2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Yuseok Jeon(yuseok.jeon@samsung.com)
20 * @brief new and free methods for the struct of CAPI
27 #include <ckm/ckm-type.h>
28 #include <ckmc/ckmc-type.h>
29 #include <ckmc/ckmc-error.h>
30 #include <ckmc-type-converter.h>
31 #include <protocols.h>
32 #include <openssl/x509v3.h>
33 #include <openssl/pkcs12.h>
34 #include <openssl/evp.h>
35 #include <openssl/pem.h>
40 const size_t DEFAULT_IV_LEN = 16;
41 const size_t DEFAULT_IV_LEN_BITS = 8*DEFAULT_IV_LEN;
42 const size_t DEFAULT_KEY_LEN_BITS = 4096;
44 int _ckmc_random_buffer(ckmc_raw_buffer_s **buffer, size_t len)
47 return CKMC_ERROR_INVALID_PARAMETER;
49 char* data = static_cast<char*>(malloc(len*sizeof(char)));
51 return CKMC_ERROR_OUT_OF_MEMORY;
53 std::ifstream is("/dev/urandom", std::ifstream::binary);
56 return CKMC_ERROR_FILE_SYSTEM;
60 if (static_cast<std::streamsize>(len) != is.gcount()) {
62 return CKMC_ERROR_FILE_SYSTEM;
65 return ckmc_buffer_new(reinterpret_cast<unsigned char*>(data), len, buffer);
68 int _ckmc_load_cert_from_x509(X509 *xCert, ckmc_cert_s **cert)
71 return CKMC_ERROR_INVALID_FORMAT;
74 BIO *bcert = BIO_new(BIO_s_mem());
76 i2d_X509_bio(bcert, xCert);
78 CKM::RawBuffer output(8196);
79 int size = BIO_read(bcert, output.data(), output.size());
82 return CKMC_ERROR_INVALID_FORMAT;
86 return ckmc_cert_new(output.data(), output.size(), CKMC_FORM_DER, cert);
89 } // namespace anonymous
92 const char * const ckmc_label_name_separator = CKM::LABEL_NAME_SEPARATOR;
93 const char * const ckmc_label_shared_owner = CKM::LABEL_SYSTEM_DB;
96 int ckmc_key_new(unsigned char *raw_key, size_t key_size, ckmc_key_type_e key_type, char *password, ckmc_key_s **ppkey)
100 if(raw_key == NULL || key_size <= 0 || ppkey == NULL) {
101 return CKMC_ERROR_INVALID_PARAMETER;
104 pkey = static_cast<ckmc_key_s*>(malloc(sizeof(ckmc_key_s)));
106 return CKMC_ERROR_OUT_OF_MEMORY;
108 pkey->raw_key = reinterpret_cast<unsigned char*>(malloc(key_size));
109 if(pkey->raw_key == NULL) {
111 return CKMC_ERROR_OUT_OF_MEMORY;
113 memcpy(pkey->raw_key, raw_key, key_size);
115 pkey->key_size = key_size;
116 pkey->key_type = key_type;
118 if(password != NULL) {
119 pkey->password = reinterpret_cast<char*>(malloc(strlen(password) +1));
120 if(pkey->password == NULL) {
123 return CKMC_ERROR_OUT_OF_MEMORY;
125 memset(pkey->password, 0, strlen(password) +1);
126 strncpy(pkey->password, password, strlen(password));
128 pkey->password = NULL;
133 return CKMC_ERROR_NONE;
137 void ckmc_key_free(ckmc_key_s *key)
142 if(key->password != NULL)
144 if(key->raw_key != NULL) {
145 memset(key->raw_key, 0, key->key_size);
153 int ckmc_buffer_new(unsigned char *data, size_t size,ckmc_raw_buffer_s **ppbuffer)
155 ckmc_raw_buffer_s *pbuff;
157 if(data == NULL || size <= 0 || ppbuffer == NULL) {
158 return CKMC_ERROR_INVALID_PARAMETER;
161 pbuff = static_cast<ckmc_raw_buffer_s*>(malloc(sizeof(ckmc_raw_buffer_s)));
163 return CKMC_ERROR_OUT_OF_MEMORY;
165 pbuff->data = reinterpret_cast<unsigned char*>(malloc(size));
166 if(pbuff->data == NULL) {
168 return CKMC_ERROR_OUT_OF_MEMORY;
170 memcpy(pbuff->data, data, size);
175 return CKMC_ERROR_NONE;
179 void ckmc_buffer_free(ckmc_raw_buffer_s *buffer)
184 if(buffer->data != NULL) {
185 memset(buffer->data, 0, buffer->size);
192 int ckmc_cert_new(unsigned char *raw_cert, size_t cert_size, ckmc_data_format_e data_format, ckmc_cert_s **ppcert)
196 if(raw_cert == NULL || cert_size <= 0 || ppcert == NULL) {
197 return CKMC_ERROR_INVALID_PARAMETER;
200 pcert = static_cast<ckmc_cert_s*>(malloc(sizeof(ckmc_cert_s)));
202 return CKMC_ERROR_OUT_OF_MEMORY;
204 pcert->raw_cert = reinterpret_cast<unsigned char*>(malloc(cert_size));
205 if(pcert->raw_cert == NULL) {
207 return CKMC_ERROR_OUT_OF_MEMORY;
209 memcpy(pcert->raw_cert, raw_cert, cert_size);
211 pcert->cert_size = cert_size;
212 pcert->data_format = data_format;
215 return CKMC_ERROR_NONE;
219 int ckmc_load_cert_from_file(const char *file_path, ckmc_cert_s **cert)
221 OpenSSL_add_all_algorithms();
223 FILE *fp = fopen(file_path, "r");
225 return CKMC_ERROR_FILE_ACCESS_DENIED;
227 if(!(pcert = d2i_X509_fp(fp, NULL))) {
228 fseek(fp, 0, SEEK_SET);
229 pcert = PEM_read_X509(fp, NULL, NULL, NULL);
233 return CKMC_ERROR_INVALID_FORMAT;
236 int ret = _ckmc_load_cert_from_x509(pcert, cert);
237 if(ret != CKMC_ERROR_NONE) {
244 void ckmc_cert_free(ckmc_cert_s *cert)
249 if(cert->raw_cert != NULL) {
250 memset(cert->raw_cert, 0, cert->cert_size);
251 free(cert->raw_cert);
257 int ckmc_pkcs12_new(ckmc_key_s *private_key, ckmc_cert_s *cert,
258 ckmc_cert_list_s *ca_cert_list, ckmc_pkcs12_s **pkcs12_bundle)
260 ckmc_pkcs12_s *pkcs12;
263 (private_key==NULL && cert==NULL && (ca_cert_list==NULL || ca_cert_list->cert==NULL))) {
264 return CKMC_ERROR_INVALID_PARAMETER;
267 pkcs12 = static_cast<ckmc_pkcs12_s*>(malloc(sizeof(ckmc_pkcs12_s)));
269 return CKMC_ERROR_OUT_OF_MEMORY;
271 // ownership is transferred into pkcs12 - mentioned in the docs
272 pkcs12->priv_key = private_key;
274 pkcs12->ca_chain = ca_cert_list;
276 *pkcs12_bundle = pkcs12;
277 return CKMC_ERROR_NONE;
281 int ckmc_load_from_pkcs12_file(const char *file_path, const char *passphrase, ckmc_key_s **private_key, ckmc_cert_s **ckmcert, ckmc_cert_list_s **ca_cert_list)
283 class Pkcs12Converter {
293 ckmc_key_s *retPrivateKey;
294 ckmc_cert_s *retCkmCert;
295 ckmc_cert_list_s *retCaCertList;
303 ret = CKMC_ERROR_NONE;
304 retPrivateKey = NULL;
306 retCaCertList = NULL;
318 sk_X509_pop_free(ca, X509_free);
320 if(ret != CKMC_ERROR_NONE) {
321 if(retPrivateKey != NULL){
322 ckmc_key_free(retPrivateKey);
323 retPrivateKey = NULL;
325 if(retCkmCert != NULL) {
326 ckmc_cert_free(retCkmCert);
329 if(retCaCertList != NULL) {
330 ckmc_cert_list_all_free(retCaCertList);
331 retCaCertList = NULL;
336 int parsePkcs12(const char *filePath, const char *pass) {
338 if(!(fp_in = fopen(filePath, "rb"))) {
339 return CKMC_ERROR_FILE_ACCESS_DENIED;
342 if(!(p12 = d2i_PKCS12_fp(fp_in, NULL))) {
343 return CKMC_ERROR_INVALID_FORMAT;
346 /* parse PKCS#12 certificate */
347 if((ret = PKCS12_parse(p12, pass, &pkey, &x509Cert, &ca)) != 1) {
348 return CKMC_ERROR_INVALID_FORMAT;
350 return CKMC_ERROR_NONE;
354 if( (ret =_ckmc_load_cert_from_x509(x509Cert,&retCkmCert)) != CKMC_ERROR_NONE) {
357 return CKMC_ERROR_NONE;
361 BIO *bkey = BIO_new(BIO_s_mem());
363 i2d_PrivateKey_bio(bkey, pkey);
365 CKM::RawBuffer output(8196);
366 int size = BIO_read(bkey, output.data(), output.size());
369 return CKMC_ERROR_INVALID_FORMAT;
373 int type = EVP_PKEY_type(pkey->type);
374 ckmc_key_type_e key_type = CKMC_KEY_NONE;
377 key_type = CKMC_KEY_RSA_PRIVATE;
380 key_type = CKMC_KEY_DSA_PRIVATE;
383 key_type = CKMC_KEY_ECDSA_PRIVATE;
386 if(key_type == CKMC_KEY_NONE) {
387 return CKMC_ERROR_INVALID_FORMAT;
390 char *nullPassword = NULL;
392 return ckmc_key_new(output.data(), size, key_type, nullPassword, &retPrivateKey);
395 int toCaCkmCertList() {
397 X509* popedCert = NULL;
398 ckmc_cert_s *popedCkmCert = NULL;
399 ckmc_cert_list_s *tmpCertList = NULL;
400 while((popedCert = sk_X509_pop(ca)) != NULL) {
401 if( (tmpRet =_ckmc_load_cert_from_x509(popedCert, &popedCkmCert)) != CKMC_ERROR_NONE) {
402 return CKMC_ERROR_OUT_OF_MEMORY;
404 if(tmpCertList == NULL) { // first
405 tmpRet = ckmc_cert_list_new(popedCkmCert, &tmpCertList);
406 retCaCertList = tmpCertList;
408 tmpRet = ckmc_cert_list_add(tmpCertList, popedCkmCert, &tmpCertList);
410 if(tmpRet != CKMC_ERROR_NONE) {
411 ckmc_cert_list_all_free(retCaCertList);
412 retCaCertList = NULL;
416 return CKMC_ERROR_NONE;
421 OpenSSL_add_all_algorithms();
423 int ret = CKMC_ERROR_NONE;
425 Pkcs12Converter converter;
426 if((ret = converter.parsePkcs12(file_path, passphrase)) != CKMC_ERROR_NONE) {
429 if((ret = converter.toCkmCert()) != CKMC_ERROR_NONE) {
432 if((ret = converter.toCkmKey()) != CKMC_ERROR_NONE) {
435 if((ret = converter.toCaCkmCertList()) != CKMC_ERROR_NONE) {
439 *private_key = converter.retPrivateKey;
440 *ckmcert = converter.retCkmCert;
441 *ca_cert_list = converter.retCaCertList;
443 return CKMC_ERROR_NONE;
447 int ckmc_pkcs12_load(const char *file_path, const char *passphrase, ckmc_pkcs12_s **pkcs12_bundle)
450 ckmc_key_s *private_key = 0;
451 ckmc_cert_s *cert = 0;
452 ckmc_cert_list_s *ca_cert_list = 0;
454 if(!file_path || !pkcs12_bundle)
455 return CKMC_ERROR_INVALID_PARAMETER;
457 ec = ckmc_load_from_pkcs12_file(file_path, passphrase, &private_key, &cert, &ca_cert_list);
458 if(ec != CKMC_ERROR_NONE)
461 ec = ckmc_pkcs12_new(private_key, cert, ca_cert_list, pkcs12_bundle);
462 if(ec != CKMC_ERROR_NONE)
464 ckmc_key_free(private_key);
465 ckmc_cert_free(cert);
466 ckmc_cert_list_free(ca_cert_list);
470 return CKMC_ERROR_NONE;
474 void ckmc_pkcs12_free(ckmc_pkcs12_s *pkcs12)
479 ckmc_key_free(pkcs12->priv_key);
480 ckmc_cert_free(pkcs12->cert);
481 ckmc_cert_list_free(pkcs12->ca_chain);
486 int ckmc_alias_list_new(char *alias, ckmc_alias_list_s **ppalias_list)
488 ckmc_alias_list_s *previous = NULL;
489 return ckmc_alias_list_add(previous, alias, ppalias_list);
493 int ckmc_alias_list_add(ckmc_alias_list_s *previous, char *alias, ckmc_alias_list_s **pplast)
495 ckmc_alias_list_s *plist;
497 if(alias == NULL || pplast == NULL) {
498 return CKMC_ERROR_INVALID_PARAMETER;
501 plist = static_cast<ckmc_alias_list_s*>(malloc(sizeof(ckmc_alias_list_s)));
503 return CKMC_ERROR_OUT_OF_MEMORY;
506 plist->alias = alias;
509 if(previous != NULL) {
510 previous->next = plist;
514 return CKMC_ERROR_NONE;
518 void ckmc_alias_list_free(ckmc_alias_list_s *first)
520 ckmc_alias_list_s *next = first;
522 ckmc_alias_list_s *current = next;
523 next = current->next;
529 void ckmc_alias_list_all_free(ckmc_alias_list_s *first)
531 ckmc_alias_list_s *next = first;
533 ckmc_alias_list_s *current = next;
534 next = current->next;
535 free(current->alias);
541 int ckmc_cert_list_new(ckmc_cert_s *cert, ckmc_cert_list_s **ppalias_list)
543 ckmc_cert_list_s *previous = NULL;
544 return ckmc_cert_list_add(previous, cert, ppalias_list);
548 int ckmc_cert_list_add(ckmc_cert_list_s *previous, ckmc_cert_s *cert, ckmc_cert_list_s **pplast)
550 ckmc_cert_list_s *plist;
552 if(cert == NULL || pplast == NULL) {
553 return CKMC_ERROR_INVALID_PARAMETER;
556 plist = static_cast<ckmc_cert_list_s*>(malloc(sizeof(ckmc_cert_list_s)));
558 return CKMC_ERROR_OUT_OF_MEMORY;
563 if(previous != NULL) {
564 previous->next = plist;
569 return CKMC_ERROR_NONE;
573 void ckmc_cert_list_free(ckmc_cert_list_s *first)
575 ckmc_cert_list_s *next = first;
577 ckmc_cert_list_s *current = next;
578 next = current->next;
584 void ckmc_cert_list_all_free(ckmc_cert_list_s *first)
586 ckmc_cert_list_s *next = first;
588 ckmc_cert_list_s *current = next;
589 next = current->next;
590 ckmc_cert_free(current->cert);
596 int ckmc_param_list_new(ckmc_param_list_s **ppparams)
599 return CKMC_ERROR_INVALID_PARAMETER;
601 *ppparams = reinterpret_cast<ckmc_param_list_s*>(new(std::nothrow)(CKM::CryptoAlgorithm));
603 return CKMC_ERROR_OUT_OF_MEMORY;
604 return CKMC_ERROR_NONE;
608 int ckmc_param_list_add_integer(ckmc_param_list_s *params,
609 ckmc_param_name_e name,
613 return CKMC_ERROR_INVALID_PARAMETER;
615 CKM::CryptoAlgorithm* algo = reinterpret_cast<CKM::CryptoAlgorithm*>(params);
616 bool ret = algo->addParam(static_cast<CKM::ParamName>(name), value);
617 return (ret ? CKMC_ERROR_NONE : CKMC_ERROR_INVALID_PARAMETER);
621 int ckmc_param_list_add_buffer(ckmc_param_list_s *params,
622 ckmc_param_name_e name,
623 const ckmc_raw_buffer_s *buffer)
625 if (!params || !buffer || !buffer->data || buffer->size == 0)
626 return CKMC_ERROR_INVALID_PARAMETER;
628 CKM::CryptoAlgorithm* algo = reinterpret_cast<CKM::CryptoAlgorithm*>(params);
629 CKM::RawBuffer b(buffer->data, buffer->data + buffer->size);
630 bool ret = algo->addParam(static_cast<CKM::ParamName>(name), b);
631 return (ret ? CKMC_ERROR_NONE : CKMC_ERROR_INVALID_PARAMETER);
635 void ckmc_param_list_free(ckmc_param_list_s *params)
637 CKM::CryptoAlgorithm* algo = reinterpret_cast<CKM::CryptoAlgorithm*>(params);
642 int ckmc_generate_params(ckmc_algo_type_e type, ckmc_param_list_s *params)
644 // return error if params are NULL
646 return CKMC_ERROR_INVALID_PARAMETER;
648 ckmc_raw_buffer_s* buffer = NULL;
649 int ret = CKMC_ERROR_NONE;
652 case CKMC_ALGO_AES_CTR:
653 ret = ckmc_param_list_add_integer(params, CKMC_PARAM_ED_CTR_LEN, DEFAULT_IV_LEN_BITS);
654 // no break on purpose
655 case CKMC_ALGO_AES_CBC:
656 case CKMC_ALGO_AES_GCM:
657 case CKMC_ALGO_AES_CFB:
658 if (ret == CKMC_ERROR_NONE)
659 ret = _ckmc_random_buffer(&buffer, DEFAULT_IV_LEN);
660 if (ret == CKMC_ERROR_NONE)
661 ret = ckmc_param_list_add_buffer(params, CKMC_PARAM_ED_IV, buffer);
663 ckmc_buffer_free(buffer);
665 case CKMC_ALGO_RSA_OAEP:
667 case CKMC_ALGO_RSA_SV:
668 case CKMC_ALGO_DSA_SV:
669 case CKMC_ALGO_ECDSA_SV:
670 // no hash, no padding by default
672 case CKMC_ALGO_RSA_GEN:
673 case CKMC_ALGO_DSA_GEN:
674 ret = ckmc_param_list_add_integer(params, CKMC_PARAM_GEN_KEY_LEN, DEFAULT_KEY_LEN_BITS);
676 case CKMC_ALGO_ECDSA_GEN:
677 ret = ckmc_param_list_add_integer(params, CKMC_PARAM_GEN_EC, CKMC_EC_PRIME192V1);
680 return CKMC_ERROR_INVALID_PARAMETER;
682 if (ret == CKMC_ERROR_NONE)
683 return ckmc_param_list_add_integer(params, CKMC_PARAM_ALGO_TYPE, type);