1 /* Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License
16 * @file client-manager-impl.cpp
17 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
19 * @brief Manager implementation.
21 #include <openssl/evp.h>
23 #include <dpl/serialization.h>
24 #include <dpl/log/log.h>
26 #include <crypto-init.h>
27 #include <client-manager-impl.h>
28 #include <client-common.h>
29 #include <message-buffer.h>
30 #include <protocols.h>
32 #include <certificate-impl.h>
39 ServiceConnection & serviceConnection,
42 const CertificateShPtr &certificate,
43 const T &untrustedVector,
44 const T &trustedVector,
45 bool useTrustedSystemCertificates,
46 CertificateShPtrVector &certificateChainVector)
48 return try_catch([&] {
51 auto send = MessageBuffer::Serialize(static_cast<int>(command),
53 certificate->getDER(),
56 useTrustedSystemCertificates);
58 int retCode = serviceConnection.processRequest(send.Pop(), recv);
59 if (CKM_API_SUCCESS != retCode)
64 RawBufferVector rawBufferVector;
65 recv.Deserialize(retCommand, retCounter, retCode, rawBufferVector);
67 if ((counter != retCounter) || (static_cast<int>(command) != retCommand)) {
68 return CKM_API_ERROR_UNKNOWN;
71 if (retCode != CKM_API_SUCCESS) {
75 for (auto &e: rawBufferVector) {
76 CertificateShPtr cert(new CertificateImpl(e, DataFormat::FORM_DER));
78 return CKM_API_ERROR_BAD_RESPONSE;
79 certificateChainVector.push_back(cert);
86 } // namespace anonymous
88 ManagerImpl::ManagerImpl()
90 m_storageConnection(SERVICE_SOCKET_CKM_STORAGE),
91 m_ocspConnection(SERVICE_SOCKET_OCSP),
92 m_encryptionConnection(SERVICE_SOCKET_ENCRYPTION)
98 int ManagerImpl::saveBinaryData(
101 const RawBuffer &rawData,
102 const Policy &policy)
104 int my_counter = ++m_counter;
106 return try_catch([&] {
107 if (alias.empty() || rawData.empty())
108 return CKM_API_ERROR_INPUT_PARAM;
111 AliasSupport helper(alias);
112 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SAVE),
114 static_cast<int>(dataType),
118 PolicySerializable(policy));
120 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
121 if (CKM_API_SUCCESS != retCode)
127 recv.Deserialize(command, counter, retCode, opType);
129 if (counter != my_counter)
130 return CKM_API_ERROR_UNKNOWN;
136 int ManagerImpl::saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) {
137 if (key.get() == NULL)
138 return CKM_API_ERROR_INPUT_PARAM;
140 return saveBinaryData(alias, DataType(key->getType()), key->getDER(), policy);
141 } Catch (DataType::Exception::Base) {
142 LogError("Error in key conversion. Could not convert KeyType::NONE to DBDataType!");
144 return CKM_API_ERROR_INPUT_PARAM;
147 int ManagerImpl::saveCertificate(
149 const CertificateShPtr &cert,
150 const Policy &policy)
152 if (cert.get() == NULL)
153 return CKM_API_ERROR_INPUT_PARAM;
154 return saveBinaryData(alias, DataType::CERTIFICATE, cert->getDER(), policy);
157 int ManagerImpl::saveData(const Alias &alias, const RawBuffer &rawData, const Policy &policy) {
158 if (!policy.extractable)
159 return CKM_API_ERROR_INPUT_PARAM;
160 return saveBinaryData(alias, DataType::BINARY_DATA, rawData, policy);
164 int ManagerImpl::savePKCS12(
166 const PKCS12ShPtr &pkcs,
167 const Policy &keyPolicy,
168 const Policy &certPolicy)
170 if (alias.empty() || pkcs.get()==NULL)
171 return CKM_API_ERROR_INPUT_PARAM;
173 int my_counter = ++m_counter;
175 return try_catch([&] {
177 AliasSupport helper(alias);
178 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SAVE_PKCS12),
182 PKCS12Serializable(*pkcs.get()),
183 PolicySerializable(keyPolicy),
184 PolicySerializable(certPolicy));
186 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
187 if (CKM_API_SUCCESS != retCode)
192 recv.Deserialize(command, counter, retCode);
194 if (counter != my_counter)
195 return CKM_API_ERROR_UNKNOWN;
201 int ManagerImpl::getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs)
203 return getPKCS12(alias, Password(), Password(), pkcs);
206 int ManagerImpl::getPKCS12(const Alias &alias, const Password &keyPass, const Password &certPass, PKCS12ShPtr &pkcs)
209 return CKM_API_ERROR_INPUT_PARAM;
211 int my_counter = ++m_counter;
213 return try_catch([&] {
215 AliasSupport helper(alias);
216 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_PKCS12),
223 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
224 if (CKM_API_SUCCESS != retCode)
229 PKCS12Serializable gotPkcs;
230 recv.Deserialize(command, counter, retCode, gotPkcs);
232 if (counter != my_counter)
233 return CKM_API_ERROR_UNKNOWN;
235 pkcs = std::make_shared<PKCS12Impl>(std::move(gotPkcs));
242 int ManagerImpl::removeAlias(const Alias &alias)
245 return CKM_API_ERROR_INPUT_PARAM;
247 int my_counter = ++m_counter;
249 return try_catch([&] {
251 AliasSupport helper(alias);
252 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::REMOVE),
257 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
258 if (CKM_API_SUCCESS != retCode)
263 recv.Deserialize(command, counter, retCode);
265 if (counter != my_counter)
266 return CKM_API_ERROR_UNKNOWN;
272 int ManagerImpl::getBinaryData(
274 DataType sendDataType,
275 const Password &password,
276 DataType &recvDataType,
280 return CKM_API_ERROR_INPUT_PARAM;
282 int my_counter = ++m_counter;
284 return try_catch([&] {
286 AliasSupport helper(alias);
287 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET),
289 static_cast<int>(sendDataType),
294 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
295 if (CKM_API_SUCCESS != retCode)
301 recv.Deserialize(command, counter, retCode, tmpDataType, rawData);
302 recvDataType = DataType(tmpDataType);
304 if (counter != my_counter)
305 return CKM_API_ERROR_UNKNOWN;
311 int ManagerImpl::getKey(const Alias &alias, const Password &password, KeyShPtr &key) {
312 DataType recvDataType;
315 int retCode = getBinaryData(
317 DataType::KEY_RSA_PUBLIC,
322 if (retCode != CKM_API_SUCCESS)
325 KeyShPtr keyParsed(new KeyImpl(rawData));
327 if (keyParsed->empty()) {
328 LogDebug("Key empty - failed to parse!");
329 return CKM_API_ERROR_BAD_RESPONSE;
334 return CKM_API_SUCCESS;
337 int ManagerImpl::getCertificate(const Alias &alias, const Password &password, CertificateShPtr &cert)
339 DataType recvDataType;
342 int retCode = getBinaryData(
344 DataType::CERTIFICATE,
349 if (retCode != CKM_API_SUCCESS)
352 if (recvDataType != DataType::CERTIFICATE)
353 return CKM_API_ERROR_BAD_RESPONSE;
355 CertificateShPtr certParsed(new CertificateImpl(rawData, DataFormat::FORM_DER));
357 if (certParsed->empty())
358 return CKM_API_ERROR_BAD_RESPONSE;
362 return CKM_API_SUCCESS;
365 int ManagerImpl::getData(const Alias &alias, const Password &password, RawBuffer &rawData)
367 DataType recvDataType = DataType::BINARY_DATA;
369 int retCode = getBinaryData(
371 DataType::BINARY_DATA,
376 if (retCode != CKM_API_SUCCESS)
379 if (recvDataType != DataType::BINARY_DATA)
380 return CKM_API_ERROR_BAD_RESPONSE;
382 return CKM_API_SUCCESS;
385 int ManagerImpl::getBinaryDataAliasVector(DataType dataType, AliasVector &aliasVector)
387 int my_counter = ++m_counter;
389 return try_catch([&] {
391 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::GET_LIST),
393 static_cast<int>(dataType));
395 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
396 if (CKM_API_SUCCESS != retCode)
402 LabelNameVector labelNameVector;
403 recv.Deserialize(command, counter, retCode, tmpDataType, labelNameVector);
404 if ((command != static_cast<int>(LogicCommand::GET_LIST)) || (counter != my_counter)) {
405 return CKM_API_ERROR_UNKNOWN;
408 for(const auto &it : labelNameVector)
409 aliasVector.push_back( AliasSupport::merge(it.first, it.second) );
415 int ManagerImpl::getKeyAliasVector(AliasVector &aliasVector) {
416 // in fact datatype has no meaning here - if not certificate or binary data
417 // then manager decides to list all between DB_KEY_FIRST and DB_KEY_LAST
418 return getBinaryDataAliasVector(DataType::DB_KEY_LAST, aliasVector);
421 int ManagerImpl::getCertificateAliasVector(AliasVector &aliasVector) {
422 return getBinaryDataAliasVector(DataType::CERTIFICATE, aliasVector);
425 int ManagerImpl::getDataAliasVector(AliasVector &aliasVector) {
426 return getBinaryDataAliasVector(DataType::BINARY_DATA, aliasVector);
429 int ManagerImpl::createKeyPairRSA(
431 const Alias &privateKeyAlias,
432 const Alias &publicKeyAlias,
433 const Policy &policyPrivateKey,
434 const Policy &policyPublicKey)
436 return this->createKeyPair(CKM::KeyType::KEY_RSA_PUBLIC, size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
439 int ManagerImpl::createKeyPairDSA(
441 const Alias &privateKeyAlias,
442 const Alias &publicKeyAlias,
443 const Policy &policyPrivateKey,
444 const Policy &policyPublicKey)
446 return this->createKeyPair(CKM::KeyType::KEY_DSA_PUBLIC, size, privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
449 int ManagerImpl::createKeyPairECDSA(
451 const Alias &privateKeyAlias,
452 const Alias &publicKeyAlias,
453 const Policy &policyPrivateKey,
454 const Policy &policyPublicKey)
456 return this->createKeyPair(CKM::KeyType::KEY_ECDSA_PUBLIC, static_cast<int>(type), privateKeyAlias, publicKeyAlias, policyPrivateKey, policyPublicKey);
459 int ManagerImpl::createKeyAES(
461 const Alias &/*keyAlias*/,
462 const Policy &/*policyKey*/)
468 int ManagerImpl::createKeyPair(
469 const KeyType key_type,
470 const int additional_param,
471 const Alias &privateKeyAlias,
472 const Alias &publicKeyAlias,
473 const Policy &policyPrivateKey,
474 const Policy &policyPublicKey)
477 CryptoAlgorithm keyGenAlgorithm;
480 case KeyType::KEY_RSA_PUBLIC:
481 case KeyType::KEY_RSA_PRIVATE:
482 keyGenAlgorithm.addParam(ParamName::ALGO_TYPE, AlgoType::RSA_GEN);
483 keyGenAlgorithm.addParam(ParamName::GEN_KEY_LEN, additional_param);
486 case KeyType::KEY_DSA_PUBLIC:
487 case KeyType::KEY_DSA_PRIVATE:
488 keyGenAlgorithm.addParam(ParamName::ALGO_TYPE, AlgoType::DSA_GEN);
489 keyGenAlgorithm.addParam(ParamName::GEN_KEY_LEN, additional_param);
492 case KeyType::KEY_ECDSA_PUBLIC:
493 case KeyType::KEY_ECDSA_PRIVATE:
494 keyGenAlgorithm.addParam(ParamName::ALGO_TYPE, AlgoType::ECDSA_GEN);
495 keyGenAlgorithm.addParam(ParamName::GEN_EC, additional_param);
499 return CKM_API_ERROR_INPUT_PARAM;
502 // proceed with sending request
503 int my_counter = ++m_counter;
505 return try_catch([&] {
508 AliasSupport privateHelper(privateKeyAlias);
509 AliasSupport publicHelper(publicKeyAlias);
510 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_KEY_PAIR),
512 CryptoAlgorithmSerializable(keyGenAlgorithm),
513 PolicySerializable(policyPrivateKey),
514 PolicySerializable(policyPublicKey),
515 privateHelper.getName(),
516 privateHelper.getLabel(),
517 publicHelper.getName(),
518 publicHelper.getLabel());
520 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
521 if (CKM_API_SUCCESS != retCode)
526 recv.Deserialize(command, counter, retCode);
527 if (counter != my_counter) {
528 return CKM_API_ERROR_UNKNOWN;
535 int ManagerImpl::getCertificateChain(
536 const CertificateShPtr &certificate,
537 const CertificateShPtrVector &untrustedCertificates,
538 const CertificateShPtrVector &trustedCertificates,
539 bool useTrustedSystemCertificates,
540 CertificateShPtrVector &certificateChainVector)
542 RawBufferVector untrustedVector;
543 RawBufferVector trustedVector;
545 for (auto &e: untrustedCertificates) {
546 untrustedVector.push_back(e->getDER());
548 for (auto &e: trustedCertificates) {
549 trustedVector.push_back(e->getDER());
554 LogicCommand::GET_CHAIN_CERT,
559 useTrustedSystemCertificates,
560 certificateChainVector);
563 int ManagerImpl::getCertificateChain(
564 const CertificateShPtr &certificate,
565 const AliasVector &untrustedCertificates,
566 const AliasVector &trustedCertificates,
567 bool useTrustedSystemCertificates,
568 CertificateShPtrVector &certificateChainVector)
570 LabelNameVector untrustedVector;
571 LabelNameVector trustedVector;
573 for (auto &e: untrustedCertificates) {
574 AliasSupport helper(e);
575 untrustedVector.push_back(std::make_pair(helper.getLabel(), helper.getName()));
577 for (auto &e: trustedCertificates) {
578 AliasSupport helper(e);
579 trustedVector.push_back(std::make_pair(helper.getLabel(), helper.getName()));
584 LogicCommand::GET_CHAIN_ALIAS,
589 useTrustedSystemCertificates,
590 certificateChainVector);
593 int ManagerImpl::createSignature(
594 const Alias &privateKeyAlias,
595 const Password &password, // password for private_key
596 const RawBuffer &message,
597 const HashAlgorithm hash,
598 const RSAPaddingAlgorithm padding,
599 RawBuffer &signature)
601 int my_counter = ++m_counter;
603 return try_catch([&] {
606 AliasSupport helper(privateKeyAlias);
607 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::CREATE_SIGNATURE),
613 static_cast<int>(hash),
614 static_cast<int>(padding));
616 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
617 if (CKM_API_SUCCESS != retCode)
622 recv.Deserialize(command, counter, retCode, signature);
624 if ((command != static_cast<int>(LogicCommand::CREATE_SIGNATURE))
625 || (counter != my_counter))
627 return CKM_API_ERROR_UNKNOWN;
634 int ManagerImpl::verifySignature(
635 const Alias &publicKeyOrCertAlias,
636 const Password &password, // password for public_key (optional)
637 const RawBuffer &message,
638 const RawBuffer &signature,
639 const HashAlgorithm hash,
640 const RSAPaddingAlgorithm padding)
642 int my_counter = ++m_counter;
644 return try_catch([&] {
646 AliasSupport helper(publicKeyOrCertAlias);
647 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::VERIFY_SIGNATURE),
654 static_cast<int>(hash),
655 static_cast<int>(padding));
657 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
658 if (CKM_API_SUCCESS != retCode)
663 recv.Deserialize(command, counter, retCode);
665 if ((command != static_cast<int>(LogicCommand::VERIFY_SIGNATURE))
666 || (counter != my_counter))
668 return CKM_API_ERROR_UNKNOWN;
675 int ManagerImpl::ocspCheck(const CertificateShPtrVector &certChain, int &ocspStatus)
677 return try_catch([&] {
678 int my_counter = ++m_counter;
681 RawBufferVector rawCertChain;
682 for (auto &e: certChain) {
683 rawCertChain.push_back(e->getDER());
686 auto send = MessageBuffer::Serialize(my_counter, rawCertChain);
688 int retCode = m_ocspConnection.processRequest(send.Pop(), recv);
689 if (CKM_API_SUCCESS != retCode)
693 recv.Deserialize(counter, retCode, ocspStatus);
695 if (my_counter != counter) {
696 return CKM_API_ERROR_UNKNOWN;
703 int ManagerImpl::setPermission(const Alias &alias,
704 const Label &accessor,
705 PermissionMask permissionMask)
707 int my_counter = ++m_counter;
709 return try_catch([&] {
711 AliasSupport helper(alias);
712 auto send = MessageBuffer::Serialize(static_cast<int>(LogicCommand::SET_PERMISSION),
719 int retCode = m_storageConnection.processRequest(send.Pop(), recv);
720 if (CKM_API_SUCCESS != retCode)
725 recv.Deserialize(command, counter, retCode);
727 if (my_counter != counter) {
728 return CKM_API_ERROR_UNKNOWN;
735 int ManagerImpl::encrypt(const CryptoAlgorithm &algo,
736 const Alias &keyAlias,
737 const Password &password,
738 const RawBuffer& plain,
739 RawBuffer& encrypted)
741 int my_counter = ++m_counter;
743 return try_catch([&] {
745 AliasSupport helper(keyAlias);
746 CryptoAlgorithmSerializable cas(algo);
747 auto send = MessageBuffer::Serialize(static_cast<int>(EncryptionCommand::ENCRYPT),
755 int retCode = m_encryptionConnection.processRequest(send.Pop(), recv);
756 if (CKM_API_SUCCESS != retCode)
761 recv.Deserialize(command, counter, encrypted);
763 if (my_counter != counter) {
764 return CKM_API_ERROR_UNKNOWN;
771 int ManagerImpl::decrypt(const CryptoAlgorithm &algo,
772 const Alias &keyAlias,
773 const Password &password,
774 const RawBuffer& encrypted,
775 RawBuffer& decrypted)
777 int my_counter = ++m_counter;
779 return try_catch([&] {
781 AliasSupport helper(keyAlias);
782 CryptoAlgorithmSerializable cas(algo);
783 auto send = MessageBuffer::Serialize(static_cast<int>(EncryptionCommand::DECRYPT),
791 int retCode = m_encryptionConnection.processRequest(send.Pop(), recv);
792 if (CKM_API_SUCCESS != retCode)
797 recv.Deserialize(command, counter, decrypted);
799 if (my_counter != counter) {
800 return CKM_API_ERROR_UNKNOWN;
807 ManagerShPtr Manager::create() {
809 return std::make_shared<ManagerImpl>();
810 } catch (const std::bad_alloc &) {
811 LogDebug("Bad alloc was caught during ManagerImpl creation.");
813 LogError("Critical error: Unknown exception was caught during ManagerImpl creation!");
815 return ManagerShPtr();