2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief Sample service implementation.
27 #include <message-buffer.h>
28 #include <protocols.h>
29 #include <ckm/ckm-type.h>
30 #include <connection-info.h>
31 #include <db-crypto.h>
32 #include <key-provider.h>
33 #include <crypto-logic.h>
34 #include <file-lock.h>
35 #include <access-control.h>
36 #include <certificate-impl.h>
37 #include <sys/types.h>
39 #include <platform/decider.h>
44 KeyProvider keyProvider;
51 static const uid_t SYSTEM_DB_UID;
55 DECLARE_EXCEPTION_TYPE(CKM::Exception, Base)
56 DECLARE_EXCEPTION_TYPE(Base, DatabaseLocked)
60 CKMLogic(const CKMLogic &) = delete;
61 CKMLogic(CKMLogic &&) = delete;
62 CKMLogic& operator=(const CKMLogic &) = delete;
63 CKMLogic& operator=(CKMLogic &&) = delete;
66 RawBuffer unlockUserKey(uid_t user, const Password &password);
67 RawBuffer lockUserKey(uid_t user);
69 RawBuffer removeUserData(uid_t user);
71 RawBuffer changeUserPassword(
73 const Password &oldPassword,
74 const Password &newPassword);
76 RawBuffer resetUserPassword(
78 const Password &newPassword);
80 RawBuffer removeApplicationData(
81 const Label &smackLabel);
84 const Credentials &cred,
88 const RawBuffer &data,
90 const PolicySerializable &policy);
93 const Credentials &cred,
97 const PKCS12Serializable &pkcs,
98 const PolicySerializable &keyPolicy,
99 const PolicySerializable &certPolicy);
101 RawBuffer removeData(
102 const Credentials &cred,
108 const Credentials &cred,
113 const Password &password);
116 const Credentials &cred,
120 const Password &keyPassword,
121 const Password &certPassword);
123 RawBuffer getDataList(
124 const Credentials &cred,
128 RawBuffer createKeyPair(
129 const Credentials &cred,
130 LogicCommand protocol_cmd,
132 const int additional_param,
133 const Name &namePrivate,
134 const Label &labelPrivate,
135 const Name &namePublic,
136 const Label &labelPublic,
137 const PolicySerializable &policyPrivate,
138 const PolicySerializable &policyPublic);
140 RawBuffer getCertificateChain(
141 const Credentials &cred,
143 const RawBuffer &certificate,
144 const RawBufferVector &untrustedCertificates,
145 const RawBufferVector &trustedCertificates,
146 bool useTrustedSystemCertificates);
148 RawBuffer getCertificateChain(
149 const Credentials &cred,
151 const RawBuffer &certificate,
152 const LabelNameVector &untrustedCertificates,
153 const LabelNameVector &trustedCertificates,
154 bool useTrustedSystemCertificates);
156 RawBuffer createSignature(
157 const Credentials &cred,
159 const Name &privateKeyName,
160 const Label & ownerLabel,
161 const Password &password, // password for private_key
162 const RawBuffer &message,
163 const HashAlgorithm hash,
164 const RSAPaddingAlgorithm padding);
166 RawBuffer verifySignature(
167 const Credentials &cred,
169 const Name &publicKeyOrCertName,
171 const Password &password, // password for public_key (optional)
172 const RawBuffer &message,
173 const RawBuffer &signature,
174 const HashAlgorithm hash,
175 const RSAPaddingAlgorithm padding);
177 RawBuffer updateCCMode();
179 RawBuffer setPermission(
180 const Credentials &cred,
185 const Label &accessor_label,
186 const PermissionMask permissionMask);
188 int setPermissionHelper(
189 const Credentials &cred,
191 const Label &ownerLabel,
192 const Label &accessorLabel,
193 const PermissionMask permissionMask);
195 int verifyAndSaveDataHelper(
196 const Credentials &cred,
199 const RawBuffer &data,
201 const PolicySerializable &policy);
205 // select private/system database depending on asking uid and owner label.
206 // output: database handler and effective label
207 UserData & selectDatabase(const Credentials &incoming_cred,
208 const Label &incoming_label);
210 int unlockSystemDB();
211 int unlockDatabase(uid_t user,
212 const Password & password);
216 const Password &password);
220 const Password &password);
222 int verifyBinaryData(
224 RawBuffer &input_data) const;
228 const RawBuffer &input_data,
229 RawBuffer &output_data) const;
231 int checkSaveConditions(
232 const Credentials &cred,
238 const Credentials &cred,
242 const RawBuffer &data,
243 const PolicySerializable &policy);
246 const Credentials &cred,
249 const PKCS12Serializable &pkcs,
250 const PolicySerializable &keyPolicy,
251 const PolicySerializable &certPolicy);
253 DB::Row createEncryptedRow(
258 const RawBuffer &data,
259 const Policy &policy) const;
262 const Credentials &cred,
265 const Password &keyPassword,
266 const Password &certPassword,
268 CertificateShPtr & cert,
269 CertificateShPtrVector & caChain);
271 int extractPKCS12Data(
274 const Label &ownerLabel,
275 const PKCS12Serializable &pkcs,
276 const PolicySerializable &keyPolicy,
277 const PolicySerializable &certPolicy,
278 DB::RowVector &output) const;
280 int removeDataHelper(
281 const Credentials &cred,
283 const Label &ownerLabel);
287 const Label &ownerLabel,
289 DB::Crypto & database,
292 int readMultiRow(const Name &name,
293 const Label &ownerLabel,
295 DB::Crypto & database,
296 DB::RowVector &output);
298 int checkDataPermissionsHelper(
299 const Credentials &cred,
301 const Label &ownerLabel,
302 const Label &accessorLabel,
305 DB::Crypto & database);
309 const Credentials &cred,
313 const Password &password,
318 const Credentials &cred,
322 const Password &password,
323 DB::RowVector &rows);
325 int createKeyPairHelper(
326 const Credentials &cred,
327 const KeyType key_type,
328 const int additional_param,
329 const Name &namePrivate,
330 const Label &labelPrivate,
331 const Name &namePublic,
332 const Label &labelPublic,
333 const PolicySerializable &policyPrivate,
334 const PolicySerializable &policyPublic);
336 int readCertificateHelper(
337 const Credentials &cred,
338 const LabelNameVector &labelNameVector,
339 CertificateImplVector &certVector);
341 int getCertificateChainHelper(
342 const CertificateImpl &cert,
343 const RawBufferVector &untrustedCertificates,
344 const RawBufferVector &trustedCertificates,
345 bool useTrustedSystemCertificates,
346 RawBufferVector &chainRawVector);
348 int getCertificateChainHelper(
349 const Credentials &cred,
350 const CertificateImpl &cert,
351 const LabelNameVector &untrusted,
352 const LabelNameVector &trusted,
353 bool useTrustedSystemCertificates,
354 RawBufferVector &chainRawVector);
356 int getDataListHelper(
357 const Credentials &cred,
358 const DataType dataType,
359 LabelNameVector &labelNameVector);
361 int changeUserPasswordHelper(uid_t user,
362 const Password &oldPassword,
363 const Password &newPassword);
365 int resetUserPasswordHelper(uid_t user, const Password &newPassword);
367 std::map<uid_t, UserData> m_userDataMap;
368 AccessControl m_accessControl;
369 Crypto::Decider m_decider;