projects / platform / core / security / key-manager.git / blob
? search:


7048333854660b4cd59c26becb67e2b0329c5ee2
[platform/core/security/key-manager.git] / src / manager / client-capi / ckmc-type.cpp
1 /*
2  *  Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
3  *
4  *  Licensed under the Apache License, Version 2.0 (the "License");
5  *  you may not use this file except in compliance with the License.
6  *  You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  *  Unless required by applicable law or agreed to in writing, software
11  *  distributed under the License is distributed on an "AS IS" BASIS,
12  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  *  See the License for the specific language governing permissions and
14  *  limitations under the License
15  *
16  *
17  * @file        ckmc-type.cpp
18  * @author      Yuseok Jeon(yuseok.jeon@samsung.com)
19  * @version     1.0
20  * @brief       new and free methods for the struct of CAPI
21  */
22
23
24 #include <string.h>
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <ckm/ckm-type.h>
28 #include <ckmc/ckmc-type.h>
29 #include <ckmc/ckmc-error.h>
30 #include <ckmc-type-converter.h>
31 #include <protocols.h>
32 #include <openssl/x509v3.h>
33 #include <openssl/pkcs12.h>
34 #include <openssl/evp.h>
35 #include <openssl/pem.h>
36
37
38 const char * const ckmc_label_name_separator    = CKM::LABEL_NAME_SEPARATOR;
39 const char * const ckmc_label_shared_owner      = CKM::LABEL_SYSTEM_DB;
40
41
42 int _ckmc_load_cert_from_x509(X509 *xCert, ckmc_cert_s **cert);
43
44 KEY_MANAGER_CAPI
45 int ckmc_key_new(unsigned char *raw_key, size_t key_size, ckmc_key_type_e key_type, char *password, ckmc_key_s **ppkey)
46 {
47     ckmc_key_s *pkey;
48
49     if(raw_key == NULL || key_size <= 0 || ppkey == NULL) {
50         return CKMC_ERROR_INVALID_PARAMETER;
51     }
52
53     pkey = static_cast<ckmc_key_s*>(malloc(sizeof(ckmc_key_s)));
54     if(pkey == NULL) {
55         return CKMC_ERROR_OUT_OF_MEMORY;
56     }
57     pkey->raw_key = reinterpret_cast<unsigned char*>(malloc(key_size));
58     if(pkey->raw_key == NULL) {
59         free(pkey);
60         return CKMC_ERROR_OUT_OF_MEMORY;
61     }
62     memcpy(pkey->raw_key, raw_key, key_size);
63
64     pkey->key_size = key_size;
65     pkey->key_type = key_type;
66
67     if(password != NULL) {
68         pkey->password = reinterpret_cast<char*>(malloc(strlen(password) +1));
69         if(pkey->password == NULL) {
70             free(pkey->raw_key);
71             free(pkey);
72             return CKMC_ERROR_OUT_OF_MEMORY;
73         }
74         memset(pkey->password, 0, strlen(password) +1);
75         strncpy(pkey->password, password, strlen(password));
76     }else {
77         pkey->password = NULL;
78     }
79
80     *ppkey = pkey;
81
82     return CKMC_ERROR_NONE;
83 }
84
85 KEY_MANAGER_CAPI
86 void ckmc_key_free(ckmc_key_s *key)
87 {
88     if(key == NULL)
89         return;
90
91     if(key->password != NULL)
92         free(key->password);
93     if(key->raw_key != NULL) {
94         memset(key->raw_key, 0, key->key_size);
95         free(key->raw_key);
96     }
97
98     free(key);
99 }
100
101 KEY_MANAGER_CAPI
102 int ckmc_buffer_new(unsigned char *data, size_t size,ckmc_raw_buffer_s **ppbuffer)
103 {
104     ckmc_raw_buffer_s *pbuff;
105
106     if(data == NULL || size <= 0 || ppbuffer == NULL) {
107         return CKMC_ERROR_INVALID_PARAMETER;
108     }
109
110     pbuff = static_cast<ckmc_raw_buffer_s*>(malloc(sizeof(ckmc_raw_buffer_s)));
111     if(pbuff == NULL)
112             return CKMC_ERROR_OUT_OF_MEMORY;
113
114     pbuff->data = reinterpret_cast<unsigned char*>(malloc(size));
115     if(pbuff->data == NULL) {
116         free(pbuff);
117         return CKMC_ERROR_OUT_OF_MEMORY;
118     }
119     memcpy(pbuff->data, data, size);
120
121     pbuff->size = size;
122     *ppbuffer = pbuff;
123
124     return CKMC_ERROR_NONE;
125 }
126
127 KEY_MANAGER_CAPI
128 void ckmc_buffer_free(ckmc_raw_buffer_s *buffer)
129 {
130     if(buffer == NULL)
131         return;
132
133     if(buffer->data != NULL) {
134         memset(buffer->data, 0, buffer->size);
135         free(buffer->data);
136     }
137     free(buffer);
138 }
139
140 KEY_MANAGER_CAPI
141 int ckmc_cert_new(unsigned char *raw_cert, size_t cert_size, ckmc_data_format_e data_format, ckmc_cert_s **ppcert)
142 {
143     ckmc_cert_s *pcert;
144
145     if(raw_cert == NULL || cert_size <= 0 || ppcert == NULL) {
146         return CKMC_ERROR_INVALID_PARAMETER;
147     }
148
149     pcert = static_cast<ckmc_cert_s*>(malloc(sizeof(ckmc_cert_s)));
150     if(pcert == NULL) {
151         return CKMC_ERROR_OUT_OF_MEMORY;
152     }
153     pcert->raw_cert = reinterpret_cast<unsigned char*>(malloc(cert_size));
154     if(pcert->raw_cert == NULL) {
155         free(pcert);
156         return CKMC_ERROR_OUT_OF_MEMORY;
157     }
158     memcpy(pcert->raw_cert, raw_cert, cert_size);
159
160     pcert->cert_size = cert_size;
161     pcert->data_format = data_format;
162
163     *ppcert = pcert;
164     return CKMC_ERROR_NONE;
165 }
166
167 KEY_MANAGER_CAPI
168 int ckmc_load_cert_from_file(const char *file_path, ckmc_cert_s **cert)
169 {
170     OpenSSL_add_all_algorithms();
171
172     FILE *fp = fopen(file_path, "r");
173     if(fp == NULL)
174         return CKMC_ERROR_FILE_ACCESS_DENIED;
175     X509 *pcert = NULL;
176     if(!(pcert = d2i_X509_fp(fp, NULL))) {
177         fseek(fp, 0, SEEK_SET);
178         pcert = PEM_read_X509(fp, NULL, NULL, NULL);
179     }
180     fclose(fp);
181     if(pcert == NULL) {
182         return CKMC_ERROR_INVALID_FORMAT;
183     }
184
185     int ret = _ckmc_load_cert_from_x509(pcert, cert);
186     if(ret != CKMC_ERROR_NONE) {
187         X509_free(pcert);
188     }
189     return ret;
190 }
191
192 KEY_MANAGER_CAPI
193 void ckmc_cert_free(ckmc_cert_s *cert)
194 {
195     if(cert == NULL)
196         return;
197
198     if(cert->raw_cert != NULL) {
199         memset(cert->raw_cert, 0, cert->cert_size);
200         free(cert->raw_cert);
201     }
202     free(cert);
203 }
204
205 KEY_MANAGER_CAPI
206 int ckmc_pkcs12_new(ckmc_key_s *private_key, ckmc_cert_s *cert,
207         ckmc_cert_list_s *ca_cert_list, ckmc_pkcs12_s **pkcs12_bundle)
208 {
209     ckmc_pkcs12_s *pkcs12;
210
211     if(!pkcs12_bundle ||
212        (private_key==NULL && cert==NULL && (ca_cert_list==NULL || ca_cert_list->cert==NULL))) {
213         return CKMC_ERROR_INVALID_PARAMETER;
214     }
215
216     pkcs12 = static_cast<ckmc_pkcs12_s*>(malloc(sizeof(ckmc_pkcs12_s)));
217     if(pkcs12 == NULL) {
218         return CKMC_ERROR_OUT_OF_MEMORY;
219     }
220     // ownership is transferred into pkcs12 - mentioned in the docs
221     pkcs12->priv_key = private_key;
222     pkcs12->cert = cert;
223     pkcs12->ca_chain = ca_cert_list;
224
225     *pkcs12_bundle = pkcs12;
226     return CKMC_ERROR_NONE;
227 }
228
229 KEY_MANAGER_CAPI
230 int ckmc_load_from_pkcs12_file(const char *file_path, const char *passphrase, ckmc_key_s **private_key, ckmc_cert_s **ckmcert, ckmc_cert_list_s **ca_cert_list)
231 {
232     class Pkcs12Converter {
233     private:
234         FILE* fp_in;
235         PKCS12* p12;
236         EVP_PKEY* pkey;
237         X509* x509Cert;
238         STACK_OF(X509)* ca;
239
240         int ret;
241     public:
242         ckmc_key_s *retPrivateKey;
243         ckmc_cert_s *retCkmCert;
244         ckmc_cert_list_s *retCaCertList;
245
246         Pkcs12Converter(){
247             fp_in = NULL;
248             p12 = NULL;
249             pkey = NULL;
250             x509Cert = NULL;
251             ca = NULL;
252             ret = CKMC_ERROR_NONE;
253             retPrivateKey = NULL;
254             retCkmCert = NULL;
255             retCaCertList = NULL;
256         };
257         ~Pkcs12Converter(){
258             if(fp_in != NULL)
259                 fclose(fp_in);
260             if(p12 != NULL)
261                 PKCS12_free(p12);
262             if(x509Cert != NULL)
263                 X509_free(x509Cert);
264             if(pkey != NULL)
265                 EVP_PKEY_free(pkey);
266             if(ca != NULL)
267                 sk_X509_pop_free(ca, X509_free);
268
269             if(ret != CKMC_ERROR_NONE) {
270                 if(retPrivateKey != NULL){
271                     ckmc_key_free(retPrivateKey);
272                     retPrivateKey = NULL;
273                 }
274                 if(retCkmCert != NULL) {
275                     ckmc_cert_free(retCkmCert);
276                     retCkmCert = NULL;
277                 }
278                 if(retCaCertList != NULL) {
279                     ckmc_cert_list_all_free(retCaCertList);
280                     retCaCertList = NULL;
281                 }
282             }
283         };
284
285         int parsePkcs12(const char *filePath, const char *pass) {
286             fp_in = NULL;
287             if(!(fp_in = fopen(filePath, "rb"))) {
288                 return CKMC_ERROR_FILE_ACCESS_DENIED;
289             }
290
291             if(!(p12 = d2i_PKCS12_fp(fp_in, NULL))) {
292                 return CKMC_ERROR_INVALID_FORMAT;
293             }
294
295             /* parse PKCS#12 certificate */
296             if((ret = PKCS12_parse(p12, pass, &pkey, &x509Cert, &ca)) != 1) {
297                 return CKMC_ERROR_INVALID_FORMAT;
298             }
299             return CKMC_ERROR_NONE;
300         }
301
302         int toCkmCert() {
303             if( (ret =_ckmc_load_cert_from_x509(x509Cert,&retCkmCert)) != CKMC_ERROR_NONE) {
304                 return ret;
305             }
306             return CKMC_ERROR_NONE;
307         }
308
309         int toCkmKey() {
310             BIO *bkey = BIO_new(BIO_s_mem());
311
312             i2d_PrivateKey_bio(bkey, pkey);
313
314             CKM::RawBuffer output(8196);
315             int size = BIO_read(bkey, output.data(), output.size());
316             BIO_free_all(bkey);
317             if (size <= 0) {
318                 return CKMC_ERROR_INVALID_FORMAT;
319             }
320             output.resize(size);
321
322             int type = EVP_PKEY_type(pkey->type);
323             ckmc_key_type_e key_type = CKMC_KEY_NONE;
324             switch(type) {
325             case EVP_PKEY_RSA :
326                 key_type = CKMC_KEY_RSA_PRIVATE;
327                 break;
328             case EVP_PKEY_DSA :
329                 key_type = CKMC_KEY_DSA_PRIVATE;
330                 break;
331             case EVP_PKEY_EC :
332                 key_type = CKMC_KEY_ECDSA_PRIVATE;
333                 break;
334             }
335             if(key_type == CKMC_KEY_NONE) {
336                 return CKMC_ERROR_INVALID_FORMAT;
337             }
338
339             char *nullPassword = NULL;
340
341             return ckmc_key_new(output.data(), size, key_type, nullPassword, &retPrivateKey);
342         }
343
344         int toCaCkmCertList() {
345             int tmpRet;
346             X509* popedCert = NULL;
347             ckmc_cert_s *popedCkmCert = NULL;
348             ckmc_cert_list_s *tmpCertList = NULL;
349             while((popedCert = sk_X509_pop(ca)) != NULL) {
350                 if( (tmpRet =_ckmc_load_cert_from_x509(popedCert, &popedCkmCert)) != CKMC_ERROR_NONE) {
351                     return CKMC_ERROR_OUT_OF_MEMORY;
352                 }
353                 if(tmpCertList == NULL) { // first
354                     tmpRet = ckmc_cert_list_new(popedCkmCert, &tmpCertList);
355                     retCaCertList = tmpCertList;
356                 }else {
357                     tmpRet = ckmc_cert_list_add(tmpCertList, popedCkmCert, &tmpCertList);
358                 }
359                 if(tmpRet != CKMC_ERROR_NONE) {
360                     ckmc_cert_list_all_free(retCaCertList);
361                     retCaCertList = NULL;
362                     return tmpRet;
363                 }
364             }
365             return CKMC_ERROR_NONE;
366         }
367
368     };
369
370     OpenSSL_add_all_algorithms();
371
372     int ret = CKMC_ERROR_NONE;
373
374     Pkcs12Converter converter;
375     if((ret = converter.parsePkcs12(file_path, passphrase)) != CKMC_ERROR_NONE) {
376         return ret;
377     }
378     if((ret = converter.toCkmCert()) != CKMC_ERROR_NONE) {
379         return ret;
380     }
381     if((ret = converter.toCkmKey()) != CKMC_ERROR_NONE) {
382         return ret;
383     }
384     if((ret = converter.toCaCkmCertList()) != CKMC_ERROR_NONE) {
385         return ret;
386     }
387
388     *private_key = converter.retPrivateKey;
389     *ckmcert = converter.retCkmCert;
390     *ca_cert_list = converter.retCaCertList;
391
392     return CKMC_ERROR_NONE;
393 }
394
395 KEY_MANAGER_CAPI
396 int ckmc_pkcs12_load(const char *file_path, const char *passphrase, ckmc_pkcs12_s **pkcs12_bundle)
397 {
398     int ec;
399     ckmc_key_s *private_key = 0;
400     ckmc_cert_s *cert = 0;
401     ckmc_cert_list_s *ca_cert_list = 0;
402
403     if(!file_path || !pkcs12_bundle)
404         return CKMC_ERROR_INVALID_PARAMETER;
405
406     ec = ckmc_load_from_pkcs12_file(file_path, passphrase, &private_key, &cert, &ca_cert_list);
407     if(ec != CKMC_ERROR_NONE)
408         return ec;
409
410     ec = ckmc_pkcs12_new(private_key, cert, ca_cert_list, pkcs12_bundle);
411     if(ec != CKMC_ERROR_NONE)
412     {
413         ckmc_key_free(private_key);
414         ckmc_cert_free(cert);
415         ckmc_cert_list_free(ca_cert_list);
416         return ec;
417     }
418
419     return CKMC_ERROR_NONE;
420 }
421
422 KEY_MANAGER_CAPI
423 void ckmc_pkcs12_free(ckmc_pkcs12_s *pkcs12)
424 {
425     if(pkcs12 == NULL)
426         return;
427
428     ckmc_key_free(pkcs12->priv_key);
429     ckmc_cert_free(pkcs12->cert);
430     ckmc_cert_list_free(pkcs12->ca_chain);
431     free(pkcs12);
432 }
433
434 KEY_MANAGER_CAPI
435 int ckmc_alias_list_new(char *alias, ckmc_alias_list_s **ppalias_list)
436 {
437     ckmc_alias_list_s *previous = NULL;
438     return ckmc_alias_list_add(previous, alias, ppalias_list);
439 }
440
441 KEY_MANAGER_CAPI
442 int ckmc_alias_list_add(ckmc_alias_list_s *previous, char *alias, ckmc_alias_list_s **pplast)
443 {
444     ckmc_alias_list_s *plist;
445
446     if(alias == NULL || pplast == NULL) {
447         return CKMC_ERROR_INVALID_PARAMETER;
448     }
449
450     plist = static_cast<ckmc_alias_list_s*>(malloc(sizeof(ckmc_alias_list_s)));
451     if(plist == NULL) {
452         return CKMC_ERROR_OUT_OF_MEMORY;
453     }
454
455     plist->alias = alias;
456     plist->next = NULL;
457
458     if(previous != NULL) {
459         previous->next = plist;
460     }
461     *pplast = plist;
462
463     return CKMC_ERROR_NONE;
464 }
465
466 KEY_MANAGER_CAPI
467 void ckmc_alias_list_free(ckmc_alias_list_s *first)
468 {
469     ckmc_alias_list_s *next = first;
470     while (next) {
471         ckmc_alias_list_s *current = next;
472         next = current->next;
473         free(current);
474     }
475 }
476
477 KEY_MANAGER_CAPI
478 void ckmc_alias_list_all_free(ckmc_alias_list_s *first)
479 {
480     ckmc_alias_list_s *next = first;
481     while (next) {
482         ckmc_alias_list_s *current = next;
483         next = current->next;
484         free(current->alias);
485         free(current);
486     }
487 }
488
489 KEY_MANAGER_CAPI
490 int ckmc_cert_list_new(ckmc_cert_s *cert, ckmc_cert_list_s **ppalias_list)
491 {
492     ckmc_cert_list_s *previous = NULL;
493     return ckmc_cert_list_add(previous, cert, ppalias_list);
494 }
495
496 KEY_MANAGER_CAPI
497 int ckmc_cert_list_add(ckmc_cert_list_s *previous, ckmc_cert_s *cert, ckmc_cert_list_s **pplast)
498 {
499     ckmc_cert_list_s *plist;
500
501     if(cert == NULL || pplast == NULL) {
502         return CKMC_ERROR_INVALID_PARAMETER;
503     }
504
505     plist = static_cast<ckmc_cert_list_s*>(malloc(sizeof(ckmc_cert_list_s)));
506     if(plist == NULL) {
507         return CKMC_ERROR_OUT_OF_MEMORY;
508     }
509     plist->cert = cert;
510     plist->next = NULL;
511
512     if(previous != NULL) {
513         previous->next = plist;
514     }
515
516     *pplast = plist;
517
518     return CKMC_ERROR_NONE;
519 }
520
521 KEY_MANAGER_CAPI
522 void ckmc_cert_list_free(ckmc_cert_list_s *first)
523 {
524     ckmc_cert_list_s *next = first;
525     while (next) {
526         ckmc_cert_list_s *current = next;
527         next = current->next;
528         free(current);
529     }
530 }
531
532 KEY_MANAGER_CAPI
533 void ckmc_cert_list_all_free(ckmc_cert_list_s *first)
534 {
535     ckmc_cert_list_s *next = first;
536     while (next) {
537         ckmc_cert_list_s *current = next;
538         next = current->next;
539         ckmc_cert_free(current->cert);
540         free(current);
541     }
542 }
543
544 int _ckmc_load_cert_from_x509(X509 *xCert, ckmc_cert_s **cert)
545 {
546     if(xCert == NULL) {
547         return CKMC_ERROR_INVALID_FORMAT;
548     }
549
550     BIO *bcert = BIO_new(BIO_s_mem());
551
552     i2d_X509_bio(bcert, xCert);
553
554     CKM::RawBuffer output(8196);
555     int size = BIO_read(bcert, output.data(), output.size());
556     BIO_free_all(bcert);
557     if (size <= 0) {
558         return CKMC_ERROR_INVALID_FORMAT;
559     }
560     output.resize(size);
561
562     return ckmc_cert_new(output.data(), output.size(), CKMC_FORM_DER, cert);
563 }
564
Domain: Security / Utilities;