projects / platform / core / security / key-manager.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Implement key retrieval in encryption service
[platform/core/security/key-manager.git] / src / manager / service / ckm-service.cpp
1 /*
2  *  Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
3  *
4  *  Licensed under the Apache License, Version 2.0 (the "License");
5  *  you may not use this file except in compliance with the License.
6  *  You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  *  Unless required by applicable law or agreed to in writing, software
11  *  distributed under the License is distributed on an "AS IS" BASIS,
12  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  *  See the License for the specific language governing permissions and
14  *  limitations under the License
15  *
16  *
17  * @file        ckm-service.cpp
18  * @author      Bartlomiej Grzelewski (b.grzelewski@samsung.com)
19  * @version     1.0
20  * @brief       CKM service implementation.
21  */
22
23 #include <protocols.h>
24
25 #include <dpl/serialization.h>
26 #include <dpl/log/log.h>
27
28 #include <ckm-service.h>
29 #include <ckm-logic.h>
30
31 namespace {
32 const CKM::InterfaceID SOCKET_ID_CONTROL = 0;
33 const CKM::InterfaceID SOCKET_ID_STORAGE = 1;
34 } // namespace anonymous
35
36 namespace CKM {
37
38 CKMService::CKMService()
39   : m_logic(new CKMLogic)
40 {}
41
42 CKMService::~CKMService() {
43     delete m_logic;
44 }
45
46 void CKMService::Start() {
47     Create();
48 }
49
50 void CKMService::Stop() {
51     Join();
52 }
53
54 GenericSocketService::ServiceDescriptionVector CKMService::GetServiceDescription()
55 {
56     return ServiceDescriptionVector {
57         {SERVICE_SOCKET_CKM_CONTROL, "key-manager::api-control", SOCKET_ID_CONTROL},
58         {SERVICE_SOCKET_CKM_STORAGE, "key-manager::api-storage", SOCKET_ID_STORAGE}
59     };
60 }
61
62 void CKMService::SetCommManager(CommMgr *manager)
63 {
64     ThreadService::SetCommManager(manager);
65     Register(*manager);
66 }
67
68 bool CKMService::ProcessOne(
69     const ConnectionID &conn,
70     ConnectionInfo &info)
71 {
72     LogDebug ("process One");
73     RawBuffer response;
74
75     Try {
76         if (!info.buffer.Ready())
77             return false;
78
79         if (info.interfaceID == SOCKET_ID_CONTROL)
80             response = ProcessControl(info.buffer);
81         else
82             response = ProcessStorage(info.credentials, info.buffer);
83
84         m_serviceManager->Write(conn, response);
85
86         return true;
87     } Catch (MessageBuffer::Exception::Base) {
88         LogError("Broken protocol. Closing socket.");
89     } Catch (Exception::BrokenProtocol) {
90         LogError("Broken protocol. Closing socket.");
91     } catch (const DataType::Exception::Base &e) {
92         LogError("Closing socket. DBDataType::Exception: " << e.DumpToString());
93     } catch (const std::string &e) {
94         LogError("String exception(" << e << "). Closing socket");
95     } catch (const std::exception &e) {
96         LogError("Std exception:: " << e.what());
97     } catch (...) {
98         LogError("Unknown exception. Closing socket.");
99     }
100
101     m_serviceManager->Close(conn);
102     return false;
103 }
104
105 RawBuffer CKMService::ProcessControl(MessageBuffer &buffer) {
106     int command = 0;
107     uid_t user = 0;
108     ControlCommand cc;
109     Password newPass, oldPass;
110     Label smackLabel;
111
112     buffer.Deserialize(command);
113
114     LogDebug("Process control. Command: " << command);
115
116     cc = static_cast<ControlCommand>(command);
117
118     switch(cc) {
119     case ControlCommand::UNLOCK_USER_KEY:
120         buffer.Deserialize(user, newPass);
121         return m_logic->unlockUserKey(user, newPass);
122     case ControlCommand::LOCK_USER_KEY:
123         buffer.Deserialize(user);
124         return m_logic->lockUserKey(user);
125     case ControlCommand::REMOVE_USER_DATA:
126         buffer.Deserialize(user);
127         return m_logic->removeUserData(user);
128     case ControlCommand::CHANGE_USER_PASSWORD:
129         buffer.Deserialize(user, oldPass, newPass);
130         return m_logic->changeUserPassword(user, oldPass, newPass);
131     case ControlCommand::RESET_USER_PASSWORD:
132         buffer.Deserialize(user, newPass);
133         return m_logic->resetUserPassword(user, newPass);
134     case ControlCommand::REMOVE_APP_DATA:
135         buffer.Deserialize(smackLabel);
136         return m_logic->removeApplicationData(smackLabel);
137     case ControlCommand::UPDATE_CC_MODE:
138         return m_logic->updateCCMode();
139     case ControlCommand::SET_PERMISSION:
140     {
141         Name name;
142         Label label;
143         Label accessorLabel;
144         PermissionMask permissionMask = 0;
145
146         buffer.Deserialize(user, name, label, accessorLabel, permissionMask);
147
148         Credentials cred(user, label);
149         return m_logic->setPermission(
150             cred,
151             command,
152             0, // dummy
153             name,
154             label,
155             accessorLabel,
156             permissionMask);
157     }
158     default:
159         Throw(Exception::BrokenProtocol);
160     }
161 }
162
163 RawBuffer CKMService::ProcessStorage(Credentials &cred, MessageBuffer &buffer)
164 {
165     int command = 0;
166     int msgID = 0;
167     int tmpDataType = 0;
168     Name name;
169     Label label, accessorLabel;
170     std::string user;
171
172     buffer.Deserialize(command);
173     buffer.Deserialize(msgID);
174
175     LogDebug("Process storage. Command: " << command);
176
177     switch(static_cast<LogicCommand>(command)) {
178         case LogicCommand::SAVE:
179         {
180             RawBuffer rawData;
181             PolicySerializable policy;
182             buffer.Deserialize(tmpDataType, name, label, rawData, policy);
183             return m_logic->saveData(
184                 cred,
185                 msgID,
186                 name,
187                 label,
188                 rawData,
189                 DataType(tmpDataType),
190                 policy);
191         }
192         case LogicCommand::SAVE_PKCS12:
193         {
194             RawBuffer rawData;
195             PKCS12Serializable pkcs;
196             PolicySerializable keyPolicy, certPolicy;
197             buffer.Deserialize(name, label, pkcs, keyPolicy, certPolicy);
198             return m_logic->savePKCS12(
199                 cred,
200                 msgID,
201                 name,
202                 label,
203                 pkcs,
204                 keyPolicy,
205                 certPolicy);
206         }
207         case LogicCommand::REMOVE:
208         {
209             buffer.Deserialize(name, label);
210             return m_logic->removeData(
211                 cred,
212                 msgID,
213                 name,
214                 label);
215         }
216         case LogicCommand::GET:
217         {
218             Password password;
219             buffer.Deserialize(tmpDataType, name, label, password);
220             return m_logic->getData(
221                 cred,
222                 msgID,
223                 DataType(tmpDataType),
224                 name,
225                 label,
226                 password);
227         }
228         case LogicCommand::GET_PKCS12:
229         {
230             Password passKey;
231             Password passCert;
232             buffer.Deserialize(name,
233                                label,
234                                passKey,
235                                passCert);
236             return m_logic->getPKCS12(
237                 cred,
238                 msgID,
239                 name,
240                 label,
241                 passKey,
242                 passCert);
243         }
244         case LogicCommand::GET_LIST:
245         {
246             buffer.Deserialize(tmpDataType);
247             return m_logic->getDataList(
248                 cred,
249                 msgID,
250                 DataType(tmpDataType));
251         }
252         case LogicCommand::CREATE_KEY_AES:
253         {
254             int size = 0;
255             Name keyName;
256             Label keyLabel;
257             PolicySerializable policyKey;
258             buffer.Deserialize(size,
259                                policyKey,
260                                keyName,
261                                keyLabel);
262             return m_logic->createKeyAES(
263                 cred,
264                 msgID,
265                 size,
266                 keyName,
267                 keyLabel,
268                 policyKey);
269         }
270         case LogicCommand::CREATE_KEY_PAIR:
271         {
272             CryptoAlgorithmSerializable keyGenAlgorithm;
273             Name privateKeyName;
274             Label privateKeyLabel;
275             Name publicKeyName;
276             Label publicKeyLabel;
277             PolicySerializable policyPrivateKey;
278             PolicySerializable policyPublicKey;
279             buffer.Deserialize(keyGenAlgorithm,
280                                policyPrivateKey,
281                                policyPublicKey,
282                                privateKeyName,
283                                privateKeyLabel,
284                                publicKeyName,
285                                publicKeyLabel);
286             return m_logic->createKeyPair(
287                 cred,
288                 msgID,
289                 keyGenAlgorithm,
290                 privateKeyName,
291                 privateKeyLabel,
292                 publicKeyName,
293                 publicKeyLabel,
294                 policyPrivateKey,
295                 policyPublicKey);
296         }
297         case LogicCommand::GET_CHAIN_CERT:
298         {
299             RawBuffer certificate;
300             RawBufferVector untrustedVector;
301             RawBufferVector trustedVector;
302             bool systemCerts;
303             buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
304             return m_logic->getCertificateChain(
305                 cred,
306                 msgID,
307                 certificate,
308                 untrustedVector,
309                 trustedVector,
310                 systemCerts);
311         }
312         case LogicCommand::GET_CHAIN_ALIAS:
313         {
314             RawBuffer certificate;
315             LabelNameVector untrustedVector;
316             LabelNameVector trustedVector;
317             bool systemCerts;
318             buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
319             return m_logic->getCertificateChain(
320                 cred,
321                 msgID,
322                 certificate,
323                 untrustedVector,
324                 trustedVector,
325                 systemCerts);
326         }
327         case LogicCommand::CREATE_SIGNATURE:
328         {
329             Password password;        // password for private_key
330             RawBuffer message;
331             int padding = 0, hash = 0;
332             buffer.Deserialize(name, label, password, message, hash, padding);
333             return m_logic->createSignature(
334                   cred,
335                   msgID,
336                   name,
337                   label,
338                   password,           // password for private_key
339                   message,
340                   static_cast<HashAlgorithm>(hash),
341                   static_cast<RSAPaddingAlgorithm>(padding));
342         }
343         case LogicCommand::VERIFY_SIGNATURE:
344         {
345             Password password;           // password for public_key (optional)
346             RawBuffer message;
347             RawBuffer signature;
348             //HashAlgorithm hash;
349             //RSAPaddingAlgorithm padding;
350             int padding = 0, hash = 0;
351             buffer.Deserialize(name,
352                                label,
353                                password,
354                                message,
355                                signature,
356                                hash,
357                                padding);
358             return m_logic->verifySignature(
359                 cred,
360                 msgID,
361                 name,
362                 label,
363                 password,           // password for public_key (optional)
364                 message,
365                 signature,
366                 static_cast<const HashAlgorithm>(hash),
367                 static_cast<const RSAPaddingAlgorithm>(padding));
368         }
369         case LogicCommand::SET_PERMISSION:
370         {
371             PermissionMask permissionMask = 0;
372             buffer.Deserialize(name, label, accessorLabel, permissionMask);
373             return m_logic->setPermission(
374                 cred,
375                 command,
376                 msgID,
377                 name,
378                 label,
379                 accessorLabel,
380                 permissionMask);
381         }
382         default:
383             Throw(Exception::BrokenProtocol);
384     }
385 }
386
387 void CKMService::ProcessMessage(MsgKeyRequest msg)
388 {
389     Crypto::GKeyShPtr key;
390     int ret = m_logic->getKeyForService(msg.cred,
391                                         msg.name,
392                                         msg.label,
393                                         msg.password,
394                                         key);
395     MsgKeyResponse kResp(msg.id, key, ret);
396     try {
397         if (!m_commMgr->SendMessage(kResp))
398             LogError("No listener found"); // can't do much more
399     } catch (...) {
400         LogError("Uncaught exception in SendMessage. Check listeners.");
401     }
402 }
403
404 } // namespace CKM
405
Domain: Security / Utilities;