2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Yuseok Jeon(yuseok.jeon@samsung.com)
20 * @brief new and free methods for the struct of CAPI
27 #include <ckm/ckm-type.h>
28 #include <ckmc/ckmc-type.h>
29 #include <ckmc/ckmc-error.h>
30 #include <ckmc-type-converter.h>
31 #include <protocols.h>
32 #include <openssl/x509v3.h>
33 #include <openssl/pkcs12.h>
34 #include <openssl/evp.h>
35 #include <openssl/pem.h>
37 #include <crypto-init.h>
41 const size_t DEFAULT_IV_LEN = 16;
42 const size_t DEFAULT_IV_LEN_BITS = 8*DEFAULT_IV_LEN;
43 const size_t DEFAULT_KEY_LEN_BITS = 4096;
45 int _ckmc_load_cert_from_x509(X509 *xCert, ckmc_cert_s **cert)
48 return CKMC_ERROR_INVALID_FORMAT;
51 BIO *bcert = BIO_new(BIO_s_mem());
53 i2d_X509_bio(bcert, xCert);
55 CKM::RawBuffer output(8196);
56 int size = BIO_read(bcert, output.data(), output.size());
59 return CKMC_ERROR_INVALID_FORMAT;
63 return ckmc_cert_new(output.data(), output.size(), CKMC_FORM_DER, cert);
66 } // namespace anonymous
69 const char * const ckmc_label_name_separator = CKM::LABEL_NAME_SEPARATOR;
70 const char * const ckmc_owner_id_separator = CKM::LABEL_NAME_SEPARATOR;
71 const char * const ckmc_owner_id_system = CKM::OWNER_ID_SYSTEM;
74 int ckmc_key_new(unsigned char *raw_key, size_t key_size, ckmc_key_type_e key_type, char *password, ckmc_key_s **ppkey)
78 if(raw_key == NULL || key_size <= 0 || ppkey == NULL) {
79 return CKMC_ERROR_INVALID_PARAMETER;
82 pkey = static_cast<ckmc_key_s*>(malloc(sizeof(ckmc_key_s)));
84 return CKMC_ERROR_OUT_OF_MEMORY;
86 pkey->raw_key = reinterpret_cast<unsigned char*>(malloc(key_size));
87 if(pkey->raw_key == NULL) {
89 return CKMC_ERROR_OUT_OF_MEMORY;
91 memcpy(pkey->raw_key, raw_key, key_size);
93 pkey->key_size = key_size;
94 pkey->key_type = key_type;
96 if(password != NULL) {
97 pkey->password = reinterpret_cast<char*>(malloc(strlen(password) +1));
98 if(pkey->password == NULL) {
101 return CKMC_ERROR_OUT_OF_MEMORY;
103 memset(pkey->password, 0, strlen(password) +1);
104 strncpy(pkey->password, password, strlen(password));
106 pkey->password = NULL;
111 return CKMC_ERROR_NONE;
115 void ckmc_key_free(ckmc_key_s *key)
120 if(key->password != NULL)
122 if(key->raw_key != NULL) {
123 memset(key->raw_key, 0, key->key_size);
131 int ckmc_buffer_new(unsigned char *data, size_t size,ckmc_raw_buffer_s **ppbuffer)
133 ckmc_raw_buffer_s *pbuff;
135 if(data == NULL || size <= 0 || ppbuffer == NULL) {
136 return CKMC_ERROR_INVALID_PARAMETER;
139 pbuff = static_cast<ckmc_raw_buffer_s*>(malloc(sizeof(ckmc_raw_buffer_s)));
141 return CKMC_ERROR_OUT_OF_MEMORY;
143 pbuff->data = reinterpret_cast<unsigned char*>(malloc(size));
144 if(pbuff->data == NULL) {
146 return CKMC_ERROR_OUT_OF_MEMORY;
148 memcpy(pbuff->data, data, size);
153 return CKMC_ERROR_NONE;
157 void ckmc_buffer_free(ckmc_raw_buffer_s *buffer)
162 if(buffer->data != NULL) {
163 memset(buffer->data, 0, buffer->size);
170 int ckmc_cert_new(unsigned char *raw_cert, size_t cert_size, ckmc_data_format_e data_format, ckmc_cert_s **ppcert)
174 if(raw_cert == NULL || cert_size <= 0 || ppcert == NULL) {
175 return CKMC_ERROR_INVALID_PARAMETER;
178 pcert = static_cast<ckmc_cert_s*>(malloc(sizeof(ckmc_cert_s)));
180 return CKMC_ERROR_OUT_OF_MEMORY;
182 pcert->raw_cert = reinterpret_cast<unsigned char*>(malloc(cert_size));
183 if(pcert->raw_cert == NULL) {
185 return CKMC_ERROR_OUT_OF_MEMORY;
187 memcpy(pcert->raw_cert, raw_cert, cert_size);
189 pcert->cert_size = cert_size;
190 pcert->data_format = data_format;
193 return CKMC_ERROR_NONE;
197 int ckmc_load_cert_from_file(const char *file_path, ckmc_cert_s **cert)
199 CKM::initOpenSslOnce();
201 FILE *fp = fopen(file_path, "r");
203 return CKMC_ERROR_FILE_ACCESS_DENIED;
205 if(!(pcert = d2i_X509_fp(fp, NULL))) {
206 fseek(fp, 0, SEEK_SET);
207 pcert = PEM_read_X509(fp, NULL, NULL, NULL);
211 return CKMC_ERROR_INVALID_FORMAT;
214 int ret = _ckmc_load_cert_from_x509(pcert, cert);
215 if(ret != CKMC_ERROR_NONE) {
222 void ckmc_cert_free(ckmc_cert_s *cert)
227 if(cert->raw_cert != NULL) {
228 memset(cert->raw_cert, 0, cert->cert_size);
229 free(cert->raw_cert);
235 int ckmc_pkcs12_new(ckmc_key_s *private_key, ckmc_cert_s *cert,
236 ckmc_cert_list_s *ca_cert_list, ckmc_pkcs12_s **pkcs12_bundle)
238 ckmc_pkcs12_s *pkcs12;
241 (private_key==NULL && cert==NULL && (ca_cert_list==NULL || ca_cert_list->cert==NULL))) {
242 return CKMC_ERROR_INVALID_PARAMETER;
245 pkcs12 = static_cast<ckmc_pkcs12_s*>(malloc(sizeof(ckmc_pkcs12_s)));
247 return CKMC_ERROR_OUT_OF_MEMORY;
249 // ownership is transferred into pkcs12 - mentioned in the docs
250 pkcs12->priv_key = private_key;
252 pkcs12->ca_chain = ca_cert_list;
254 *pkcs12_bundle = pkcs12;
255 return CKMC_ERROR_NONE;
259 int ckmc_load_from_pkcs12_file(const char *file_path, const char *passphrase, ckmc_key_s **private_key, ckmc_cert_s **ckmcert, ckmc_cert_list_s **ca_cert_list)
261 class Pkcs12Converter {
271 ckmc_key_s *retPrivateKey;
272 ckmc_cert_s *retCkmCert;
273 ckmc_cert_list_s *retCaCertList;
281 ret = CKMC_ERROR_NONE;
282 retPrivateKey = NULL;
284 retCaCertList = NULL;
296 sk_X509_pop_free(ca, X509_free);
298 if(ret != CKMC_ERROR_NONE) {
299 if(retPrivateKey != NULL){
300 ckmc_key_free(retPrivateKey);
301 retPrivateKey = NULL;
303 if(retCkmCert != NULL) {
304 ckmc_cert_free(retCkmCert);
307 if(retCaCertList != NULL) {
308 ckmc_cert_list_all_free(retCaCertList);
309 retCaCertList = NULL;
314 int parsePkcs12(const char *filePath, const char *pass) {
316 if(!(fp_in = fopen(filePath, "rb"))) {
317 return CKMC_ERROR_FILE_ACCESS_DENIED;
320 if(!(p12 = d2i_PKCS12_fp(fp_in, NULL))) {
321 return CKMC_ERROR_INVALID_FORMAT;
324 /* parse PKCS#12 certificate */
325 if((ret = PKCS12_parse(p12, pass, &pkey, &x509Cert, &ca)) != 1) {
326 return CKMC_ERROR_INVALID_FORMAT;
328 return CKMC_ERROR_NONE;
332 if( (ret =_ckmc_load_cert_from_x509(x509Cert,&retCkmCert)) != CKMC_ERROR_NONE) {
335 return CKMC_ERROR_NONE;
339 BIO *bkey = BIO_new(BIO_s_mem());
341 i2d_PrivateKey_bio(bkey, pkey);
343 CKM::RawBuffer output(8196);
344 int size = BIO_read(bkey, output.data(), output.size());
347 return CKMC_ERROR_INVALID_FORMAT;
351 int type = EVP_PKEY_type(pkey->type);
352 ckmc_key_type_e key_type = CKMC_KEY_NONE;
355 key_type = CKMC_KEY_RSA_PRIVATE;
358 key_type = CKMC_KEY_DSA_PRIVATE;
361 key_type = CKMC_KEY_ECDSA_PRIVATE;
364 if(key_type == CKMC_KEY_NONE) {
365 return CKMC_ERROR_INVALID_FORMAT;
368 char *nullPassword = NULL;
370 return ckmc_key_new(output.data(), size, key_type, nullPassword, &retPrivateKey);
373 int toCaCkmCertList() {
375 X509* popedCert = NULL;
376 ckmc_cert_s *popedCkmCert = NULL;
377 ckmc_cert_list_s *tmpCertList = NULL;
378 while((popedCert = sk_X509_pop(ca)) != NULL) {
379 if( (tmpRet =_ckmc_load_cert_from_x509(popedCert, &popedCkmCert)) != CKMC_ERROR_NONE) {
380 return CKMC_ERROR_OUT_OF_MEMORY;
382 if(tmpCertList == NULL) { // first
383 tmpRet = ckmc_cert_list_new(popedCkmCert, &tmpCertList);
384 retCaCertList = tmpCertList;
386 tmpRet = ckmc_cert_list_add(tmpCertList, popedCkmCert, &tmpCertList);
388 if(tmpRet != CKMC_ERROR_NONE) {
389 ckmc_cert_list_all_free(retCaCertList);
390 retCaCertList = NULL;
394 return CKMC_ERROR_NONE;
399 CKM::initOpenSslOnce();
401 int ret = CKMC_ERROR_NONE;
403 Pkcs12Converter converter;
404 if((ret = converter.parsePkcs12(file_path, passphrase)) != CKMC_ERROR_NONE) {
407 if((ret = converter.toCkmCert()) != CKMC_ERROR_NONE) {
410 if((ret = converter.toCkmKey()) != CKMC_ERROR_NONE) {
413 if((ret = converter.toCaCkmCertList()) != CKMC_ERROR_NONE) {
417 *private_key = converter.retPrivateKey;
418 *ckmcert = converter.retCkmCert;
419 *ca_cert_list = converter.retCaCertList;
421 return CKMC_ERROR_NONE;
425 int ckmc_pkcs12_load(const char *file_path, const char *passphrase, ckmc_pkcs12_s **pkcs12_bundle)
428 ckmc_key_s *private_key = 0;
429 ckmc_cert_s *cert = 0;
430 ckmc_cert_list_s *ca_cert_list = 0;
432 if(!file_path || !pkcs12_bundle)
433 return CKMC_ERROR_INVALID_PARAMETER;
435 ec = ckmc_load_from_pkcs12_file(file_path, passphrase, &private_key, &cert, &ca_cert_list);
436 if(ec != CKMC_ERROR_NONE)
439 ec = ckmc_pkcs12_new(private_key, cert, ca_cert_list, pkcs12_bundle);
440 if(ec != CKMC_ERROR_NONE)
442 ckmc_key_free(private_key);
443 ckmc_cert_free(cert);
444 ckmc_cert_list_free(ca_cert_list);
448 return CKMC_ERROR_NONE;
452 void ckmc_pkcs12_free(ckmc_pkcs12_s *pkcs12)
457 ckmc_key_free(pkcs12->priv_key);
458 ckmc_cert_free(pkcs12->cert);
459 ckmc_cert_list_free(pkcs12->ca_chain);
464 int ckmc_alias_list_new(char *alias, ckmc_alias_list_s **ppalias_list)
466 ckmc_alias_list_s *previous = NULL;
467 return ckmc_alias_list_add(previous, alias, ppalias_list);
471 int ckmc_alias_list_add(ckmc_alias_list_s *previous, char *alias, ckmc_alias_list_s **pplast)
473 ckmc_alias_list_s *plist;
475 if(alias == NULL || pplast == NULL) {
476 return CKMC_ERROR_INVALID_PARAMETER;
479 plist = static_cast<ckmc_alias_list_s*>(malloc(sizeof(ckmc_alias_list_s)));
481 return CKMC_ERROR_OUT_OF_MEMORY;
484 plist->alias = alias;
487 if(previous != NULL) {
488 previous->next = plist;
492 return CKMC_ERROR_NONE;
496 void ckmc_alias_list_free(ckmc_alias_list_s *first)
498 ckmc_alias_list_s *next = first;
500 ckmc_alias_list_s *current = next;
501 next = current->next;
507 void ckmc_alias_list_all_free(ckmc_alias_list_s *first)
509 ckmc_alias_list_s *next = first;
511 ckmc_alias_list_s *current = next;
512 next = current->next;
513 free(current->alias);
519 int ckmc_cert_list_new(ckmc_cert_s *cert, ckmc_cert_list_s **ppalias_list)
521 ckmc_cert_list_s *previous = NULL;
522 return ckmc_cert_list_add(previous, cert, ppalias_list);
526 int ckmc_cert_list_add(ckmc_cert_list_s *previous, ckmc_cert_s *cert, ckmc_cert_list_s **pplast)
528 ckmc_cert_list_s *plist;
530 if(cert == NULL || pplast == NULL) {
531 return CKMC_ERROR_INVALID_PARAMETER;
534 plist = static_cast<ckmc_cert_list_s*>(malloc(sizeof(ckmc_cert_list_s)));
536 return CKMC_ERROR_OUT_OF_MEMORY;
541 if(previous != NULL) {
542 previous->next = plist;
547 return CKMC_ERROR_NONE;
551 void ckmc_cert_list_free(ckmc_cert_list_s *first)
553 ckmc_cert_list_s *next = first;
555 ckmc_cert_list_s *current = next;
556 next = current->next;
562 void ckmc_cert_list_all_free(ckmc_cert_list_s *first)
564 ckmc_cert_list_s *next = first;
566 ckmc_cert_list_s *current = next;
567 next = current->next;
568 ckmc_cert_free(current->cert);
574 int ckmc_param_list_new(ckmc_param_list_h *pparams)
576 if (!pparams || *pparams)
577 return CKMC_ERROR_INVALID_PARAMETER;
579 *pparams = reinterpret_cast<ckmc_param_list_h>(new(std::nothrow)(CKM::CryptoAlgorithm));
581 return CKMC_ERROR_OUT_OF_MEMORY;
582 return CKMC_ERROR_NONE;
586 int ckmc_param_list_set_integer(ckmc_param_list_h params,
587 ckmc_param_name_e name,
591 return CKMC_ERROR_INVALID_PARAMETER;
593 CKM::CryptoAlgorithm* algo = reinterpret_cast<CKM::CryptoAlgorithm*>(params);
594 bool ret = algo->setParam(static_cast<CKM::ParamName>(name), value);
595 return (ret ? CKMC_ERROR_NONE : CKMC_ERROR_INVALID_PARAMETER);
599 int ckmc_param_list_set_buffer(ckmc_param_list_h params,
600 ckmc_param_name_e name,
601 const ckmc_raw_buffer_s *buffer)
603 if (!params || !buffer || !buffer->data || buffer->size == 0)
604 return CKMC_ERROR_INVALID_PARAMETER;
606 CKM::CryptoAlgorithm* algo = reinterpret_cast<CKM::CryptoAlgorithm*>(params);
607 CKM::RawBuffer b(buffer->data, buffer->data + buffer->size);
608 bool ret = algo->setParam(static_cast<CKM::ParamName>(name), b);
609 return (ret ? CKMC_ERROR_NONE : CKMC_ERROR_INVALID_PARAMETER);
613 int ckmc_param_list_get_integer(ckmc_param_list_h params,
614 ckmc_param_name_e name,
617 if (!params || !pvalue)
618 return CKMC_ERROR_INVALID_PARAMETER;
620 const CKM::CryptoAlgorithm* algo = reinterpret_cast<const CKM::CryptoAlgorithm*>(params);
621 if (!algo->getParam(static_cast<CKM::ParamName>(name), *pvalue))
622 return CKMC_ERROR_INVALID_PARAMETER;
624 return CKMC_ERROR_NONE;
628 int ckmc_param_list_get_buffer(ckmc_param_list_h params,
629 ckmc_param_name_e name,
630 ckmc_raw_buffer_s **ppbuffer)
632 if (!params || !ppbuffer || *ppbuffer)
633 return CKMC_ERROR_INVALID_PARAMETER;
635 const CKM::CryptoAlgorithm* algo = reinterpret_cast<const CKM::CryptoAlgorithm*>(params);
636 CKM::RawBuffer value;
637 if (!algo->getParam(static_cast<CKM::ParamName>(name),value))
638 return CKMC_ERROR_INVALID_PARAMETER;
640 return ckmc_buffer_new(value.data(), value.size(), ppbuffer);
644 void ckmc_param_list_free(ckmc_param_list_h params)
646 CKM::CryptoAlgorithm* algo = reinterpret_cast<CKM::CryptoAlgorithm*>(params);
651 int ckmc_generate_new_params(ckmc_algo_type_e type, ckmc_param_list_h *pparams)
653 if (!pparams || *pparams)
654 return CKMC_ERROR_INVALID_PARAMETER;
656 ckmc_param_list_h params = NULL;
657 int ret = ckmc_param_list_new(¶ms);
658 if (ret != CKMC_ERROR_NONE)
662 case CKMC_ALGO_AES_CTR:
663 ret = ckmc_param_list_set_integer(params, CKMC_PARAM_ED_CTR_LEN, DEFAULT_IV_LEN_BITS);
665 case CKMC_ALGO_AES_CBC:
666 case CKMC_ALGO_AES_GCM:
667 case CKMC_ALGO_AES_CFB:
668 case CKMC_ALGO_RSA_OAEP:
672 ret = CKMC_ERROR_INVALID_PARAMETER;
676 if (ret != CKMC_ERROR_NONE) {
677 ckmc_param_list_free(params);
681 ret = ckmc_param_list_set_integer(params, CKMC_PARAM_ALGO_TYPE, type);
682 if (ret != CKMC_ERROR_NONE) {
683 ckmc_param_list_free(params);
689 return CKMC_ERROR_NONE;