namespace {
const CKM::InterfaceID SOCKET_ID_CONTROL = 0;
const CKM::InterfaceID SOCKET_ID_STORAGE = 1;
+const CKM::InterfaceID SOCKET_ID_EXTENDED = 2;
} // namespace anonymous
namespace CKM {
{
// empty string on privilege field means non-privileged
return ServiceDescriptionVector {
- {SERVICE_SOCKET_CKM_CONTROL, "http://tizen.org/privilege/internal/service", SOCKET_ID_CONTROL},
- {SERVICE_SOCKET_CKM_STORAGE, "", SOCKET_ID_STORAGE}
+ {SERVICE_SOCKET_CKM_CONTROL, "http://tizen.org/privilege/internal/service",
+ SOCKET_ID_CONTROL},
+ {SERVICE_SOCKET_CKM_STORAGE, "", SOCKET_ID_STORAGE},
+ {SERVICE_SOCKET_CKM_EXTENDED, "http://tizen.org/privilege/keymanager.extended",
+ SOCKET_ID_EXTENDED}
};
}
Register(*manager);
}
+void CKMService::DeserializeCommand(
+ Credentials &cred,
+ MessageBuffer &buffer,
+ LogicCommand& command,
+ int& msgId)
+{
+ buffer.Deserialize(command);
+ buffer.Deserialize(msgId);
+
+ // This is a workaround solution for locktype=None in Tizen 2.2.1
+ // When locktype is None, lockscreen app doesn't interfere with unlocking process.
+ // Therefor lockscreen app cannot notify unlock events to key-manager when locktype is None.
+ // So, to unlock user data when lock type is None, key-manager always try to unlock user data
+ // with null password. Even if the result is fail, it will be ignored.
+ Password nullPassword("");
+ m_logic->unlockUserKey(cred.clientUid, nullPassword);
+}
+
bool CKMService::ProcessOne(
const ConnectionID &conn,
ConnectionInfo &info,
if (!info.buffer.Ready())
return false;
- if (info.interfaceID == SOCKET_ID_CONTROL)
- response = ProcessControl(info.buffer, allowed);
- else
- response = ProcessStorage(info.credentials, info.buffer);
+ switch(info.interfaceID) {
+ case SOCKET_ID_CONTROL:
+ response = ProcessControl(info.buffer, allowed);
+ break;
+ case SOCKET_ID_STORAGE:
+ response = ProcessStorage(info.credentials, info.buffer);
+ break;
+ case SOCKET_ID_EXTENDED:
+ response = ProcessExtended(info.credentials, info.buffer, allowed);
+ break;
+ }
m_serviceManager->Write(conn, response);
Name name;
ClientId explicitOwner, accessor;
- buffer.Deserialize(command);
- buffer.Deserialize(msgId);
-
- // This is a workaround solution for locktype=None in Tizen 2.2.1
- // When locktype is None, lockscreen app doesn't interfere with unlocking process.
- // Therefor lockscreen app cannot notify unlock events to key-manager when locktype is None.
- // So, to unlock user data when lock type is None, key-manager always try to unlock user data with null password.
- // Even if the result is fail, it will be ignored.
- Password nullPassword("");
- m_logic->unlockUserKey(cred.clientUid, nullPassword);
+ DeserializeCommand(cred, buffer, command, msgId);
LogDebug("Process storage. Command: " << static_cast<int>(command));
keyPassword);
}
+ case LogicCommand::GET_BACKEND_INFO: {
+ BackendId backend;
+
+ buffer.Deserialize(backend);
+
+ return m_logic->getBackendInfo(msgId, backend);
+ }
+
+ default:
+ Throw(Exception::BrokenProtocol);
+ }
+}
+
+RawBuffer CKMService::ProcessExtended(Credentials &cred, MessageBuffer &buffer, bool allowed)
+{
+ LogicCommand command;
+ int msgId = 0;
+ DataType tmpDataType;
+ Name name;
+ ClientId explicitOwner, accessor;
+
+ DeserializeCommand(cred, buffer, command, msgId);
+
+ LogDebug("Process extended. Command: " << static_cast<int>(command));
+
+ std::function<RawBuffer(void)> logicFunc;
+
+ switch (command) {
case LogicCommand::WRAP_CONCATENATED_DATA: {
CryptoAlgorithmSerializable params;
Name wrappingKeyName;
keyPassword,
data);
- return m_logic->wrapConcatenatedData(
+ logicFunc = [&, params, wrappingKeyName, wrappingKeyOwner, wrappingKeyPassword, keyName,
+ keyPassword, data]() {
+ return m_logic->wrapConcatenatedData(
cred,
msgId,
params,
cred.effectiveOwner(explicitOwner),
keyPassword,
data);
+ };
+ break;
}
case LogicCommand::UNWRAP_CONCATENATED_DATA: {
size,
policy);
- return m_logic->unwrapConcatenatedData(
- cred,
- msgId,
- params,
- wrappingKeyName,
- cred.effectiveOwner(wrappingKeyOwner),
- wrappingKeyPassword,
- wrappedKey,
- keyName,
- cred.effectiveOwner(explicitOwner),
- size,
- policy);
- }
-
- case LogicCommand::GET_BACKEND_INFO: {
- BackendId backend;
-
- buffer.Deserialize(backend);
-
- return m_logic->getBackendInfo(msgId, backend);
+ logicFunc = [&, params, wrappingKeyName, wrappingKeyOwner, wrappingKeyPassword, wrappedKey,
+ keyName, size, policy]() {
+ return m_logic->unwrapConcatenatedData(
+ cred,
+ msgId,
+ params,
+ wrappingKeyName,
+ cred.effectiveOwner(wrappingKeyOwner),
+ wrappingKeyPassword,
+ wrappedKey,
+ keyName,
+ cred.effectiveOwner(explicitOwner),
+ size,
+ policy);
+ };
+ break;
}
default:
Throw(Exception::BrokenProtocol);
}
+
+ if (!allowed) {
+ LogError("Access denied!");
+ return SerializeMessage(msgId, CKM_API_ERROR_ACCESS_DENIED, RawBuffer());
+ }
+
+ return logicFunc();
}
void CKMService::ProcessMessage(MsgKeyRequest msg)
projects / platform / core / security / key-manager.git / commitdiff