src/manager/service/ckm-service.cpp

   1 /*
   2  *  Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
   3  *
   4  *  Licensed under the Apache License, Version 2.0 (the "License");
   5  *  you may not use this file except in compliance with the License.
   6  *  You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  *  Unless required by applicable law or agreed to in writing, software
  11  *  distributed under the License is distributed on an "AS IS" BASIS,
  12  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  *  See the License for the specific language governing permissions and
  14  *  limitations under the License
  15  *
  16  *
  17  * @file        ckm-service.cpp
  18  * @author      Bartlomiej Grzelewski (b.grzelewski@samsung.com)
  19  * @version     1.0
  20  * @brief       CKM service implementation.
  21  */
  22
  23 #include <protocols.h>
  24
  25 #include <dpl/serialization.h>
  26 #include <dpl/log/log.h>
  27
  28 #include <ckm-service.h>
  29 #include <ckm-logic.h>
  30
  31 namespace {
  32 const CKM::InterfaceID SOCKET_ID_CONTROL = 0;
  33 const CKM::InterfaceID SOCKET_ID_STORAGE = 1;
  34 } // namespace anonymous
  35
  36 namespace CKM {
  37
  38 CKMService::CKMService()
  39   : m_logic(new CKMLogic)
  40 {}
  41
  42 CKMService::~CKMService() {
  43     delete m_logic;
  44 }
  45
  46 void CKMService::Start() {
  47     Create();
  48 }
  49
  50 void CKMService::Stop() {
  51     Join();
  52 }
  53
  54 GenericSocketService::ServiceDescriptionVector CKMService::GetServiceDescription()
  55 {
  56     return ServiceDescriptionVector {
  57         {SERVICE_SOCKET_CKM_CONTROL, "key-manager::api-control", SOCKET_ID_CONTROL},
  58         {SERVICE_SOCKET_CKM_STORAGE, "key-manager::api-storage", SOCKET_ID_STORAGE}
  59     };
  60 }
  61
  62 void CKMService::SetCommManager(CommMgr *manager)
  63 {
  64     ThreadService::SetCommManager(manager);
  65     Register(*manager);
  66 }
  67
  68 bool CKMService::ProcessOne(
  69     const ConnectionID &conn,
  70     ConnectionInfo &info)
  71 {
  72     LogDebug ("process One");
  73     RawBuffer response;
  74
  75     Try {
  76         if (!info.buffer.Ready())
  77             return false;
  78
  79         if (info.interfaceID == SOCKET_ID_CONTROL)
  80             response = ProcessControl(info.buffer);
  81         else
  82             response = ProcessStorage(info.credentials, info.buffer);
  83
  84         m_serviceManager->Write(conn, response);
  85
  86         return true;
  87     } Catch (MessageBuffer::Exception::Base) {
  88         LogError("Broken protocol. Closing socket.");
  89     } Catch (Exception::BrokenProtocol) {
  90         LogError("Broken protocol. Closing socket.");
  91     } catch (const DataType::Exception::Base &e) {
  92         LogError("Closing socket. DBDataType::Exception: " << e.DumpToString());
  93     } catch (const std::string &e) {
  94         LogError("String exception(" << e << "). Closing socket");
  95     } catch (const std::exception &e) {
  96         LogError("Std exception:: " << e.what());
  97     } catch (...) {
  98         LogError("Unknown exception. Closing socket.");
  99     }
 100
 101     m_serviceManager->Close(conn);
 102     return false;
 103 }
 104
 105 RawBuffer CKMService::ProcessControl(MessageBuffer &buffer) {
 106     int command = 0;
 107     uid_t user = 0;
 108     ControlCommand cc;
 109     Password newPass, oldPass;
 110     Label smackLabel;
 111
 112     buffer.Deserialize(command);
 113
 114     LogDebug("Process control. Command: " << command);
 115
 116     cc = static_cast<ControlCommand>(command);
 117
 118     switch(cc) {
 119     case ControlCommand::UNLOCK_USER_KEY:
 120         buffer.Deserialize(user, newPass);
 121         return m_logic->unlockUserKey(user, newPass);
 122     case ControlCommand::LOCK_USER_KEY:
 123         buffer.Deserialize(user);
 124         return m_logic->lockUserKey(user);
 125     case ControlCommand::REMOVE_USER_DATA:
 126         buffer.Deserialize(user);
 127         return m_logic->removeUserData(user);
 128     case ControlCommand::CHANGE_USER_PASSWORD:
 129         buffer.Deserialize(user, oldPass, newPass);
 130         return m_logic->changeUserPassword(user, oldPass, newPass);
 131     case ControlCommand::RESET_USER_PASSWORD:
 132         buffer.Deserialize(user, newPass);
 133         return m_logic->resetUserPassword(user, newPass);
 134     case ControlCommand::REMOVE_APP_DATA:
 135         buffer.Deserialize(smackLabel);
 136         return m_logic->removeApplicationData(smackLabel);
 137     case ControlCommand::UPDATE_CC_MODE:
 138         return m_logic->updateCCMode();
 139     case ControlCommand::SET_PERMISSION:
 140     {
 141         Name name;
 142         Label label;
 143         Label accessorLabel;
 144         PermissionMask permissionMask = 0;
 145
 146         buffer.Deserialize(user, name, label, accessorLabel, permissionMask);
 147
 148         Credentials cred(user, label);
 149         return m_logic->setPermission(
 150             cred,
 151             command,
 152             0, // dummy
 153             name,
 154             label,
 155             accessorLabel,
 156             permissionMask);
 157     }
 158     default:
 159         Throw(Exception::BrokenProtocol);
 160     }
 161 }
 162
 163 RawBuffer CKMService::ProcessStorage(Credentials &cred, MessageBuffer &buffer)
 164 {
 165     int command = 0;
 166     int msgID = 0;
 167     int tmpDataType = 0;
 168     Name name;
 169     Label label, accessorLabel;
 170     std::string user;
 171
 172     buffer.Deserialize(command);
 173     buffer.Deserialize(msgID);
 174
 175     // This is a workaround solution for locktype=None in Tizen 2.2.1
 176     // When locktype is None, lockscreen app doesn't interfere with unlocking process.
 177     // Therefor lockscreen app cannot notify unlock events to key-manager when locktype is None.
 178     // So, to unlock user data when lock type is None, key-manager always try to unlock user data with null password.
 179     // Even if the result is fail, it will be ignored.
 180     Password nullPassword("");
 181     m_logic->unlockUserKey(cred.clientUid, nullPassword);
 182
 183     LogDebug("Process storage. Command: " << command);
 184
 185     switch(static_cast<LogicCommand>(command)) {
 186         case LogicCommand::SAVE:
 187         {
 188             RawBuffer rawData;
 189             PolicySerializable policy;
 190             buffer.Deserialize(tmpDataType, name, label, rawData, policy);
 191             return m_logic->saveData(
 192                 cred,
 193                 msgID,
 194                 name,
 195                 label,
 196                 rawData,
 197                 DataType(tmpDataType),
 198                 policy);
 199         }
 200         case LogicCommand::SAVE_PKCS12:
 201         {
 202             RawBuffer rawData;
 203             PKCS12Serializable pkcs;
 204             PolicySerializable keyPolicy, certPolicy;
 205             buffer.Deserialize(name, label, pkcs, keyPolicy, certPolicy);
 206             return m_logic->savePKCS12(
 207                 cred,
 208                 msgID,
 209                 name,
 210                 label,
 211                 pkcs,
 212                 keyPolicy,
 213                 certPolicy);
 214         }
 215         case LogicCommand::REMOVE:
 216         {
 217             buffer.Deserialize(name, label);
 218             return m_logic->removeData(
 219                 cred,
 220                 msgID,
 221                 name,
 222                 label);
 223         }
 224         case LogicCommand::GET:
 225         {
 226             Password password;
 227             buffer.Deserialize(tmpDataType, name, label, password);
 228             return m_logic->getData(
 229                 cred,
 230                 msgID,
 231                 DataType(tmpDataType),
 232                 name,
 233                 label,
 234                 password);
 235         }
 236         case LogicCommand::GET_PKCS12:
 237         {
 238             Password passKey;
 239             Password passCert;
 240             buffer.Deserialize(name,
 241                                label,
 242                                passKey,
 243                                passCert);
 244             return m_logic->getPKCS12(
 245                 cred,
 246                 msgID,
 247                 name,
 248                 label,
 249                 passKey,
 250                 passCert);
 251         }
 252         case LogicCommand::GET_LIST:
 253         {
 254             buffer.Deserialize(tmpDataType);
 255             return m_logic->getDataList(
 256                 cred,
 257                 msgID,
 258                 DataType(tmpDataType));
 259         }
 260         case LogicCommand::CREATE_KEY_AES:
 261         {
 262             int size = 0;
 263             Name keyName;
 264             Label keyLabel;
 265             PolicySerializable policyKey;
 266             buffer.Deserialize(size,
 267                                policyKey,
 268                                keyName,
 269                                keyLabel);
 270             return m_logic->createKeyAES(
 271                 cred,
 272                 msgID,
 273                 size,
 274                 keyName,
 275                 keyLabel,
 276                 policyKey);
 277         }
 278         case LogicCommand::CREATE_KEY_PAIR:
 279         {
 280             CryptoAlgorithmSerializable keyGenAlgorithm;
 281             Name privateKeyName;
 282             Label privateKeyLabel;
 283             Name publicKeyName;
 284             Label publicKeyLabel;
 285             PolicySerializable policyPrivateKey;
 286             PolicySerializable policyPublicKey;
 287             buffer.Deserialize(keyGenAlgorithm,
 288                                policyPrivateKey,
 289                                policyPublicKey,
 290                                privateKeyName,
 291                                privateKeyLabel,
 292                                publicKeyName,
 293                                publicKeyLabel);
 294             return m_logic->createKeyPair(
 295                 cred,
 296                 msgID,
 297                 keyGenAlgorithm,
 298                 privateKeyName,
 299                 privateKeyLabel,
 300                 publicKeyName,
 301                 publicKeyLabel,
 302                 policyPrivateKey,
 303                 policyPublicKey);
 304         }
 305         case LogicCommand::GET_CHAIN_CERT:
 306         {
 307             RawBuffer certificate;
 308             RawBufferVector untrustedVector;
 309             RawBufferVector trustedVector;
 310             bool systemCerts;
 311             buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
 312             return m_logic->getCertificateChain(
 313                 cred,
 314                 msgID,
 315                 certificate,
 316                 untrustedVector,
 317                 trustedVector,
 318                 systemCerts);
 319         }
 320         case LogicCommand::GET_CHAIN_ALIAS:
 321         {
 322             RawBuffer certificate;
 323             LabelNameVector untrustedVector;
 324             LabelNameVector trustedVector;
 325             bool systemCerts;
 326             buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
 327             return m_logic->getCertificateChain(
 328                 cred,
 329                 msgID,
 330                 certificate,
 331                 untrustedVector,
 332                 trustedVector,
 333                 systemCerts);
 334         }
 335         case LogicCommand::CREATE_SIGNATURE:
 336         {
 337             Password password;        // password for private_key
 338             RawBuffer message;
 339             int padding = 0, hash = 0;
 340             buffer.Deserialize(name, label, password, message, hash, padding);
 341             return m_logic->createSignature(
 342                   cred,
 343                   msgID,
 344                   name,
 345                   label,
 346                   password,           // password for private_key
 347                   message,
 348                   static_cast<HashAlgorithm>(hash),
 349                   static_cast<RSAPaddingAlgorithm>(padding));
 350         }
 351         case LogicCommand::VERIFY_SIGNATURE:
 352         {
 353             Password password;           // password for public_key (optional)
 354             RawBuffer message;
 355             RawBuffer signature;
 356             //HashAlgorithm hash;
 357             //RSAPaddingAlgorithm padding;
 358             int padding = 0, hash = 0;
 359             buffer.Deserialize(name,
 360                                label,
 361                                password,
 362                                message,
 363                                signature,
 364                                hash,
 365                                padding);
 366             return m_logic->verifySignature(
 367                 cred,
 368                 msgID,
 369                 name,
 370                 label,
 371                 password,           // password for public_key (optional)
 372                 message,
 373                 signature,
 374                 static_cast<const HashAlgorithm>(hash),
 375                 static_cast<const RSAPaddingAlgorithm>(padding));
 376         }
 377         case LogicCommand::SET_PERMISSION:
 378         {
 379             PermissionMask permissionMask = 0;
 380             buffer.Deserialize(name, label, accessorLabel, permissionMask);
 381             return m_logic->setPermission(
 382                 cred,
 383                 command,
 384                 msgID,
 385                 name,
 386                 label,
 387                 accessorLabel,
 388                 permissionMask);
 389         }
 390         default:
 391             Throw(Exception::BrokenProtocol);
 392     }
 393 }
 394
 395 void CKMService::ProcessMessage(MsgKeyRequest msg)
 396 {
 397     Crypto::GKeyShPtr key;
 398     int ret = m_logic->getKeyForService(msg.cred,
 399                                         msg.name,
 400                                         msg.label,
 401                                         msg.password,
 402                                         key);
 403     MsgKeyResponse kResp(msg.id, key, ret);
 404     try {
 405         if (!m_commMgr->SendMessage(kResp))
 406             LogError("No listener found"); // can't do much more
 407     } catch (...) {
 408         LogError("Uncaught exception in SendMessage. Check listeners.");
 409     }
 410 }
 411
 412 } // namespace CKM
 413