/src/S2OPC/src/Common/crypto/sopc_key_manager.c

Source (jump to first uncovered line)
/*
 * Licensed to Systerel under one or more contributor license
 * agreements. See the NOTICE file distributed with this work
 * for additional information regarding copyright ownership.
 * Systerel licenses this file to you under the Apache
 * License, Version 2.0 (the "License"); you may not use this
 * file except in compliance with the License. You may obtain
 * a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

/** \file sopc_key_manager.c
 *
 * KeyManager provides functions for Asymmetric Key Management such as loading a signed public key,
 *  the corresponding private key, and provides the ability to verify signatures with x509 certificates.
 * KeyManager replaces the old concept of PKIProvider. PrivateKey should not be in the PublicKeyInfrastructure...
 *
 * Most of the functions are lib-dependent. This file defines the others.
 */

#include <string.h>

#include "sopc_crypto_decl.h"
#include "sopc_crypto_profiles.h"
#include "sopc_key_manager.h"
#include "sopc_mem_alloc.h"

/* ------------------------------------------------------------------------------------------------
 * AsymetricKey API
 * ------------------------------------------------------------------------------------------------
 */

/* ------------------------------------------------------------------------------------------------
 * Cert API
 * ------------------------------------------------------------------------------------------------
 */

/* ------------------------------------------------------------------------------------------------
 * Serialization/Deserialization API
 * ------------------------------------------------------------------------------------------------
 */

SOPC_ReturnStatus SOPC_KeyManager_SerializedAsymmetricKey_CreateFromData(const uint8_t* data,
                                                                         uint32_t len,
                                                                         SOPC_SerializedAsymmetricKey** key)
{
    SOPC_SecretBuffer* sec = SOPC_SecretBuffer_New(len);

    if (sec == NULL)
    {
        return SOPC_STATUS_OUT_OF_MEMORY;
    }

    SOPC_ExposedBuffer* buf = SOPC_SecretBuffer_ExposeModify(sec);
    memcpy(buf, data, (size_t) len);
    SOPC_SecretBuffer_UnexposeModify(buf, sec);
    *key = sec;

    return SOPC_STATUS_OK;
}

SOPC_ReturnStatus SOPC_KeyManager_SerializedAsymmetricKey_CreateFromFile(const char* path,
                                                                         SOPC_SerializedAsymmetricKey** key)
{
    SOPC_SecretBuffer* sec = SOPC_SecretBuffer_NewFromFile(path);

    if (sec == NULL)
    {
        return SOPC_STATUS_NOK;
    }

    *key = sec;
    return SOPC_STATUS_OK;
}

SOPC_ReturnStatus SOPC_KeyManager_SerializedAsymmetricKey_Deserialize(const SOPC_SerializedAsymmetricKey* cert,
                                                                      bool is_public,
                                                                      SOPC_AsymmetricKey** res)
{
    uint32_t len = SOPC_SecretBuffer_GetLength(cert);
    const SOPC_ExposedBuffer* buf = SOPC_SecretBuffer_Expose(cert);
    SOPC_ReturnStatus status = SOPC_KeyManager_AsymmetricKey_CreateFromBuffer(buf, len, is_public, res);
    SOPC_SecretBuffer_Unexpose(buf, cert);
    return status;
}

SOPC_ReturnStatus SOPC_KeyManager_SerializedAsymmetricKey_CreateFromFile_WithPwd(const char* keyPath,
                                                                                 SOPC_SerializedAsymmetricKey** key,
                                                                                 char* password,
                                                                                 uint32_t lenPassword)
{
    if (NULL == keyPath || NULL == key)
    {
        return SOPC_STATUS_INVALID_PARAMETERS;
    }
    if (NULL == password && 0 != lenPassword)
    {
        return SOPC_STATUS_INVALID_PARAMETERS;
    }
    if (NULL != password && (0 == lenPassword || '\0' != password[lenPassword]))
    {
        return SOPC_STATUS_INVALID_PARAMETERS;
    }

    SOPC_AsymmetricKey* pKey = NULL;
    SOPC_ReturnStatus status = SOPC_KeyManager_AsymmetricKey_CreateFromFile(keyPath, &pKey, password, lenPassword);

    if (SOPC_STATUS_OK == status)
    {
        status = SOPC_KeyManager_SerializedAsymmetricKey_CreateFromKey(pKey, false, key);
    }

    SOPC_KeyManager_AsymmetricKey_Free(pKey);

    return status;
}

void SOPC_KeyManager_SerializedAsymmetricKey_Delete(SOPC_SerializedAsymmetricKey* key)
{
    SOPC_SecretBuffer_DeleteClear(key);
}

SOPC_ReturnStatus SOPC_KeyManager_SerializedCertificate_CreateFromDER(const uint8_t* der,
                                                                      uint32_t len,
                                                                      SOPC_SerializedCertificate** cert)
{
    SOPC_Buffer* buf = SOPC_Buffer_Create(len);

    if (buf == NULL)
    {
        return SOPC_STATUS_OUT_OF_MEMORY;
    }

    SOPC_ReturnStatus status = SOPC_Buffer_Write(buf, der, len);
    if (SOPC_STATUS_OK == status)
    {
        *cert = buf;
    }
    else
    {
        SOPC_Buffer_Delete(buf);
    }
    return status;
}

SOPC_ReturnStatus SOPC_KeyManager_SerializedCertificate_CreateFromFile(const char* path,
                                                                       SOPC_SerializedCertificate** cert)
{
    // Create a certificate which might be a PEM or DER certificate as input
    SOPC_CertificateList* tmpCert = NULL;
    SOPC_ReturnStatus status = SOPC_KeyManager_Certificate_CreateOrAddFromFile(path, &tmpCert);
    if (SOPC_STATUS_OK == status)
    {
        uint8_t* dataDER = NULL;
        uint32_t lenDER = 0;
        status = SOPC_KeyManager_Certificate_ToDER(tmpCert, &dataDER, &lenDER);

        if (SOPC_STATUS_OK == status)
        {
            SOPC_Buffer* res = SOPC_Buffer_Attach(dataDER, lenDER);
            if (NULL != res)
            {
                *cert = res;
            }
            else
            {
                status = SOPC_STATUS_OUT_OF_MEMORY;
            }
        }
    }
    if (NULL != tmpCert)
    {
        SOPC_KeyManager_Certificate_Free(tmpCert);
    }
    return status;
}

SOPC_ReturnStatus SOPC_KeyManager_SerializedCertificate_Deserialize(const SOPC_SerializedCertificate* cert,
                                                                    SOPC_CertificateList** res)
{
    if (NULL == res || NULL != *res)
    {
        return SOPC_STATUS_INVALID_PARAMETERS;
    }

    return SOPC_KeyManager_Certificate_CreateOrAddFromDER(cert->data, cert->length, res);
}

const SOPC_Buffer* SOPC_KeyManager_SerializedCertificate_Data(const SOPC_SerializedCertificate* cert)
{
    return cert;
}

void SOPC_KeyManager_SerializedCertificate_Delete(SOPC_SerializedCertificate* cert)
{
    SOPC_Buffer_Delete(cert);
}

const SOPC_Buffer* SOPC_KeyManager_SerializedCRL_Data(const SOPC_SerializedCRL* crl)
{
    return crl;
}

Coverage Report

Created: 2025-07-11 06:29

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Licensed to Systerel under one or more contributor license
3		* agreements. See the NOTICE file distributed with this work
4		* for additional information regarding copyright ownership.
5		* Systerel licenses this file to you under the Apache
6		* License, Version 2.0 (the "License"); you may not use this
7		* file except in compliance with the License. You may obtain
8		* a copy of the License at
9		*
10		* http://www.apache.org/licenses/LICENSE-2.0
11		*
12		* Unless required by applicable law or agreed to in writing,
13		* software distributed under the License is distributed on an
14		* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15		* KIND, either express or implied. See the License for the
16		* specific language governing permissions and limitations
17		* under the License.
18		*/
19
20		/** \file sopc_key_manager.c
21		*
22		* KeyManager provides functions for Asymmetric Key Management such as loading a signed public key,
23		* the corresponding private key, and provides the ability to verify signatures with x509 certificates.
24		* KeyManager replaces the old concept of PKIProvider. PrivateKey should not be in the PublicKeyInfrastructure...
25		*
26		* Most of the functions are lib-dependent. This file defines the others.
27		*/
28
29		#include <string.h>
30
31		#include "sopc_crypto_decl.h"
32		#include "sopc_crypto_profiles.h"
33		#include "sopc_key_manager.h"
34		#include "sopc_mem_alloc.h"
35
36		/* ------------------------------------------------------------------------------------------------
37		* AsymetricKey API
38		* ------------------------------------------------------------------------------------------------
39		*/
40
41		/* ------------------------------------------------------------------------------------------------
42		* Cert API
43		* ------------------------------------------------------------------------------------------------
44		*/
45
46		/* ------------------------------------------------------------------------------------------------
47		* Serialization/Deserialization API
48		* ------------------------------------------------------------------------------------------------
49		*/
50
51		SOPC_ReturnStatus SOPC_KeyManager_SerializedAsymmetricKey_CreateFromData(const uint8_t* data,
52		uint32_t len,
53		SOPC_SerializedAsymmetricKey** key)
54	0	{
55	0	SOPC_SecretBuffer* sec = SOPC_SecretBuffer_New(len);
56
57	0	if (sec == NULL)
58	0	{
59	0	return SOPC_STATUS_OUT_OF_MEMORY;
60	0	}
61
62	0	SOPC_ExposedBuffer* buf = SOPC_SecretBuffer_ExposeModify(sec);
63	0	memcpy(buf, data, (size_t) len);
64	0	SOPC_SecretBuffer_UnexposeModify(buf, sec);
65	0	*key = sec;
66
67	0	return SOPC_STATUS_OK;
68	0	}
69
70		SOPC_ReturnStatus SOPC_KeyManager_SerializedAsymmetricKey_CreateFromFile(const char* path,
71		SOPC_SerializedAsymmetricKey** key)
72	0	{
73	0	SOPC_SecretBuffer* sec = SOPC_SecretBuffer_NewFromFile(path);
74
75	0	if (sec == NULL)
76	0	{
77	0	return SOPC_STATUS_NOK;
78	0	}
79
80	0	*key = sec;
81	0	return SOPC_STATUS_OK;
82	0	}
83
84		SOPC_ReturnStatus SOPC_KeyManager_SerializedAsymmetricKey_Deserialize(const SOPC_SerializedAsymmetricKey* cert,
85		bool is_public,
86		SOPC_AsymmetricKey** res)
87	0	{
88	0	uint32_t len = SOPC_SecretBuffer_GetLength(cert);
89	0	const SOPC_ExposedBuffer* buf = SOPC_SecretBuffer_Expose(cert);
90	0	SOPC_ReturnStatus status = SOPC_KeyManager_AsymmetricKey_CreateFromBuffer(buf, len, is_public, res);
91	0	SOPC_SecretBuffer_Unexpose(buf, cert);
92	0	return status;
93	0	}
94
95		SOPC_ReturnStatus SOPC_KeyManager_SerializedAsymmetricKey_CreateFromFile_WithPwd(const char* keyPath,
96		SOPC_SerializedAsymmetricKey** key,
97		char* password,
98		uint32_t lenPassword)
99	0	{
100	0	if (NULL == keyPath \|\| NULL == key)
101	0	{
102	0	return SOPC_STATUS_INVALID_PARAMETERS;
103	0	}
104	0	if (NULL == password && 0 != lenPassword)
105	0	{
106	0	return SOPC_STATUS_INVALID_PARAMETERS;
107	0	}
108	0	if (NULL != password && (0 == lenPassword \|\| '\0' != password[lenPassword]))
109	0	{
110	0	return SOPC_STATUS_INVALID_PARAMETERS;
111	0	}
112
113	0	SOPC_AsymmetricKey* pKey = NULL;
114	0	SOPC_ReturnStatus status = SOPC_KeyManager_AsymmetricKey_CreateFromFile(keyPath, &pKey, password, lenPassword);
115
116	0	if (SOPC_STATUS_OK == status)
117	0	{
118	0	status = SOPC_KeyManager_SerializedAsymmetricKey_CreateFromKey(pKey, false, key);
119	0	}
120
121	0	SOPC_KeyManager_AsymmetricKey_Free(pKey);
122
123	0	return status;
124	0	}
125
126		void SOPC_KeyManager_SerializedAsymmetricKey_Delete(SOPC_SerializedAsymmetricKey* key)
127	0	{
128	0	SOPC_SecretBuffer_DeleteClear(key);
129	0	}
130
131		SOPC_ReturnStatus SOPC_KeyManager_SerializedCertificate_CreateFromDER(const uint8_t* der,
132		uint32_t len,
133		SOPC_SerializedCertificate** cert)
134	0	{
135	0	SOPC_Buffer* buf = SOPC_Buffer_Create(len);
136
137	0	if (buf == NULL)
138	0	{
139	0	return SOPC_STATUS_OUT_OF_MEMORY;
140	0	}
141
142	0	SOPC_ReturnStatus status = SOPC_Buffer_Write(buf, der, len);
143	0	if (SOPC_STATUS_OK == status)
144	0	{
145	0	*cert = buf;
146	0	}
147	0	else
148	0	{
149	0	SOPC_Buffer_Delete(buf);
150	0	}
151	0	return status;
152	0	}
153
154		SOPC_ReturnStatus SOPC_KeyManager_SerializedCertificate_CreateFromFile(const char* path,
155		SOPC_SerializedCertificate** cert)
156	0	{
157		// Create a certificate which might be a PEM or DER certificate as input
158	0	SOPC_CertificateList* tmpCert = NULL;
159	0	SOPC_ReturnStatus status = SOPC_KeyManager_Certificate_CreateOrAddFromFile(path, &tmpCert);
160	0	if (SOPC_STATUS_OK == status)
161	0	{
162	0	uint8_t* dataDER = NULL;
163	0	uint32_t lenDER = 0;
164	0	status = SOPC_KeyManager_Certificate_ToDER(tmpCert, &dataDER, &lenDER);
165
166	0	if (SOPC_STATUS_OK == status)
167	0	{
168	0	SOPC_Buffer* res = SOPC_Buffer_Attach(dataDER, lenDER);
169	0	if (NULL != res)
170	0	{
171	0	*cert = res;
172	0	}
173	0	else
174	0	{
175	0	status = SOPC_STATUS_OUT_OF_MEMORY;
176	0	}
177	0	}
178	0	}
179	0	if (NULL != tmpCert)
180	0	{
181	0	SOPC_KeyManager_Certificate_Free(tmpCert);
182	0	}
183	0	return status;
184	0	}
185
186		SOPC_ReturnStatus SOPC_KeyManager_SerializedCertificate_Deserialize(const SOPC_SerializedCertificate* cert,
187		SOPC_CertificateList** res)
188	0	{
189	0	if (NULL == res \|\| NULL != *res)
190	0	{
191	0	return SOPC_STATUS_INVALID_PARAMETERS;
192	0	}
193
194	0	return SOPC_KeyManager_Certificate_CreateOrAddFromDER(cert->data, cert->length, res);
195	0	}
196
197		const SOPC_Buffer* SOPC_KeyManager_SerializedCertificate_Data(const SOPC_SerializedCertificate* cert)
198	0	{
199	0	return cert;
200	0	}
201
202		void SOPC_KeyManager_SerializedCertificate_Delete(SOPC_SerializedCertificate* cert)
203	0	{
204	0	SOPC_Buffer_Delete(cert);
205	0	}
206
207		const SOPC_Buffer* SOPC_KeyManager_SerializedCRL_Data(const SOPC_SerializedCRL* crl)
208	0	{
209	0	return crl;
210	0	}