#ifndef CKMC_MANAGER_H
#define CKMC_MANAGER_H
+#include <stddef.h>
#include <sys/types.h>
#include <ckmc/ckmc-type.h>
int ckm_save_key(const char *alias, const ckm_key key, const ckm_policy policy);
int ckm_remove_key(const char *alias);
int ckm_get_key(const char *alias, const char *password, ckm_key **key);
-int ckm_get_key_alias_list(const ckm_alias_list** alias_list);
+int ckm_get_key_alias_list(ckm_alias_list** alias_list);
int ckm_save_cert(const char *alias, const ckm_cert cert, const ckm_policy policy);
int ckm_remove_cert(const char *alias);
int ckm_get_cert(const char *alias, const char *password, const ckm_cert **cert);
-int ckm_get_cert_alias_list(const ckm_alias_list** alias_list);
+int ckm_get_cert_alias_list(ckm_alias_list** alias_list);
int ckm_save_data(const char *alias, ckm_raw_buffer data, const ckm_policy policy);
int ckm_remove_data(const char *alias);
int ckm_get_data(const char *alias, const char *password, ckm_raw_buffer **data);
-int ckm_get_data_alias_list(const ckm_alias_list** alias_list);
+int ckm_get_data_alias_list(ckm_alias_list** alias_list);
// crypto functions
-int ckm_create_key_pair_rsa(const int size, const char *private_key_alias, const char *public_key_alias, const ckm_policy policy_private_key, const ckm_policy policy_public_key);
+int ckm_create_key_pair_rsa(const size_t size, const char *private_key_alias, const char *public_key_alias, const ckm_policy policy_private_key, const ckm_policy policy_public_key);
int ckm_create_key_pair_ecdsa(const ckm_ec_type type, const char *private_key_alias, const char *public_key_alias, const ckm_policy policy_private_key, const ckm_policy policy_public_key);
int ckm_create_signature(const char *private_key_alias, const char *password, const ckm_raw_buffer message, const ckm_hash_algo hash, const ckm_rsa_padding_algo padding, ckm_raw_buffer **signature);
int ckm_verify_signature(const char *public_key_alias, const char *password, const ckm_raw_buffer message, const ckm_raw_buffer signature, const ckm_hash_algo hash, const ckm_rsa_padding_algo padding);
#ifndef CKMC_TYPE_H
#define CKMC_TYPE_H
+#include <stddef.h>
#define KEY_MANAGER_CAPI __attribute__((visibility("default")))
} ckm_hash_algo;
typedef enum ckm_rsa_padding_algo_t {
- CKM_XRSA_PKCS1_PADDING,
- CKM_XRSA_X931_PADDING
+ CKM_PKCS1_PADDING,
+ CKM_X931_PADDING
} ckm_rsa_padding_algo;
-typedef enum ckm_cert_form_t {
- CKM_CERT_FORM_DER,
- CKM_CERT_FORM_DER_BASE64
-} ckm_cert_form;
-
typedef struct ckm_raw_buff_t{
unsigned char* data;
- unsigned int size;
+ size_t size;
} ckm_raw_buffer;
typedef struct ckm_policy_t {
typedef struct ckm_key_t {
unsigned char* raw_key;
- unsigned int key_size;
+ size_t key_size;
ckm_key_type key_type;
char* password; // byte array used to encrypt data inside CKM
} ckm_key;
typedef struct ckm_cert_t {
- unsigned char* raw_cert;
- unsigned int cert_size;
- ckm_cert_form data_format;
+ unsigned char* raw_cert;
+ size_t cert_size;
+ ckm_data_format data_format;
} ckm_cert;
typedef struct ckm_alias_list_t {
} ckm_cert_list;
-ckm_key *ckm_key_new(unsigned char *raw_key, unsigned int key_size, ckm_key_type key_type, char *password);
+ckm_key *ckm_key_new(unsigned char *raw_key, size_t key_size, ckm_key_type key_type, char *password);
void ckm_key_free(ckm_key *key);
-ckm_raw_buffer * ckm_buffer_new(unsigned char *data, unsigned int size);
+ckm_raw_buffer * ckm_buffer_new(unsigned char *data, size_t size);
void ckm_buffer_free(ckm_raw_buffer *buffer);
-ckm_cert *ckm_cert_new(unsigned char *raw_cert, unsigned int cert_size, ckm_cert_form data_format);
+ckm_cert *ckm_cert_new(unsigned char *raw_cert, size_t cert_size, ckm_data_format data_format);
void ckm_cert_free(ckm_cert *cert);
#include <ckmc/ckmc-type.h>
#include <ckmc/ckmc-manager.h>
#include <ckmc/ckmc-error.h>
+#include <iostream>
bool _toBool(ckm_bool ckmBool)
{
return false;
}
+std::string _tostring(const char *str)
+{
+ if(str == NULL)
+ return std::string();
+ return std::string(str);
+}
+
CKM::Certificate _toCkmCertificate(const ckm_cert *cert)
{
CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size);
for(it = certVector.begin(); it != certVector.end(); it++) {
CKM::RawBuffer rawBuffer = it->getDER();
unsigned char *rawCert = reinterpret_cast<unsigned char*>(rawBuffer.data());
- ckm_cert *pcert = ckm_cert_new( rawCert, rawBuffer.size(), CKM_CERT_FORM_DER);
+ ckm_cert *pcert = ckm_cert_new( rawCert, rawBuffer.size(), CKM_FORM_DER);
if(pcert == NULL) {
return NULL;
}
return CKM_API_ERROR_INPUT_PARAM;
}
CKM::RawBuffer buffer(key.raw_key, key.raw_key + key.key_size);
- std::string password(key.password);
- CKM::Key ckmKey(buffer,password);
+ CKM::Key ckmKey(buffer, _tostring(key.password));
- CKM::Policy storePolicy(policy.password, _toBool(policy.extractable), _toBool(policy.restricted));
+ CKM::Policy storePolicy(_tostring(policy.password), _toBool(policy.extractable), _toBool(policy.restricted));
return mgr.saveKey(ckmAlias, ckmKey, storePolicy);
}
CKM::Alias ckmAlias(alias);
CKM::Manager mgr;
- if( (ret = mgr.getKey(ckmAlias, std::string(password), ckmKey)) != CKM_API_SUCCESS) {
+ if( (ret = mgr.getKey(ckmAlias, _tostring(password), ckmKey)) != CKM_API_SUCCESS) {
return ret;
}
}
KEY_MANAGER_CAPI
-int ckm_get_key_alias_list(const ckm_alias_list** alias_list)
+int ckm_get_key_alias_list(ckm_alias_list** alias_list)
{
int ret;
CKM::Key ckmKey;
}
CKM::Certificate ckmCert = _toCkmCertificate(&cert);
- CKM::Policy storePolicy(policy.password, _toBool(policy.extractable), _toBool(policy.restricted));
+ CKM::Policy storePolicy(_tostring(policy.password), _toBool(policy.extractable), _toBool(policy.restricted));
CKM::Manager mgr;
return mgr.saveCertificate(ckmAlias, ckmCert, storePolicy);
CKM::Alias ckmAlias(alias);
CKM::Manager mgr;
- if( (ret = mgr.getCertificate(ckmAlias, std::string(password), ckmCert)) != CKM_API_SUCCESS) {
+ if( (ret = mgr.getCertificate(ckmAlias, _tostring(password), ckmCert)) != CKM_API_SUCCESS) {
return ret;
}
unsigned char *rawCert = reinterpret_cast<unsigned char*>(ckmCert.getDER().data());
- *cert = ckm_cert_new( rawCert, ckmCert.getDER().size(), CKM_CERT_FORM_DER);
+ *cert = ckm_cert_new( rawCert, ckmCert.getDER().size(), CKM_FORM_DER);
if(*cert == NULL) {
return CKM_API_ERROR_OUT_OF_MEMORY;
}else {
}
KEY_MANAGER_CAPI
-int ckm_get_cert_alias_list(const ckm_alias_list** alias_list) {
+int ckm_get_cert_alias_list(ckm_alias_list** alias_list) {
int ret;
CKM::Key ckmKey;
}
CKM::RawBuffer buffer(data.data, data.data + data.size);
- CKM::Policy storePolicy(policy.password, _toBool(policy.extractable), _toBool(policy.restricted));
+ CKM::Policy storePolicy(_tostring(policy.password), _toBool(policy.extractable), _toBool(policy.restricted));
CKM::Manager mgr;
return mgr.saveData(ckmAlias, buffer, storePolicy);
CKM::Alias ckmAlias(alias);
CKM::Manager mgr;
- if( (ret = mgr.getData(ckmAlias, std::string(password), ckmBuff)) != CKM_API_SUCCESS) {
+ if( (ret = mgr.getData(ckmAlias, _tostring(password), ckmBuff)) != CKM_API_SUCCESS) {
return ret;
}
}
KEY_MANAGER_CAPI
-int ckm_get_data_alias_list(const ckm_alias_list** alias_list){
+int ckm_get_data_alias_list(ckm_alias_list** alias_list){
int ret;
CKM::Key ckmKey;
}
KEY_MANAGER_CAPI
-int ckm_create_key_pair_rsa(const int size,
+int ckm_create_key_pair_rsa(const size_t size,
const char *private_key_alias,
const char *public_key_alias,
const ckm_policy policy_private_key,
const ckm_policy policy_public_key)
{
+ int ret;
CKM::Manager mgr;
CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
CKM::Alias ckmPublicKeyAlias(public_key_alias);
- CKM::Policy ckmPrivateKeyPolicy(policy_private_key.password, _toBool(policy_private_key.extractable), _toBool(policy_private_key.restricted));
- CKM::Policy ckmPublicKeyPolicy(policy_public_key.password, _toBool(policy_public_key.extractable), _toBool(policy_public_key.restricted));
+ CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), _toBool(policy_private_key.extractable), _toBool(policy_private_key.restricted));
+ CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), _toBool(policy_public_key.extractable), _toBool(policy_public_key.restricted));
+
+ if( (ret = mgr.createKeyPairRSA(size, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy))
+ != CKM_API_SUCCESS) {
+ return ret;
+ }
- return mgr.createKeyPairRSA(size, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
+ return CKM_API_SUCCESS;
}
KEY_MANAGER_CAPI
const ckm_policy policy_private_key,
const ckm_policy policy_public_key)
{
+ int ret;
CKM::Manager mgr;
CKM::ElipticCurve ckmType = static_cast<CKM::ElipticCurve>(static_cast<int>(type));
CKM::Alias ckmPrivakeKeyAlias(private_key_alias);
CKM::Alias ckmPublicKeyAlias(public_key_alias);
- CKM::Policy ckmPrivateKeyPolicy(policy_private_key.password, _toBool(policy_private_key.extractable), _toBool(policy_private_key.restricted));
- CKM::Policy ckmPublicKeyPolicy(policy_public_key.password, _toBool(policy_public_key.extractable), _toBool(policy_public_key.restricted));
+ CKM::Policy ckmPrivateKeyPolicy(_tostring(policy_private_key.password), _toBool(policy_private_key.extractable), _toBool(policy_private_key.restricted));
+ CKM::Policy ckmPublicKeyPolicy(_tostring(policy_public_key.password), _toBool(policy_public_key.extractable), _toBool(policy_public_key.restricted));
+
+ if( (ret - mgr.createKeyPairECDSA(ckmType, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy))
+ != CKM_API_SUCCESS) {
+ return ret;
+ }
- return mgr.createKeyPairECDSA(ckmType, ckmPrivakeKeyAlias, ckmPublicKeyAlias, ckmPrivateKeyPolicy, ckmPublicKeyPolicy);
+ return CKM_API_SUCCESS;
}
KEY_MANAGER_CAPI
if( (ret = mgr.createSignature(
ckmPrivakeKeyAlias,
- password,
+ _tostring(password),
ckmMessage,
ckmHashAlgo,
ckmPadding,
if( (ret = mgr.verifySignature(
ckmPublicKeyAlias,
- password,
+ _tostring(password),
ckmMessage,
ckmSignature,
ckmHashAlgo,
CKM::Manager mgr;
CKM::CertificateVector ckmCertChain;
-
if(cert->raw_cert == NULL || cert->cert_size <= 0) {
return CKM_API_ERROR_INPUT_PARAM;
}
- CKM::RawBuffer buffer(cert->raw_cert, cert->raw_cert + cert->cert_size);
- CKM::DataFormat dataFormat = static_cast<CKM::DataFormat>(static_cast<int>(cert->data_format));
- CKM::Certificate ckmCert(buffer, dataFormat);
+
+ CKM::Certificate ckmCert = _toCkmCertificate(cert);
CKM::CertificateVector ckmUntrustedCerts;
if(untrustedcerts != NULL) {
next = current->next;
if(current->cert == NULL){
- return CKM_API_ERROR_INPUT_PARAM;
+ continue;
}
- CKM::Certificate ckmCert = _toCkmCertificate(current->cert);
- ckmUntrustedCerts.push_back(ckmCert);
+
+ CKM::Certificate tmpCkmCert = _toCkmCertificate(current->cert);
+ ckmUntrustedCerts.push_back(tmpCkmCert);
}while(next != NULL);
}
- if( (ret = mgr.getCertificateChain(ckmCert, ckmUntrustedCerts, ckmCertChain)) != CKM_API_SUCCESS) {
+ ret = mgr.getCertificateChain(ckmCert, ckmUntrustedCerts, ckmCertChain);
+ if( ret != CKM_API_SUCCESS) {
return ret;
}
#include <string.h>
+#include <stdio.h>
#include <stdlib.h>
+#include <ckm/ckm-type.h>
#include <ckmc/ckmc-type.h>
#include <ckmc/ckmc-error.h>
#include <openssl/x509v3.h>
KEY_MANAGER_CAPI
-ckm_key *ckm_key_new(unsigned char *raw_key, unsigned int key_size, ckm_key_type key_type, char *password)
+ckm_key *ckm_key_new(unsigned char *raw_key, size_t key_size, ckm_key_type key_type, char *password)
{
ckm_key *pkey = new ckm_key;
if(pkey == NULL)
if(key->password != NULL)
free(key->password);
- if(key->raw_key != NULL)
+ if(key->raw_key != NULL) {
+ memset(key->raw_key, 0, key->key_size);
free(key->raw_key);
+ }
free(key);
}
KEY_MANAGER_CAPI
-ckm_raw_buffer * ckm_buffer_new(unsigned char *data, unsigned int size)
+ckm_raw_buffer * ckm_buffer_new(unsigned char *data, size_t size)
{
ckm_raw_buffer *pbuff = new ckm_raw_buffer;
if(pbuff == NULL)
if(buffer == NULL)
return;
- if(buffer->data != NULL)
+ if(buffer->data != NULL) {
+ memset(buffer->data, 0, buffer->size);
free(buffer->data);
+ }
free(buffer);
}
KEY_MANAGER_CAPI
-ckm_cert *ckm_cert_new(unsigned char *raw_cert, unsigned int cert_size, ckm_cert_form data_format)
+ckm_cert *ckm_cert_new(unsigned char *raw_cert, size_t cert_size, ckm_data_format data_format)
{
ckm_cert *pcert = new ckm_cert;
if(pcert == NULL)
X509* x509Cert;
STACK_OF(X509)* ca;
- public:
int ret;
+ public:
ckm_key *retPrivateKey;
ckm_cert *retCkmCert;
ckm_cert_list *retCaCertList;
if(retCkmCert != NULL)
ckm_cert_free(retCkmCert);
if(retCaCertList != NULL)
- ckm_cert_list_free(retCaCertList);
+ ckm_cert_list_all_free(retCaCertList);
}
};
}
int toCkmKey() {
- int prikeyLen = 0;
- if((prikeyLen = i2d_PrivateKey(pkey, NULL)) < 0) {
- return CKM_API_ERROR_OUT_OF_MEMORY;
- }
- unsigned char arrayPrikey[sizeof(unsigned char) * prikeyLen];
- unsigned char *pPrikey = arrayPrikey;
- if((prikeyLen = i2d_PrivateKey(pkey, &pPrikey)) < 0) {
- return CKM_API_ERROR_OUT_OF_MEMORY;
- }
+ BIO *bkey = BIO_new(BIO_s_mem());
+
+ i2d_PrivateKey_bio(bkey, pkey);
+
+ CKM::RawBuffer output(8196);
+ int size = BIO_read(bkey, output.data(), output.size());
+ BIO_free_all(bkey);
+ if (size <= 0) {
+ return CKM_API_ERROR_INVALID_FORMAT;
+ }
+ output.resize(size);
int type = EVP_PKEY_type(pkey->type);
ckm_key_type key_type = CKM_KEY_NONE;
}
char *nullPassword = NULL;
- retPrivateKey = ckm_key_new(pPrikey, sizeof(unsigned char) * prikeyLen, key_type, nullPassword);
+
+ retPrivateKey = ckm_key_new(output.data(), size, key_type, nullPassword);
return CKM_API_SUCCESS;
}
X509* popedCert = NULL;
ckm_cert *popedCkmCert = NULL;
ckm_cert_list *tmpCertList = NULL;
- retCaCertList = tmpCertList;
while((popedCert = sk_X509_pop(ca)) != NULL) {
if( (ret =_ckm_load_cert_from_x509(popedCert, &popedCkmCert)) != CKM_API_SUCCESS) {
return CKM_API_ERROR_OUT_OF_MEMORY;
}
- tmpCertList = ckm_cert_list_add(tmpCertList, popedCkmCert);
+ if(tmpCertList == NULL) { // first
+ tmpCertList = ckm_cert_list_new(popedCkmCert);
+ retCaCertList = tmpCertList;
+ }else {
+ tmpCertList = ckm_cert_list_add(tmpCertList, popedCkmCert);
+ }
}
return CKM_API_SUCCESS;
}
if((ret = converter.toCaCkmCertList()) != CKM_API_SUCCESS) {
return ret;
}
+
*private_key = converter.retPrivateKey;
*ckmcert = converter.retCkmCert;
*ca_cert_list = converter.retCaCertList;
if(cert == NULL)
return;
- if(cert->raw_cert != NULL)
+ if(cert->raw_cert != NULL) {
+ memset(cert->raw_cert, 0, cert->cert_size);
free(cert->raw_cert);
+ }
free(cert);
}
int _ckm_load_cert_from_x509(X509 *xCert, ckm_cert **cert)
{
- int certLen;
- unsigned char* bufCert = NULL;
-
if(xCert == NULL) {
return CKM_API_ERROR_INVALID_FORMAT;
}
- /* load certificate into buffer */
- if((certLen = i2d_X509(xCert, NULL)) < 0) {
- return CKM_API_ERROR_INVALID_FORMAT;
- }
- unsigned char arrayCert[sizeof(unsigned char) * certLen];
- bufCert = arrayCert;
- i2d_X509(xCert, &bufCert);
+ BIO *bcert = BIO_new(BIO_s_mem());
+
+ i2d_X509_bio(bcert, xCert);
+
+ CKM::RawBuffer output(8196);
+ int size = BIO_read(bcert, output.data(), output.size());
+ BIO_free_all(bcert);
+ if (size <= 0) {
+ return CKM_API_ERROR_INVALID_FORMAT;
+ }
+ output.resize(size);
- *cert = ckm_cert_new(bufCert, certLen, CKM_CERT_FORM_DER);
+ *cert = ckm_cert_new(output.data(), output.size(), CKM_FORM_DER);
return CKM_API_SUCCESS;
}