src/manager/service/ckm-service.cpp

   1 /*
   2  *  Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
   3  *
   4  *  Licensed under the Apache License, Version 2.0 (the "License");
   5  *  you may not use this file except in compliance with the License.
   6  *  You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  *  Unless required by applicable law or agreed to in writing, software
  11  *  distributed under the License is distributed on an "AS IS" BASIS,
  12  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  *  See the License for the specific language governing permissions and
  14  *  limitations under the License
  15  *
  16  *
  17  * @file        ckm-service.cpp
  18  * @author      Bartlomiej Grzelewski (b.grzelewski@samsung.com)
  19  * @version     1.0
  20  * @brief       CKM service implementation.
  21  */
  22 #include <service-thread.h>
  23 #include <generic-socket-manager.h>
  24 #include <connection-info.h>
  25 #include <message-buffer.h>
  26 #include <protocols.h>
  27
  28 #include <dpl/serialization.h>
  29 #include <dpl/log/log.h>
  30
  31 #include <ckm-service.h>
  32 #include <ckm-logic.h>
  33
  34 namespace {
  35 const CKM::InterfaceID SOCKET_ID_CONTROL = 0;
  36 const CKM::InterfaceID SOCKET_ID_STORAGE = 1;
  37 } // namespace anonymous
  38
  39 namespace CKM {
  40
  41 CKMService::CKMService()
  42   : m_logic(new CKMLogic)
  43 {}
  44
  45 CKMService::~CKMService() {
  46     delete m_logic;
  47 }
  48
  49 GenericSocketService::ServiceDescriptionVector CKMService::GetServiceDescription()
  50 {
  51     return ServiceDescriptionVector {
  52         {SERVICE_SOCKET_CKM_CONTROL, "key-manager::api-control", SOCKET_ID_CONTROL},
  53         {SERVICE_SOCKET_CKM_STORAGE, "key-manager::api-storage", SOCKET_ID_STORAGE}
  54     };
  55 }
  56
  57 void CKMService::accept(const AcceptEvent &event) {
  58     LogDebug("Accept event");
  59     auto &info = m_connectionInfoMap[event.connectionID.counter];
  60     info.interfaceID = event.interfaceID;
  61     info.credentials = event.credentials;
  62 }
  63
  64 void CKMService::write(const WriteEvent &event) {
  65     LogDebug("Write event (" << event.size << " bytes)");
  66 }
  67
  68 void CKMService::process(const ReadEvent &event) {
  69     LogDebug("Read event");
  70     auto &info = m_connectionInfoMap[event.connectionID.counter];
  71     info.buffer.Push(event.rawBuffer);
  72     while(processOne(event.connectionID, info));
  73 }
  74
  75 bool CKMService::processOne(
  76     const ConnectionID &conn,
  77     ConnectionInfo &info)
  78 {
  79     LogDebug ("process One");
  80     RawBuffer response;
  81
  82     Try {
  83         if (!info.buffer.Ready())
  84             return false;
  85
  86         if (info.interfaceID == SOCKET_ID_CONTROL)
  87             response = processControl(info.buffer);
  88         else
  89             response = processStorage(info.credentials, info.buffer);
  90
  91         m_serviceManager->Write(conn, response);
  92
  93         return true;
  94     } Catch (MessageBuffer::Exception::Base) {
  95         LogError("Broken protocol. Closing socket.");
  96     } Catch (Exception::BrokenProtocol) {
  97         LogError("Broken protocol. Closing socket.");
  98     } catch (const DataType::Exception::Base &e) {
  99         LogError("Closing socket. DBDataType::Exception: " << e.DumpToString());
 100     } catch (const std::string &e) {
 101         LogError("String exception(" << e << "). Closing socket");
 102     } catch (const std::exception &e) {
 103         LogError("Std exception:: " << e.what());
 104     } catch (...) {
 105         LogError("Unknown exception. Closing socket.");
 106     }
 107
 108     m_serviceManager->Close(conn);
 109     return false;
 110 }
 111
 112 RawBuffer CKMService::processControl(MessageBuffer &buffer) {
 113     int command = 0;
 114     ClientID clientID;
 115     ControlCommand cc;
 116     Password newPass, oldPass;
 117     Label smackLabel;
 118
 119     buffer.Deserialize(command);
 120
 121     LogDebug("Process control. Command: " << command);
 122
 123     cc = static_cast<ControlCommand>(command);
 124
 125     switch(cc) {
 126     case ControlCommand::UNLOCK_USER_KEY:
 127         buffer.Deserialize(clientID, newPass);
 128         return m_logic->unlockUserKey(clientID, newPass);
 129     case ControlCommand::LOCK_USER_KEY:
 130         buffer.Deserialize(clientID);
 131         return m_logic->lockUserKey(clientID);
 132     case ControlCommand::REMOVE_USER_DATA:
 133         buffer.Deserialize(clientID);
 134         return m_logic->removeUserData(clientID);
 135     case ControlCommand::CHANGE_USER_PASSWORD:
 136         buffer.Deserialize(clientID, oldPass, newPass);
 137         return m_logic->changeUserPassword(clientID, oldPass, newPass);
 138     case ControlCommand::RESET_USER_PASSWORD:
 139         buffer.Deserialize(clientID, newPass);
 140         return m_logic->resetUserPassword(clientID, newPass);
 141     case ControlCommand::REMOVE_APP_DATA:
 142     {
 143         std::string zone;
 144         buffer.Deserialize(zone, smackLabel);
 145         return m_logic->removeApplicationData(zone, smackLabel);
 146     }
 147     case ControlCommand::SET_PERMISSION:
 148     {
 149         Name name;
 150         Label label;
 151         Label accessorLabel;
 152         PermissionMask permissionMask = 0;
 153
 154         buffer.Deserialize(clientID, name, label, accessorLabel, permissionMask);
 155         Credentials cred = { clientID, label };
 156         return m_logic->setPermission(
 157             cred,
 158             command,
 159             0, // dummy
 160             name,
 161             label,
 162             accessorLabel,
 163             permissionMask);
 164     }
 165     case ControlCommand::UPDATE_CC_MODE:
 166         return m_logic->updateCCMode();
 167     default:
 168         Throw(Exception::BrokenProtocol);
 169     }
 170 }
 171
 172 RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer)
 173 {
 174     int command = 0;
 175     int msgID = 0;
 176     int tmpDataType = 0;
 177     Name name;
 178     Label label, accessorLabel;
 179
 180     buffer.Deserialize(command);
 181     buffer.Deserialize(msgID);
 182
 183     // This is a workaround solution for locktype=None in Tizen 2.2.1
 184     // When locktype is None, lockscreen app doesn't interfere with unlocking process.
 185     // Therefor lockscreen app cannot notify unlock events to key-manager when locktype is None.
 186     // So, to unlock user data when lock type is None, key-manager always try to unlock user data with null password.
 187     // Even if the result is fail, it will be ignored.
 188     Password nullPassword("");
 189     m_logic->unlockUserKey(cred.clientID, nullPassword, false);
 190
 191     LogDebug("Process storage. Command: " << command);
 192
 193     switch(static_cast<LogicCommand>(command)) {
 194         case LogicCommand::SAVE:
 195         {
 196             RawBuffer rawData;
 197             PolicySerializable policy;
 198             buffer.Deserialize(tmpDataType, name, label, rawData, policy);
 199             return m_logic->saveData(
 200                 cred,
 201                 msgID,
 202                 name,
 203                 label,
 204                 rawData,
 205                 DataType(tmpDataType),
 206                 policy);
 207         }
 208         case LogicCommand::SAVE_PKCS12:
 209         {
 210             RawBuffer rawData;
 211             PKCS12Serializable pkcs;
 212             PolicySerializable keyPolicy, certPolicy;
 213             buffer.Deserialize(name, label, pkcs, keyPolicy, certPolicy);
 214             return m_logic->savePKCS12(
 215                 cred,
 216                 msgID,
 217                 name,
 218                 label,
 219                 pkcs,
 220                 keyPolicy,
 221                 certPolicy);
 222         }
 223         case LogicCommand::REMOVE:
 224         {
 225             buffer.Deserialize(name, label);
 226             return m_logic->removeData(
 227                 cred,
 228                 msgID,
 229                 name,
 230                 label);
 231         }
 232         case LogicCommand::GET:
 233         {
 234             Password password;
 235             buffer.Deserialize(tmpDataType, name, label, password);
 236             return m_logic->getData(
 237                 cred,
 238                 msgID,
 239                 DataType(tmpDataType),
 240                 name,
 241                 label,
 242                 password);
 243         }
 244         case LogicCommand::GET_PKCS12:
 245         {
 246             Password passKey;
 247             Password passCert;
 248             buffer.Deserialize(name,
 249                                label,
 250                                passKey,
 251                                passCert);
 252             return m_logic->getPKCS12(
 253                 cred,
 254                 msgID,
 255                 name,
 256                 label,
 257                 passKey,
 258                 passCert);
 259         }
 260         case LogicCommand::GET_LIST:
 261         {
 262             buffer.Deserialize(tmpDataType);
 263             return m_logic->getDataList(
 264                 cred,
 265                 msgID,
 266                 DataType(tmpDataType));
 267         }
 268         case LogicCommand::CREATE_KEY_PAIR_RSA:
 269         case LogicCommand::CREATE_KEY_PAIR_DSA:
 270         case LogicCommand::CREATE_KEY_PAIR_ECDSA:
 271         {
 272             int additional_param = 0;
 273             Name privateKeyName;
 274             Label privateKeyLabel;
 275             Name publicKeyName;
 276             Label publicKeyLabel;
 277             PolicySerializable policyPrivateKey;
 278             PolicySerializable policyPublicKey;
 279             buffer.Deserialize(additional_param,
 280                                policyPrivateKey,
 281                                policyPublicKey,
 282                                privateKeyName,
 283                                privateKeyLabel,
 284                                publicKeyName,
 285                                publicKeyLabel);
 286             return m_logic->createKeyPair(
 287                 cred,
 288                 static_cast<LogicCommand>(command),
 289                 msgID,
 290                 additional_param,
 291                 privateKeyName,
 292                 privateKeyLabel,
 293                 publicKeyName,
 294                 publicKeyLabel,
 295                 policyPrivateKey,
 296                 policyPublicKey);
 297         }
 298         case LogicCommand::GET_CHAIN_CERT:
 299         {
 300             RawBuffer certificate;
 301             RawBufferVector untrustedVector;
 302             RawBufferVector trustedVector;
 303             bool systemCerts;
 304             buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
 305             return m_logic->getCertificateChain(
 306                 cred,
 307                 msgID,
 308                 certificate,
 309                 untrustedVector,
 310                 trustedVector,
 311                 systemCerts);
 312         }
 313         case LogicCommand::GET_CHAIN_ALIAS:
 314         {
 315             RawBuffer certificate;
 316             LabelNameVector untrustedVector;
 317             LabelNameVector trustedVector;
 318             bool systemCerts;
 319             buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
 320             return m_logic->getCertificateChain(
 321                 cred,
 322                 msgID,
 323                 certificate,
 324                 untrustedVector,
 325                 trustedVector,
 326                 systemCerts);
 327         }
 328         case LogicCommand::CREATE_SIGNATURE:
 329         {
 330             Password password;        // password for private_key
 331             RawBuffer message;
 332             int padding = 0, hash = 0;
 333             buffer.Deserialize(name, label, password, message, hash, padding);
 334             return m_logic->createSignature(
 335                   cred,
 336                   msgID,
 337                   name,
 338                   label,
 339                   password,           // password for private_key
 340                   message,
 341                   static_cast<HashAlgorithm>(hash),
 342                   static_cast<RSAPaddingAlgorithm>(padding));
 343         }
 344         case LogicCommand::VERIFY_SIGNATURE:
 345         {
 346             Password password;           // password for public_key (optional)
 347             RawBuffer message;
 348             RawBuffer signature;
 349             //HashAlgorithm hash;
 350             //RSAPaddingAlgorithm padding;
 351             int padding = 0, hash = 0;
 352             buffer.Deserialize(name,
 353                                label,
 354                                password,
 355                                message,
 356                                signature,
 357                                hash,
 358                                padding);
 359             return m_logic->verifySignature(
 360                 cred,
 361                 msgID,
 362                 name,
 363                 label,
 364                 password,           // password for public_key (optional)
 365                 message,
 366                 signature,
 367                 static_cast<const HashAlgorithm>(hash),
 368                 static_cast<const RSAPaddingAlgorithm>(padding));
 369         }
 370         case LogicCommand::SET_PERMISSION:
 371         {
 372             PermissionMask permissionMask = 0;
 373             buffer.Deserialize(name, label, accessorLabel, permissionMask);
 374             return m_logic->setPermission(
 375                 cred,
 376                 command,
 377                 msgID,
 378                 name,
 379                 label,
 380                 accessorLabel,
 381                 permissionMask);
 382         }
 383         default:
 384             Throw(Exception::BrokenProtocol);
 385     }
 386 }
 387
 388
 389 void CKMService::close(const CloseEvent &event) {
 390     LogDebug("Close event");
 391     m_connectionInfoMap.erase(event.connectionID.counter);
 392 }
 393
 394 } // namespace CKM
 395