2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief Sample service implementation.
27 #include <message-buffer.h>
28 #include <protocols.h>
29 #include <ckm/ckm-type.h>
30 #include <connection-info.h>
31 #include <db-crypto.h>
32 #include <key-provider.h>
33 #include <crypto-logic.h>
34 #include <file-lock.h>
35 #include <access-control.h>
36 #include <certificate-impl.h>
37 #include <sys/types.h>
38 #include <generic-backend/gkey.h>
40 #include <platform/decider.h>
45 KeyProvider keyProvider;
52 static const uid_t SYSTEM_DB_UID;
55 CKMLogic(const CKMLogic &) = delete;
56 CKMLogic(CKMLogic &&) = delete;
57 CKMLogic& operator=(const CKMLogic &) = delete;
58 CKMLogic& operator=(CKMLogic &&) = delete;
61 RawBuffer unlockUserKey(uid_t user, const Password &password);
62 RawBuffer lockUserKey(uid_t user);
64 RawBuffer removeUserData(uid_t user);
66 RawBuffer changeUserPassword(
68 const Password &oldPassword,
69 const Password &newPassword);
71 RawBuffer resetUserPassword(
73 const Password &newPassword);
75 RawBuffer removeApplicationData(
76 const Label &smackLabel);
79 const Credentials &cred,
83 const RawBuffer &data,
85 const PolicySerializable &policy);
88 const Credentials &cred,
92 const PKCS12Serializable &pkcs,
93 const PolicySerializable &keyPolicy,
94 const PolicySerializable &certPolicy);
97 const Credentials &cred,
103 const Credentials &cred,
108 const Password &password);
111 const Credentials &cred,
115 const Password &keyPassword,
116 const Password &certPassword);
118 RawBuffer getDataList(
119 const Credentials &cred,
123 RawBuffer createKeyPair(
124 const Credentials &cred,
126 const CryptoAlgorithmSerializable & keyGenParams,
127 const Name &namePrivate,
128 const Label &labelPrivate,
129 const Name &namePublic,
130 const Label &labelPublic,
131 const PolicySerializable &policyPrivate,
132 const PolicySerializable &policyPublic);
134 RawBuffer createKeyAES(
135 const Credentials &cred,
140 const PolicySerializable &policy);
142 RawBuffer getCertificateChain(
143 const Credentials &cred,
145 const RawBuffer &certificate,
146 const RawBufferVector &untrustedCertificates,
147 const RawBufferVector &trustedCertificates,
148 bool useTrustedSystemCertificates);
150 RawBuffer getCertificateChain(
151 const Credentials &cred,
153 const RawBuffer &certificate,
154 const LabelNameVector &untrustedCertificates,
155 const LabelNameVector &trustedCertificates,
156 bool useTrustedSystemCertificates);
158 RawBuffer createSignature(
159 const Credentials &cred,
161 const Name &privateKeyName,
162 const Label & ownerLabel,
163 const Password &password, // password for private_key
164 const RawBuffer &message,
165 const HashAlgorithm hash,
166 const RSAPaddingAlgorithm padding);
168 RawBuffer verifySignature(
169 const Credentials &cred,
171 const Name &publicKeyOrCertName,
173 const Password &password, // password for public_key (optional)
174 const RawBuffer &message,
175 const RawBuffer &signature,
176 const HashAlgorithm hash,
177 const RSAPaddingAlgorithm padding);
179 RawBuffer updateCCMode();
181 RawBuffer setPermission(
182 const Credentials &cred,
187 const Label &accessor_label,
188 const PermissionMask permissionMask);
190 int setPermissionHelper(
191 const Credentials &cred,
193 const Label &ownerLabel,
194 const Label &accessorLabel,
195 const PermissionMask permissionMask);
197 int verifyAndSaveDataHelper(
198 const Credentials &cred,
201 const RawBuffer &data,
203 const PolicySerializable &policy);
205 int getKeyForService(const Credentials &cred,
208 const Password& pass,
209 Crypto::GKeyShPtr& key);
213 // select private/system database depending on asking uid and owner label.
214 // output: database handler and effective label
215 UserData & selectDatabase(const Credentials &incoming_cred,
216 const Label &incoming_label);
218 int unlockSystemDB();
219 int unlockDatabase(uid_t user,
220 const Password & password);
224 const Password &password);
228 const Password &password);
230 int verifyBinaryData(
232 RawBuffer &input_data) const;
236 const RawBuffer &input_data,
237 RawBuffer &output_data) const;
239 int checkSaveConditions(
240 const Credentials &cred,
246 const Credentials &cred,
250 const RawBuffer &data,
251 const PolicySerializable &policy);
254 const Credentials &cred,
257 const PKCS12Serializable &pkcs,
258 const PolicySerializable &keyPolicy,
259 const PolicySerializable &certPolicy);
261 DB::Row createEncryptedRow(
266 const RawBuffer &data,
267 const Policy &policy) const;
270 const Credentials &cred,
273 const Password &keyPassword,
274 const Password &certPassword,
276 CertificateShPtr & cert,
277 CertificateShPtrVector & caChain);
279 int extractPKCS12Data(
282 const Label &ownerLabel,
283 const PKCS12Serializable &pkcs,
284 const PolicySerializable &keyPolicy,
285 const PolicySerializable &certPolicy,
286 DB::RowVector &output) const;
288 int removeDataHelper(
289 const Credentials &cred,
291 const Label &ownerLabel);
295 const Label &ownerLabel,
297 DB::Crypto & database,
300 int readMultiRow(const Name &name,
301 const Label &ownerLabel,
303 DB::Crypto & database,
304 DB::RowVector &output);
306 int checkDataPermissionsHelper(
307 const Credentials &cred,
309 const Label &ownerLabel,
310 const Label &accessorLabel,
313 DB::Crypto & database);
317 const Credentials &cred,
321 const Password &password,
326 const Credentials &cred,
330 const Password &password,
331 DB::RowVector &rows);
333 int createKeyAESHelper(
334 const Credentials &cred,
338 const PolicySerializable &policy);
340 int createKeyPairHelper(
341 const Credentials &cred,
342 const CryptoAlgorithmSerializable & keyGenParams,
343 const Name &namePrivate,
344 const Label &labelPrivate,
345 const Name &namePublic,
346 const Label &labelPublic,
347 const PolicySerializable &policyPrivate,
348 const PolicySerializable &policyPublic);
350 int readCertificateHelper(
351 const Credentials &cred,
352 const LabelNameVector &labelNameVector,
353 CertificateImplVector &certVector);
355 int getCertificateChainHelper(
356 const CertificateImpl &cert,
357 const RawBufferVector &untrustedCertificates,
358 const RawBufferVector &trustedCertificates,
359 bool useTrustedSystemCertificates,
360 RawBufferVector &chainRawVector);
362 int getCertificateChainHelper(
363 const Credentials &cred,
364 const CertificateImpl &cert,
365 const LabelNameVector &untrusted,
366 const LabelNameVector &trusted,
367 bool useTrustedSystemCertificates,
368 RawBufferVector &chainRawVector);
370 int getDataListHelper(
371 const Credentials &cred,
372 const DataType dataType,
373 LabelNameVector &labelNameVector);
375 int changeUserPasswordHelper(uid_t user,
376 const Password &oldPassword,
377 const Password &newPassword);
379 int resetUserPasswordHelper(uid_t user, const Password &newPassword);
381 std::map<uid_t, UserData> m_userDataMap;
382 AccessControl m_accessControl;
383 Crypto::Decider m_decider;