2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief Sample service implementation.
27 #include <message-buffer.h>
28 #include <protocols.h>
29 #include <ckm/ckm-type.h>
30 #include <connection-info.h>
31 #include <db-crypto.h>
32 #include <key-provider.h>
33 #include <crypto-logic.h>
34 #include <file-lock.h>
35 #include <access-control.h>
36 #include <certificate-impl.h>
37 #include <sys/types.h>
38 #include <generic-backend/gobj.h>
40 #include <platform/decider.h>
45 KeyProvider keyProvider;
52 static const uid_t SYSTEM_DB_UID;
55 CKMLogic(const CKMLogic &) = delete;
56 CKMLogic(CKMLogic &&) = delete;
57 CKMLogic& operator=(const CKMLogic &) = delete;
58 CKMLogic& operator=(CKMLogic &&) = delete;
61 RawBuffer unlockUserKey(uid_t user, const Password &password);
62 RawBuffer lockUserKey(uid_t user);
64 RawBuffer removeUserData(uid_t user);
66 RawBuffer changeUserPassword(
68 const Password &oldPassword,
69 const Password &newPassword);
71 RawBuffer resetUserPassword(
73 const Password &newPassword);
75 RawBuffer removeApplicationData(
76 const Label &smackLabel);
79 const Credentials &cred,
83 const RawBuffer &data,
85 const PolicySerializable &policy);
88 const Credentials &cred,
92 const PKCS12Serializable &pkcs,
93 const PolicySerializable &keyPolicy,
94 const PolicySerializable &certPolicy);
97 const Credentials &cred,
103 const Credentials &cred,
108 const Password &password);
111 const Credentials &cred,
115 const Password &keyPassword,
116 const Password &certPassword);
118 RawBuffer getDataList(
119 const Credentials &cred,
123 RawBuffer createKeyPair(
124 const Credentials &cred,
126 const CryptoAlgorithmSerializable & keyGenParams,
127 const Name &namePrivate,
128 const Label &labelPrivate,
129 const Name &namePublic,
130 const Label &labelPublic,
131 const PolicySerializable &policyPrivate,
132 const PolicySerializable &policyPublic);
134 RawBuffer createKeyAES(
135 const Credentials &cred,
140 const PolicySerializable &policy);
142 RawBuffer getCertificateChain(
143 const Credentials &cred,
145 const RawBuffer &certificate,
146 const RawBufferVector &untrustedCertificates,
147 const RawBufferVector &trustedCertificates,
148 bool useTrustedSystemCertificates);
150 RawBuffer getCertificateChain(
151 const Credentials &cred,
153 const RawBuffer &certificate,
154 const LabelNameVector &untrustedCertificates,
155 const LabelNameVector &trustedCertificates,
156 bool useTrustedSystemCertificates);
158 RawBuffer createSignature(
159 const Credentials &cred,
161 const Name &privateKeyName,
162 const Label & ownerLabel,
163 const Password &password, // password for private_key
164 const RawBuffer &message,
165 const HashAlgorithm hash,
166 const RSAPaddingAlgorithm padding);
168 RawBuffer verifySignature(
169 const Credentials &cred,
171 const Name &publicKeyOrCertName,
173 const Password &password, // password for public_key (optional)
174 const RawBuffer &message,
175 const RawBuffer &signature,
176 const HashAlgorithm hash,
177 const RSAPaddingAlgorithm padding);
179 RawBuffer updateCCMode();
181 RawBuffer setPermission(
182 const Credentials &cred,
187 const Label &accessor_label,
188 const PermissionMask permissionMask);
190 int setPermissionHelper(
191 const Credentials &cred,
193 const Label &ownerLabel,
194 const Label &accessorLabel,
195 const PermissionMask permissionMask);
197 int verifyAndSaveDataHelper(
198 const Credentials &cred,
201 const RawBuffer &data,
203 const PolicySerializable &policy);
205 int getKeyForService(const Credentials &cred,
208 const Password& pass,
209 Crypto::GObjShPtr& key);
212 int unlockSystemDB();
216 // select private/system database depending on asking uid and owner label.
217 // output: database handler and effective label
218 UserData & selectDatabase(const Credentials &incoming_cred,
219 const Label &incoming_label);
221 int unlockDatabase(uid_t user,
222 const Password & password);
226 const Password &password);
230 const Password &password);
232 int verifyBinaryData(
234 RawBuffer &input_data) const;
238 const RawBuffer &input_data,
239 RawBuffer &output_data) const;
241 int checkSaveConditions(
242 const Credentials &cred,
248 const Credentials &cred,
252 const RawBuffer &data,
253 const PolicySerializable &policy);
256 const Credentials &cred,
259 const PKCS12Serializable &pkcs,
260 const PolicySerializable &keyPolicy,
261 const PolicySerializable &certPolicy);
263 DB::Row createEncryptedRow(
268 const RawBuffer &data,
269 const Policy &policy) const;
272 const Credentials &cred,
275 const Password &keyPassword,
276 const Password &certPassword,
278 CertificateShPtr & cert,
279 CertificateShPtrVector & caChain);
281 int extractPKCS12Data(
284 const Label &ownerLabel,
285 const PKCS12Serializable &pkcs,
286 const PolicySerializable &keyPolicy,
287 const PolicySerializable &certPolicy,
288 DB::RowVector &output) const;
290 int removeDataHelper(
291 const Credentials &cred,
293 const Label &ownerLabel);
297 const Label &ownerLabel,
299 DB::Crypto & database,
302 int readMultiRow(const Name &name,
303 const Label &ownerLabel,
305 DB::Crypto & database,
306 DB::RowVector &output);
308 int checkDataPermissionsHelper(
309 const Credentials &cred,
311 const Label &ownerLabel,
312 const Label &accessorLabel,
315 DB::Crypto & database);
317 Crypto::GObjUPtr rowToObject(
320 const Password& password);
324 const Credentials &cred,
328 const Password &password,
329 Crypto::GObjUPtr &obj);
333 const Credentials &cred,
337 const Password &password,
338 Crypto::GObjUPtr &obj,
339 DataType& objDataType);
343 const Credentials &cred,
347 const Password &password,
348 Crypto::GObjUPtrVector &objs);
350 int createKeyAESHelper(
351 const Credentials &cred,
355 const PolicySerializable &policy);
357 int createKeyPairHelper(
358 const Credentials &cred,
359 const CryptoAlgorithmSerializable & keyGenParams,
360 const Name &namePrivate,
361 const Label &labelPrivate,
362 const Name &namePublic,
363 const Label &labelPublic,
364 const PolicySerializable &policyPrivate,
365 const PolicySerializable &policyPublic);
367 int readCertificateHelper(
368 const Credentials &cred,
369 const LabelNameVector &labelNameVector,
370 CertificateImplVector &certVector);
372 int getCertificateChainHelper(
373 const CertificateImpl &cert,
374 const RawBufferVector &untrustedCertificates,
375 const RawBufferVector &trustedCertificates,
376 bool useTrustedSystemCertificates,
377 RawBufferVector &chainRawVector);
379 int getCertificateChainHelper(
380 const Credentials &cred,
381 const CertificateImpl &cert,
382 const LabelNameVector &untrusted,
383 const LabelNameVector &trusted,
384 bool useTrustedSystemCertificates,
385 RawBufferVector &chainRawVector);
387 int getDataListHelper(
388 const Credentials &cred,
389 const DataType dataType,
390 LabelNameVector &labelNameVector);
392 int changeUserPasswordHelper(uid_t user,
393 const Password &oldPassword,
394 const Password &newPassword);
396 int resetUserPasswordHelper(uid_t user, const Password &newPassword);
398 int loadAppKey(UserData& handle, const Label& appLabel);
400 AccessControl m_accessControl;
401 Crypto::Decider m_decider;
405 std::map<uid_t, UserData> m_userDataMap;