Call import & destroy on store

[platform/core/security/key-manager.git] / src / manager / service / ckm-logic.h

diff --git a/src/manager/service/ckm-logic.h b/src/manager/service/ckm-logic.h
index 32eb889..c73fc74 100644 (file)
--- a/src/manager/service/ckm-logic.h
+++ b/src/manager/service/ckm-logic.h
@@ -31,27 +31,26 @@
 #include <db-crypto.h>
 #include <key-provider.h>
 #include <crypto-logic.h>
-#include <certificate-store.h>
 #include <file-lock.h>
 #include <access-control.h>
+#include <certificate-impl.h>
+#include <sys/types.h>
+#include <generic-backend/gkey.h>
+
+#include <platform/decider.h>
 
 namespace CKM {
 
 struct UserData {
-    UserData()
-      : isMainDKEK(false)
-      , isDKEKConfirmed(false)
-    {}
-
     KeyProvider    keyProvider;
-    DBCrypto       database;
+    DB::Crypto     database;
     CryptoLogic    crypto;
-    bool           isMainDKEK;
-    bool           isDKEKConfirmed;
 };
 
 class CKMLogic {
 public:
+    static const uid_t SYSTEM_DB_UID;
+
     CKMLogic();
     CKMLogic(const CKMLogic &) = delete;
     CKMLogic(CKMLogic &&) = delete;
@@ -59,8 +58,7 @@ public:
     CKMLogic& operator=(CKMLogic &&) = delete;
     virtual ~CKMLogic();
 
-    RawBuffer unlockUserKey(uid_t user, const Password &password, bool apiRequest = true);
-
+    RawBuffer unlockUserKey(uid_t user, const Password &password);
     RawBuffer lockUserKey(uid_t user);
 
     RawBuffer removeUserData(uid_t user);
@@ -83,7 +81,7 @@ public:
         const Name &name,
         const Label &label,
         const RawBuffer &data,
-        DBDataType dataType,
+        DataType dataType,
         const PolicySerializable &policy);
 
     RawBuffer savePKCS12(
@@ -104,7 +102,7 @@ public:
     RawBuffer getData(
         const Credentials &cred,
         int commandId,
-        DBDataType dataType,
+        DataType dataType,
         const Name &name,
         const Label &label,
         const Password &password);
@@ -113,18 +111,19 @@ public:
         const Credentials &cred,
         int commandId,
         const Name &name,
-        const Label &label);
+        const Label &label,
+        const Password &keyPassword,
+        const Password &certPassword);
 
     RawBuffer getDataList(
         const Credentials &cred,
         int commandId,
-        DBDataType dataType);
+        DataType dataType);
 
     RawBuffer createKeyPair(
         const Credentials &cred,
-        LogicCommand protocol_cmd,
         int commandId,
-        const int additional_param,
+        const CryptoAlgorithmSerializable & keyGenParams,
         const Name &namePrivate,
         const Label &labelPrivate,
         const Name &namePublic,
@@ -132,17 +131,29 @@ public:
         const PolicySerializable &policyPrivate,
         const PolicySerializable &policyPublic);
 
+    RawBuffer createKeyAES(
+        const Credentials &cred,
+        int commandId,
+        const int size,
+        const Name &name,
+        const Label &label,
+        const PolicySerializable &policy);
+
     RawBuffer getCertificateChain(
         const Credentials &cred,
         int commandId,
         const RawBuffer &certificate,
-        const RawBufferVector &untrustedCertificates);
+        const RawBufferVector &untrustedCertificates,
+        const RawBufferVector &trustedCertificates,
+        bool useTrustedSystemCertificates);
 
     RawBuffer getCertificateChain(
         const Credentials &cred,
         int commandId,
         const RawBuffer &certificate,
-        const LabelNameVector &labelNameVector);
+        const LabelNameVector &untrustedCertificates,
+        const LabelNameVector &trustedCertificates,
+        bool useTrustedSystemCertificates);
 
     RawBuffer  createSignature(
         const Credentials &cred,
@@ -169,33 +180,61 @@ public:
 
     RawBuffer setPermission(
         const Credentials &cred,
-        int command,
-        int msgID,
+        const int command,
+        const int msgID,
         const Name &name,
         const Label &label,
         const Label &accessor_label,
-        const Permission newPermission);
+        const PermissionMask permissionMask);
+
+    int setPermissionHelper(
+            const Credentials &cred,
+            const Name &name,
+            const Label &ownerLabel,
+            const Label &accessorLabel,
+            const PermissionMask permissionMask);
+
+    int verifyAndSaveDataHelper(
+        const Credentials &cred,
+        const Name &name,
+        const Label &label,
+        const RawBuffer &data,
+        DataType dataType,
+        const PolicySerializable &policy);
+
+    int getKeyForService(const Credentials &cred,
+                         const Name &name,
+                         const Label &label,
+                         const Password& pass,
+                         Crypto::GKeyShPtr& key);
 
 private:
 
+    // select private/system database depending on asking uid and owner label.
+    // output: database handler and effective label
+    UserData & selectDatabase(const Credentials &incoming_cred,
+                              const Label       &incoming_label);
+
+    int unlockSystemDB();
+    int unlockDatabase(uid_t            user,
+                       const Password & password);
+
     void loadDKEKFile(
         uid_t user,
-        const Password &password,
-        bool apiReq);
-
-    void chooseDKEKFile(
-        UserData &handle,
-        const Password &password,
-        const RawBuffer &first,
-        const RawBuffer &second);
+        const Password &password);
 
     void saveDKEKFile(
         uid_t user,
         const Password &password);
 
     int verifyBinaryData(
-        DBDataType dataType,
-        const RawBuffer &input_data) const;
+        DataType dataType,
+        RawBuffer &input_data) const;
+
+    int toBinaryData(
+        DataType dataType,
+        const RawBuffer &input_data,
+        RawBuffer &output_data) const;
 
     int checkSaveConditions(
         const Credentials &cred,
@@ -207,7 +246,7 @@ private:
         const Credentials &cred,
         const Name &name,
         const Label &label,
-        DBDataType dataType,
+        DataType dataType,
         const RawBuffer &data,
         const PolicySerializable &policy);
 
@@ -219,11 +258,11 @@ private:
         const PolicySerializable &keyPolicy,
         const PolicySerializable &certPolicy);
 
-    DBRow createEncryptedDBRow(
+    DB::Row createEncryptedRow(
         CryptoLogic &crypto,
         const Name &name,
         const Label &label,
-        DBDataType dataType,
+        DataType dataType,
         const RawBuffer &data,
         const Policy &policy) const;
 
@@ -231,6 +270,8 @@ private:
         const Credentials &cred,
         const Name &name,
         const Label &label,
+        const Password &keyPassword,
+        const Password &certPassword,
         KeyShPtr & privKey,
         CertificateShPtr & cert,
         CertificateShPtrVector & caChain);
@@ -242,7 +283,7 @@ private:
         const PKCS12Serializable &pkcs,
         const PolicySerializable &keyPolicy,
         const PolicySerializable &certPolicy,
-        DBRowVector &output) const;
+        DB::RowVector &output) const;
 
     int removeDataHelper(
         const Credentials &cred,
@@ -252,46 +293,53 @@ private:
     int readSingleRow(
         const Name &name,
         const Label &ownerLabel,
-        DBDataType dataType,
-        DBCrypto & database,
-        DBRow &row);
+        DataType dataType,
+        DB::Crypto & database,
+        DB::Row &row);
 
     int readMultiRow(const Name &name,
         const Label &ownerLabel,
-        DBDataType dataType,
-        DBCrypto & database,
-        DBRowVector &output);
+        DataType dataType,
+        DB::Crypto & database,
+        DB::RowVector &output);
 
     int checkDataPermissionsHelper(
+        const Credentials &cred,
         const Name &name,
         const Label &ownerLabel,
         const Label &accessorLabel,
-        const DBRow &row,
+        const DB::Row &row,
         bool exportFlag,
-        DBCrypto & database);
+        DB::Crypto & database);
 
     int readDataHelper(
         bool exportFlag,
         const Credentials &cred,
-        DBDataType dataType,
+        DataType dataType,
         const Name &name,
         const Label &label,
         const Password &password,
-        DBRow &row);
+        DB::Row &row);
 
     int readDataHelper(
         bool exportFlag,
         const Credentials &cred,
-        DBDataType dataType,
+        DataType dataType,
         const Name &name,
         const Label &label,
         const Password &password,
-        DBRowVector &rows);
+        DB::RowVector &rows);
+
+    int createKeyAESHelper(
+        const Credentials &cred,
+        const int size,
+        const Name &name,
+        const Label &label,
+        const PolicySerializable &policy);
 
     int createKeyPairHelper(
         const Credentials &cred,
-        const KeyType key_type,
-        const int additional_param,
+        const CryptoAlgorithmSerializable & keyGenParams,
         const Name &namePrivate,
         const Label &labelPrivate,
         const Name &namePublic,
@@ -299,23 +347,42 @@ private:
         const PolicySerializable &policyPrivate,
         const PolicySerializable &policyPublic);
 
-    int getCertificateChainHelper(
+    int readCertificateHelper(
         const Credentials &cred,
-        const RawBuffer &certificate,
         const LabelNameVector &labelNameVector,
-        RawBufferVector & chainRawVector);
+        CertificateImplVector &certVector);
 
-    int setPermissionHelper(
+    int getCertificateChainHelper(
+        const CertificateImpl &cert,
+        const RawBufferVector &untrustedCertificates,
+        const RawBufferVector &trustedCertificates,
+        bool useTrustedSystemCertificates,
+        RawBufferVector &chainRawVector);
+
+    int getCertificateChainHelper(
         const Credentials &cred,
-        const Name &name,
-        const Label &ownerLabel,
-        const Label &accessorLabel,
-        const Permission newPermission);
+        const CertificateImpl &cert,
+        const LabelNameVector &untrusted,
+        const LabelNameVector &trusted,
+        bool useTrustedSystemCertificates,
+        RawBufferVector &chainRawVector);
+
+    int getDataListHelper(
+        const Credentials &cred,
+        const DataType dataType,
+        LabelNameVector &labelNameVector);
+
+    int changeUserPasswordHelper(uid_t user,
+                                 const Password &oldPassword,
+                                 const Password &newPassword);
+
+    int resetUserPasswordHelper(uid_t user, const Password &newPassword);
 
+    int loadAppKey(UserData& handle, const Label& appLabel);
 
     std::map<uid_t, UserData> m_userDataMap;
-    CertificateStore m_certStore;
     AccessControl m_accessControl;
+    Crypto::Decider m_decider;
     //FileLock m_lock;
 };