2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief Sample service implementation.
27 #include <message-buffer.h>
28 #include <protocols.h>
29 #include <ckm/ckm-type.h>
30 #include <connection-info.h>
31 #include <db-crypto.h>
32 #include <key-provider.h>
33 #include <crypto-logic.h>
34 #include <file-lock.h>
35 #include <access-control.h>
36 #include <certificate-impl.h>
37 #include <sys/types.h>
39 #include <platform/decider.h>
44 KeyProvider keyProvider;
51 static const uid_t SYSTEM_DB_UID;
55 DECLARE_EXCEPTION_TYPE(CKM::Exception, Base)
56 DECLARE_EXCEPTION_TYPE(Base, DatabaseLocked)
60 CKMLogic(const CKMLogic &) = delete;
61 CKMLogic(CKMLogic &&) = delete;
62 CKMLogic& operator=(const CKMLogic &) = delete;
63 CKMLogic& operator=(CKMLogic &&) = delete;
66 RawBuffer unlockUserKey(uid_t user, const Password &password);
67 RawBuffer lockUserKey(uid_t user);
69 RawBuffer removeUserData(uid_t user);
71 RawBuffer changeUserPassword(
73 const Password &oldPassword,
74 const Password &newPassword);
76 RawBuffer resetUserPassword(
78 const Password &newPassword);
80 RawBuffer removeApplicationData(
81 const Label &smackLabel);
84 const Credentials &cred,
88 const RawBuffer &data,
90 const PolicySerializable &policy);
93 const Credentials &cred,
97 const PKCS12Serializable &pkcs,
98 const PolicySerializable &keyPolicy,
99 const PolicySerializable &certPolicy);
101 RawBuffer removeData(
102 const Credentials &cred,
108 const Credentials &cred,
113 const Password &password);
116 const Credentials &cred,
120 const Password &keyPassword,
121 const Password &certPassword);
123 RawBuffer getDataList(
124 const Credentials &cred,
128 RawBuffer createKeyPair(
129 const Credentials &cred,
131 const CryptoAlgorithmSerializable & keyGenParams,
132 const Name &namePrivate,
133 const Label &labelPrivate,
134 const Name &namePublic,
135 const Label &labelPublic,
136 const PolicySerializable &policyPrivate,
137 const PolicySerializable &policyPublic);
139 RawBuffer createKeyAES(
140 const Credentials &cred,
145 const PolicySerializable &policy);
147 RawBuffer getCertificateChain(
148 const Credentials &cred,
150 const RawBuffer &certificate,
151 const RawBufferVector &untrustedCertificates,
152 const RawBufferVector &trustedCertificates,
153 bool useTrustedSystemCertificates);
155 RawBuffer getCertificateChain(
156 const Credentials &cred,
158 const RawBuffer &certificate,
159 const LabelNameVector &untrustedCertificates,
160 const LabelNameVector &trustedCertificates,
161 bool useTrustedSystemCertificates);
163 RawBuffer createSignature(
164 const Credentials &cred,
166 const Name &privateKeyName,
167 const Label & ownerLabel,
168 const Password &password, // password for private_key
169 const RawBuffer &message,
170 const HashAlgorithm hash,
171 const RSAPaddingAlgorithm padding);
173 RawBuffer verifySignature(
174 const Credentials &cred,
176 const Name &publicKeyOrCertName,
178 const Password &password, // password for public_key (optional)
179 const RawBuffer &message,
180 const RawBuffer &signature,
181 const HashAlgorithm hash,
182 const RSAPaddingAlgorithm padding);
184 RawBuffer updateCCMode();
186 RawBuffer setPermission(
187 const Credentials &cred,
192 const Label &accessor_label,
193 const PermissionMask permissionMask);
195 int setPermissionHelper(
196 const Credentials &cred,
198 const Label &ownerLabel,
199 const Label &accessorLabel,
200 const PermissionMask permissionMask);
202 int verifyAndSaveDataHelper(
203 const Credentials &cred,
206 const RawBuffer &data,
208 const PolicySerializable &policy);
212 // select private/system database depending on asking uid and owner label.
213 // output: database handler and effective label
214 UserData & selectDatabase(const Credentials &incoming_cred,
215 const Label &incoming_label);
217 int unlockSystemDB();
218 int unlockDatabase(uid_t user,
219 const Password & password);
223 const Password &password);
227 const Password &password);
229 int verifyBinaryData(
231 RawBuffer &input_data) const;
235 const RawBuffer &input_data,
236 RawBuffer &output_data) const;
238 int checkSaveConditions(
239 const Credentials &cred,
245 const Credentials &cred,
249 const RawBuffer &data,
250 const PolicySerializable &policy);
253 const Credentials &cred,
256 const PKCS12Serializable &pkcs,
257 const PolicySerializable &keyPolicy,
258 const PolicySerializable &certPolicy);
260 DB::Row createEncryptedRow(
265 const RawBuffer &data,
266 const Policy &policy) const;
269 const Credentials &cred,
272 const Password &keyPassword,
273 const Password &certPassword,
275 CertificateShPtr & cert,
276 CertificateShPtrVector & caChain);
278 int extractPKCS12Data(
281 const Label &ownerLabel,
282 const PKCS12Serializable &pkcs,
283 const PolicySerializable &keyPolicy,
284 const PolicySerializable &certPolicy,
285 DB::RowVector &output) const;
287 int removeDataHelper(
288 const Credentials &cred,
290 const Label &ownerLabel);
294 const Label &ownerLabel,
296 DB::Crypto & database,
299 int readMultiRow(const Name &name,
300 const Label &ownerLabel,
302 DB::Crypto & database,
303 DB::RowVector &output);
305 int checkDataPermissionsHelper(
306 const Credentials &cred,
308 const Label &ownerLabel,
309 const Label &accessorLabel,
312 DB::Crypto & database);
316 const Credentials &cred,
320 const Password &password,
325 const Credentials &cred,
329 const Password &password,
330 DB::RowVector &rows);
332 int createKeyAESHelper(
333 const Credentials &cred,
337 const PolicySerializable &policy);
339 int createKeyPairHelper(
340 const Credentials &cred,
341 const CryptoAlgorithmSerializable & keyGenParams,
342 const Name &namePrivate,
343 const Label &labelPrivate,
344 const Name &namePublic,
345 const Label &labelPublic,
346 const PolicySerializable &policyPrivate,
347 const PolicySerializable &policyPublic);
349 int readCertificateHelper(
350 const Credentials &cred,
351 const LabelNameVector &labelNameVector,
352 CertificateImplVector &certVector);
354 int getCertificateChainHelper(
355 const CertificateImpl &cert,
356 const RawBufferVector &untrustedCertificates,
357 const RawBufferVector &trustedCertificates,
358 bool useTrustedSystemCertificates,
359 RawBufferVector &chainRawVector);
361 int getCertificateChainHelper(
362 const Credentials &cred,
363 const CertificateImpl &cert,
364 const LabelNameVector &untrusted,
365 const LabelNameVector &trusted,
366 bool useTrustedSystemCertificates,
367 RawBufferVector &chainRawVector);
369 int getDataListHelper(
370 const Credentials &cred,
371 const DataType dataType,
372 LabelNameVector &labelNameVector);
374 int changeUserPasswordHelper(uid_t user,
375 const Password &oldPassword,
376 const Password &newPassword);
378 int resetUserPasswordHelper(uid_t user, const Password &newPassword);
380 std::map<uid_t, UserData> m_userDataMap;
381 AccessControl m_accessControl;
382 Crypto::Decider m_decider;