2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Yuseok Jeon(yuseok.jeon@samsung.com)
20 * @brief new and free methods for the struct of CAPI
27 #include <ckm/ckm-type.h>
28 #include <ckmc/ckmc-type.h>
29 #include <ckmc/ckmc-error.h>
30 #include <ckmc-type-converter.h>
31 #include <protocols.h>
32 #include <openssl/x509v3.h>
33 #include <openssl/pkcs12.h>
34 #include <openssl/evp.h>
35 #include <openssl/pem.h>
38 const char * const ckmc_label_name_separator = CKM::LABEL_NAME_SEPARATOR;
39 const char * const ckmc_label_shared_owner = CKM::LABEL_SYSTEM_DB;
42 int _ckmc_load_cert_from_x509(X509 *xCert, ckmc_cert_s **cert);
45 int ckmc_key_new(unsigned char *raw_key, size_t key_size, ckmc_key_type_e key_type, char *password, ckmc_key_s **ppkey)
49 if(raw_key == NULL || key_size <= 0 || ppkey == NULL) {
50 return CKMC_ERROR_INVALID_PARAMETER;
53 pkey = static_cast<ckmc_key_s*>(malloc(sizeof(ckmc_key_s)));
55 return CKMC_ERROR_OUT_OF_MEMORY;
57 pkey->raw_key = reinterpret_cast<unsigned char*>(malloc(key_size));
58 if(pkey->raw_key == NULL) {
60 return CKMC_ERROR_OUT_OF_MEMORY;
62 memcpy(pkey->raw_key, raw_key, key_size);
64 pkey->key_size = key_size;
65 pkey->key_type = key_type;
67 if(password != NULL) {
68 pkey->password = reinterpret_cast<char*>(malloc(strlen(password) +1));
69 if(pkey->password == NULL) {
72 return CKMC_ERROR_OUT_OF_MEMORY;
74 memset(pkey->password, 0, strlen(password) +1);
75 strncpy(pkey->password, password, strlen(password));
77 pkey->password = NULL;
82 return CKMC_ERROR_NONE;
86 void ckmc_key_free(ckmc_key_s *key)
91 if(key->password != NULL)
93 if(key->raw_key != NULL) {
94 memset(key->raw_key, 0, key->key_size);
102 int ckmc_buffer_new(unsigned char *data, size_t size,ckmc_raw_buffer_s **ppbuffer)
104 ckmc_raw_buffer_s *pbuff;
106 if(data == NULL || size <= 0 || ppbuffer == NULL) {
107 return CKMC_ERROR_INVALID_PARAMETER;
110 pbuff = static_cast<ckmc_raw_buffer_s*>(malloc(sizeof(ckmc_raw_buffer_s)));
112 return CKMC_ERROR_OUT_OF_MEMORY;
114 pbuff->data = reinterpret_cast<unsigned char*>(malloc(size));
115 if(pbuff->data == NULL) {
117 return CKMC_ERROR_OUT_OF_MEMORY;
119 memcpy(pbuff->data, data, size);
124 return CKMC_ERROR_NONE;
128 void ckmc_buffer_free(ckmc_raw_buffer_s *buffer)
133 if(buffer->data != NULL) {
134 memset(buffer->data, 0, buffer->size);
141 int ckmc_cert_new(unsigned char *raw_cert, size_t cert_size, ckmc_data_format_e data_format, ckmc_cert_s **ppcert)
145 if(raw_cert == NULL || cert_size <= 0 || ppcert == NULL) {
146 return CKMC_ERROR_INVALID_PARAMETER;
149 pcert = static_cast<ckmc_cert_s*>(malloc(sizeof(ckmc_cert_s)));
151 return CKMC_ERROR_OUT_OF_MEMORY;
153 pcert->raw_cert = reinterpret_cast<unsigned char*>(malloc(cert_size));
154 if(pcert->raw_cert == NULL) {
156 return CKMC_ERROR_OUT_OF_MEMORY;
158 memcpy(pcert->raw_cert, raw_cert, cert_size);
160 pcert->cert_size = cert_size;
161 pcert->data_format = data_format;
164 return CKMC_ERROR_NONE;
168 int ckmc_load_cert_from_file(const char *file_path, ckmc_cert_s **cert)
170 OpenSSL_add_all_algorithms();
172 FILE *fp = fopen(file_path, "r");
174 return CKMC_ERROR_FILE_ACCESS_DENIED;
176 if(!(pcert = d2i_X509_fp(fp, NULL))) {
177 fseek(fp, 0, SEEK_SET);
178 pcert = PEM_read_X509(fp, NULL, NULL, NULL);
182 return CKMC_ERROR_INVALID_FORMAT;
185 int ret = _ckmc_load_cert_from_x509(pcert, cert);
186 if(ret != CKMC_ERROR_NONE) {
193 void ckmc_cert_free(ckmc_cert_s *cert)
198 if(cert->raw_cert != NULL) {
199 memset(cert->raw_cert, 0, cert->cert_size);
200 free(cert->raw_cert);
206 int ckmc_pkcs12_new(ckmc_key_s *private_key, ckmc_cert_s *cert,
207 ckmc_cert_list_s *ca_cert_list, ckmc_pkcs12_s **pkcs12_bundle)
209 ckmc_pkcs12_s *pkcs12;
212 (private_key==NULL && cert==NULL && (ca_cert_list==NULL || ca_cert_list->cert==NULL))) {
213 return CKMC_ERROR_INVALID_PARAMETER;
216 pkcs12 = static_cast<ckmc_pkcs12_s*>(malloc(sizeof(ckmc_pkcs12_s)));
218 return CKMC_ERROR_OUT_OF_MEMORY;
220 // ownership is transferred into pkcs12 - mentioned in the docs
221 pkcs12->priv_key = private_key;
223 pkcs12->ca_chain = ca_cert_list;
225 *pkcs12_bundle = pkcs12;
226 return CKMC_ERROR_NONE;
230 int ckmc_load_from_pkcs12_file(const char *file_path, const char *passphrase, ckmc_key_s **private_key, ckmc_cert_s **ckmcert, ckmc_cert_list_s **ca_cert_list)
232 class Pkcs12Converter {
242 ckmc_key_s *retPrivateKey;
243 ckmc_cert_s *retCkmCert;
244 ckmc_cert_list_s *retCaCertList;
252 ret = CKMC_ERROR_NONE;
253 retPrivateKey = NULL;
255 retCaCertList = NULL;
267 sk_X509_pop_free(ca, X509_free);
269 if(ret != CKMC_ERROR_NONE) {
270 if(retPrivateKey != NULL){
271 ckmc_key_free(retPrivateKey);
272 retPrivateKey = NULL;
274 if(retCkmCert != NULL) {
275 ckmc_cert_free(retCkmCert);
278 if(retCaCertList != NULL) {
279 ckmc_cert_list_all_free(retCaCertList);
280 retCaCertList = NULL;
285 int parsePkcs12(const char *filePath, const char *pass) {
287 if(!(fp_in = fopen(filePath, "rb"))) {
288 return CKMC_ERROR_FILE_ACCESS_DENIED;
291 if(!(p12 = d2i_PKCS12_fp(fp_in, NULL))) {
292 return CKMC_ERROR_INVALID_FORMAT;
295 /* parse PKCS#12 certificate */
296 if((ret = PKCS12_parse(p12, pass, &pkey, &x509Cert, &ca)) != 1) {
297 return CKMC_ERROR_INVALID_FORMAT;
299 return CKMC_ERROR_NONE;
303 if( (ret =_ckmc_load_cert_from_x509(x509Cert,&retCkmCert)) != CKMC_ERROR_NONE) {
306 return CKMC_ERROR_NONE;
310 BIO *bkey = BIO_new(BIO_s_mem());
312 i2d_PrivateKey_bio(bkey, pkey);
314 CKM::RawBuffer output(8196);
315 int size = BIO_read(bkey, output.data(), output.size());
318 return CKMC_ERROR_INVALID_FORMAT;
322 int type = EVP_PKEY_type(pkey->type);
323 ckmc_key_type_e key_type = CKMC_KEY_NONE;
326 key_type = CKMC_KEY_RSA_PRIVATE;
329 key_type = CKMC_KEY_DSA_PRIVATE;
332 key_type = CKMC_KEY_ECDSA_PRIVATE;
335 if(key_type == CKMC_KEY_NONE) {
336 return CKMC_ERROR_INVALID_FORMAT;
339 char *nullPassword = NULL;
341 return ckmc_key_new(output.data(), size, key_type, nullPassword, &retPrivateKey);
344 int toCaCkmCertList() {
346 X509* popedCert = NULL;
347 ckmc_cert_s *popedCkmCert = NULL;
348 ckmc_cert_list_s *tmpCertList = NULL;
349 while((popedCert = sk_X509_pop(ca)) != NULL) {
350 if( (tmpRet =_ckmc_load_cert_from_x509(popedCert, &popedCkmCert)) != CKMC_ERROR_NONE) {
351 return CKMC_ERROR_OUT_OF_MEMORY;
353 if(tmpCertList == NULL) { // first
354 tmpRet = ckmc_cert_list_new(popedCkmCert, &tmpCertList);
355 retCaCertList = tmpCertList;
357 tmpRet = ckmc_cert_list_add(tmpCertList, popedCkmCert, &tmpCertList);
359 if(tmpRet != CKMC_ERROR_NONE) {
360 ckmc_cert_list_all_free(retCaCertList);
361 retCaCertList = NULL;
365 return CKMC_ERROR_NONE;
370 OpenSSL_add_all_algorithms();
372 int ret = CKMC_ERROR_NONE;
374 Pkcs12Converter converter;
375 if((ret = converter.parsePkcs12(file_path, passphrase)) != CKMC_ERROR_NONE) {
378 if((ret = converter.toCkmCert()) != CKMC_ERROR_NONE) {
381 if((ret = converter.toCkmKey()) != CKMC_ERROR_NONE) {
384 if((ret = converter.toCaCkmCertList()) != CKMC_ERROR_NONE) {
388 *private_key = converter.retPrivateKey;
389 *ckmcert = converter.retCkmCert;
390 *ca_cert_list = converter.retCaCertList;
392 return CKMC_ERROR_NONE;
396 int ckmc_pkcs12_load(const char *file_path, const char *passphrase, ckmc_pkcs12_s **pkcs12_bundle)
399 ckmc_key_s *private_key = 0;
400 ckmc_cert_s *cert = 0;
401 ckmc_cert_list_s *ca_cert_list = 0;
403 if(!file_path || !pkcs12_bundle)
404 return CKMC_ERROR_INVALID_PARAMETER;
406 ec = ckmc_load_from_pkcs12_file(file_path, passphrase, &private_key, &cert, &ca_cert_list);
407 if(ec != CKMC_ERROR_NONE)
410 ec = ckmc_pkcs12_new(private_key, cert, ca_cert_list, pkcs12_bundle);
411 if(ec != CKMC_ERROR_NONE)
413 ckmc_key_free(private_key);
414 ckmc_cert_free(cert);
415 ckmc_cert_list_free(ca_cert_list);
419 return CKMC_ERROR_NONE;
423 void ckmc_pkcs12_free(ckmc_pkcs12_s *pkcs12)
428 ckmc_key_free(pkcs12->priv_key);
429 ckmc_cert_free(pkcs12->cert);
430 ckmc_cert_list_free(pkcs12->ca_chain);
435 int ckmc_alias_list_new(char *alias, ckmc_alias_list_s **ppalias_list)
437 ckmc_alias_list_s *previous = NULL;
438 return ckmc_alias_list_add(previous, alias, ppalias_list);
442 int ckmc_alias_list_add(ckmc_alias_list_s *previous, char *alias, ckmc_alias_list_s **pplast)
444 ckmc_alias_list_s *plist;
446 if(alias == NULL || pplast == NULL) {
447 return CKMC_ERROR_INVALID_PARAMETER;
450 plist = static_cast<ckmc_alias_list_s*>(malloc(sizeof(ckmc_alias_list_s)));
452 return CKMC_ERROR_OUT_OF_MEMORY;
455 plist->alias = alias;
458 if(previous != NULL) {
459 previous->next = plist;
463 return CKMC_ERROR_NONE;
467 void ckmc_alias_list_free(ckmc_alias_list_s *first)
469 ckmc_alias_list_s *next = first;
471 ckmc_alias_list_s *current = next;
472 next = current->next;
478 void ckmc_alias_list_all_free(ckmc_alias_list_s *first)
480 ckmc_alias_list_s *next = first;
482 ckmc_alias_list_s *current = next;
483 next = current->next;
484 free(current->alias);
490 int ckmc_cert_list_new(ckmc_cert_s *cert, ckmc_cert_list_s **ppalias_list)
492 ckmc_cert_list_s *previous = NULL;
493 return ckmc_cert_list_add(previous, cert, ppalias_list);
497 int ckmc_cert_list_add(ckmc_cert_list_s *previous, ckmc_cert_s *cert, ckmc_cert_list_s **pplast)
499 ckmc_cert_list_s *plist;
501 if(cert == NULL || pplast == NULL) {
502 return CKMC_ERROR_INVALID_PARAMETER;
505 plist = static_cast<ckmc_cert_list_s*>(malloc(sizeof(ckmc_cert_list_s)));
507 return CKMC_ERROR_OUT_OF_MEMORY;
512 if(previous != NULL) {
513 previous->next = plist;
518 return CKMC_ERROR_NONE;
522 void ckmc_cert_list_free(ckmc_cert_list_s *first)
524 ckmc_cert_list_s *next = first;
526 ckmc_cert_list_s *current = next;
527 next = current->next;
533 void ckmc_cert_list_all_free(ckmc_cert_list_s *first)
535 ckmc_cert_list_s *next = first;
537 ckmc_cert_list_s *current = next;
538 next = current->next;
539 ckmc_cert_free(current->cert);
544 int _ckmc_load_cert_from_x509(X509 *xCert, ckmc_cert_s **cert)
547 return CKMC_ERROR_INVALID_FORMAT;
550 BIO *bcert = BIO_new(BIO_s_mem());
552 i2d_X509_bio(bcert, xCert);
554 CKM::RawBuffer output(8196);
555 int size = BIO_read(bcert, output.data(), output.size());
558 return CKMC_ERROR_INVALID_FORMAT;
562 return ckmc_cert_new(output.data(), output.size(), CKMC_FORM_DER, cert);