2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief Sample service implementation.
27 #include <message-buffer.h>
28 #include <protocols.h>
29 #include <ckm/ckm-type.h>
30 #include <connection-info.h>
31 #include <db-crypto.h>
32 #include <key-provider.h>
33 #include <crypto-logic.h>
34 #include <file-lock.h>
35 #include <access-control.h>
36 #include <certificate-impl.h>
37 #include <sys/types.h>
39 #include <platform/decider.h>
44 KeyProvider keyProvider;
51 static const uid_t SYSTEM_DB_UID;
54 CKMLogic(const CKMLogic &) = delete;
55 CKMLogic(CKMLogic &&) = delete;
56 CKMLogic& operator=(const CKMLogic &) = delete;
57 CKMLogic& operator=(CKMLogic &&) = delete;
60 RawBuffer unlockUserKey(uid_t user, const Password &password);
61 RawBuffer lockUserKey(uid_t user);
63 RawBuffer removeUserData(uid_t user);
65 RawBuffer changeUserPassword(
67 const Password &oldPassword,
68 const Password &newPassword);
70 RawBuffer resetUserPassword(
72 const Password &newPassword);
74 RawBuffer removeApplicationData(
75 const Label &smackLabel);
78 const Credentials &cred,
82 const RawBuffer &data,
84 const PolicySerializable &policy);
87 const Credentials &cred,
91 const PKCS12Serializable &pkcs,
92 const PolicySerializable &keyPolicy,
93 const PolicySerializable &certPolicy);
96 const Credentials &cred,
102 const Credentials &cred,
107 const Password &password);
110 const Credentials &cred,
114 const Password &keyPassword,
115 const Password &certPassword);
117 RawBuffer getDataList(
118 const Credentials &cred,
122 RawBuffer createKeyPair(
123 const Credentials &cred,
125 const CryptoAlgorithmSerializable & keyGenParams,
126 const Name &namePrivate,
127 const Label &labelPrivate,
128 const Name &namePublic,
129 const Label &labelPublic,
130 const PolicySerializable &policyPrivate,
131 const PolicySerializable &policyPublic);
133 RawBuffer createKeyAES(
134 const Credentials &cred,
139 const PolicySerializable &policy);
141 RawBuffer getCertificateChain(
142 const Credentials &cred,
144 const RawBuffer &certificate,
145 const RawBufferVector &untrustedCertificates,
146 const RawBufferVector &trustedCertificates,
147 bool useTrustedSystemCertificates);
149 RawBuffer getCertificateChain(
150 const Credentials &cred,
152 const RawBuffer &certificate,
153 const LabelNameVector &untrustedCertificates,
154 const LabelNameVector &trustedCertificates,
155 bool useTrustedSystemCertificates);
157 RawBuffer createSignature(
158 const Credentials &cred,
160 const Name &privateKeyName,
161 const Label & ownerLabel,
162 const Password &password, // password for private_key
163 const RawBuffer &message,
164 const HashAlgorithm hash,
165 const RSAPaddingAlgorithm padding);
167 RawBuffer verifySignature(
168 const Credentials &cred,
170 const Name &publicKeyOrCertName,
172 const Password &password, // password for public_key (optional)
173 const RawBuffer &message,
174 const RawBuffer &signature,
175 const HashAlgorithm hash,
176 const RSAPaddingAlgorithm padding);
178 RawBuffer updateCCMode();
180 RawBuffer setPermission(
181 const Credentials &cred,
186 const Label &accessor_label,
187 const PermissionMask permissionMask);
189 int setPermissionHelper(
190 const Credentials &cred,
192 const Label &ownerLabel,
193 const Label &accessorLabel,
194 const PermissionMask permissionMask);
196 int verifyAndSaveDataHelper(
197 const Credentials &cred,
200 const RawBuffer &data,
202 const PolicySerializable &policy);
206 // select private/system database depending on asking uid and owner label.
207 // output: database handler and effective label
208 UserData & selectDatabase(const Credentials &incoming_cred,
209 const Label &incoming_label);
211 int unlockSystemDB();
212 int unlockDatabase(uid_t user,
213 const Password & password);
217 const Password &password);
221 const Password &password);
223 int verifyBinaryData(
225 RawBuffer &input_data) const;
229 const RawBuffer &input_data,
230 RawBuffer &output_data) const;
232 int checkSaveConditions(
233 const Credentials &cred,
239 const Credentials &cred,
243 const RawBuffer &data,
244 const PolicySerializable &policy);
247 const Credentials &cred,
250 const PKCS12Serializable &pkcs,
251 const PolicySerializable &keyPolicy,
252 const PolicySerializable &certPolicy);
254 DB::Row createEncryptedRow(
259 const RawBuffer &data,
260 const Policy &policy) const;
263 const Credentials &cred,
266 const Password &keyPassword,
267 const Password &certPassword,
269 CertificateShPtr & cert,
270 CertificateShPtrVector & caChain);
272 int extractPKCS12Data(
275 const Label &ownerLabel,
276 const PKCS12Serializable &pkcs,
277 const PolicySerializable &keyPolicy,
278 const PolicySerializable &certPolicy,
279 DB::RowVector &output) const;
281 int removeDataHelper(
282 const Credentials &cred,
284 const Label &ownerLabel);
288 const Label &ownerLabel,
290 DB::Crypto & database,
293 int readMultiRow(const Name &name,
294 const Label &ownerLabel,
296 DB::Crypto & database,
297 DB::RowVector &output);
299 int checkDataPermissionsHelper(
300 const Credentials &cred,
302 const Label &ownerLabel,
303 const Label &accessorLabel,
306 DB::Crypto & database);
310 const Credentials &cred,
314 const Password &password,
319 const Credentials &cred,
323 const Password &password,
324 DB::RowVector &rows);
326 int createKeyAESHelper(
327 const Credentials &cred,
331 const PolicySerializable &policy);
333 int createKeyPairHelper(
334 const Credentials &cred,
335 const CryptoAlgorithmSerializable & keyGenParams,
336 const Name &namePrivate,
337 const Label &labelPrivate,
338 const Name &namePublic,
339 const Label &labelPublic,
340 const PolicySerializable &policyPrivate,
341 const PolicySerializable &policyPublic);
343 int readCertificateHelper(
344 const Credentials &cred,
345 const LabelNameVector &labelNameVector,
346 CertificateImplVector &certVector);
348 int getCertificateChainHelper(
349 const CertificateImpl &cert,
350 const RawBufferVector &untrustedCertificates,
351 const RawBufferVector &trustedCertificates,
352 bool useTrustedSystemCertificates,
353 RawBufferVector &chainRawVector);
355 int getCertificateChainHelper(
356 const Credentials &cred,
357 const CertificateImpl &cert,
358 const LabelNameVector &untrusted,
359 const LabelNameVector &trusted,
360 bool useTrustedSystemCertificates,
361 RawBufferVector &chainRawVector);
363 int getDataListHelper(
364 const Credentials &cred,
365 const DataType dataType,
366 LabelNameVector &labelNameVector);
368 int changeUserPasswordHelper(uid_t user,
369 const Password &oldPassword,
370 const Password &newPassword);
372 int resetUserPasswordHelper(uid_t user, const Password &newPassword);
374 std::map<uid_t, UserData> m_userDataMap;
375 AccessControl m_accessControl;
376 Crypto::Decider m_decider;