src/manager/service/ckm-service.cpp

   1 /*
   2  *  Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
   3  *
   4  *  Licensed under the Apache License, Version 2.0 (the "License");
   5  *  you may not use this file except in compliance with the License.
   6  *  You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  *  Unless required by applicable law or agreed to in writing, software
  11  *  distributed under the License is distributed on an "AS IS" BASIS,
  12  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  *  See the License for the specific language governing permissions and
  14  *  limitations under the License
  15  *
  16  *
  17  * @file        ckm-service.cpp
  18  * @author      Bartlomiej Grzelewski (b.grzelewski@samsung.com)
  19  * @version     1.0
  20  * @brief       CKM service implementation.
  21  */
  22 #include <service-thread.h>
  23 #include <generic-socket-manager.h>
  24 #include <connection-info.h>
  25 #include <message-buffer.h>
  26 #include <protocols.h>
  27
  28 #include <dpl/serialization.h>
  29 #include <dpl/log/log.h>
  30
  31 #include <ckm-service.h>
  32 #include <ckm-logic.h>
  33
  34 namespace {
  35 const CKM::InterfaceID SOCKET_ID_CONTROL = 0;
  36 const CKM::InterfaceID SOCKET_ID_STORAGE = 1;
  37 } // namespace anonymous
  38
  39 namespace CKM {
  40
  41 CKMService::CKMService()
  42   : m_logic(new CKMLogic)
  43 {}
  44
  45 CKMService::~CKMService() {
  46     delete m_logic;
  47 }
  48
  49 GenericSocketService::ServiceDescriptionVector CKMService::GetServiceDescription()
  50 {
  51     return ServiceDescriptionVector {
  52         {SERVICE_SOCKET_CKM_CONTROL, "key-manager::api-control", SOCKET_ID_CONTROL},
  53         {SERVICE_SOCKET_CKM_STORAGE, "key-manager::api-storage", SOCKET_ID_STORAGE}
  54     };
  55 }
  56
  57 void CKMService::accept(const AcceptEvent &event) {
  58     LogDebug("Accept event");
  59     auto &info = m_connectionInfoMap[event.connectionID.counter];
  60     info.interfaceID = event.interfaceID;
  61     info.credentials = event.credentials;
  62 }
  63
  64 void CKMService::write(const WriteEvent &event) {
  65     LogDebug("Write event (" << event.size << " bytes)");
  66 }
  67
  68 void CKMService::process(const ReadEvent &event) {
  69     LogDebug("Read event");
  70     auto &info = m_connectionInfoMap[event.connectionID.counter];
  71     info.buffer.Push(event.rawBuffer);
  72     while(processOne(event.connectionID, info));
  73 }
  74
  75 bool CKMService::processOne(
  76     const ConnectionID &conn,
  77     ConnectionInfo &info)
  78 {
  79     LogDebug ("process One");
  80     RawBuffer response;
  81
  82     Try {
  83         if (!info.buffer.Ready())
  84             return false;
  85
  86         if (info.interfaceID == SOCKET_ID_CONTROL)
  87             response = processControl(info.buffer);
  88         else
  89             response = processStorage(info.credentials, info.buffer);
  90
  91         m_serviceManager->Write(conn, response);
  92
  93         return true;
  94     } Catch (MessageBuffer::Exception::Base) {
  95         LogError("Broken protocol. Closing socket.");
  96     } Catch (Exception::BrokenProtocol) {
  97         LogError("Broken protocol. Closing socket.");
  98     } catch (const std::string &e) {
  99         LogError("String exception(" << e << "). Closing socket");
 100     } catch (...) {
 101         LogError("Unknown exception. Closing socket.");
 102     }
 103
 104     m_serviceManager->Close(conn);
 105     return false;
 106 }
 107
 108 RawBuffer CKMService::processControl(MessageBuffer &buffer) {
 109     int command;
 110     int cc_mode_status;
 111     uid_t user;
 112     ControlCommand cc;
 113     Password newPass, oldPass;
 114     std::string smackLabel;
 115
 116     Deserialization::Deserialize(buffer, command);
 117
 118     LogDebug("Process control. Command: " << command);
 119
 120     cc = static_cast<ControlCommand>(command);
 121
 122     switch(cc) {
 123     case ControlCommand::UNLOCK_USER_KEY:
 124         Deserialization::Deserialize(buffer, user);
 125         Deserialization::Deserialize(buffer, newPass);
 126         return m_logic->unlockUserKey(user, newPass);
 127     case ControlCommand::LOCK_USER_KEY:
 128         Deserialization::Deserialize(buffer, user);
 129         return m_logic->lockUserKey(user);
 130     case ControlCommand::REMOVE_USER_DATA:
 131         Deserialization::Deserialize(buffer, user);
 132         return m_logic->removeUserData(user);
 133     case ControlCommand::CHANGE_USER_PASSWORD:
 134         Deserialization::Deserialize(buffer, user);
 135         Deserialization::Deserialize(buffer, oldPass);
 136         Deserialization::Deserialize(buffer, newPass);
 137         return m_logic->changeUserPassword(user, oldPass, newPass);
 138     case ControlCommand::RESET_USER_PASSWORD:
 139         Deserialization::Deserialize(buffer, user);
 140         Deserialization::Deserialize(buffer, newPass);
 141         return m_logic->resetUserPassword(user, newPass);
 142     case ControlCommand::REMOVE_APP_DATA:
 143         Deserialization::Deserialize(buffer, smackLabel);
 144         return m_logic->removeApplicationData(smackLabel);
 145     case ControlCommand::SET_CC_MODE:
 146         Deserialization::Deserialize(buffer, cc_mode_status);
 147         return m_logic->setCCModeStatus(static_cast<CCModeState>(cc_mode_status));
 148     default:
 149         Throw(Exception::BrokenProtocol);
 150     }
 151 }
 152
 153 RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){
 154     int command;
 155     int commandId;
 156     int tmpDataType;
 157     Alias alias;
 158     std::string user;
 159
 160     Deserialization::Deserialize(buffer, command);
 161     Deserialization::Deserialize(buffer, commandId);
 162
 163     // This is a workaround solution for locktype=None in Tizen 2.2.1
 164     // When locktype is None, lockscreen app doesn't interfere with unlocking process.
 165     // Therefor lockscreen app cannot notify unlock events to key-manager when locktype is None.
 166     // So, to unlock user data when lock type is None, key-manager always try to unlock user data with null password.
 167     // Even if the result is fail, it will be ignored.
 168     Password nullPassword("");
 169     m_logic->unlockUserKey(cred.uid, nullPassword);
 170
 171     LogDebug("Process storage. Command: " << command);
 172
 173     switch(static_cast<LogicCommand>(command)) {
 174         case LogicCommand::SAVE:
 175         {
 176             RawBuffer rawData;
 177             PolicySerializable policy;
 178             Deserialization::Deserialize(buffer, tmpDataType);
 179             Deserialization::Deserialize(buffer, alias);
 180             Deserialization::Deserialize(buffer, rawData);
 181             Deserialization::Deserialize(buffer, policy);
 182             return m_logic->saveData(
 183                 cred,
 184                 commandId,
 185                 static_cast<DBDataType>(tmpDataType),
 186                 alias,
 187                 rawData,
 188                 policy);
 189         }
 190         case LogicCommand::REMOVE:
 191         {
 192             Deserialization::Deserialize(buffer, tmpDataType);
 193             Deserialization::Deserialize(buffer, alias);
 194             return m_logic->removeData(
 195                 cred,
 196                 commandId,
 197                 static_cast<DBDataType>(tmpDataType),
 198                 alias);
 199         }
 200         case LogicCommand::GET:
 201         {
 202             Password password;
 203             Deserialization::Deserialize(buffer, tmpDataType);
 204             Deserialization::Deserialize(buffer, alias);
 205             Deserialization::Deserialize(buffer, password);
 206             return m_logic->getData(
 207                 cred,
 208                 commandId,
 209                 static_cast<DBDataType>(tmpDataType),
 210                 alias,
 211                 password);
 212         }
 213         case LogicCommand::GET_LIST:
 214         {
 215             Deserialization::Deserialize(buffer, tmpDataType);
 216             return m_logic->getDataList(
 217                 cred,
 218                 commandId,
 219                 static_cast<DBDataType>(tmpDataType));
 220         }
 221         case LogicCommand::CREATE_KEY_PAIR_RSA:
 222         case LogicCommand::CREATE_KEY_PAIR_DSA:
 223         case LogicCommand::CREATE_KEY_PAIR_ECDSA:
 224         {
 225             int additional_param;
 226             Alias privateKeyAlias;
 227             Alias publicKeyAlias;
 228             PolicySerializable policyPrivateKey;
 229             PolicySerializable policyPublicKey;
 230             Deserialization::Deserialize(buffer, additional_param);
 231             Deserialization::Deserialize(buffer, policyPrivateKey);
 232             Deserialization::Deserialize(buffer, policyPublicKey);
 233             Deserialization::Deserialize(buffer, privateKeyAlias);
 234             Deserialization::Deserialize(buffer, publicKeyAlias);
 235             return m_logic->createKeyPair(
 236                 cred,
 237                 static_cast<LogicCommand>(command),
 238                 commandId,
 239                 additional_param,
 240                 privateKeyAlias,
 241                 publicKeyAlias,
 242                 policyPrivateKey,
 243                 policyPublicKey);
 244         }
 245         case LogicCommand::GET_CHAIN_CERT:
 246         {
 247             RawBuffer certificate;
 248             RawBufferVector rawBufferVector;
 249             Deserialization::Deserialize(buffer, certificate);
 250             Deserialization::Deserialize(buffer, rawBufferVector);
 251             return m_logic->getCertificateChain(
 252                 cred,
 253                 commandId,
 254                 certificate,
 255                 rawBufferVector);
 256         }
 257         case LogicCommand::GET_CHAIN_ALIAS:
 258         {
 259             RawBuffer certificate;
 260             AliasVector aliasVector;
 261             Deserialization::Deserialize(buffer, certificate);
 262             Deserialization::Deserialize(buffer, aliasVector);
 263             return m_logic->getCertificateChain(
 264                 cred,
 265                 commandId,
 266                 certificate,
 267                 aliasVector);
 268         }
 269         case LogicCommand::CREATE_SIGNATURE:
 270         {
 271             Alias privateKeyAlias;
 272             Password password;        // password for private_key
 273             RawBuffer message;
 274             int padding, hash;
 275             Deserialization::Deserialize(buffer, privateKeyAlias);
 276             Deserialization::Deserialize(buffer, password);
 277             Deserialization::Deserialize(buffer, message);
 278             Deserialization::Deserialize(buffer, hash);
 279             Deserialization::Deserialize(buffer, padding);
 280
 281             return m_logic->createSignature(
 282                   cred,
 283                   commandId,
 284                   privateKeyAlias,
 285                   password,           // password for private_key
 286                   message,
 287                   static_cast<HashAlgorithm>(hash),
 288                   static_cast<RSAPaddingAlgorithm>(padding));
 289         }
 290         case LogicCommand::VERIFY_SIGNATURE:
 291         {
 292             Alias publicKeyOrCertAlias;
 293             Password password;           // password for public_key (optional)
 294             RawBuffer message;
 295             RawBuffer signature;
 296             //HashAlgorithm hash;
 297             //RSAPaddingAlgorithm padding;
 298             int padding, hash;
 299             Deserialization::Deserialize(buffer, publicKeyOrCertAlias);
 300             Deserialization::Deserialize(buffer, password);
 301             Deserialization::Deserialize(buffer, message);
 302             Deserialization::Deserialize(buffer, signature);
 303             Deserialization::Deserialize(buffer, hash);
 304             Deserialization::Deserialize(buffer, padding);
 305             return m_logic->verifySignature(
 306                 cred,
 307                 commandId,
 308                 publicKeyOrCertAlias,
 309                 password,           // password for public_key (optional)
 310                 message,
 311                 signature,
 312                 static_cast<const HashAlgorithm>(hash),
 313                 static_cast<const RSAPaddingAlgorithm>(padding));
 314         }
 315         case LogicCommand::ALLOW_ACCESS:
 316         {
 317             Alias item_alias;
 318             std::string accessor_label;
 319             int req_rights;
 320             Deserialization::Deserialize(buffer, item_alias);
 321             Deserialization::Deserialize(buffer, accessor_label);
 322             Deserialization::Deserialize(buffer, req_rights);
 323             return m_logic->allowAccess(
 324                 cred,
 325                 commandId,
 326                 item_alias,
 327                 accessor_label,
 328                 static_cast<AccessRight>(req_rights));
 329         }
 330         case LogicCommand::DENY_ACCESS:
 331         {
 332             Alias item_alias;
 333             std::string accessor_label;
 334             Deserialization::Deserialize(buffer, item_alias);
 335             Deserialization::Deserialize(buffer, accessor_label);
 336             return m_logic->denyAccess(
 337                 cred,
 338                 commandId,
 339                 item_alias,
 340                 accessor_label);
 341         }
 342         default:
 343             Throw(Exception::BrokenProtocol);
 344     }
 345 }
 346
 347
 348 void CKMService::close(const CloseEvent &event) {
 349     LogDebug("Close event");
 350     m_connectionInfoMap.erase(event.connectionID.counter);
 351 }
 352
 353 } // namespace CKM
 354