src/manager/service/ckm-service.cpp

   1 /*
   2  *  Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
   3  *
   4  *  Licensed under the Apache License, Version 2.0 (the "License");
   5  *  you may not use this file except in compliance with the License.
   6  *  You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  *  Unless required by applicable law or agreed to in writing, software
  11  *  distributed under the License is distributed on an "AS IS" BASIS,
  12  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  *  See the License for the specific language governing permissions and
  14  *  limitations under the License
  15  *
  16  *
  17  * @file        ckm-service.cpp
  18  * @author      Bartlomiej Grzelewski (b.grzelewski@samsung.com)
  19  * @version     1.0
  20  * @brief       CKM service implementation.
  21  */
  22
  23 #include <protocols.h>
  24
  25 #include <dpl/serialization.h>
  26 #include <dpl/log/log.h>
  27
  28 #include <ckm-service.h>
  29 #include <ckm-logic.h>
  30
  31 namespace {
  32 const CKM::InterfaceID SOCKET_ID_CONTROL = 0;
  33 const CKM::InterfaceID SOCKET_ID_STORAGE = 1;
  34 } // namespace anonymous
  35
  36 namespace CKM {
  37
  38 CKMService::CKMService()
  39   : m_logic(new CKMLogic)
  40 {}
  41
  42 CKMService::~CKMService() {
  43     delete m_logic;
  44 }
  45
  46 void CKMService::Start() {
  47     Create();
  48 }
  49
  50 void CKMService::Stop() {
  51     Join();
  52 }
  53
  54 GenericSocketService::ServiceDescriptionVector CKMService::GetServiceDescription()
  55 {
  56     return ServiceDescriptionVector {
  57         {SERVICE_SOCKET_CKM_CONTROL, "key-manager::api-control", SOCKET_ID_CONTROL},
  58         {SERVICE_SOCKET_CKM_STORAGE, "key-manager::api-storage", SOCKET_ID_STORAGE}
  59     };
  60 }
  61
  62 bool CKMService::ProcessOne(
  63     const ConnectionID &conn,
  64     ConnectionInfo &info)
  65 {
  66     LogDebug ("process One");
  67     RawBuffer response;
  68
  69     Try {
  70         if (!info.buffer.Ready())
  71             return false;
  72
  73         if (info.interfaceID == SOCKET_ID_CONTROL)
  74             response = ProcessControl(info.buffer);
  75         else
  76             response = ProcessStorage(info.credentials, info.buffer);
  77
  78         m_serviceManager->Write(conn, response);
  79
  80         return true;
  81     } Catch (MessageBuffer::Exception::Base) {
  82         LogError("Broken protocol. Closing socket.");
  83     } Catch (Exception::BrokenProtocol) {
  84         LogError("Broken protocol. Closing socket.");
  85     } catch (const DataType::Exception::Base &e) {
  86         LogError("Closing socket. DBDataType::Exception: " << e.DumpToString());
  87     } catch (const std::string &e) {
  88         LogError("String exception(" << e << "). Closing socket");
  89     } catch (const std::exception &e) {
  90         LogError("Std exception:: " << e.what());
  91     } catch (...) {
  92         LogError("Unknown exception. Closing socket.");
  93     }
  94
  95     m_serviceManager->Close(conn);
  96     return false;
  97 }
  98
  99 RawBuffer CKMService::ProcessControl(MessageBuffer &buffer) {
 100     int command = 0;
 101     uid_t user = 0;
 102     ControlCommand cc;
 103     Password newPass, oldPass;
 104     Label smackLabel;
 105
 106     buffer.Deserialize(command);
 107
 108     LogDebug("Process control. Command: " << command);
 109
 110     cc = static_cast<ControlCommand>(command);
 111
 112     switch(cc) {
 113     case ControlCommand::UNLOCK_USER_KEY:
 114         buffer.Deserialize(user, newPass);
 115         return m_logic->unlockUserKey(user, newPass);
 116     case ControlCommand::LOCK_USER_KEY:
 117         buffer.Deserialize(user);
 118         return m_logic->lockUserKey(user);
 119     case ControlCommand::REMOVE_USER_DATA:
 120         buffer.Deserialize(user);
 121         return m_logic->removeUserData(user);
 122     case ControlCommand::CHANGE_USER_PASSWORD:
 123         buffer.Deserialize(user, oldPass, newPass);
 124         return m_logic->changeUserPassword(user, oldPass, newPass);
 125     case ControlCommand::RESET_USER_PASSWORD:
 126         buffer.Deserialize(user, newPass);
 127         return m_logic->resetUserPassword(user, newPass);
 128     case ControlCommand::REMOVE_APP_DATA:
 129         buffer.Deserialize(smackLabel);
 130         return m_logic->removeApplicationData(smackLabel);
 131     case ControlCommand::UPDATE_CC_MODE:
 132         return m_logic->updateCCMode();
 133     case ControlCommand::SET_PERMISSION:
 134     {
 135         Name name;
 136         Label label;
 137         Label accessorLabel;
 138         PermissionMask permissionMask = 0;
 139
 140         buffer.Deserialize(user, name, label, accessorLabel, permissionMask);
 141
 142         Credentials cred(user, label);
 143         return m_logic->setPermission(
 144             cred,
 145             command,
 146             0, // dummy
 147             name,
 148             label,
 149             accessorLabel,
 150             permissionMask);
 151     }
 152     default:
 153         Throw(Exception::BrokenProtocol);
 154     }
 155 }
 156
 157 RawBuffer CKMService::ProcessStorage(Credentials &cred, MessageBuffer &buffer)
 158 {
 159     int command = 0;
 160     int msgID = 0;
 161     int tmpDataType = 0;
 162     Name name;
 163     Label label, accessorLabel;
 164     std::string user;
 165
 166     buffer.Deserialize(command);
 167     buffer.Deserialize(msgID);
 168
 169     // This is a workaround solution for locktype=None in Tizen 2.2.1
 170     // When locktype is None, lockscreen app doesn't interfere with unlocking process.
 171     // Therefor lockscreen app cannot notify unlock events to key-manager when locktype is None.
 172     // So, to unlock user data when lock type is None, key-manager always try to unlock user data with null password.
 173     // Even if the result is fail, it will be ignored.
 174     Password nullPassword("");
 175     m_logic->unlockUserKey(cred.clientUid, nullPassword);
 176
 177     LogDebug("Process storage. Command: " << command);
 178
 179     switch(static_cast<LogicCommand>(command)) {
 180         case LogicCommand::SAVE:
 181         {
 182             RawBuffer rawData;
 183             PolicySerializable policy;
 184             buffer.Deserialize(tmpDataType, name, label, rawData, policy);
 185             return m_logic->saveData(
 186                 cred,
 187                 msgID,
 188                 name,
 189                 label,
 190                 rawData,
 191                 DataType(tmpDataType),
 192                 policy);
 193         }
 194         case LogicCommand::SAVE_PKCS12:
 195         {
 196             RawBuffer rawData;
 197             PKCS12Serializable pkcs;
 198             PolicySerializable keyPolicy, certPolicy;
 199             buffer.Deserialize(name, label, pkcs, keyPolicy, certPolicy);
 200             return m_logic->savePKCS12(
 201                 cred,
 202                 msgID,
 203                 name,
 204                 label,
 205                 pkcs,
 206                 keyPolicy,
 207                 certPolicy);
 208         }
 209         case LogicCommand::REMOVE:
 210         {
 211             buffer.Deserialize(name, label);
 212             return m_logic->removeData(
 213                 cred,
 214                 msgID,
 215                 name,
 216                 label);
 217         }
 218         case LogicCommand::GET:
 219         {
 220             Password password;
 221             buffer.Deserialize(tmpDataType, name, label, password);
 222             return m_logic->getData(
 223                 cred,
 224                 msgID,
 225                 DataType(tmpDataType),
 226                 name,
 227                 label,
 228                 password);
 229         }
 230         case LogicCommand::GET_PKCS12:
 231         {
 232             Password passKey;
 233             Password passCert;
 234             buffer.Deserialize(name,
 235                                label,
 236                                passKey,
 237                                passCert);
 238             return m_logic->getPKCS12(
 239                 cred,
 240                 msgID,
 241                 name,
 242                 label,
 243                 passKey,
 244                 passCert);
 245         }
 246         case LogicCommand::GET_LIST:
 247         {
 248             buffer.Deserialize(tmpDataType);
 249             return m_logic->getDataList(
 250                 cred,
 251                 msgID,
 252                 DataType(tmpDataType));
 253         }
 254         case LogicCommand::CREATE_KEY_AES:
 255         {
 256             int size = 0;
 257             Name keyName;
 258             Label keyLabel;
 259             PolicySerializable policyKey;
 260             buffer.Deserialize(size,
 261                                policyKey,
 262                                keyName,
 263                                keyLabel);
 264             return m_logic->createKeyAES(
 265                 cred,
 266                 msgID,
 267                 size,
 268                 keyName,
 269                 keyLabel,
 270                 policyKey);
 271         }
 272         case LogicCommand::CREATE_KEY_PAIR:
 273         {
 274             CryptoAlgorithmSerializable keyGenAlgorithm;
 275             Name privateKeyName;
 276             Label privateKeyLabel;
 277             Name publicKeyName;
 278             Label publicKeyLabel;
 279             PolicySerializable policyPrivateKey;
 280             PolicySerializable policyPublicKey;
 281             buffer.Deserialize(keyGenAlgorithm,
 282                                policyPrivateKey,
 283                                policyPublicKey,
 284                                privateKeyName,
 285                                privateKeyLabel,
 286                                publicKeyName,
 287                                publicKeyLabel);
 288             return m_logic->createKeyPair(
 289                 cred,
 290                 msgID,
 291                 keyGenAlgorithm,
 292                 privateKeyName,
 293                 privateKeyLabel,
 294                 publicKeyName,
 295                 publicKeyLabel,
 296                 policyPrivateKey,
 297                 policyPublicKey);
 298         }
 299         case LogicCommand::GET_CHAIN_CERT:
 300         {
 301             RawBuffer certificate;
 302             RawBufferVector untrustedVector;
 303             RawBufferVector trustedVector;
 304             bool systemCerts;
 305             buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
 306             return m_logic->getCertificateChain(
 307                 cred,
 308                 msgID,
 309                 certificate,
 310                 untrustedVector,
 311                 trustedVector,
 312                 systemCerts);
 313         }
 314         case LogicCommand::GET_CHAIN_ALIAS:
 315         {
 316             RawBuffer certificate;
 317             LabelNameVector untrustedVector;
 318             LabelNameVector trustedVector;
 319             bool systemCerts;
 320             buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
 321             return m_logic->getCertificateChain(
 322                 cred,
 323                 msgID,
 324                 certificate,
 325                 untrustedVector,
 326                 trustedVector,
 327                 systemCerts);
 328         }
 329         case LogicCommand::CREATE_SIGNATURE:
 330         {
 331             Password password;        // password for private_key
 332             RawBuffer message;
 333             int padding = 0, hash = 0;
 334             buffer.Deserialize(name, label, password, message, hash, padding);
 335             return m_logic->createSignature(
 336                   cred,
 337                   msgID,
 338                   name,
 339                   label,
 340                   password,           // password for private_key
 341                   message,
 342                   static_cast<HashAlgorithm>(hash),
 343                   static_cast<RSAPaddingAlgorithm>(padding));
 344         }
 345         case LogicCommand::VERIFY_SIGNATURE:
 346         {
 347             Password password;           // password for public_key (optional)
 348             RawBuffer message;
 349             RawBuffer signature;
 350             //HashAlgorithm hash;
 351             //RSAPaddingAlgorithm padding;
 352             int padding = 0, hash = 0;
 353             buffer.Deserialize(name,
 354                                label,
 355                                password,
 356                                message,
 357                                signature,
 358                                hash,
 359                                padding);
 360             return m_logic->verifySignature(
 361                 cred,
 362                 msgID,
 363                 name,
 364                 label,
 365                 password,           // password for public_key (optional)
 366                 message,
 367                 signature,
 368                 static_cast<const HashAlgorithm>(hash),
 369                 static_cast<const RSAPaddingAlgorithm>(padding));
 370         }
 371         case LogicCommand::SET_PERMISSION:
 372         {
 373             PermissionMask permissionMask = 0;
 374             buffer.Deserialize(name, label, accessorLabel, permissionMask);
 375             return m_logic->setPermission(
 376                 cred,
 377                 command,
 378                 msgID,
 379                 name,
 380                 label,
 381                 accessorLabel,
 382                 permissionMask);
 383         }
 384         default:
 385             Throw(Exception::BrokenProtocol);
 386     }
 387 }
 388
 389 } // namespace CKM
 390