2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief Sample service implementation.
27 #include <message-buffer.h>
28 #include <protocols.h>
29 #include <ckm/ckm-type.h>
30 #include <connection-info.h>
31 #include <db-crypto.h>
32 #include <key-provider.h>
33 #include <crypto-logic.h>
34 #include <file-lock.h>
35 #include <access-control.h>
36 #include <certificate-impl.h>
37 #include <sys/types.h>
39 #include <platform/decider.h>
44 KeyProvider keyProvider;
54 DECLARE_EXCEPTION_TYPE(CKM::Exception, Base)
55 DECLARE_EXCEPTION_TYPE(Base, DatabaseLocked)
59 CKMLogic(const CKMLogic &) = delete;
60 CKMLogic(CKMLogic &&) = delete;
61 CKMLogic& operator=(const CKMLogic &) = delete;
62 CKMLogic& operator=(CKMLogic &&) = delete;
65 RawBuffer unlockUserKey(uid_t user, const Password &password);
66 RawBuffer lockUserKey(uid_t user);
68 RawBuffer removeUserData(uid_t user);
70 RawBuffer changeUserPassword(
72 const Password &oldPassword,
73 const Password &newPassword);
75 RawBuffer resetUserPassword(
77 const Password &newPassword);
79 RawBuffer removeApplicationData(
80 const Label &smackLabel);
83 const Credentials &cred,
87 const RawBuffer &data,
89 const PolicySerializable &policy);
92 const Credentials &cred,
96 const PKCS12Serializable &pkcs,
97 const PolicySerializable &keyPolicy,
98 const PolicySerializable &certPolicy);
100 RawBuffer removeData(
101 const Credentials &cred,
107 const Credentials &cred,
112 const Password &password);
115 const Credentials &cred,
119 const Password &keyPassword,
120 const Password &certPassword);
122 RawBuffer getDataList(
123 const Credentials &cred,
127 RawBuffer createKeyPair(
128 const Credentials &cred,
129 LogicCommand protocol_cmd,
131 const int additional_param,
132 const Name &namePrivate,
133 const Label &labelPrivate,
134 const Name &namePublic,
135 const Label &labelPublic,
136 const PolicySerializable &policyPrivate,
137 const PolicySerializable &policyPublic);
139 RawBuffer getCertificateChain(
140 const Credentials &cred,
142 const RawBuffer &certificate,
143 const RawBufferVector &untrustedCertificates,
144 const RawBufferVector &trustedCertificates,
145 bool useTrustedSystemCertificates);
147 RawBuffer getCertificateChain(
148 const Credentials &cred,
150 const RawBuffer &certificate,
151 const LabelNameVector &untrustedCertificates,
152 const LabelNameVector &trustedCertificates,
153 bool useTrustedSystemCertificates);
155 RawBuffer createSignature(
156 const Credentials &cred,
158 const Name &privateKeyName,
159 const Label & ownerLabel,
160 const Password &password, // password for private_key
161 const RawBuffer &message,
162 const HashAlgorithm hash,
163 const RSAPaddingAlgorithm padding);
165 RawBuffer verifySignature(
166 const Credentials &cred,
168 const Name &publicKeyOrCertName,
170 const Password &password, // password for public_key (optional)
171 const RawBuffer &message,
172 const RawBuffer &signature,
173 const HashAlgorithm hash,
174 const RSAPaddingAlgorithm padding);
176 RawBuffer updateCCMode();
178 RawBuffer setPermission(
179 const Credentials &cred,
184 const Label &accessor_label,
185 const PermissionMask permissionMask);
189 // select private/system database depending on asking uid and owner label.
190 // output: database handler and effective label
191 UserData & selectDatabase(const Credentials &incoming_cred,
192 const Label &incoming_label);
194 int unlockSystemDB();
195 int unlockDatabase(uid_t user,
196 const Password & password);
200 const Password &password);
204 const Password &password);
206 int verifyBinaryData(
208 const RawBuffer &input_data) const;
210 int checkSaveConditions(
211 const Credentials &cred,
217 const Credentials &cred,
221 const RawBuffer &data,
222 const PolicySerializable &policy);
225 const Credentials &cred,
228 const PKCS12Serializable &pkcs,
229 const PolicySerializable &keyPolicy,
230 const PolicySerializable &certPolicy);
232 DB::Row createEncryptedRow(
237 const RawBuffer &data,
238 const Policy &policy) const;
241 const Credentials &cred,
244 const Password &keyPassword,
245 const Password &certPassword,
247 CertificateShPtr & cert,
248 CertificateShPtrVector & caChain);
250 int extractPKCS12Data(
253 const Label &ownerLabel,
254 const PKCS12Serializable &pkcs,
255 const PolicySerializable &keyPolicy,
256 const PolicySerializable &certPolicy,
257 DB::RowVector &output) const;
259 int removeDataHelper(
260 const Credentials &cred,
262 const Label &ownerLabel);
266 const Label &ownerLabel,
268 DB::Crypto & database,
271 int readMultiRow(const Name &name,
272 const Label &ownerLabel,
274 DB::Crypto & database,
275 DB::RowVector &output);
277 int checkDataPermissionsHelper(
278 const Credentials &cred,
280 const Label &ownerLabel,
281 const Label &accessorLabel,
284 DB::Crypto & database);
288 const Credentials &cred,
292 const Password &password,
297 const Credentials &cred,
301 const Password &password,
302 DB::RowVector &rows);
304 int createKeyPairHelper(
305 const Credentials &cred,
306 const KeyType key_type,
307 const int additional_param,
308 const Name &namePrivate,
309 const Label &labelPrivate,
310 const Name &namePublic,
311 const Label &labelPublic,
312 const PolicySerializable &policyPrivate,
313 const PolicySerializable &policyPublic);
315 int readCertificateHelper(
316 const Credentials &cred,
317 const LabelNameVector &labelNameVector,
318 CertificateImplVector &certVector);
320 int getCertificateChainHelper(
321 const CertificateImpl &cert,
322 const RawBufferVector &untrustedCertificates,
323 const RawBufferVector &trustedCertificates,
324 bool useTrustedSystemCertificates,
325 RawBufferVector &chainRawVector);
327 int getCertificateChainHelper(
328 const Credentials &cred,
329 const CertificateImpl &cert,
330 const LabelNameVector &untrusted,
331 const LabelNameVector &trusted,
332 bool useTrustedSystemCertificates,
333 RawBufferVector &chainRawVector);
335 int setPermissionHelper(
336 const Credentials &cred,
338 const Label &ownerLabel,
339 const Label &accessorLabel,
340 const PermissionMask permissionMask);
342 int getDataListHelper(
343 const Credentials &cred,
344 const DataType dataType,
345 LabelNameVector &labelNameVector);
347 int changeUserPasswordHelper(uid_t user,
348 const Password &oldPassword,
349 const Password &newPassword);
351 int resetUserPasswordHelper(uid_t user, const Password &newPassword);
353 std::map<uid_t, UserData> m_userDataMap;
354 AccessControl m_accessControl;
355 Crypto::Decider m_decider;