%{_includedir}/ckm/ckm/ckm-control.h
%{_includedir}/ckm/ckm/ckm-error.h
%{_includedir}/ckm/ckm/ckm-type.h
+%{_includedir}/ckm/ckmc/ckmc-manager.h
+%{_includedir}/ckm/ckmc/ckmc-control.h
+%{_includedir}/ckm/ckmc/ckmc-error.h
+%{_includedir}/ckm/ckmc/ckmc-type.h
%{_libdir}/pkgconfig/*.pc
%files -n key-manager-tests
SET(KEY_MANAGER_CLIENT_VERSION ${KEY_MANAGER_CLIENT_VERSION_MAJOR}.0.1)
SET(KEY_MANAGER_CLIENT_SRC_PATH ${KEY_MANAGER_PATH}/client)
+SET(KEY_MANAGER_CLIENT_CAPI_SRC_PATH ${KEY_MANAGER_PATH}/client-capi)
INCLUDE_DIRECTORIES(
${KEY_MANAGER_PATH}/client
${KEY_MANAGER_CLIENT_SRC_PATH}/client-key.cpp
${KEY_MANAGER_CLIENT_SRC_PATH}/client-manager.cpp
${KEY_MANAGER_CLIENT_SRC_PATH}/client-manager-impl.cpp
+ ${KEY_MANAGER_CLIENT_CAPI_SRC_PATH}/ckmc-type.cpp
+ ${KEY_MANAGER_CLIENT_CAPI_SRC_PATH}/ckmc-error.cpp
+ ${KEY_MANAGER_CLIENT_CAPI_SRC_PATH}/ckmc-manager.cpp
)
ADD_LIBRARY(${TARGET_KEY_MANAGER_CLIENT} SHARED ${KEY_MANAGER_CLIENT_SOURCES})
SET(KEY_MANAGER_CONTROL_CLIENT_VERSION ${KEY_MANAGER_CONTROL_CLIENT_VERSION_MAJOR}.0.1)
SET(KEY_MANAGER_CONTROL_CLIENT_SRC_PATH ${KEY_MANAGER_PATH}/client)
+SET(KEY_MANAGER_CONTROL_CLIENT_CAPI_SRC_PATH ${KEY_MANAGER_PATH}/client-capi)
INCLUDE_DIRECTORIES(
${KEY_MANAGER_PATH}/client
SET(KEY_MANAGER_CONTROL_CLIENT_SOURCES
${KEY_MANAGER_CONTROL_CLIENT_SRC_PATH}/client-control.cpp
${KEY_MANAGER_CONTROL_CLIENT_SRC_PATH}/client-common.cpp
+ ${KEY_MANAGER_CONTROL_CLIENT_CAPI_SRC_PATH}/ckmc-control.cpp
)
ADD_LIBRARY(${TARGET_KEY_MANAGER_CONTROL_CLIENT} SHARED ${KEY_MANAGER_CONTROL_CLIENT_SOURCES})
${KEY_MANAGER_SRC_PATH}/include/ckm/ckm-type.h
DESTINATION /usr/include/ckm/ckm
)
-
+INSTALL(FILES
+ ${KEY_MANAGER_SRC_PATH}/include/ckmc/ckmc-manager.h
+ ${KEY_MANAGER_SRC_PATH}/include/ckmc/ckmc-control.h
+ ${KEY_MANAGER_SRC_PATH}/include/ckmc/ckmc-error.h
+ ${KEY_MANAGER_SRC_PATH}/include/ckmc/ckmc-type.h
+ DESTINATION /usr/include/ckm/ckmc
+ )
################################################################################
ADD_SUBDIRECTORY(manager)
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ *
+ * @file ckmc-control.h
+ * @author Yuseok Jeon(yuseok.jeon@samsung.com)
+ * @version 1.0
+ * @brief provides functions which are able to control key-manager daemon.
+ */
+
+#ifndef CKMC_CONTROL_H
+#define CKMC_CONTROL_H
+
+
+#include <sys/types.h>
+#include <ckmc/ckmc-error.h>
+#include <ckmc/ckmc-type.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+// decrypt user key with password
+int ckm_unlock_user_key(uid_t user, const char *password);
+
+// remove user key from memory
+int ckm_lock_user_key(uid_t user);
+
+// remove user data from Store and erase key used for encryption
+int ckm_remove_user_data(uid_t user);
+
+// change password for user
+int ckm_change_user_password(uid_t user, const char *old_password, const char *new_password);
+
+// This is work around for security-server api - resetPassword that may be called without passing oldPassword.
+// This api should not be supported on tizen 3.0
+// User must be already logged in and his DKEK is already loaded into memory in plain text form.
+// The service will use DKEK in plain text and encrypt it in encrypted form (using new password).
+int ckm_reset_user_password(uid_t user, const char *new_password);
+
+
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif /* CKMC_CONTROL_H */
--- /dev/null
+/*
+ *
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Contact: Bumjin Im <bj.im@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ * @file ckmc-error.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief This file is implementation of client-common functions.
+ */
+
+#ifndef CKMC_ERROR_H
+#define CKMC_ERROR_H
+
+#include <sys/types.h>
+
+/**
+ * \name Return Codes
+ * exported by the foundation API.
+ * result codes begin with the start error code and extend into negative direction.
+ * @{
+*/
+#define KEY_MANAGER_API_SUCCESS 0
+/*! \brief indicating the result of the one specific API is successful */
+#define KEY_MANAGER_API_ERROR_SOCKET -1
+
+/*! \brief indicating the socket between client and Central Key Manager failed */
+#define KEY_MANAGER_API_ERROR_BAD_REQUEST -2
+
+/*! \brief indicating the response from Central Key Manager is malformed */
+#define KEY_MANAGER_API_ERROR_BAD_RESPONSE -3
+
+/*! \brief indicating the transmitting request failed */
+/* deprecated unused */
+#define KEY_MANAGER_API_ERROR_SEND_FAILED -4
+
+/*! \brief indicating the receiving response failed */
+/* deprecated unused */
+#define KEY_MANAGER_API_ERROR_RECV_FAILED -5
+
+/*! \brief indicating the authentication between client and manager failed */
+#define KEY_MANAGER_API_ERROR_AUTHENTICATION_FAILED -6
+
+/*! \brief indicating the API's input parameter is malformed */
+#define KEY_MANAGER_API_ERROR_INPUT_PARAM -7
+
+/*! \brief indicating the output buffer size which is passed as parameter is too small */
+#define KEY_MANAGER_API_ERROR_BUFFER_TOO_SMALL -8
+
+/*! \brief indicating system is running out of memory state */
+#define KEY_MANAGER_API_ERROR_OUT_OF_MEMORY -9
+
+/*! \brief indicating the access has been denied by Central Key Manager */
+#define KEY_MANAGER_API_ERROR_ACCESS_DENIED -10
+
+/*! \brief indicating Central Key Manager has been failed for some reason */
+#define KEY_MANAGER_API_ERROR_SERVER_ERROR -11
+
+/*! \brief indicating the database was not unlocked - user did not login */
+#define KEY_MANAGER_API_ERROR_DB_LOCKED -12
+
+/*! \brief indicating that request give to database returned no result */
+#define KEY_MANAGER_API_ERROR_DB_BAD_REQUEST -13
+
+/*! \brief indicating an internal error inside the database */
+#define KEY_MANAGER_API_ERROR_DB_ERROR -14
+
+/*! \brief indicating that provided alias already exists in the database */
+#define KEY_MANAGER_API_ERROR_DB_ALIAS_EXISTS -15
+
+/*! \brief indicating that provided file doesn't exists or cannot be accessed in the file system */
+#define KEY_MANAGER_API_ERROR_FILE_ACCESS_DENIED -16
+
+/*! \brief indicating that a provided file or binary has not a valid format */
+#define KEY_MANAGER_API_ERROR_INVALID_FORMAT -17
+
+
+/*! \brief indicating the error with unknown reason */
+#define KEY_MANAGER_API_ERROR_UNKNOWN -255
+/** @}*/
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+const char * ckm_error_to_string(int error);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+/**
+ * @}
+*/
+
+/**
+ * @}
+*/
+
+#endif /* CKMC_ERROR_H */
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ *
+ * @file ckmc-manager.h
+ * @author Yuseok Jeon(yuseok.jeon@samsung.com)
+ * @version 1.0
+ * @brief provides management functions(storing, retrieving, and removing) for keys, certificates and data of a user and additional crypto functions.
+ */
+
+
+#ifndef CKMC_MANAGER_H
+#define CKMC_MANAGER_H
+
+#include <sys/types.h>
+#include <ckmc/ckmc-type.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+// key related functions
+int ckm_save_key(const char *alias, const ckm_key key, const ckm_policy policy);
+int ckm_remove_key(const char *alias);
+int ckm_get_key(const char *alias, const char *password, ckm_key **key);
+int ckm_get_key_alias_list(const ckm_alias_list** alias_list);
+
+int ckm_save_cert(const char *alias, const ckm_cert cert, const ckm_policy policy);
+int ckm_remove_cert(const char *alias);
+int ckm_get_cert(const char *alias, const char *password, const ckm_cert **cert);
+int ckm_get_cert_alias_list(const ckm_alias_list** alias_list);
+
+int ckm_save_data(const char *alias, ckm_raw_buffer data, const ckm_policy policy);
+int ckm_remove_data(const char *alias);
+int ckm_get_data(const char *alias, const char *password, ckm_raw_buffer **data);
+int ckm_get_data_alias_list(const ckm_alias_list** alias_list);
+
+
+// crypto functions
+int ckm_create_key_pair_rsa(const int size, const char *private_key_alias, const char *public_key_alias, const ckm_policy policy_private_key, const ckm_policy policy_public_key);
+int ckm_create_key_pair_ecdsa(const ckm_ec_type type, const char *private_key_alias, const char *public_key_alias, const ckm_policy policy_private_key, const ckm_policy policy_public_key);
+int ckm_create_signature(const char *private_key_alias, const char *password, const ckm_raw_buffer message, const ckm_hash_algo hash, const ckm_rsa_padding_algo padding, ckm_raw_buffer **signature);
+int ckm_verify_signature(const char *public_key_alias, const char *password, const ckm_raw_buffer message, const ckm_raw_buffer signature, const ckm_hash_algo hash, const ckm_rsa_padding_algo padding);
+
+int ckm_get_cert_chain(const ckm_cert *cert, const ckm_cert_list *untrustedcerts, ckm_cert_list **cert_chain_list);
+int ckm_get_cert_chain_with_alias(const ckm_cert *cert, const ckm_alias_list *untrustedcerts, ckm_cert_list **cert_chain_list);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif /* CKMC_MANAGER_H */
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ *
+ * @file ckmc-type.h
+ * @author Yuseok Jeon(yuseok.jeon@samsung.com)
+ * @version 1.0
+ * @brief Definitions of struct for CAPI
+ */
+
+#ifndef CKMC_TYPE_H
+#define CKMC_TYPE_H
+
+
+#define KEY_MANAGER_CAPI __attribute__((visibility("default")))
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef enum ckm_key_type_t {
+ CKM_KEY_NONE,
+ CKM_KEY_RSA_PUBLIC,
+ CKM_KEY_RSA_PRIVATE,
+ CKM_KEY_ECDSA_PUBLIC,
+ CKM_KEY_ECDSA_PRIVATE,
+ CKM_KEY_AES
+} ckm_key_type;
+
+typedef enum ckm_data_format_t {
+ CKM_FORM_DER_BASE64,
+ CKM_FORM_DER,
+ CKM_FORM_PEM
+} ckm_data_format;
+
+typedef enum ckm_ec_type_t {
+ CKM_EC_PRIME192V1,
+ CKM_EC_PRIME256V1,
+ CKM_EC_SECP384R1
+} ckm_ec_type;
+
+typedef enum ckm_bool_t {
+ CKM_FALSE,
+ CKM_TRUE
+} ckm_bool;
+
+typedef enum ckm_hash_algo_t {
+ CKM_HASH_SHA1,
+ CKM_HASH_SHA256,
+ CKM_HASH_SHA384,
+ CKM_HASH_SHA512
+} ckm_hash_algo;
+
+typedef enum ckm_rsa_padding_algo_t {
+ CKM_XRSA_PKCS1_PADDING,
+ CKM_XRSA_X931_PADDING
+} ckm_rsa_padding_algo;
+
+typedef enum ckm_cert_form_t {
+ CKM_CERT_FORM_DER,
+ CKM_CERT_FORM_DER_BASE64
+} ckm_cert_form;
+
+typedef struct ckm_raw_buff_t{
+ unsigned char* data;
+ unsigned int size;
+} ckm_raw_buffer;
+
+typedef struct ckm_policy_t {
+ char* password; // byte array used to encrypt data inside CKM
+ ckm_bool extractable; // if true key may be extracted from storage
+ ckm_bool restricted; // if true only key owner may see data
+} ckm_policy;
+
+typedef struct ckm_key_t {
+ unsigned char* raw_key;
+ unsigned int key_size;
+ ckm_key_type key_type;
+ char* password; // byte array used to encrypt data inside CKM
+} ckm_key;
+
+typedef struct ckm_cert_t {
+ unsigned char* raw_cert;
+ unsigned int cert_size;
+ ckm_cert_form data_format;
+} ckm_cert;
+
+typedef struct ckm_alias_list_t {
+ char *alias;
+ struct ckm_alias_list_t *next;
+} ckm_alias_list;
+
+typedef struct ckm_cert_list_t {
+ ckm_cert *cert;
+ struct ckm_cert_list_t *next;
+} ckm_cert_list;
+
+
+ckm_key *ckm_key_new(unsigned char *raw_key, unsigned int key_size, ckm_key_type key_type, char *password);
+void ckm_key_free(ckm_key *key);
+
+ckm_raw_buffer * ckm_buffer_new(unsigned char *data, unsigned int size);
+void ckm_buffer_free(ckm_raw_buffer *buffer);
+
+ckm_cert *ckm_cert_new(unsigned char *raw_cert, unsigned int cert_size, ckm_cert_form data_format);
+
+void ckm_cert_free(ckm_cert *cert);
+
+int ckm_load_cert_from_file(const char *file_path, ckm_cert **cert);
+int ckm_load_from_pkcs12_file(const char *file_path, const char *passphrase, ckm_key **private_key, ckm_cert **cert, ckm_cert_list **ca_cert_list);
+
+ckm_alias_list *ckm_alias_list_new(char *alias);
+ckm_alias_list *ckm_alias_list_add(ckm_alias_list *previous, char *alias);
+void ckm_alias_list_free(ckm_alias_list *first);
+void ckm_alias_list_all_free(ckm_alias_list *cert_list);
+
+ckm_cert_list *ckm_cert_list_new(ckm_cert *cert);
+ckm_cert_list *ckm_cert_list_add(ckm_cert_list *previous, ckm_cert *cert);
+void ckm_cert_list_free(ckm_cert_list *first);
+void ckm_cert_list_all_free(ckm_cert_list *cert_list);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* CKMC_TYPE_H */
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ *
+ * @file ckmc-control.h
+ * @author Yuseok Jeon(yuseok.jeon@samsung.com)
+ * @version 1.0
+ * @brief provides conversion methods to C from C++ for key-manager control functions.
+ */
+
+#include <ckm/ckm-control.h>
+#include <ckmc/ckmc-control.h>
+#include <ckmc/ckmc-error.h>
+
+KEY_MANAGER_CAPI
+int ckm_unlock_user_key(uid_t user, const char *password)
+{
+ CKM::Control control;
+ return control.unlockUserKey(user, std::string(password));
+}
+
+KEY_MANAGER_CAPI
+int ckm_lock_user_key(uid_t user)
+{
+ CKM::Control control;
+ return control.lockUserKey(user);
+}
+
+KEY_MANAGER_CAPI
+int ckm_remove_user_data(uid_t user)
+{
+ CKM::Control control;
+ return control.removeUserData(user);
+}
+
+KEY_MANAGER_CAPI
+int ckm_change_user_password(uid_t user, const char *oldPassword, const char *newPassword)
+{
+ CKM::Control control;
+ return control.changeUserPassword(user, std::string(oldPassword), std::string(newPassword));
+}
+
+KEY_MANAGER_CAPI
+int ckm_reset_user_password(uid_t user, const char *newPassword)
+{
+ CKM::Control control;
+ return control.resetUserPassword(user, std::string(newPassword));
+}
+
+
+
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ *
+ * @file ckmc-error.cpp
+ * @author Yuseok Jeon(yuseok.jeon@samsung.com)
+ * @version 1.0
+ * @brief This file contains the conversion method to C from C++ about how to get error string.
+ */
+
+#include <ckmc/ckmc-error.h>
+#include <ckm/ckm-error.h>
+
+const char * ckm_error_to_string(int error) {
+ return CKM::ErrorToString(error);
+}
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ *
+ * @file ckmc-control.h
+ * @author Yuseok Jeon(yuseok.jeon@samsung.com)
+ * @version 1.0
+ * @brief provides conversion methods to C from C++ for key-manager control functions.
+ */
+
+#include <ckm/ckm-type.h>
+#include <ckm/ckm-manager.h>
+#include <ckmc/ckmc-type.h>
+#include <ckmc/ckmc-manager.h>
+#include <ckmc/ckmc-error.h>
+
+bool _toBool(ckm_bool ckmBool)
+{
+ if(ckmBool == CKM_TRUE) {
+ return true;
+ }
+ return false;
+}
+
+CKM::Certificate _toCkmCertificate(const ckm_cert *cert)
+{
+ CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size);
+ CKM::DataFormat dataFormat = static_cast<CKM::DataFormat>(static_cast<int>(cert->data_format));
+ CKM::Certificate ckmCert(buffer, dataFormat);
+ return ckmCert;
+}
+
+ckm_cert_list *_toNewCkmCertList(CKM::CertificateVector &certVector)
+{
+ ckm_cert_list *start = NULL;
+ ckm_cert_list *plist = NULL;
+ CKM::CertificateVector::iterator it;
+ for(it = certVector.begin(); it != certVector.end(); it++) {
+ CKM::RawBuffer rawBuffer = it->getDER();
+ unsigned char *rawCert = reinterpret_cast<unsigned char*>(rawBuffer.data());
+ ckm_cert *pcert = ckm_cert_new( rawCert, rawBuffer.size(), CKM_CERT_FORM_DER);
+ if(pcert == NULL) {
+ return NULL;
+ }
+ if(plist == NULL) {
+ plist = ckm_cert_list_new(pcert);
+ start = plist; // save the pointer of the first element
+ }else {
+ plist = ckm_cert_list_add(plist, pcert);
+ }
+ }
+ return start;
+}
+
+KEY_MANAGER_CAPI
+int ckm_save_key(const char *alias, const ckm_key key, const ckm_policy policy)
+{
+ CKM::Manager mgr;
+
+ if(alias == NULL) {
+ return KEY_MANAGER_API_ERROR_INPUT_PARAM;
+ }
+ CKM::Alias ckmAlias(alias);
+
+ if(key.raw_key == NULL || key.key_size <= 0) {
+ return KEY_MANAGER_API_ERROR_INPUT_PARAM;
+ }
+ CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size);
+ std::string password(key.password);
+ CKM::Key ckmKey(buffer,password);
+
+ CKM::Policy storePolicy(policy.password, _toBool(policy.extractable), _toBool(policy.restricted));
+
+ return mgr.saveKey(ckmAlias, ckmKey, storePolicy);
+}
+
+
+KEY_MANAGER_CAPI
+int ckm_remove_key(const char *alias)
+{
+ CKM::Manager mgr;
+
+ if(alias == NULL) {
+ return KEY_MANAGER_API_ERROR_INPUT_PARAM;
+ }
+ CKM::Alias ckmAlias(alias);
+
+ return mgr.removeKey(ckmAlias);
+}
+
+KEY_MANAGER_CAPI
+int ckm_get_key(const char *alias, const char *password, ckm_key **key)
+{
+ int ret;
+ CKM::Key ckmKey;
+
+ if(alias == NULL) {
+ return KEY_MANAGER_API_ERROR_INPUT_PARAM;
+ }
+ CKM::Alias ckmAlias(alias);
+
+ CKM::Manager mgr;
+ if( (ret = mgr.getKey(ckmAlias, std::string(password), ckmKey)) != KEY_MANAGER_API_SUCCESS) {
+ return ret;
+ }
+
+ unsigned char *rawKey = reinterpret_cast<unsigned char*>(ckmKey.getDER().data());
+ ckm_key_type keyType = static_cast<ckm_key_type>(static_cast<int>(ckmKey.getType()));
+ *key = ckm_key_new( rawKey, ckmKey.getDER().size(), keyType, NULL);
+ if(*key == NULL) {
+ return KEY_MANAGER_API_ERROR_OUT_OF_MEMORY;
+ }else {
+ return KEY_MANAGER_API_SUCCESS;
+ }
+}
+
+KEY_MANAGER_CAPI
+int ckm_get_key_alias_list(const ckm_alias_list** alias_list)
+{
+ int ret;
+ CKM::Key ckmKey;
+
+ CKM::AliasVector aliasVector;
+ CKM::Manager mgr;
+ if( (ret = mgr.getKeyAliasVector(aliasVector)) != KEY_MANAGER_API_SUCCESS) {
+ return ret;
+ }
+
+ ckm_alias_list *plist = NULL;
+ CKM::AliasVector::iterator it;
+ for(it = aliasVector.begin(); it != aliasVector.end(); it++) {
+ if(plist == NULL) { // first
+ plist = ckm_alias_list_new(const_cast<char *>(it->c_str()));
+ *alias_list = plist; // save the pointer of the first element
+ }else {
+ plist = ckm_alias_list_add(plist, const_cast<char *>(it->c_str()));
+ }
+ }
+
+ return KEY_MANAGER_API_SUCCESS;
+}
+
+KEY_MANAGER_CAPI
+int ckm_save_cert(const char *alias, const ckm_cert cert, const ckm_policy policy)
+{
+ if(alias == NULL) {
+ return KEY_MANAGER_API_ERROR_INPUT_PARAM;
+ }
+ CKM::Alias ckmAlias(alias);
+
+ if(cert.raw_cert == NULL || cert.cert_size <= 0) {
+ return KEY_MANAGER_API_ERROR_INPUT_PARAM;
+ }
+ CKM::Certificate ckmCert = _toCkmCertificate(&cert);
+
+ CKM::Policy storePolicy(policy.password, _toBool(policy.extractable), _toBool(policy.restricted));
+
+ CKM::Manager mgr;
+ return mgr.saveCertificate(ckmAlias, ckmCert, storePolicy);
+}
+
+KEY_MANAGER_CAPI
+int ckm_remove_cert(const char *alias)
+{
+ if(alias == NULL) {
+ return KEY_MANAGER_API_ERROR_INPUT_PARAM;
+ }
+ CKM::Alias ckmAlias(alias);
+
+ CKM::Manager mgr;
+ return mgr.removeCertificate(ckmAlias);
+}
+
+KEY_MANAGER_CAPI
+int ckm_get_cert(const char *alias, const char *password, const ckm_cert **cert)
+{
+ CKM::Certificate ckmCert;
+ int ret;
+
+ if(alias == NULL) {
+ return KEY_MANAGER_API_ERROR_INPUT_PARAM;
+ }
+ CKM::Alias ckmAlias(alias);
+
+ CKM::Manager mgr;
+ if( (ret = mgr.getCertificate(ckmAlias, std::string(password), ckmCert)) != KEY_MANAGER_API_SUCCESS) {
+ return ret;
+ }
+
+ unsigned char *rawCert = reinterpret_cast<unsigned char*>(ckmCert.getDER().data());
+ *cert = ckm_cert_new( rawCert, ckmCert.getDER().size(), CKM_CERT_FORM_DER);
+ if(*cert == NULL) {
+ return KEY_MANAGER_API_ERROR_OUT_OF_MEMORY;
+ }else {
+ return KEY_MANAGER_API_SUCCESS;
+ }
+}
+
+KEY_MANAGER_CAPI
+int ckm_get_cert_alias_list(const ckm_alias_list** alias_list) {
+ int ret;
+ CKM::Key ckmKey;
+
+ CKM::AliasVector aliasVector;
+ CKM::Manager mgr;
+ if( (ret = mgr.getCertificateAliasVector(aliasVector)) != KEY_MANAGER_API_SUCCESS) {
+ return ret;
+ }
+
+ ckm_alias_list *plist = NULL;
+ CKM::AliasVector::iterator it;
+ for(it = aliasVector.begin(); it != aliasVector.end(); it++) {
+ if(plist == NULL) { // first
+ plist = ckm_alias_list_new(const_cast<char *>(it->c_str()));
+ *alias_list = plist; // save the pointer of the first element
+ }else {
+ plist = ckm_alias_list_add(plist, const_cast<char *>(it->c_str()));
+ }
+ }
+
+ return KEY_MANAGER_API_SUCCESS;
+}
+
+KEY_MANAGER_CAPI
+int ckm_save_data(const char *alias, ckm_raw_buffer data, const ckm_policy policy)
+{
+ if(alias == NULL) {
+ return KEY_MANAGER_API_ERROR_INPUT_PARAM;
+ }
+ CKM::Alias ckmAlias(alias);
+
+ if(data.data == NULL || data.size <= 0) {
+ return KEY_MANAGER_API_ERROR_INPUT_PARAM;
+ }
+ CKM::RawBuffer buffer(data.data, data.data + data.size);
+
+ CKM::Policy storePolicy(policy.password, _toBool(policy.extractable), _toBool(policy.restricted));
+
+ CKM::Manager mgr;
+ return mgr.saveData(ckmAlias, buffer, storePolicy);
+}
+
+KEY_MANAGER_CAPI
+int ckm_remove_data(const char *alias)
+{
+ if(alias == NULL) {
+ return KEY_MANAGER_API_ERROR_INPUT_PARAM;
+ }
+ CKM::Alias ckmAlias(alias);
+
+ CKM::Manager mgr;
+ return mgr.removeData(ckmAlias);
+}
+
+KEY_MANAGER_CAPI
+int ckm_get_data(const char *alias, const char *password, ckm_raw_buffer **data)
+{
+ CKM::RawBuffer ckmBuff;
+ int ret;
+
+ if(alias == NULL) {
+ return KEY_MANAGER_API_ERROR_INPUT_PARAM;
+ }
+ CKM::Alias ckmAlias(alias);
+
+ CKM::Manager mgr;
+ if( (ret = mgr.getData(ckmAlias, std::string(password), ckmBuff)) != KEY_MANAGER_API_SUCCESS) {
+ return ret;
+ }
+
+ unsigned char *rawBuff = reinterpret_cast<unsigned char*>(ckmBuff.data());
+ *data = ckm_buffer_new( rawBuff, ckmBuff.size());
+ if(*data == NULL) {
+ return KEY_MANAGER_API_ERROR_OUT_OF_MEMORY;
+ }else {
+ return KEY_MANAGER_API_SUCCESS;
+ }
+}
+
+KEY_MANAGER_CAPI
+int ckm_get_data_alias_list(const ckm_alias_list** alias_list){
+ int ret;
+ CKM::Key ckmKey;
+
+ CKM::AliasVector aliasVector;
+ CKM::Manager mgr;
+ if( (ret = mgr.getDataAliasVector(aliasVector)) != KEY_MANAGER_API_SUCCESS) {
+ return ret;
+ }
+
+ ckm_alias_list *plist = NULL;
+ CKM::AliasVector::iterator it;
+ for(it = aliasVector.begin(); it != aliasVector.end(); it++) {
+ if(plist == NULL) { // first
+ plist = ckm_alias_list_new(const_cast<char *>(it->c_str()));
+ *alias_list = plist; // save the pointer of the first element
+ }else {
+ plist = ckm_alias_list_add(plist, const_cast<char *>(it->c_str()));
+ }
+ }
+
+ return KEY_MANAGER_API_SUCCESS;
+}
+
+KEY_MANAGER_CAPI
+int ckm_create_key_pair_rsa(const int size,
+ const char *private_key_alias,
+ const char *public_key_alias,
+ const ckm_policy policy_private_key,
+ const ckm_policy policy_public_key)
+{
+ int ret;
+ CKM::Manager mgr;
+
+ CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
+ CKM::Alias ckmPublicKeyAlias(public_key_alias);
+ CKM::Policy ckmPrivateKeyPolicy(policy_private_key.password, _toBool(policy_private_key.extractable), _toBool(policy_private_key.restricted));
+ CKM::Policy ckmPublicKeyPolicy(policy_public_key.password, _toBool(policy_public_key.extractable), _toBool(policy_public_key.restricted));
+
+ if( (mgr.createKeyPairRSA(size, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy))
+ != KEY_MANAGER_API_SUCCESS) {
+ return ret;
+ }
+
+ return KEY_MANAGER_API_SUCCESS;
+}
+
+KEY_MANAGER_CAPI
+int ckm_create_key_pair_ecdsa(const ckm_ec_type type,
+ const char *private_key_alias,
+ const char *public_key_alias,
+ const ckm_policy policy_private_key,
+ const ckm_policy policy_public_key)
+{
+ int ret;
+ CKM::Manager mgr;
+
+ CKM::ElipticCurve ckmType = static_cast<CKM::ElipticCurve>(static_cast<int>(type));
+ CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
+ CKM::Alias ckmPublicKeyAlias(public_key_alias);
+ CKM::Policy ckmPrivateKeyPolicy(policy_private_key.password, _toBool(policy_private_key.extractable), _toBool(policy_private_key.restricted));
+ CKM::Policy ckmPublicKeyPolicy(policy_public_key.password, _toBool(policy_public_key.extractable), _toBool(policy_public_key.restricted));
+
+ if( (mgr.createKeyPairECDSA(ckmType, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy))
+ != KEY_MANAGER_API_SUCCESS) {
+ return ret;
+ }
+
+ return KEY_MANAGER_API_SUCCESS;
+}
+
+KEY_MANAGER_CAPI
+int ckm_create_signature(const char *private_key_alias,
+ const char *password,
+ const ckm_raw_buffer message,
+ const ckm_hash_algo hash,
+ const ckm_rsa_padding_algo padding,
+ ckm_raw_buffer **signature)
+{
+ int ret;
+ CKM::Manager mgr;
+ CKM::RawBuffer ckmSignature;
+
+ CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
+ CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
+ CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
+ CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
+
+ if( (ret = mgr.createSignature(
+ ckmPrivakeKeyAlias,
+ password,
+ ckmMessage,
+ ckmHashAlgo,
+ ckmPadding,
+ ckmSignature)) != KEY_MANAGER_API_SUCCESS) {
+ return ret;
+ }
+
+ unsigned char *rawBuff = reinterpret_cast<unsigned char*>(ckmSignature.data());
+ *signature = ckm_buffer_new( rawBuff, ckmSignature.size());
+ if(*signature == NULL) {
+ return KEY_MANAGER_API_ERROR_OUT_OF_MEMORY;
+ }else {
+ return KEY_MANAGER_API_SUCCESS;
+ }
+
+ return KEY_MANAGER_API_SUCCESS;
+}
+
+KEY_MANAGER_CAPI
+int ckm_verify_signature(const char *public_key_alias,
+ const char *password,
+ const ckm_raw_buffer message,
+ const ckm_raw_buffer signature,
+ const ckm_hash_algo hash,
+ const ckm_rsa_padding_algo padding)
+{
+ int ret;
+ CKM::Manager mgr;
+
+ CKM::Alias ckmPublicKeyAlias(public_key_alias);
+ CKM::RawBuffer ckmMessage(message.data, message.data + message.size);
+ CKM::RawBuffer ckmSignature(signature.data, signature.data + signature.size);
+ CKM::HashAlgorithm ckmHashAlgo = static_cast<CKM::HashAlgorithm>(static_cast<int>(hash));
+ CKM::RSAPaddingAlgorithm ckmPadding = static_cast<CKM::RSAPaddingAlgorithm>(static_cast<int>(padding));
+
+ if( (ret = mgr.verifySignature(
+ ckmPublicKeyAlias,
+ password,
+ ckmMessage,
+ ckmSignature,
+ ckmHashAlgo,
+ ckmPadding)) != KEY_MANAGER_API_SUCCESS) {
+ return ret;
+ }
+
+ return KEY_MANAGER_API_SUCCESS;
+}
+
+KEY_MANAGER_CAPI
+int ckm_get_cert_chain(const ckm_cert *cert, const ckm_cert_list *untrustedcerts, ckm_cert_list **cert_chain_list)
+{
+ int ret;
+ CKM::Manager mgr;
+ CKM::CertificateVector ckmCertChain;
+
+
+ if(cert->raw_cert == NULL || cert->cert_size <= 0) {
+ return KEY_MANAGER_API_ERROR_INPUT_PARAM;
+ }
+ CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size);
+ CKM::DataFormat dataFormat = static_cast<CKM::DataFormat>(static_cast<int>(cert->data_format));
+ CKM::Certificate ckmCert(buffer, dataFormat);
+
+ CKM::CertificateVector ckmUntrustedCerts;
+ if(untrustedcerts != NULL) {
+ ckm_cert_list *current = NULL;
+ ckm_cert_list *next = const_cast<ckm_cert_list *>(untrustedcerts);
+ do {
+ current = next;
+ next = current->next;
+
+ if(current->cert == NULL){
+ return KEY_MANAGER_API_ERROR_INPUT_PARAM;
+ }
+ CKM::Certificate ckmCert = _toCkmCertificate(current->cert);
+ ckmUntrustedCerts.push_back(ckmCert);
+ }while(next != NULL);
+ }
+
+ if( (ret = mgr.getCertificateChain(ckmCert, ckmUntrustedCerts, ckmCertChain)) != KEY_MANAGER_API_SUCCESS) {
+ return ret;
+ }
+
+ *cert_chain_list = _toNewCkmCertList(ckmCertChain);
+
+ return KEY_MANAGER_API_SUCCESS;
+}
+
+KEY_MANAGER_CAPI
+int ckm_get_cert_chain_with_alias(const ckm_cert *cert, const ckm_alias_list *untrustedcerts, ckm_cert_list **cert_chain_list)
+{
+ int ret;
+ CKM::Manager mgr;
+ CKM::CertificateVector ckmCertChain;
+
+
+ if(cert->raw_cert == NULL || cert->cert_size <= 0) {
+ return KEY_MANAGER_API_ERROR_INPUT_PARAM;
+ }
+ CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size);
+ CKM::DataFormat dataFormat = static_cast<CKM::DataFormat>(static_cast<int>(cert->data_format));
+ CKM::Certificate ckmCert(buffer, dataFormat);
+
+ CKM::AliasVector ckmUntrustedAliases;
+ if(untrustedcerts != NULL) {
+ ckm_alias_list *current = NULL;
+ ckm_alias_list *next = const_cast<ckm_alias_list *>(untrustedcerts);
+ do {
+ current = next;
+ next = current->next;
+
+ if(current->alias == NULL){
+ return KEY_MANAGER_API_ERROR_INPUT_PARAM;
+ }
+ CKM::Alias ckmAlias(current->alias);
+ ckmUntrustedAliases.push_back(ckmAlias);
+ }while(next != NULL);
+ }
+
+ if( (ret = mgr.getCertificateChain(ckmCert, ckmUntrustedAliases, ckmCertChain)) != KEY_MANAGER_API_SUCCESS) {
+ return ret;
+ }
+
+ *cert_chain_list = _toNewCkmCertList(ckmCertChain);
+
+ return KEY_MANAGER_API_SUCCESS;
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ *
+ * @file ckmc-type.h
+ * @author Yuseok Jeon(yuseok.jeon@samsung.com)
+ * @version 1.0
+ * @brief new and free methods for the struct of CAPI
+ */
+
+
+#include <string.h>
+#include <stdlib.h>
+#include <ckmc/ckmc-type.h>
+#include <ckmc/ckmc-error.h>
+#include <openssl/x509v3.h>
+#include <openssl/pkcs12.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+
+int _ckm_load_cert_from_x509(X509 *xCert, ckm_cert **cert);
+
+
+KEY_MANAGER_CAPI
+ckm_key *ckm_key_new(unsigned char *raw_key, unsigned int key_size, ckm_key_type key_type, char *password)
+{
+ ckm_key *pkey = new ckm_key;
+ if(pkey == NULL)
+ return NULL;
+
+ pkey->raw_key = reinterpret_cast<unsigned char*>(malloc(key_size));
+ if(pkey->raw_key == NULL) {
+ free(pkey);
+ return NULL;
+ }
+ memcpy(pkey->raw_key, raw_key, key_size);
+
+ pkey->key_size = key_size;
+ pkey->key_type = key_type;
+
+ if(password != NULL) {
+ pkey->password = reinterpret_cast<char*>(malloc(strlen(password) +1));
+ if(pkey->password == NULL) {
+ free(pkey);
+ free(pkey->raw_key);
+ return NULL;
+ }
+ memset(pkey->password, 0, strlen(password) +1);
+ strncpy(pkey->password, password, strlen(password));
+ }else {
+ pkey->password = NULL;
+ }
+
+ return pkey;
+}
+
+KEY_MANAGER_CAPI
+void ckm_key_free(ckm_key *key)
+{
+ if(key == NULL)
+ return;
+
+ if(key->password != NULL)
+ free(key->password);
+ if(key->raw_key != NULL)
+ free(key->raw_key);
+
+ free(key);
+}
+
+KEY_MANAGER_CAPI
+ckm_raw_buffer * ckm_buffer_new(unsigned char *data, unsigned int size)
+{
+ ckm_raw_buffer *pbuff = new ckm_raw_buffer;
+ if(pbuff == NULL)
+ return NULL;
+
+ pbuff->data = reinterpret_cast<unsigned char*>(malloc(size));
+ if(pbuff->data == NULL) {
+ free(pbuff);
+ return NULL;
+ }
+ memcpy(pbuff->data, data, size);
+
+ pbuff->size = size;
+
+ return pbuff;
+}
+
+KEY_MANAGER_CAPI
+void ckm_buffer_free(ckm_raw_buffer *buffer)
+{
+ if(buffer == NULL)
+ return;
+
+ if(buffer->data != NULL)
+ free(buffer->data);
+ free(buffer);
+}
+
+KEY_MANAGER_CAPI
+ckm_cert *ckm_cert_new(unsigned char *raw_cert, unsigned int cert_size, ckm_cert_form data_format)
+{
+ ckm_cert *pcert = new ckm_cert;
+ if(pcert == NULL)
+ return NULL;
+
+ pcert->raw_cert = reinterpret_cast<unsigned char*>(malloc(cert_size));
+ if(pcert->raw_cert == NULL) {
+ free(pcert);
+ return NULL;
+ }
+ memcpy(pcert->raw_cert, raw_cert, cert_size);
+
+ pcert->cert_size = cert_size;
+ pcert->data_format = data_format;
+
+ return pcert;
+}
+
+KEY_MANAGER_CAPI
+int ckm_load_cert_from_file(const char *file_path, ckm_cert **cert)
+{
+ OpenSSL_add_all_algorithms();
+
+ FILE *fp = fopen(file_path, "r");
+ if(fp == NULL)
+ return KEY_MANAGER_API_ERROR_FILE_ACCESS_DENIED;
+ X509 *pcert = NULL;
+ if(!(pcert = d2i_X509_fp(fp, NULL))) {
+ fseek(fp, 0, SEEK_SET);
+ pcert = PEM_read_X509(fp, NULL, NULL, NULL);
+ }
+ fclose(fp);
+ if(pcert == NULL) {
+ return KEY_MANAGER_API_ERROR_INVALID_FORMAT;
+ }
+
+ int ret = _ckm_load_cert_from_x509(pcert, cert);
+ if(ret != KEY_MANAGER_API_SUCCESS) {
+ X509_free(pcert);
+ }
+ return ret;
+}
+
+KEY_MANAGER_CAPI
+int ckm_load_from_pkcs12_file(const char *file_path, const char *passphrase, ckm_key **private_key, ckm_cert **ckmcert, ckm_cert_list **ca_cert_list)
+{
+ class Pkcs12Converter {
+ private:
+ FILE* fp_in;
+ PKCS12* p12;
+ EVP_PKEY* pkey;
+ X509* x509Cert;
+ STACK_OF(X509)* ca;
+
+ public:
+ int ret;
+ ckm_key *retPrivateKey;
+ ckm_cert *retCkmCert;
+ ckm_cert_list *retCaCertList;
+
+ Pkcs12Converter(){
+ fp_in = NULL;
+ p12 = NULL;
+ pkey = NULL;
+ x509Cert = NULL;
+ ca = NULL;
+ ret = KEY_MANAGER_API_SUCCESS;
+ retPrivateKey = NULL;
+ retCkmCert = NULL;
+ retCaCertList = NULL;
+ };
+ ~Pkcs12Converter(){
+ if(fp_in != NULL)
+ fclose(fp_in);
+ if(p12 != NULL)
+ PKCS12_free(p12);
+ if(x509Cert != NULL)
+ X509_free(x509Cert);
+ if(pkey != NULL)
+ EVP_PKEY_free(pkey);
+ if(ca != NULL)
+ sk_X509_pop_free(ca, X509_free);
+ EVP_cleanup();
+
+ if(ret != KEY_MANAGER_API_SUCCESS) {
+ if(retPrivateKey != NULL)
+ ckm_key_free(retPrivateKey);
+ if(retCkmCert != NULL)
+ ckm_cert_free(retCkmCert);
+ if(retCaCertList != NULL)
+ ckm_cert_list_free(retCaCertList);
+ }
+ };
+
+ int parsePkcs12(const char *filePath, const char *pass) {
+ fp_in = NULL;
+ if(!(fp_in = fopen(filePath, "rb"))) {
+ return KEY_MANAGER_API_ERROR_FILE_ACCESS_DENIED;
+ }
+
+ if(!(p12 = d2i_PKCS12_fp(fp_in, NULL))) {
+ return KEY_MANAGER_API_ERROR_INVALID_FORMAT;
+ }
+
+ /* parse PKCS#12 certificate */
+ if((ret = PKCS12_parse(p12, pass, &pkey, &x509Cert, &ca)) != 1) {
+ return KEY_MANAGER_API_ERROR_INVALID_FORMAT;
+ }
+ return KEY_MANAGER_API_SUCCESS;
+ }
+
+ int toCkmCert() {
+ if( (ret =_ckm_load_cert_from_x509(x509Cert,&retCkmCert)) != KEY_MANAGER_API_SUCCESS) {
+ return ret;
+ }
+ return KEY_MANAGER_API_SUCCESS;
+ }
+
+ int toCkmKey() {
+ int prikeyLen = 0;
+ if((prikeyLen = i2d_PrivateKey(pkey, NULL)) < 0) {
+ return KEY_MANAGER_API_ERROR_OUT_OF_MEMORY;
+ }
+ unsigned char arrayPrikey[sizeof(unsigned char) * prikeyLen];
+ unsigned char *pPrikey = arrayPrikey;
+ if((prikeyLen = i2d_PrivateKey(pkey, &pPrikey)) < 0) {
+ return KEY_MANAGER_API_ERROR_OUT_OF_MEMORY;
+ }
+
+ int type = EVP_PKEY_type(pkey->type);
+ ckm_key_type key_type = CKM_KEY_NONE;
+ switch(type) {
+ case EVP_PKEY_RSA :
+ key_type = CKM_KEY_RSA_PRIVATE;
+ break;
+ case EVP_PKEY_EC :
+ key_type = CKM_KEY_ECDSA_PRIVATE;
+ break;
+ }
+ if(key_type == CKM_KEY_NONE) {
+ return KEY_MANAGER_API_ERROR_INVALID_FORMAT;
+ }
+
+ char *nullPassword = NULL;
+ retPrivateKey = ckm_key_new(pPrikey, sizeof(unsigned char) * prikeyLen, key_type, nullPassword);
+
+ return KEY_MANAGER_API_SUCCESS;
+ }
+
+ int toCaCkmCertList() {
+ X509* popedCert = NULL;
+ ckm_cert *popedCkmCert = NULL;
+ ckm_cert_list *tmpCertList = NULL;
+ retCaCertList = tmpCertList;
+ while((popedCert = sk_X509_pop(ca)) != NULL) {
+ if( (ret =_ckm_load_cert_from_x509(popedCert, &popedCkmCert)) != KEY_MANAGER_API_SUCCESS) {
+ return KEY_MANAGER_API_ERROR_OUT_OF_MEMORY;
+ }
+ tmpCertList = ckm_cert_list_add(tmpCertList, popedCkmCert);
+ }
+ return KEY_MANAGER_API_SUCCESS;
+ }
+
+ };
+
+ int ret = KEY_MANAGER_API_SUCCESS;
+
+ Pkcs12Converter converter;
+ if((ret = converter.parsePkcs12(file_path, passphrase)) != KEY_MANAGER_API_SUCCESS) {
+ return ret;
+ }
+ if((ret = converter.toCkmCert()) != KEY_MANAGER_API_SUCCESS) {
+ return ret;
+ }
+ if((ret = converter.toCkmKey()) != KEY_MANAGER_API_SUCCESS) {
+ return ret;
+ }
+ if((ret = converter.toCaCkmCertList()) != KEY_MANAGER_API_SUCCESS) {
+ return ret;
+ }
+ *private_key = converter.retPrivateKey;
+ *ckmcert = converter.retCkmCert;
+ *ca_cert_list = converter.retCaCertList;
+
+ return KEY_MANAGER_API_SUCCESS;
+}
+
+KEY_MANAGER_CAPI
+void ckm_cert_free(ckm_cert *cert)
+{
+ if(cert == NULL)
+ return;
+
+ if(cert->raw_cert != NULL)
+ free(cert->raw_cert);
+ free(cert);
+}
+
+KEY_MANAGER_CAPI
+ckm_alias_list *ckm_alias_list_new(char *alias)
+{
+ ckm_alias_list *previous = NULL;
+ return ckm_alias_list_add(previous, alias);
+}
+
+KEY_MANAGER_CAPI
+ckm_alias_list *ckm_alias_list_add(ckm_alias_list *previous, char *alias)
+{
+ ckm_alias_list *plist = new ckm_alias_list;
+
+ plist->alias = alias;
+ plist->next = NULL;
+
+ if(previous != NULL)
+ previous->next = plist;
+
+ return plist;
+}
+
+KEY_MANAGER_CAPI
+void ckm_alias_list_free(ckm_alias_list *first)
+{
+ if(first == NULL)
+ return;
+
+ ckm_alias_list *current = NULL;
+ ckm_alias_list *next = first;
+ do {
+ current = next;
+ next = current->next;
+ free(current);
+ }while(next != NULL);
+}
+
+KEY_MANAGER_CAPI
+void ckm_alias_list_all_free(ckm_alias_list *first)
+{
+ if(first == NULL)
+ return;
+
+ ckm_alias_list *current = NULL;
+ ckm_alias_list *next = first;
+ do {
+ current = next;
+ next = current->next;
+ if((current->alias)!=NULL) {
+ free(current->alias);
+ }
+ free(current);
+ }while(next != NULL);
+}
+
+KEY_MANAGER_CAPI
+ckm_cert_list *ckm_cert_list_new(ckm_cert *cert)
+{
+ ckm_cert_list *previous = NULL;
+ return ckm_cert_list_add(previous, cert);
+}
+
+KEY_MANAGER_CAPI
+ckm_cert_list *ckm_cert_list_add(ckm_cert_list *previous, ckm_cert *cert)
+{
+ ckm_cert_list *plist = new ckm_cert_list;
+
+ plist->cert = cert;
+ plist->next = NULL;
+
+ if(previous != NULL)
+ previous->next = plist;
+
+ return plist;
+}
+
+KEY_MANAGER_CAPI
+void ckm_cert_list_free(ckm_cert_list *first)
+{
+ if(first == NULL)
+ return;
+
+ ckm_cert_list *current = NULL;
+ ckm_cert_list *next = first;
+ do {
+ current = next;
+ next = current->next;
+ free(current);
+ }while(next != NULL);
+}
+
+KEY_MANAGER_CAPI
+void ckm_cert_list_all_free(ckm_cert_list *first)
+{
+ if(first == NULL)
+ return;
+
+ ckm_cert_list *current = NULL;
+ ckm_cert_list *next = first;
+ do {
+ current = next;
+ next = current->next;
+ if((current->cert)!=NULL) {
+ ckm_cert_free(current->cert);
+ }
+ free(current);
+ }while(next != NULL);
+}
+
+int _ckm_load_cert_from_x509(X509 *xCert, ckm_cert **cert)
+{
+ int certLen;
+ unsigned char* bufCert = NULL;
+
+ if(xCert == NULL) {
+ return KEY_MANAGER_API_ERROR_INVALID_FORMAT;
+ }
+
+ /* load certificate into buffer */
+ if((certLen = i2d_X509(xCert, NULL)) < 0) {
+ return KEY_MANAGER_API_ERROR_INVALID_FORMAT;
+ }
+ unsigned char arrayCert[sizeof(unsigned char) * certLen];
+ bufCert = arrayCert;
+ i2d_X509(xCert, &bufCert);
+
+ *cert = ckm_cert_new(bufCert, certLen, CKM_CERT_FORM_DER);
+
+ return KEY_MANAGER_API_SUCCESS;
+}
projects / platform / core / security / key-manager.git / commitdiff