NULL + || pcert_chain_list->cert->raw_cert == NULL + || pcert_chain_list->cert->cert_size <= 0 + || ocsp_status == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + int tmpOcspStatus = -1; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + CKM::CertificateShPtrVector ckmCertChain = _toCkmCertificateVector(pcert_chain_list); + + int ret = mgr->ocspCheck(ckmCertChain, tmpOcspStatus); + *ocsp_status = to_ckmc_ocsp_status(tmpOcspStatus); + return to_ckmc_error(ret); +} + +KEY_MANAGER_CAPI +int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted) +{ + int ec, permissionMask; + ec = access_to_permission_mask(granted, permissionMask); + if(ec != CKMC_ERROR_NONE) + return ec; + + return ckmc_set_permission(alias, accessor, permissionMask); +} + +KEY_MANAGER_CAPI +int ckmc_set_permission(const char *alias, const char *accessor, int permissions) +{ + if (!alias || !accessor) + return CKMC_ERROR_INVALID_PARAMETER; + + CKM::ManagerShPtr mgr = CKM::Manager::create(); + return to_ckmc_error(mgr->setPermission(alias, accessor, permissions)); +} + +KEY_MANAGER_CAPI +int ckmc_deny_access(const char *alias, const char *accessor) +{ + if (!alias || !accessor) + return CKMC_ERROR_INVALID_PARAMETER; + + CKM::ManagerShPtr mgr = CKM::Manager::create(); + return to_ckmc_error(mgr->setPermission(alias, accessor, CKM::Permission::NONE)); +} + +KEY_MANAGER_CAPI +int ckmc_remove_alias(const char *alias) +{ + if(!alias) + return CKMC_ERROR_INVALID_PARAMETER; + + CKM::ManagerShPtr mgr = CKM::Manager::create(); + int ret = mgr->removeAlias(alias); + return to_ckmc_error(ret); +} + +KEY_MANAGER_CAPI +int ckmc_encrypt_data(ckmc_param_list_h params, + const char *key_alias, + const char *password, + const ckmc_raw_buffer_s decrypted, + ckmc_raw_buffer_s **ppencrypted) +{ + return _cryptoOperation(&CKM::Manager::encrypt, + params, + key_alias, + password, + decrypted, + ppencrypted); +} + +KEY_MANAGER_CAPI +int ckmc_decrypt_data(ckmc_param_list_h params, + const char *key_alias, + const char *password, + const ckmc_raw_buffer_s encrypted, + ckmc_raw_buffer_s **ppdecrypted) +{ + return _cryptoOperation(&CKM::Manager::decrypt, + params, + key_alias, + password, + encrypted, + ppdecrypted); +}