From 80c18bbbc7670f950e65f7a64b689b4946333890 Mon Sep 17 00:00:00 2001 From: Ernest Borowski Date: Tue, 27 Feb 2018 15:38:34 +0100 Subject: [PATCH] CKMC API: Add option to list aliases with information about password protection Change-Id: I02ff75a9f6c60bdcd4b3450a135a4047bbbc05f0 Signed-off-by: Ernest Borowski --- src/include/ckmc/ckmc-manager.h | 79 ++++++++++++++++++- src/include/ckmc/ckmc-type.h | 56 +++++++++++++- src/manager/client-capi/ckmc-manager.cpp | 126 ++++++++++++++++++++++++++++++- src/manager/client-capi/ckmc-type.cpp | 48 +++++++++++- src/manager/client/client-common.h | 10 ++- 5 files changed, 310 insertions(+), 9 deletions(-) diff --git a/src/include/ckmc/ckmc-manager.h b/src/include/ckmc/ckmc-manager.h index 86ee07f..22a295c 100644 --- a/src/include/ckmc/ckmc-manager.h +++ b/src/include/ckmc/ckmc-manager.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -151,6 +151,31 @@ int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **ppkey); int ckmc_get_key_alias_list(ckmc_alias_list_s **ppalias_list); +/** + * @brief Gets the information about all the aliases of keys that the client can access. + * @since_tizen 5.5 + * @remarks A client can access only data stored by the client and the entries from system database + * if it was explicitly permitted to. + * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_info_list_all_free() + * if it is no longer needed. + * @param[out] ppalias_list The pointer to a newly created ckmc_alias_info_list_s handle containing + * information about all key aliases \n + * If there is no available key alias, *ppalias_list will be null + * @return @c 0 on success, + * otherwise a negative error value + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * @see ckmc_save_key() + * @see ckmc_remove_alias() + * @see ckmc_get_key() + */ +int ckmc_get_key_alias_info_list(ckmc_alias_info_list_s **ppalias_list); + /** * @brief Stores a certificate inside key manager based on the provided policy. @@ -258,6 +283,32 @@ int ckmc_get_cert_alias_list(ckmc_alias_list_s **ppalias_list); /** + * @brief Gets the information about all the aliases of certificates that the client can access. + * @since_tizen 5.5 + * @remarks A client can access only data stored by the client and the entries from system database + * if it was explicitly permitted to. + * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_info_list_all_free() + * if it is no longer needed. + * @param[out] ppalias_list The pointer to a newly created ckmc_alias_info_list_s handle containing + * information about all certificate aliases \n + * If there is no available certificate alias, *ppalias_list will be null + * @return @c 0 on success, + * otherwise a negative error value + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * @see ckmc_save_cert() + * @see ckmc_remove_alias() + * @see ckmc_get_cert() + */ +int ckmc_get_cert_alias_info_list(ckmc_alias_info_list_s **ppalias_list); + + +/** * @brief Stores PKCS12's contents inside key manager based on the provided policies. All items from the PKCS12 will use the same alias. * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. @@ -413,6 +464,32 @@ int ckmc_get_data_alias_list(ckmc_alias_list_s **ppalias_list); /** + * @brief Gets the information about all the aliases of data that the client can access. + * @since_tizen 5.5 + * @remarks A client can access only data stored by the client and the entries from system database + * if it was explicitly permitted to. + * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_info_list_all_free() + * if it is no longer needed. + * @param[out] ppalias_list The pointer to a newly created ckmc_alias_info_list_s handle containing + * information about all data aliases \n + * If there is no available data alias, *ppalias_list will be null + * @return @c 0 on success, + * otherwise a negative error value + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in) + * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason + * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist + * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager + * @pre User is already logged in and the user key is already loaded into memory in plain text form. + * @see ckmc_save_data() + * @see ckmc_remove_alias() + * @see ckmc_get_data() + */ +int ckmc_get_data_alias_info_list(ckmc_alias_info_list_s **ppalias_list); + + +/** * @brief Creates RSA private/public key pair and stores them inside key manager based on each policy. * @since_tizen 2.3 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0. diff --git a/src/include/ckmc/ckmc-type.h b/src/include/ckmc/ckmc-type.h index 8a4217b..da0c05e 100644 --- a/src/include/ckmc/ckmc-type.h +++ b/src/include/ckmc/ckmc-type.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -227,6 +227,25 @@ typedef struct __ckmc_alias_list { *next; /**< The pointer pointing to the next ckmc_alias_list_s */ } ckmc_alias_list_s; +struct ckmc_alias_info_s; + +/** + * @brief The structure of alias and additional information about it. + * @since_tizen 5.0 + */ +typedef struct ckmc_alias_info_s ckmc_alias_info_s; + +/** + * @brief The structure for linked list of alias with additional information. + * @since_tizen 5.0 + */ +typedef struct __ckmc_alias_info_list_s { + struct ckmc_alias_info_s* info; /**< The pointer pointing to the alias structure + with additional information */ + struct __ckmc_alias_info_list_s* + next; /**< The pointer pointing to the next ckmc_alias_info_list_s */ +} ckmc_alias_info_list_s; + /** * @brief The structure for linked list of ckmc_cert_s @@ -341,6 +360,41 @@ typedef enum __ckmc_algo_type { (optional, not supported at the moment) */ } ckmc_algo_type_e; +/** + * @brief Gets the alias from #ckmc_alias_info_s structure. + * @since_tizen 5.0 + * @remarks The @a alias should not be released. + * The @a alias can be used until #ckmc_alias_info_s is released. + * @param[in] info The pointer to the #ckmc_alias_info_s structure + * @param[out] alias The pointer to the alias + * @return #CKMC_ERROR_NONE on success, + * othervise a negative error value + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @see #ckmc_alias_info_s + */ +int ckmc_alias_info_get_alias(const ckmc_alias_info_s* info, char** alias); + +/** + * @brief Gets the password protection status from #ckmc_alias_info_s structure. + * @since_tizen 5.0 + * @param[in] info The pointer to the #ckmc_alias_info_s structure + * @param[out] is_password_protected The pointer to the password protection flag + * @return #CKMC_ERROR_NONE on success, + * othervise a negative error value + * @retval #CKMC_ERROR_NONE Successful + * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid + * @see #ckmc_alias_info_s + */ +int ckmc_alias_info_is_password_protected(const ckmc_alias_info_s* info, bool* is_password_protected); + +/** + * @brief Destroys the #ckmc_alias_info_list_s handle and releases resources of #ckmc_alias_info_list_s from the provided first handle cascadingly. + * @since_tizen 5.0 + * @param[in] first The first #ckmc_alias_info_list_s handle to destroy + * @see #ckmc_alias_info_list_s + */ +void ckmc_alias_info_list_all_free(ckmc_alias_info_list_s *first); /** * @brief Creates a new full alias which is a concatenation of @a owner_id and @a alias. diff --git a/src/manager/client-capi/ckmc-manager.cpp b/src/manager/client-capi/ckmc-manager.cpp index 37dd14f..a765f3a 100644 --- a/src/manager/client-capi/ckmc-manager.cpp +++ b/src/manager/client-capi/ckmc-manager.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2017 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -28,6 +28,7 @@ #include #include #include +#include #include #include @@ -35,6 +36,30 @@ namespace { const CKM::CertificateShPtrVector EMPTY_CERT_VECTOR; const CKM::AliasVector EMPTY_ALIAS_VECTOR; +int _ckmc_alias_info_new(const char* alias, bool is_password_protected, ckmc_alias_info_s** info) +{ + if (alias == NULL) + return CKMC_ERROR_SERVER_ERROR; + if (info == NULL) + return CKMC_ERROR_UNKNOWN; + + ckmc_alias_info_s* _info = NULL; + _info = static_cast(malloc(sizeof(ckmc_alias_info_s))); + + if (_info == NULL) + return CKMC_ERROR_OUT_OF_MEMORY; + + _info->alias = strdup(alias); + if (_info->alias == NULL) + { + free(_info); + return CKMC_ERROR_OUT_OF_MEMORY; + } + _info->is_password_protected = is_password_protected; + *info = _info; + return CKMC_ERROR_NONE; +} + inline CKM::Password _tostring(const char *str) { return (str == nullptr) ? CKM::Password() : CKM::Password(str); @@ -180,8 +205,84 @@ int _cryptoOperation(cryptoFn operation, return ckmc_buffer_new(outBuffer.data(), outBuffer.size(), ppout); } +int _toNewCkmcAliasInfoList(const CKM::AliasPwdVector &aliasPwdVector, + ckmc_alias_info_list_s **alias_info_list) +{ + int ret = CKMC_ERROR_NONE; + + if (alias_info_list == nullptr) + return CKMC_ERROR_UNKNOWN; + + if (aliasPwdVector.size() == 0) + return CKMC_ERROR_DB_ALIAS_UNKNOWN; + + ckmc_alias_info_list_s *start = nullptr; + ckmc_alias_info_list_s *plist = nullptr; + ckmc_alias_info_list_s *previous = nullptr; + + for (const auto &it : aliasPwdVector) { + + previous = plist; + + plist = static_cast(calloc(1, sizeof(ckmc_alias_info_list_s))); + + if (plist == nullptr) + { + ret = CKMC_ERROR_OUT_OF_MEMORY; + break; + } + + if (start == nullptr) + start = plist; + + if (previous != nullptr) + previous->next = plist; + + if ((ret = _ckmc_alias_info_new(std::get<0>(it).c_str(), std::get<1>(it), + &plist->info) != CKMC_ERROR_NONE)) + { + break; + } + + } + + if (ret != CKMC_ERROR_NONE) + { + ckmc_alias_info_list_all_free(start); + return ret; + } + + *alias_info_list = start; + + return CKMC_ERROR_NONE; } +int ckmc_generic_get_alias_info_list_helper(ckmc_alias_info_list_s **alias_info_list, + int(CKM::Manager::*func)(CKM::AliasPwdVector&)) +{ + EXCEPTION_GUARD_START_CAPI + + auto mgr = CKM::Manager::create(); + int ret; + + if (alias_info_list == nullptr) + return CKMC_ERROR_INVALID_PARAMETER; + + CKM::AliasPwdVector aliasPwdVector; + + if ((ret = ((*mgr).*func)(aliasPwdVector)) != CKM_API_SUCCESS) + return to_ckmc_error(ret); + + if ((ret = _toNewCkmcAliasInfoList(aliasPwdVector, alias_info_list)) != CKM_API_SUCCESS) + return ret; + + return CKMC_ERROR_NONE; + + EXCEPTION_GUARD_END +} + +} // namespace anonymous + KEY_MANAGER_CAPI int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy) @@ -296,6 +397,15 @@ int ckmc_get_key_alias_list(ckmc_alias_list_s **alias_list) EXCEPTION_GUARD_END } + +KEY_MANAGER_CAPI +int ckmc_get_key_alias_info_list(ckmc_alias_info_list_s **alias_info_list) +{ + + return ckmc_generic_get_alias_info_list_helper(alias_info_list, + &CKM::Manager::getKeyAliasPwdVector); +} + KEY_MANAGER_CAPI int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy) @@ -391,6 +501,13 @@ int ckmc_get_cert_alias_list(ckmc_alias_list_s **alias_list) } KEY_MANAGER_CAPI +int ckmc_get_cert_alias_info_list(ckmc_alias_info_list_s **alias_info_list) +{ + return ckmc_generic_get_alias_info_list_helper(alias_info_list, + &CKM::Manager::getCertificateAliasPwdVector); +} + +KEY_MANAGER_CAPI int ckmc_save_pkcs12(const char *alias, const ckmc_pkcs12_s *ppkcs, const ckmc_policy_s key_policy, const ckmc_policy_s cert_policy) { @@ -581,6 +698,13 @@ int ckmc_get_data_alias_list(ckmc_alias_list_s **alias_list) } KEY_MANAGER_CAPI +int ckmc_get_data_alias_info_list(ckmc_alias_info_list_s **alias_info_list) +{ + return ckmc_generic_get_alias_info_list_helper(alias_info_list, + &CKM::Manager::getDataAliasPwdVector); +} + +KEY_MANAGER_CAPI int ckmc_create_key_pair_rsa(const size_t size, const char *private_key_alias, const char *public_key_alias, diff --git a/src/manager/client-capi/ckmc-type.cpp b/src/manager/client-capi/ckmc-type.cpp index a613d8d..6567c97 100644 --- a/src/manager/client-capi/ckmc-type.cpp +++ b/src/manager/client-capi/ckmc-type.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -28,6 +28,7 @@ #include #include #include +#include #include #include #include @@ -65,8 +66,15 @@ int _ckmc_load_cert_from_x509(X509 *xCert, ckmc_cert_s **cert) return ckmc_cert_new(output.data(), output.size(), CKMC_FORM_DER, cert); } -} // namespace anonymous +void _ckmc_alias_info_free(ckmc_alias_info_s *info) +{ + if (info == NULL) + return; + free(info->alias); + free(info); +} +} // namespace anonymous const char *const ckmc_label_name_separator = CKM::ALIAS_SEPARATOR; const char *const ckmc_owner_id_separator = CKM::ALIAS_SEPARATOR; @@ -591,6 +599,40 @@ void ckmc_alias_list_all_free(ckmc_alias_list_s *first) } KEY_MANAGER_CAPI +int ckmc_alias_info_get_alias(const ckmc_alias_info_s* info, char** alias) +{ + if (info == NULL || alias == NULL) + return CKMC_ERROR_INVALID_PARAMETER; + + *alias = info->alias; + return CKMC_ERROR_NONE; +} + +KEY_MANAGER_CAPI +int ckmc_alias_info_is_password_protected(const ckmc_alias_info_s* info, bool* is_password_protected) +{ + if (info == NULL || is_password_protected == NULL) + return CKMC_ERROR_INVALID_PARAMETER; + + *is_password_protected = info->is_password_protected; + return CKMC_ERROR_NONE; +} + + +KEY_MANAGER_CAPI +void ckmc_alias_info_list_all_free(ckmc_alias_info_list_s *first) +{ + ckmc_alias_info_list_s *next = first; + + while (next) { + ckmc_alias_info_list_s *current = next; + next = current->next; + _ckmc_alias_info_free(current->info); + free(current); + } +} + +KEY_MANAGER_CAPI int ckmc_cert_list_new(ckmc_cert_s *cert, ckmc_cert_list_s **ppalias_list) { ckmc_cert_list_s *previous = NULL; @@ -599,7 +641,7 @@ int ckmc_cert_list_new(ckmc_cert_s *cert, ckmc_cert_list_s **ppalias_list) KEY_MANAGER_CAPI int ckmc_cert_list_add(ckmc_cert_list_s *previous, ckmc_cert_s *cert, - ckmc_cert_list_s **pplast) + ckmc_cert_list_s **pplast) { ckmc_cert_list_s *plist; diff --git a/src/manager/client/client-common.h b/src/manager/client/client-common.h index cedb50e..032f2f9 100644 --- a/src/manager/client/client-common.h +++ b/src/manager/client/client-common.h @@ -1,7 +1,5 @@ /* - * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Bumjin Im + * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -43,6 +41,12 @@ extern "C" { struct msghdr; + + struct ckmc_alias_info_s { + char* alias; + bool is_password_protected; + }; + } namespace CKM { -- 2.7.4