2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief Sample service implementation.
27 #include <message-buffer.h>
28 #include <protocols.h>
29 #include <ckm/ckm-type.h>
30 #include <connection-info.h>
31 #include <db-crypto.h>
32 #include <key-provider.h>
33 #include <crypto-logic.h>
34 #include <certificate-store.h>
35 #include <file-lock.h>
36 #include <access-control.h>
41 KeyProvider keyProvider;
51 DECLARE_EXCEPTION_TYPE(CKM::Exception, Base)
52 DECLARE_EXCEPTION_TYPE(Base, InputDataInvalid);
56 CKMLogic(const CKMLogic &) = delete;
57 CKMLogic(CKMLogic &&) = delete;
58 CKMLogic& operator=(const CKMLogic &) = delete;
59 CKMLogic& operator=(CKMLogic &&) = delete;
62 RawBuffer unlockUserKey(uid_t user, const Password &password);
64 RawBuffer lockUserKey(uid_t user);
66 RawBuffer removeUserData(uid_t user);
68 RawBuffer changeUserPassword(
70 const Password &oldPassword,
71 const Password &newPassword);
73 RawBuffer resetUserPassword(
75 const Password &newPassword);
77 RawBuffer removeApplicationData(
78 const Label &smackLabel);
81 const Credentials &cred,
87 const PolicySerializable &policy);
90 const Credentials &cred,
97 const Credentials &cred,
102 const Password &password);
104 RawBuffer getDataList(
105 const Credentials &cred,
107 DBDataType dataType);
109 RawBuffer createKeyPair(
110 const Credentials &cred,
111 LogicCommand protocol_cmd,
113 const int additional_param,
114 const Name &namePrivate,
115 const Label &labelPrivate,
116 const Name &namePublic,
117 const Label &labelPublic,
118 const PolicySerializable &policyPrivate,
119 const PolicySerializable &policyPublic);
121 RawBuffer getCertificateChain(
122 const Credentials &cred,
124 const RawBuffer &certificate,
125 const RawBufferVector &untrustedCertificates);
127 RawBuffer getCertificateChain(
128 const Credentials &cred,
130 const RawBuffer &certificate,
131 const LabelNameVector &labelNameVector);
133 RawBuffer createSignature(
134 const Credentials &cred,
136 const Name &privateKeyName,
137 const Label & ownerLabel,
138 const Password &password, // password for private_key
139 const RawBuffer &message,
140 const HashAlgorithm hash,
141 const RSAPaddingAlgorithm padding);
143 RawBuffer verifySignature(
144 const Credentials &cred,
146 const Name &publicKeyOrCertName,
148 const Password &password, // password for public_key (optional)
149 const RawBuffer &message,
150 const RawBuffer &signature,
151 const HashAlgorithm hash,
152 const RSAPaddingAlgorithm padding);
154 RawBuffer updateCCMode();
156 RawBuffer setPermission(
157 const Credentials &cred,
162 const Label &accessor_label,
163 const Permission newPermission);
167 void verifyBinaryData(
169 const RawBuffer &input_data) const;
172 const Credentials &cred,
176 const RawBuffer &key,
177 const PolicySerializable &policy);
179 int removeDataHelper(
180 const Credentials &cred,
182 const Label &ownerLabel);
184 int readDataRowHelper(
186 const Label &ownerLabel,
191 int checkDataPermissionsHelper(
193 const Label &ownerLabel,
194 const Label &accessorLabel,
197 DBCrypto & database);
201 const Credentials &cred,
205 const Password &password,
208 int createKeyPairHelper(
209 const Credentials &cred,
210 const KeyType key_type,
211 const int additional_param,
212 const Name &namePrivate,
213 const Label &labelPrivate,
214 const Name &namePublic,
215 const Label &labelPublic,
216 const PolicySerializable &policyPrivate,
217 const PolicySerializable &policyPublic);
219 int getCertificateChainHelper(
220 const Credentials &cred,
221 const RawBuffer &certificate,
222 const LabelNameVector &labelNameVector,
223 RawBufferVector & chainRawVector);
225 int setPermissionHelper(
226 const Credentials &cred,
228 const Label &ownerLabel,
229 const Label &accessorLabel,
230 const Permission newPermission);
232 std::map<uid_t, UserData> m_userDataMap;
233 CertificateStore m_certStore;
234 AccessControl m_accessControl;