X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=src%2Fmanager%2Fclient-capi%2Fckmc-manager.cpp;h=c9981718201283786a334058f5ae1d6299bb0404;hb=2bfa145a913315ec91142d21411e4328f03631cc;hp=d271a0c95ab85d2bbb442f42d24dd01f25b00156;hpb=03f691c79557d72d28fdc093abca26868a1eaea7;p=platform%2Fcore%2Fsecurity%2Fkey-manager.git diff --git a/src/manager/client-capi/ckmc-manager.cpp b/src/manager/client-capi/ckmc-manager.cpp index d271a0c..c998171 100644 --- a/src/manager/client-capi/ckmc-manager.cpp +++ b/src/manager/client-capi/ckmc-manager.cpp @@ -25,529 +25,878 @@ #include #include #include +#include +#include #include +#include -bool _toBool(ckm_bool ckmBool) +namespace { - if(ckmBool == CKM_TRUE) { - return true; - } - return false; +const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR; +const CKM::AliasVector EMPTY_ALIAS_VECTOR; + +CKM::Password _tostring(const char *str) +{ + if(str == NULL) + return CKM::Password(); + return CKM::Password(str); } -std::string _tostring(const char *str) +CKM::KeyShPtr _toCkmKey(const ckmc_key_s *key) { - if(str == NULL) - return std::string(); - return std::string(str); + if(key) + { + CKM::RawBuffer buffer(key->raw_key, key->raw_key + key->key_size); + return CKM::Key::create(buffer, _tostring(key->password)); + } + return CKM::KeyShPtr(); } -CKM::Certificate _toCkmCertificate(const ckm_cert *cert) +CKM::CertificateShPtr _toCkmCertificate(const ckmc_cert_s *cert) { - CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size); - CKM::DataFormat dataFormat = static_cast(static_cast(cert->data_format)); - CKM::Certificate ckmCert(buffer, dataFormat); - return ckmCert; + if(cert) + { + CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size); + CKM::DataFormat dataFormat = static_cast(static_cast(cert->data_format)); + return CKM::Certificate::create(buffer, dataFormat); + } + return CKM::CertificateShPtr(); } -ckm_cert_list *_toNewCkmCertList(CKM::CertificateVector &certVector) +CKM::CertificateShPtrVector _toCkmCertificateVector(const ckmc_cert_list_s *list) { - ckm_cert_list *start = NULL; - ckm_cert_list *plist = NULL; - CKM::CertificateVector::iterator it; - for(it = certVector.begin(); it != certVector.end(); it++) { - CKM::RawBuffer rawBuffer = it->getDER(); - unsigned char *rawCert = reinterpret_cast(rawBuffer.data()); - ckm_cert *pcert = ckm_cert_new( rawCert, rawBuffer.size(), CKM_FORM_DER); - if(pcert == NULL) { - return NULL; - } - if(plist == NULL) { - plist = ckm_cert_list_new(pcert); - start = plist; // save the pointer of the first element - }else { - plist = ckm_cert_list_add(plist, pcert); - } - } - return start; + CKM::CertificateShPtrVector certs; + ckmc_cert_list_s *current = const_cast(list); + while (current != NULL) + { + if (current->cert != NULL) + certs.push_back(_toCkmCertificate(current->cert)); + current = current->next; + } + return certs; } -KEY_MANAGER_CAPI -int ckm_save_key(const char *alias, const ckm_key key, const ckm_policy policy) +CKM::AliasVector _toCkmAliasVector(const ckmc_alias_list_s *list) +{ + CKM::AliasVector aliases; + ckmc_alias_list_s *current = const_cast(list); + while (current != NULL) + { + if (current->alias != NULL) + aliases.push_back(CKM::Alias(current->alias)); + current = current->next; + } + return aliases; +} + +ckmc_cert_list_s *_toNewCkmCertList(const CKM::CertificateShPtrVector &certVector) { - CKM::Manager mgr; + int ret; + ckmc_cert_list_s *start = NULL; + ckmc_cert_list_s *plist = NULL; + for(const auto &e : certVector) { + CKM::RawBuffer rawBuffer = e->getDER(); + ckmc_cert_s *pcert = NULL; + ret = ckmc_cert_new(rawBuffer.data(), rawBuffer.size(), CKMC_FORM_DER, &pcert); + if(pcert == NULL) { + ckmc_cert_list_all_free(start); + return NULL; + } + if(plist == NULL) { + ret = ckmc_cert_list_new(pcert, &plist); + start = plist; // save the pointer of the first element + }else { + ret = ckmc_cert_list_add(plist, pcert, &plist); + } + if(ret != CKMC_ERROR_NONE) { + ckmc_cert_list_all_free(start); + return NULL; + } + } + return start; +} - if(alias == NULL) { - return CKM_API_ERROR_INPUT_PARAM; - } - CKM::Alias ckmAlias(alias); +typedef int (CKM::Manager::*cryptoFn)(const CKM::CryptoAlgorithm&, + const CKM::Alias&, + const CKM::Password&, + const CKM::RawBuffer&, + CKM::RawBuffer&); + +int _cryptoOperation(cryptoFn operation, + ckmc_param_list_h params, + const char *key_alias, + const char *password, + const ckmc_raw_buffer_s in, + ckmc_raw_buffer_s **ppout) +{ + if(!params || !key_alias || !ppout) + return CKMC_ERROR_INVALID_PARAMETER; - if(key.raw_key == NULL || key.key_size <= 0) { - return CKM_API_ERROR_INPUT_PARAM; - } - CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size); - CKM::Key ckmKey(buffer, _tostring(key.password)); + // params + const CKM::CryptoAlgorithm* ca = reinterpret_cast(params); - if(ckmKey.getDER().size() <= 0) { - return CKM_API_ERROR_INVALID_FORMAT; - } + // password + CKM::Password pass; + if (password) + pass = password; - CKM::Policy storePolicy(_tostring(policy.password), _toBool(policy.extractable), _toBool(policy.restricted)); + // buffers + CKM::RawBuffer inBuffer(in.data, in.data + in.size); + CKM::RawBuffer outBuffer; + + // operation + CKM::ManagerShPtr mgr = CKM::Manager::create(); + int ret = ((*mgr).*operation)(*ca, key_alias, pass, inBuffer, outBuffer); + if (ret != CKM_API_SUCCESS) + return to_ckmc_error(ret); + + return ckmc_buffer_new(outBuffer.data(), outBuffer.size(), ppout); +} - return mgr.saveKey(ckmAlias, ckmKey, storePolicy); } KEY_MANAGER_CAPI -int ckm_remove_key(const char *alias) +int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy) { - CKM::Manager mgr; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + + if(alias == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + CKM::Alias ckmAlias(alias); + + if(key.raw_key == NULL || key.key_size <= 0) { + return CKMC_ERROR_INVALID_PARAMETER; + } + CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size); + + CKM::KeyShPtr ckmKey; + if(key.key_type == CKMC_KEY_AES) + { + if(key.password) + return CKMC_ERROR_INVALID_PARAMETER; + ckmKey = CKM::Key::createAES(buffer); + } + else + ckmKey = CKM::Key::create(buffer, _tostring(key.password)); + if(ckmKey.get() == NULL) { + return CKMC_ERROR_INVALID_FORMAT; + } + + CKM::Policy storePolicy(_tostring(policy.password), policy.extractable); + + int ret = mgr->saveKey(ckmAlias, ckmKey, storePolicy); + return to_ckmc_error(ret); +} - if(alias == NULL) { - return CKM_API_ERROR_INPUT_PARAM; - } - CKM::Alias ckmAlias(alias); - return mgr.removeKey(ckmAlias); +KEY_MANAGER_CAPI +int ckmc_remove_key(const char *alias) +{ + return ckmc_remove_alias(alias); } KEY_MANAGER_CAPI -int ckm_get_key(const char *alias, const char *password, ckm_key **key) +int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **key) { - int ret; - CKM::Key ckmKey; + int ret; + CKM::KeyShPtr ckmKey; + + if(alias == NULL || key == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - if(alias == NULL || key == NULL) { - return CKM_API_ERROR_INPUT_PARAM; - } - CKM::Alias ckmAlias(alias); + CKM::ManagerShPtr mgr = CKM::Manager::create(); + if( (ret = mgr->getKey(alias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } - CKM::Manager mgr; - if( (ret = mgr.getKey(ckmAlias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) { - return ret; - } + CKM::RawBuffer buffer = ckmKey->getDER(); + ckmc_key_type_e keyType = static_cast(static_cast(ckmKey->getType())); - unsigned char *rawKey = reinterpret_cast(ckmKey.getDER().data()); - ckm_key_type keyType = static_cast(static_cast(ckmKey.getType())); - *key = ckm_key_new( rawKey, ckmKey.getDER().size(), keyType, NULL); - if(*key == NULL) { - return CKM_API_ERROR_OUT_OF_MEMORY; - }else { - return CKM_API_SUCCESS; - } + ret = ckmc_key_new( buffer.data(), buffer.size(), keyType, NULL, key); + + return to_ckmc_error(ret); } KEY_MANAGER_CAPI -int ckm_get_key_alias_list(ckm_alias_list** alias_list) +int ckmc_get_key_alias_list(ckmc_alias_list_s** alias_list) { - int ret; - CKM::Key ckmKey; + int ret; + + if (alias_list == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + CKM::AliasVector aliasVector; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + + if ((ret = mgr->getKeyAliasVector(aliasVector)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } - if(alias_list == NULL) { - return CKM_API_ERROR_INPUT_PARAM; - } + ckmc_alias_list_s *plist = NULL; - CKM::AliasVector aliasVector; - CKM::Manager mgr; - if( (ret = mgr.getKeyAliasVector(aliasVector)) != CKM_API_SUCCESS) { - return ret; - } + for (const auto it : aliasVector) { + char *alias = strndup(it.c_str(), it.size()); - ckm_alias_list *plist = NULL; - CKM::AliasVector::iterator it; - for(it = aliasVector.begin(); it != aliasVector.end(); it++) { - if(plist == NULL) { // first - plist = ckm_alias_list_new(const_cast(it->c_str())); - *alias_list = plist; // save the pointer of the first element - }else { - plist = ckm_alias_list_add(plist, const_cast(it->c_str())); - } - } + if (plist == NULL) { // first + ret = ckmc_alias_list_new(alias, &plist); + *alias_list = plist; // save the pointer of the first element + } else { + ret = ckmc_alias_list_add(plist, alias, &plist); + } - return CKM_API_SUCCESS; + if (ret != CKMC_ERROR_NONE) { + free(alias); + ckmc_alias_list_all_free(*alias_list); + return ret; + } + } + + if(plist == NULL) { // if the alias_list size is zero + return CKMC_ERROR_DB_ALIAS_UNKNOWN; + } + + return CKMC_ERROR_NONE; } KEY_MANAGER_CAPI -int ckm_save_cert(const char *alias, const ckm_cert cert, const ckm_policy policy) +int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy) { - if(alias == NULL) { - return CKM_API_ERROR_INPUT_PARAM; - } - CKM::Alias ckmAlias(alias); + if(alias == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + CKM::Alias ckmAlias(alias); - if(cert.raw_cert == NULL || cert.cert_size <= 0) { - return CKM_API_ERROR_INPUT_PARAM; - } - CKM::Certificate ckmCert = _toCkmCertificate(&cert); - if(ckmCert.getDER().size() <= 0) { - return CKM_API_ERROR_INVALID_FORMAT; - } + if(cert.raw_cert == NULL || cert.cert_size <= 0) { + return CKMC_ERROR_INVALID_PARAMETER; + } + CKM::CertificateShPtr ckmCert = _toCkmCertificate(&cert); + if(ckmCert.get() == NULL) { + return CKMC_ERROR_INVALID_FORMAT; + } - CKM::Policy storePolicy(_tostring(policy.password), _toBool(policy.extractable), _toBool(policy.restricted)); + CKM::Policy storePolicy(_tostring(policy.password), policy.extractable); - CKM::Manager mgr; - return mgr.saveCertificate(ckmAlias, ckmCert, storePolicy); + CKM::ManagerShPtr mgr = CKM::Manager::create(); + int ret = mgr->saveCertificate(ckmAlias, ckmCert, storePolicy); + + return to_ckmc_error(ret); } KEY_MANAGER_CAPI -int ckm_remove_cert(const char *alias) +int ckmc_remove_cert(const char *alias) { - if(alias == NULL) { - return CKM_API_ERROR_INPUT_PARAM; - } - CKM::Alias ckmAlias(alias); - - CKM::Manager mgr; - return mgr.removeCertificate(ckmAlias); + return ckmc_remove_alias(alias); } KEY_MANAGER_CAPI -int ckm_get_cert(const char *alias, const char *password, const ckm_cert **cert) +int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **cert) { - CKM::Certificate ckmCert; - int ret; + CKM::CertificateShPtr ckmCert; + int ret; - if(alias == NULL || cert == NULL) { - return CKM_API_ERROR_INPUT_PARAM; - } - CKM::Alias ckmAlias(alias); + if(alias == NULL || cert == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - CKM::Manager mgr; - if( (ret = mgr.getCertificate(ckmAlias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) { - return ret; - } + CKM::ManagerShPtr mgr = CKM::Manager::create(); + if( (ret = mgr->getCertificate(alias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } - unsigned char *rawCert = reinterpret_cast(ckmCert.getDER().data()); - *cert = ckm_cert_new( rawCert, ckmCert.getDER().size(), CKM_FORM_DER); - if(*cert == NULL) { - return CKM_API_ERROR_OUT_OF_MEMORY; - }else { - return CKM_API_SUCCESS; - } + CKM::RawBuffer buffer = ckmCert->getDER(); + ret = ckmc_cert_new( buffer.data(), buffer.size(), CKMC_FORM_DER, cert); + + return ret; } KEY_MANAGER_CAPI -int ckm_get_cert_alias_list(ckm_alias_list** alias_list) { - int ret; - CKM::Key ckmKey; - - if(alias_list == NULL) { - return CKM_API_ERROR_INPUT_PARAM; - } - - CKM::AliasVector aliasVector; - CKM::Manager mgr; - if( (ret = mgr.getCertificateAliasVector(aliasVector)) != CKM_API_SUCCESS) { - return ret; - } - - ckm_alias_list *plist = NULL; - CKM::AliasVector::iterator it; - for(it = aliasVector.begin(); it != aliasVector.end(); it++) { - if(plist == NULL) { // first - plist = ckm_alias_list_new(const_cast(it->c_str())); - *alias_list = plist; // save the pointer of the first element - }else { - plist = ckm_alias_list_add(plist, const_cast(it->c_str())); - } - } - - return CKM_API_SUCCESS; +int ckmc_get_cert_alias_list(ckmc_alias_list_s** alias_list) { + int ret; + + if (alias_list == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + *alias_list = NULL; + + CKM::AliasVector aliasVector; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + if ((ret = mgr->getCertificateAliasVector(aliasVector)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } + + ckmc_alias_list_s *plist = NULL; + + for (const auto it : aliasVector) { + char *alias = strndup(it.c_str(), it.size()); + + if (plist == NULL) { // first + ret = ckmc_alias_list_new(alias, &plist); + *alias_list = plist; // save the pointer of the first element + } else { + ret = ckmc_alias_list_add(plist, alias, &plist); + } + + if (ret != CKMC_ERROR_NONE) { + free(alias); + ckmc_alias_list_all_free(*alias_list); + return ret; + } + } + + if(plist == NULL) { // if the alias_list size is zero + return CKMC_ERROR_DB_ALIAS_UNKNOWN; + } + + return CKMC_ERROR_NONE; } KEY_MANAGER_CAPI -int ckm_save_data(const char *alias, ckm_raw_buffer data, const ckm_policy policy) +int ckmc_save_pkcs12(const char *alias, const ckmc_pkcs12_s *ppkcs, const ckmc_policy_s key_policy, const ckmc_policy_s cert_policy) { - if(alias == NULL) { - return CKM_API_ERROR_INPUT_PARAM; - } - CKM::Alias ckmAlias(alias); + CKM::KeyShPtr private_key; + CKM::CertificateShPtr cert; + CKM::CertificateShPtrVector ca_cert_list; + + if(alias==NULL || ppkcs==NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + CKM::Alias ckmAlias(alias); + private_key = _toCkmKey(ppkcs->priv_key); + cert = _toCkmCertificate(ppkcs->cert); + ca_cert_list = _toCkmCertificateVector(ppkcs->ca_chain); - if(data.data == NULL || data.size <= 0) { - return CKM_API_ERROR_INPUT_PARAM; - } - CKM::RawBuffer buffer(data.data, data.data + data.size); + CKM::Policy keyPolicy(_tostring(key_policy.password), key_policy.extractable); + CKM::Policy certPolicy(_tostring(cert_policy.password), cert_policy.extractable); - CKM::Policy storePolicy(_tostring(policy.password), _toBool(policy.extractable), _toBool(policy.restricted)); + CKM::PKCS12ShPtr pkcs12(new CKM::PKCS12Impl(private_key, cert, ca_cert_list)); - CKM::Manager mgr; - return mgr.saveData(ckmAlias, buffer, storePolicy); + CKM::ManagerShPtr mgr = CKM::Manager::create(); + int ret = mgr->savePKCS12(ckmAlias, pkcs12, keyPolicy, certPolicy); + + return to_ckmc_error(ret); } KEY_MANAGER_CAPI -int ckm_remove_data(const char *alias) +int ckmc_get_pkcs12(const char *alias, const char *key_password, const char *cert_password, ckmc_pkcs12_s **pkcs12) { - if(alias == NULL) { - return CKM_API_ERROR_INPUT_PARAM; - } - CKM::Alias ckmAlias(alias); + int ret; + CKM::PKCS12ShPtr pkcs; + CKM::Password keyPass, certPass; + ckmc_key_s *private_key = NULL; + ckmc_cert_s *cert = NULL; + ckmc_cert_list_s *ca_cert_list = 0; + + if(!alias || !pkcs12) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + if (key_password) + keyPass = key_password; + + if (cert_password) + certPass = cert_password; + + auto mgr = CKM::Manager::create(); + + if((ret = mgr->getPKCS12(alias, keyPass, certPass, pkcs)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } + + if(!pkcs) + return CKMC_ERROR_BAD_RESPONSE; + + auto pkcsKey = pkcs->getKey(); + if(pkcsKey) + { + CKM::RawBuffer buffer = pkcsKey->getDER(); + ckmc_key_type_e keyType = static_cast(pkcsKey->getType()); + ret = ckmc_key_new(buffer.data(), buffer.size(), keyType, NULL, &private_key); + if(ret != CKMC_ERROR_NONE) + return ret; + } + + auto pkcsCert = pkcs->getCertificate(); + if(pkcsCert) + { + CKM::RawBuffer buffer = pkcsCert->getDER(); + ret = ckmc_cert_new(buffer.data(), buffer.size(), CKMC_FORM_DER, &cert); + if(ret != CKMC_ERROR_NONE) { + ckmc_key_free(private_key); + return ret; + } + } + + ca_cert_list = _toNewCkmCertList(pkcs->getCaCertificateShPtrVector()); + + ret = ckmc_pkcs12_new(private_key, cert, ca_cert_list, pkcs12); + if(ret != CKMC_ERROR_NONE) + { + ckmc_key_free(private_key); + ckmc_cert_free(cert); + ckmc_cert_list_free(ca_cert_list); + } + return ret; +} + + +KEY_MANAGER_CAPI +int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy) +{ + if(alias == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + CKM::Alias ckmAlias(alias); + + if(data.data == NULL || data.size <= 0) { + return CKMC_ERROR_INVALID_PARAMETER; + } + CKM::RawBuffer buffer(data.data, data.data + data.size); + + CKM::Policy storePolicy(_tostring(policy.password), policy.extractable); + + CKM::ManagerShPtr mgr = CKM::Manager::create(); + int ret = mgr->saveData(ckmAlias, buffer, storePolicy); + + return to_ckmc_error(ret); +} - CKM::Manager mgr; - return mgr.removeData(ckmAlias); +KEY_MANAGER_CAPI +int ckmc_remove_data(const char *alias) +{ + return ckmc_remove_alias(alias); } KEY_MANAGER_CAPI -int ckm_get_data(const char *alias, const char *password, ckm_raw_buffer **data) +int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **data) { - CKM::RawBuffer ckmBuff; - int ret; + CKM::RawBuffer ckmBuff; + int ret; + + if(alias == NULL || data == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + CKM::ManagerShPtr mgr = CKM::Manager::create(); + if( (ret = mgr->getData(alias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } + + ret = ckmc_buffer_new(ckmBuff.data(), ckmBuff.size(), data); + + return ret; +} + +KEY_MANAGER_CAPI +int ckmc_get_data_alias_list(ckmc_alias_list_s** alias_list){ + int ret; + + if(alias_list == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + *alias_list = NULL; + + CKM::AliasVector aliasVector; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + if( (ret = mgr->getDataAliasVector(aliasVector)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } + + ckmc_alias_list_s *plist = NULL; + + for (const auto it : aliasVector) { + char *alias = strndup(it.c_str(), it.size()); + + if (plist == NULL) { // first + ret = ckmc_alias_list_new(alias, &plist); + *alias_list = plist; // save the pointer of the first element + } else { + ret = ckmc_alias_list_add(plist, alias, &plist); + } - if(alias == NULL || data == NULL) { - return CKM_API_ERROR_INPUT_PARAM; - } - CKM::Alias ckmAlias(alias); + if (ret != CKMC_ERROR_NONE) { + free(alias); + ckmc_alias_list_all_free(*alias_list); + return ret; + } + } - CKM::Manager mgr; - if( (ret = mgr.getData(ckmAlias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) { - return ret; - } + if(plist == NULL) { // if the alias_list size is zero + return CKMC_ERROR_DB_ALIAS_UNKNOWN; + } - unsigned char *rawBuff = reinterpret_cast(ckmBuff.data()); - *data = ckm_buffer_new( rawBuff, ckmBuff.size()); - if(*data == NULL) { - return CKM_API_ERROR_OUT_OF_MEMORY; - }else { - return CKM_API_SUCCESS; - } + return CKMC_ERROR_NONE; } KEY_MANAGER_CAPI -int ckm_get_data_alias_list(ckm_alias_list** alias_list){ - int ret; - CKM::Key ckmKey; - - if(alias_list == NULL) { - return CKM_API_ERROR_INPUT_PARAM; - } - - CKM::AliasVector aliasVector; - CKM::Manager mgr; - if( (ret = mgr.getDataAliasVector(aliasVector)) != CKM_API_SUCCESS) { - return ret; - } - - ckm_alias_list *plist = NULL; - CKM::AliasVector::iterator it; - for(it = aliasVector.begin(); it != aliasVector.end(); it++) { - if(plist == NULL) { // first - plist = ckm_alias_list_new(const_cast(it->c_str())); - *alias_list = plist; // save the pointer of the first element - }else { - plist = ckm_alias_list_add(plist, const_cast(it->c_str())); - } - } - - return CKM_API_SUCCESS; +int ckmc_create_key_pair_rsa(const size_t size, + const char *private_key_alias, + const char *public_key_alias, + const ckmc_policy_s policy_private_key, + const ckmc_policy_s policy_public_key) +{ + int ret; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + + if(private_key_alias == NULL || public_key_alias == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + CKM::Alias ckmPrivakeKeyAlias(private_key_alias); + CKM::Alias ckmPublicKeyAlias(public_key_alias); + CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable); + CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable); + + ret = mgr->createKeyPairRSA(static_cast(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy); + return to_ckmc_error(ret); } KEY_MANAGER_CAPI -int ckm_create_key_pair_rsa(const size_t size, - const char *private_key_alias, - const char *public_key_alias, - const ckm_policy policy_private_key, - const ckm_policy policy_public_key) +int ckmc_create_key_pair_dsa(const size_t size, + const char *private_key_alias, + const char *public_key_alias, + const ckmc_policy_s policy_private_key, + const ckmc_policy_s policy_public_key) { - int ret; - CKM::Manager mgr; + int ret; + CKM::ManagerShPtr mgr = CKM::Manager::create(); - if(private_key_alias == NULL || public_key_alias == NULL) { - return CKM_API_ERROR_INPUT_PARAM; - } + if(private_key_alias == NULL || public_key_alias == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - CKM::Alias ckmPrivakeKeyAlias(private_key_alias); - CKM::Alias ckmPublicKeyAlias(public_key_alias); - CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), _toBool(policy_private_key.extractable), _toBool(policy_private_key.restricted)); - CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), _toBool(policy_public_key.extractable), _toBool(policy_public_key.restricted)); + CKM::Alias ckmPrivakeKeyAlias(private_key_alias); + CKM::Alias ckmPublicKeyAlias(public_key_alias); + CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable); + CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable); - if( (ret = mgr.createKeyPairRSA(size, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy)) - != CKM_API_SUCCESS) { - return ret; - } + ret = mgr->createKeyPairDSA(static_cast(size), ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy); + return to_ckmc_error(ret); +} + +KEY_MANAGER_CAPI +int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type, + const char *private_key_alias, + const char *public_key_alias, + const ckmc_policy_s policy_private_key, + const ckmc_policy_s policy_public_key) +{ + CKM::ManagerShPtr mgr = CKM::Manager::create(); - return CKM_API_SUCCESS; + if(private_key_alias == NULL || public_key_alias == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + CKM::ElipticCurve ckmType = static_cast(static_cast(type)); + CKM::Alias ckmPrivakeKeyAlias(private_key_alias); + CKM::Alias ckmPublicKeyAlias(public_key_alias); + CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), policy_private_key.extractable); + CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), policy_public_key.extractable); + + int ret = mgr->createKeyPairECDSA(ckmType, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy); + return to_ckmc_error(ret); } KEY_MANAGER_CAPI -int ckm_create_key_pair_ecdsa(const ckm_ec_type type, - const char *private_key_alias, - const char *public_key_alias, - const ckm_policy policy_private_key, - const ckm_policy policy_public_key) +int ckmc_create_key_aes(size_t size, + const char *key_alias, + ckmc_policy_s key_policy) { - int ret; - CKM::Manager mgr; + CKM::ManagerShPtr mgr = CKM::Manager::create(); - if(private_key_alias == NULL || public_key_alias == NULL) { - return CKM_API_ERROR_INPUT_PARAM; - } + if(key_alias == NULL) + return CKMC_ERROR_INVALID_PARAMETER; - CKM::ElipticCurve ckmType = static_cast(static_cast(type)); - CKM::Alias ckmPrivakeKeyAlias(private_key_alias); - CKM::Alias ckmPublicKeyAlias(public_key_alias); - CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), _toBool(policy_private_key.extractable), _toBool(policy_private_key.restricted)); - CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), _toBool(policy_public_key.extractable), _toBool(policy_public_key.restricted)); + CKM::Alias ckmKeyAlias(key_alias); + CKM::Policy ckmKeyPolicy(_tostring(key_policy.password), key_policy.extractable); + + int ret = mgr->createKeyAES(size, ckmKeyAlias, ckmKeyPolicy); + return to_ckmc_error(ret); +} - if( (ret - mgr.createKeyPairECDSA(ckmType, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy)) - != CKM_API_SUCCESS) { - return ret; - } +KEY_MANAGER_CAPI +int ckmc_create_signature(const char *private_key_alias, + const char *password, + const ckmc_raw_buffer_s message, + const ckmc_hash_algo_e hash, + const ckmc_rsa_padding_algo_e padding, + ckmc_raw_buffer_s **signature) +{ + int ret; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + CKM::RawBuffer ckmSignature; + + if(private_key_alias == NULL || signature == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + CKM::Alias ckmPrivakeKeyAlias(private_key_alias); + CKM::RawBuffer ckmMessage(message.data, message.data + message.size); + CKM::HashAlgorithm ckmHashAlgo = static_cast(static_cast(hash)); + CKM::RSAPaddingAlgorithm ckmPadding = static_cast(static_cast(padding)); + + if( (ret = mgr->createSignature( + ckmPrivakeKeyAlias, + _tostring(password), + ckmMessage, + ckmHashAlgo, + ckmPadding, + ckmSignature)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } + + ret = ckmc_buffer_new( ckmSignature.data(), ckmSignature.size(), signature); + + return ret; +} - return CKM_API_SUCCESS; +KEY_MANAGER_CAPI +int ckmc_verify_signature(const char *public_key_alias, + const char *password, + const ckmc_raw_buffer_s message, + const ckmc_raw_buffer_s signature, + const ckmc_hash_algo_e hash, + const ckmc_rsa_padding_algo_e padding) +{ + int ret; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + + if(public_key_alias == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + CKM::Alias ckmPublicKeyAlias(public_key_alias); + CKM::RawBuffer ckmMessage(message.data, message.data + message.size); + CKM::RawBuffer ckmSignature(signature.data, signature.data + signature.size); + CKM::HashAlgorithm ckmHashAlgo = static_cast(static_cast(hash)); + CKM::RSAPaddingAlgorithm ckmPadding = static_cast(static_cast(padding)); + + if( (ret = mgr->verifySignature( + ckmPublicKeyAlias, + _tostring(password), + ckmMessage, + ckmSignature, + ckmHashAlgo, + ckmPadding)) != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } + + return CKMC_ERROR_NONE; } KEY_MANAGER_CAPI -int ckm_create_signature(const char *private_key_alias, - const char *password, - const ckm_raw_buffer message, - const ckm_hash_algo hash, - const ckm_rsa_padding_algo padding, - ckm_raw_buffer **signature) -{ - int ret; - CKM::Manager mgr; - CKM::RawBuffer ckmSignature; - - if(private_key_alias == NULL || signature == NULL) { - return CKM_API_ERROR_INPUT_PARAM; - } - - CKM::Alias ckmPrivakeKeyAlias(private_key_alias); - CKM::RawBuffer ckmMessage(message.data, message.data + message.size); - CKM::HashAlgorithm ckmHashAlgo = static_cast(static_cast(hash)); - CKM::RSAPaddingAlgorithm ckmPadding = static_cast(static_cast(padding)); - - if( (ret = mgr.createSignature( - ckmPrivakeKeyAlias, - _tostring(password), - ckmMessage, - ckmHashAlgo, - ckmPadding, - ckmSignature)) != CKM_API_SUCCESS) { - return ret; - } - - unsigned char *rawBuff = reinterpret_cast(ckmSignature.data()); - *signature = ckm_buffer_new( rawBuff, ckmSignature.size()); - if(*signature == NULL) { - return CKM_API_ERROR_OUT_OF_MEMORY; - }else { - return CKM_API_SUCCESS; - } - - return CKM_API_SUCCESS; +int ckmc_get_cert_chain(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list) +{ + int ret; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + CKM::CertificateShPtrVector ckmCertChain; + + if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert); + + CKM::CertificateShPtrVector ckmUntrustedCerts = _toCkmCertificateVector(untrustedcerts); + + ret = mgr->getCertificateChain(ckmCert, ckmUntrustedCerts, EMPTY_CERT_VECTOR, true, ckmCertChain); + if( ret != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } + + *cert_chain_list = _toNewCkmCertList(ckmCertChain); + + return CKMC_ERROR_NONE; } KEY_MANAGER_CAPI -int ckm_verify_signature(const char *public_key_alias, - const char *password, - const ckm_raw_buffer message, - const ckm_raw_buffer signature, - const ckm_hash_algo hash, - const ckm_rsa_padding_algo padding) -{ - int ret; - CKM::Manager mgr; - - if(public_key_alias == NULL) { - return CKM_API_ERROR_INPUT_PARAM; - } - - CKM::Alias ckmPublicKeyAlias(public_key_alias); - CKM::RawBuffer ckmMessage(message.data, message.data + message.size); - CKM::RawBuffer ckmSignature(signature.data, signature.data + signature.size); - CKM::HashAlgorithm ckmHashAlgo = static_cast(static_cast(hash)); - CKM::RSAPaddingAlgorithm ckmPadding = static_cast(static_cast(padding)); - - if( (ret = mgr.verifySignature( - ckmPublicKeyAlias, - _tostring(password), - ckmMessage, - ckmSignature, - ckmHashAlgo, - ckmPadding)) != CKM_API_SUCCESS) { - return ret; - } - - return CKM_API_SUCCESS; +int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **cert_chain_list) +{ + int ret; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + CKM::CertificateShPtrVector ckmCertChain; + + + if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + CKM::CertificateShPtr ckmCert = _toCkmCertificate(cert); + if(ckmCert.get() == NULL) { + return CKMC_ERROR_INVALID_FORMAT; + } + + CKM::AliasVector ckmUntrustedAliases = _toCkmAliasVector(untrustedcerts); + + ret = mgr->getCertificateChain(ckmCert, ckmUntrustedAliases, EMPTY_ALIAS_VECTOR, true, ckmCertChain); + if( ret != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } + + *cert_chain_list = _toNewCkmCertList(ckmCertChain); + + return CKMC_ERROR_NONE; } KEY_MANAGER_CAPI -int ckm_get_cert_chain(const ckm_cert *cert, const ckm_cert_list *untrustedcerts, ckm_cert_list **cert_chain_list) +int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s* cert, + const ckmc_cert_list_s* untrustedcerts, + const ckmc_cert_list_s* trustedcerts, + const bool sys_certs, + ckmc_cert_list_s** ppcert_chain_list) { - int ret; - CKM::Manager mgr; - CKM::CertificateVector ckmCertChain; + int ret; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + CKM::CertificateShPtrVector ckm_cert_chain; + + if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + CKM::CertificateShPtr ckm_cert = _toCkmCertificate(cert); + if(ckm_cert.get() == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) { - return CKM_API_ERROR_INPUT_PARAM; - } + CKM::CertificateShPtrVector ckm_untrusted = _toCkmCertificateVector(untrustedcerts); + CKM::CertificateShPtrVector ckm_trusted = _toCkmCertificateVector(trustedcerts); - CKM::Certificate ckmCert = _toCkmCertificate(cert); + ret = mgr->getCertificateChain(ckm_cert, ckm_untrusted, ckm_trusted, sys_certs, ckm_cert_chain); + if( ret != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } - CKM::CertificateVector ckmUntrustedCerts; - if(untrustedcerts != NULL) { - ckm_cert_list *current = NULL; - ckm_cert_list *next = const_cast(untrustedcerts); - do { - current = next; - next = current->next; + *ppcert_chain_list = _toNewCkmCertList(ckm_cert_chain); - if(current->cert == NULL){ - continue; - } + return CKMC_ERROR_NONE; +} + +KEY_MANAGER_CAPI +int ckmc_get_cert_chain_with_trustedcert_alias(const ckmc_cert_s* cert, + const ckmc_alias_list_s* untrustedcerts, + const ckmc_alias_list_s* trustedcerts, + const bool sys_certs, + ckmc_cert_list_s** ppcert_chain_list) +{ + int ret; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + CKM::CertificateShPtrVector ckm_cert_chain; - CKM::Certificate tmpCkmCert = _toCkmCertificate(current->cert); - ckmUntrustedCerts.push_back(tmpCkmCert); - }while(next != NULL); - } + if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || ppcert_chain_list == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - ret = mgr.getCertificateChain(ckmCert, ckmUntrustedCerts, ckmCertChain); - if( ret != CKM_API_SUCCESS) { - return ret; - } + CKM::CertificateShPtr ckm_cert = _toCkmCertificate(cert); + if(ckm_cert.get() == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } - *cert_chain_list = _toNewCkmCertList(ckmCertChain); + CKM::AliasVector ckm_untrusted = _toCkmAliasVector(untrustedcerts); + CKM::AliasVector ckm_trusted = _toCkmAliasVector(trustedcerts); - return CKM_API_SUCCESS; + ret = mgr->getCertificateChain(ckm_cert, ckm_untrusted, ckm_trusted, sys_certs, ckm_cert_chain); + if( ret != CKM_API_SUCCESS) { + return to_ckmc_error(ret); + } + + *ppcert_chain_list = _toNewCkmCertList(ckm_cert_chain); + + return CKMC_ERROR_NONE; } KEY_MANAGER_CAPI -int ckm_get_cert_chain_with_alias(const ckm_cert *cert, const ckm_alias_list *untrustedcerts, ckm_cert_list **cert_chain_list) +int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status) { - int ret; - CKM::Manager mgr; - CKM::CertificateVector ckmCertChain; + if (pcert_chain_list == NULL + || pcert_chain_list->cert == NULL + || pcert_chain_list->cert->raw_cert == NULL + || pcert_chain_list->cert->cert_size <= 0 + || ocsp_status == NULL) { + return CKMC_ERROR_INVALID_PARAMETER; + } + + int tmpOcspStatus = -1; + CKM::ManagerShPtr mgr = CKM::Manager::create(); + CKM::CertificateShPtrVector ckmCertChain = _toCkmCertificateVector(pcert_chain_list); + + int ret = mgr->ocspCheck(ckmCertChain, tmpOcspStatus); + *ocsp_status = to_ckmc_ocsp_status(tmpOcspStatus); + return to_ckmc_error(ret); +} + +KEY_MANAGER_CAPI +int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted) +{ + int ec, permissionMask; + ec = access_to_permission_mask(granted, permissionMask); + if(ec != CKMC_ERROR_NONE) + return ec; + + return ckmc_set_permission(alias, accessor, permissionMask); +} +KEY_MANAGER_CAPI +int ckmc_set_permission(const char *alias, const char *accessor, int permissions) +{ + if (!alias || !accessor) + return CKMC_ERROR_INVALID_PARAMETER; - if(cert == NULL || cert->raw_cert == NULL || cert->cert_size <= 0 || cert_chain_list == NULL) { - return CKM_API_ERROR_INPUT_PARAM; - } - CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size); - CKM::DataFormat dataFormat = static_cast(static_cast(cert->data_format)); - CKM::Certificate ckmCert(buffer, dataFormat); + CKM::ManagerShPtr mgr = CKM::Manager::create(); + return to_ckmc_error(mgr->setPermission(alias, accessor, permissions)); +} - CKM::AliasVector ckmUntrustedAliases; - if(untrustedcerts != NULL) { - ckm_alias_list *current = NULL; - ckm_alias_list *next = const_cast(untrustedcerts); - do { - current = next; - next = current->next; +KEY_MANAGER_CAPI +int ckmc_deny_access(const char *alias, const char *accessor) +{ + if (!alias || !accessor) + return CKMC_ERROR_INVALID_PARAMETER; - if(current->alias == NULL){ - return CKM_API_ERROR_INPUT_PARAM; - } - CKM::Alias ckmAlias(current->alias); - ckmUntrustedAliases.push_back(ckmAlias); - }while(next != NULL); - } + CKM::ManagerShPtr mgr = CKM::Manager::create(); + return to_ckmc_error(mgr->setPermission(alias, accessor, CKM::Permission::NONE)); +} - if( (ret = mgr.getCertificateChain(ckmCert, ckmUntrustedAliases, ckmCertChain)) != CKM_API_SUCCESS) { - return ret; - } +KEY_MANAGER_CAPI +int ckmc_remove_alias(const char *alias) +{ + if(!alias) + return CKMC_ERROR_INVALID_PARAMETER; - *cert_chain_list = _toNewCkmCertList(ckmCertChain); + CKM::ManagerShPtr mgr = CKM::Manager::create(); + int ret = mgr->removeAlias(alias); + return to_ckmc_error(ret); +} - return CKM_API_SUCCESS; +KEY_MANAGER_CAPI +int ckmc_encrypt_data(ckmc_param_list_h params, + const char *key_alias, + const char *password, + const ckmc_raw_buffer_s decrypted, + ckmc_raw_buffer_s **ppencrypted) +{ + return _cryptoOperation(&CKM::Manager::encrypt, + params, + key_alias, + password, + decrypted, + ppencrypted); } +KEY_MANAGER_CAPI +int ckmc_decrypt_data(ckmc_param_list_h params, + const char *key_alias, + const char *password, + const ckmc_raw_buffer_s encrypted, + ckmc_raw_buffer_s **ppdecrypted) +{ + return _cryptoOperation(&CKM::Manager::decrypt, + params, + key_alias, + password, + encrypted, + ppdecrypted); +}