Implement key retrieval in encryption service

[platform/core/security/key-manager.git] / src / manager / service / ckm-logic.h

diff --git a/src/manager/service/ckm-logic.h b/src/manager/service/ckm-logic.h
index 0cbbb2b..b6dc1eb 100644 (file)
--- a/src/manager/service/ckm-logic.h
+++ b/src/manager/service/ckm-logic.h
@@ -31,26 +31,25 @@
 #include <db-crypto.h>
 #include <key-provider.h>
 #include <crypto-logic.h>
-#include <certificate-store.h>
 #include <file-lock.h>
 #include <access-control.h>
+#include <certificate-impl.h>
+#include <sys/types.h>
+#include <generic-backend/gkey.h>
+
+#include <platform/decider.h>
 
 namespace CKM {
 
 struct UserData {
     KeyProvider    keyProvider;
-    DBCrypto       database;
+    DB::Crypto     database;
     CryptoLogic    crypto;
 };
 
 class CKMLogic {
 public:
-    class Exception
-    {
-        public:
-            DECLARE_EXCEPTION_TYPE(CKM::Exception, Base)
-            DECLARE_EXCEPTION_TYPE(Base, InputDataInvalid);
-    };
+    static const uid_t SYSTEM_DB_UID;
 
     CKMLogic();
     CKMLogic(const CKMLogic &) = delete;
@@ -60,7 +59,6 @@ public:
     virtual ~CKMLogic();
 
     RawBuffer unlockUserKey(uid_t user, const Password &password);
-
     RawBuffer lockUserKey(uid_t user);
 
     RawBuffer removeUserData(uid_t user);
@@ -80,12 +78,21 @@ public:
     RawBuffer saveData(
         const Credentials &cred,
         int commandId,
-        DBDataType dataType,
         const Name &name,
         const Label &label,
-        const RawBuffer &key,
+        const RawBuffer &data,
+        DataType dataType,
         const PolicySerializable &policy);
 
+    RawBuffer savePKCS12(
+        const Credentials &cred,
+        int commandId,
+        const Name &name,
+        const Label &label,
+        const PKCS12Serializable &pkcs,
+        const PolicySerializable &keyPolicy,
+        const PolicySerializable &certPolicy);
+
     RawBuffer removeData(
         const Credentials &cred,
         int commandId,
@@ -95,21 +102,28 @@ public:
     RawBuffer getData(
         const Credentials &cred,
         int commandId,
-        DBDataType dataType,
+        DataType dataType,
         const Name &name,
         const Label &label,
         const Password &password);
 
+    RawBuffer getPKCS12(
+        const Credentials &cred,
+        int commandId,
+        const Name &name,
+        const Label &label,
+        const Password &keyPassword,
+        const Password &certPassword);
+
     RawBuffer getDataList(
         const Credentials &cred,
         int commandId,
-        DBDataType dataType);
+        DataType dataType);
 
     RawBuffer createKeyPair(
         const Credentials &cred,
-        LogicCommand protocol_cmd,
         int commandId,
-        const int additional_param,
+        const CryptoAlgorithmSerializable & keyGenParams,
         const Name &namePrivate,
         const Label &labelPrivate,
         const Name &namePublic,
@@ -117,17 +131,29 @@ public:
         const PolicySerializable &policyPrivate,
         const PolicySerializable &policyPublic);
 
+    RawBuffer createKeyAES(
+        const Credentials &cred,
+        int commandId,
+        const int size,
+        const Name &name,
+        const Label &label,
+        const PolicySerializable &policy);
+
     RawBuffer getCertificateChain(
         const Credentials &cred,
         int commandId,
         const RawBuffer &certificate,
-        const RawBufferVector &untrustedCertificates);
+        const RawBufferVector &untrustedCertificates,
+        const RawBufferVector &trustedCertificates,
+        bool useTrustedSystemCertificates);
 
     RawBuffer getCertificateChain(
         const Credentials &cred,
         int commandId,
         const RawBuffer &certificate,
-        const LabelNameVector &labelNameVector);
+        const LabelNameVector &untrustedCertificates,
+        const LabelNameVector &trustedCertificates,
+        bool useTrustedSystemCertificates);
 
     RawBuffer  createSignature(
         const Credentials &cred,
@@ -154,60 +180,166 @@ public:
 
     RawBuffer setPermission(
         const Credentials &cred,
-        int command,
-        int msgID,
+        const int command,
+        const int msgID,
         const Name &name,
         const Label &label,
         const Label &accessor_label,
-        const Permission newPermission);
+        const PermissionMask permissionMask);
+
+    int setPermissionHelper(
+            const Credentials &cred,
+            const Name &name,
+            const Label &ownerLabel,
+            const Label &accessorLabel,
+            const PermissionMask permissionMask);
+
+    int verifyAndSaveDataHelper(
+        const Credentials &cred,
+        const Name &name,
+        const Label &label,
+        const RawBuffer &data,
+        DataType dataType,
+        const PolicySerializable &policy);
+
+    int getKeyForService(const Credentials &cred,
+                         const Name &name,
+                         const Label &label,
+                         const Password& pass,
+                         Crypto::GKeyShPtr& key);
 
 private:
 
-    void verifyBinaryData(
-        DBDataType dataType,
-        const RawBuffer &input_data) const;
+    // select private/system database depending on asking uid and owner label.
+    // output: database handler and effective label
+    UserData & selectDatabase(const Credentials &incoming_cred,
+                              const Label       &incoming_label);
+
+    int unlockSystemDB();
+    int unlockDatabase(uid_t            user,
+                       const Password & password);
+
+    void loadDKEKFile(
+        uid_t user,
+        const Password &password);
+
+    void saveDKEKFile(
+        uid_t user,
+        const Password &password);
+
+    int verifyBinaryData(
+        DataType dataType,
+        RawBuffer &input_data) const;
+
+    int toBinaryData(
+        DataType dataType,
+        const RawBuffer &input_data,
+        RawBuffer &output_data) const;
+
+    int checkSaveConditions(
+        const Credentials &cred,
+        UserData &handler,
+        const Name &name,
+        const Label &label);
 
     int saveDataHelper(
         const Credentials &cred,
-        DBDataType dataType,
         const Name &name,
         const Label &label,
-        const RawBuffer &key,
+        DataType dataType,
+        const RawBuffer &data,
         const PolicySerializable &policy);
 
+    int saveDataHelper(
+        const Credentials &cred,
+        const Name &name,
+        const Label &label,
+        const PKCS12Serializable &pkcs,
+        const PolicySerializable &keyPolicy,
+        const PolicySerializable &certPolicy);
+
+    DB::Row createEncryptedRow(
+        CryptoLogic &crypto,
+        const Name &name,
+        const Label &label,
+        DataType dataType,
+        const RawBuffer &data,
+        const Policy &policy) const;
+
+    int getPKCS12Helper(
+        const Credentials &cred,
+        const Name &name,
+        const Label &label,
+        const Password &keyPassword,
+        const Password &certPassword,
+        KeyShPtr & privKey,
+        CertificateShPtr & cert,
+        CertificateShPtrVector & caChain);
+
+    int extractPKCS12Data(
+        CryptoLogic &crypto,
+        const Name &name,
+        const Label &ownerLabel,
+        const PKCS12Serializable &pkcs,
+        const PolicySerializable &keyPolicy,
+        const PolicySerializable &certPolicy,
+        DB::RowVector &output) const;
+
     int removeDataHelper(
         const Credentials &cred,
         const Name &name,
         const Label &ownerLabel);
 
-    int readDataRowHelper(
+    int readSingleRow(
         const Name &name,
         const Label &ownerLabel,
-        DBDataType dataType,
-        DBCrypto & database,
-        DBRow &row);
+        DataType dataType,
+        DB::Crypto & database,
+        DB::Row &row);
+
+    int readMultiRow(const Name &name,
+        const Label &ownerLabel,
+        DataType dataType,
+        DB::Crypto & database,
+        DB::RowVector &output);
 
     int checkDataPermissionsHelper(
+        const Credentials &cred,
         const Name &name,
         const Label &ownerLabel,
         const Label &accessorLabel,
-        const DBRow &row,
+        const DB::Row &row,
         bool exportFlag,
-        DBCrypto & database);
+        DB::Crypto & database);
+
+    int readDataHelper(
+        bool exportFlag,
+        const Credentials &cred,
+        DataType dataType,
+        const Name &name,
+        const Label &label,
+        const Password &password,
+        DB::Row &row);
 
     int readDataHelper(
         bool exportFlag,
         const Credentials &cred,
-        DBDataType dataType,
+        DataType dataType,
         const Name &name,
         const Label &label,
         const Password &password,
-        DBRow &row);
+        DB::RowVector &rows);
+
+    int createKeyAESHelper(
+        const Credentials &cred,
+        const int size,
+        const Name &name,
+        const Label &label,
+        const PolicySerializable &policy);
 
     int createKeyPairHelper(
         const Credentials &cred,
-        const KeyType key_type,
-        const int additional_param,
+        const CryptoAlgorithmSerializable & keyGenParams,
         const Name &namePrivate,
         const Label &labelPrivate,
         const Name &namePublic,
@@ -215,22 +347,40 @@ private:
         const PolicySerializable &policyPrivate,
         const PolicySerializable &policyPublic);
 
-    int getCertificateChainHelper(
+    int readCertificateHelper(
         const Credentials &cred,
-        const RawBuffer &certificate,
         const LabelNameVector &labelNameVector,
-        RawBufferVector & chainRawVector);
+        CertificateImplVector &certVector);
 
-    int setPermissionHelper(
+    int getCertificateChainHelper(
+        const CertificateImpl &cert,
+        const RawBufferVector &untrustedCertificates,
+        const RawBufferVector &trustedCertificates,
+        bool useTrustedSystemCertificates,
+        RawBufferVector &chainRawVector);
+
+    int getCertificateChainHelper(
         const Credentials &cred,
-        const Name &name,
-        const Label &ownerLabel,
-        const Label &accessorLabel,
-        const Permission newPermission);
+        const CertificateImpl &cert,
+        const LabelNameVector &untrusted,
+        const LabelNameVector &trusted,
+        bool useTrustedSystemCertificates,
+        RawBufferVector &chainRawVector);
+
+    int getDataListHelper(
+        const Credentials &cred,
+        const DataType dataType,
+        LabelNameVector &labelNameVector);
+
+    int changeUserPasswordHelper(uid_t user,
+                                 const Password &oldPassword,
+                                 const Password &newPassword);
+
+    int resetUserPasswordHelper(uid_t user, const Password &newPassword);
 
     std::map<uid_t, UserData> m_userDataMap;
-    CertificateStore m_certStore;
     AccessControl m_accessControl;
+    Crypto::Decider m_decider;
     //FileLock m_lock;
 };