2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file ckm-service.cpp
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief CKM service implementation.
22 #include <service-thread.h>
23 #include <generic-socket-manager.h>
24 #include <connection-info.h>
25 #include <message-buffer.h>
26 #include <protocols.h>
28 #include <dpl/serialization.h>
29 #include <dpl/log/log.h>
31 #include <ckm-service.h>
32 #include <ckm-logic.h>
35 const CKM::InterfaceID SOCKET_ID_CONTROL = 0;
36 const CKM::InterfaceID SOCKET_ID_STORAGE = 1;
37 } // namespace anonymous
41 CKMService::CKMService()
42 : m_logic(new CKMLogic)
45 CKMService::~CKMService() {
49 GenericSocketService::ServiceDescriptionVector CKMService::GetServiceDescription()
51 return ServiceDescriptionVector {
52 {SERVICE_SOCKET_CKM_CONTROL, "key-manager::api-control", SOCKET_ID_CONTROL},
53 {SERVICE_SOCKET_CKM_STORAGE, "key-manager::api-storage", SOCKET_ID_STORAGE}
57 void CKMService::accept(const AcceptEvent &event) {
58 LogDebug("Accept event");
59 auto &info = m_connectionInfoMap[event.connectionID.counter];
60 info.interfaceID = event.interfaceID;
61 info.credentials = event.credentials;
64 void CKMService::write(const WriteEvent &event) {
65 LogDebug("Write event (" << event.size << " bytes)");
68 void CKMService::process(const ReadEvent &event) {
69 LogDebug("Read event");
70 auto &info = m_connectionInfoMap[event.connectionID.counter];
71 info.buffer.Push(event.rawBuffer);
72 while(processOne(event.connectionID, info));
75 bool CKMService::processOne(
76 const ConnectionID &conn,
79 LogDebug ("process One");
83 if (!info.buffer.Ready())
86 if (info.interfaceID == SOCKET_ID_CONTROL)
87 response = processControl(info.buffer);
89 response = processStorage(info.credentials, info.buffer);
91 m_serviceManager->Write(conn, response);
94 } Catch (MessageBuffer::Exception::Base) {
95 LogError("Broken protocol. Closing socket.");
96 } Catch (Exception::BrokenProtocol) {
97 LogError("Broken protocol. Closing socket.");
98 } catch (const DataType::Exception::Base &e) {
99 LogError("Closing socket. DBDataType::Exception: " << e.DumpToString());
100 } catch (const std::string &e) {
101 LogError("String exception(" << e << "). Closing socket");
102 } catch (const std::exception &e) {
103 LogError("Std exception:: " << e.what());
105 LogError("Unknown exception. Closing socket.");
108 m_serviceManager->Close(conn);
112 RawBuffer CKMService::processControl(MessageBuffer &buffer) {
116 Password newPass, oldPass;
119 buffer.Deserialize(command);
121 LogDebug("Process control. Command: " << command);
123 cc = static_cast<ControlCommand>(command);
126 case ControlCommand::UNLOCK_USER_KEY:
127 buffer.Deserialize(user, newPass);
128 return m_logic->unlockUserKey(user, newPass);
129 case ControlCommand::LOCK_USER_KEY:
130 buffer.Deserialize(user);
131 return m_logic->lockUserKey(user);
132 case ControlCommand::REMOVE_USER_DATA:
133 buffer.Deserialize(user);
134 return m_logic->removeUserData(user);
135 case ControlCommand::CHANGE_USER_PASSWORD:
136 buffer.Deserialize(user, oldPass, newPass);
137 return m_logic->changeUserPassword(user, oldPass, newPass);
138 case ControlCommand::RESET_USER_PASSWORD:
139 buffer.Deserialize(user, newPass);
140 return m_logic->resetUserPassword(user, newPass);
141 case ControlCommand::REMOVE_APP_DATA:
142 buffer.Deserialize(smackLabel);
143 return m_logic->removeApplicationData(smackLabel);
144 case ControlCommand::UPDATE_CC_MODE:
145 return m_logic->updateCCMode();
146 case ControlCommand::SET_PERMISSION:
151 PermissionMask permissionMask = 0;
153 buffer.Deserialize(user, name, label, accessorLabel, permissionMask);
154 Credentials cred = { user, label };
155 return m_logic->setPermission(
165 Throw(Exception::BrokenProtocol);
169 RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer)
175 Label label, accessorLabel;
178 buffer.Deserialize(command);
179 buffer.Deserialize(msgID);
181 // This is a workaround solution for locktype=None in Tizen 2.2.1
182 // When locktype is None, lockscreen app doesn't interfere with unlocking process.
183 // Therefor lockscreen app cannot notify unlock events to key-manager when locktype is None.
184 // So, to unlock user data when lock type is None, key-manager always try to unlock user data with null password.
185 // Even if the result is fail, it will be ignored.
186 Password nullPassword("");
187 m_logic->unlockUserKey(cred.uid, nullPassword, false);
189 LogDebug("Process storage. Command: " << command);
191 switch(static_cast<LogicCommand>(command)) {
192 case LogicCommand::SAVE:
195 PolicySerializable policy;
196 buffer.Deserialize(tmpDataType, name, label, rawData, policy);
197 return m_logic->saveData(
203 DataType(tmpDataType),
206 case LogicCommand::SAVE_PKCS12:
209 PKCS12Serializable pkcs;
210 PolicySerializable keyPolicy, certPolicy;
211 buffer.Deserialize(name, label, pkcs, keyPolicy, certPolicy);
212 return m_logic->savePKCS12(
221 case LogicCommand::REMOVE:
223 buffer.Deserialize(name, label);
224 return m_logic->removeData(
230 case LogicCommand::GET:
233 buffer.Deserialize(tmpDataType, name, label, password);
234 return m_logic->getData(
237 DataType(tmpDataType),
242 case LogicCommand::GET_PKCS12:
244 buffer.Deserialize(name, label);
245 return m_logic->getPKCS12(
251 case LogicCommand::GET_LIST:
253 buffer.Deserialize(tmpDataType);
254 return m_logic->getDataList(
257 DataType(tmpDataType));
259 case LogicCommand::CREATE_KEY_PAIR_RSA:
260 case LogicCommand::CREATE_KEY_PAIR_DSA:
261 case LogicCommand::CREATE_KEY_PAIR_ECDSA:
263 int additional_param = 0;
265 Label privateKeyLabel;
267 Label publicKeyLabel;
268 PolicySerializable policyPrivateKey;
269 PolicySerializable policyPublicKey;
270 buffer.Deserialize(additional_param,
277 return m_logic->createKeyPair(
279 static_cast<LogicCommand>(command),
289 case LogicCommand::GET_CHAIN_CERT:
291 RawBuffer certificate;
292 RawBufferVector untrustedVector;
293 RawBufferVector trustedVector;
295 buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
296 return m_logic->getCertificateChain(
304 case LogicCommand::GET_CHAIN_ALIAS:
306 RawBuffer certificate;
307 LabelNameVector untrustedVector;
308 LabelNameVector trustedVector;
310 buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
311 return m_logic->getCertificateChain(
319 case LogicCommand::CREATE_SIGNATURE:
321 Password password; // password for private_key
323 int padding = 0, hash = 0;
324 buffer.Deserialize(name, label, password, message, hash, padding);
325 return m_logic->createSignature(
330 password, // password for private_key
332 static_cast<HashAlgorithm>(hash),
333 static_cast<RSAPaddingAlgorithm>(padding));
335 case LogicCommand::VERIFY_SIGNATURE:
337 Password password; // password for public_key (optional)
340 //HashAlgorithm hash;
341 //RSAPaddingAlgorithm padding;
342 int padding = 0, hash = 0;
343 buffer.Deserialize(name,
350 return m_logic->verifySignature(
355 password, // password for public_key (optional)
358 static_cast<const HashAlgorithm>(hash),
359 static_cast<const RSAPaddingAlgorithm>(padding));
361 case LogicCommand::SET_PERMISSION:
363 PermissionMask permissionMask = 0;
364 buffer.Deserialize(name, label, accessorLabel, permissionMask);
365 return m_logic->setPermission(
375 Throw(Exception::BrokenProtocol);
380 void CKMService::close(const CloseEvent &event) {
381 LogDebug("Close event");
382 m_connectionInfoMap.erase(event.connectionID.counter);