src/manager/service/ckm-service.cpp

   1 /*
   2  *  Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
   3  *
   4  *  Licensed under the Apache License, Version 2.0 (the "License");
   5  *  you may not use this file except in compliance with the License.
   6  *  You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  *  Unless required by applicable law or agreed to in writing, software
  11  *  distributed under the License is distributed on an "AS IS" BASIS,
  12  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  *  See the License for the specific language governing permissions and
  14  *  limitations under the License
  15  *
  16  *
  17  * @file        ckm-service.cpp
  18  * @author      Bartlomiej Grzelewski (b.grzelewski@samsung.com)
  19  * @version     1.0
  20  * @brief       CKM service implementation.
  21  */
  22
  23 #include <protocols.h>
  24
  25 #include <dpl/serialization.h>
  26 #include <dpl/log/log.h>
  27
  28 #include <ckm-service.h>
  29 #include <ckm-logic.h>
  30
  31 namespace {
  32 const CKM::InterfaceID SOCKET_ID_CONTROL = 0;
  33 const CKM::InterfaceID SOCKET_ID_STORAGE = 1;
  34 } // namespace anonymous
  35
  36 namespace CKM {
  37
  38 CKMService::CKMService()
  39   : m_logic(new CKMLogic)
  40 {}
  41
  42 CKMService::~CKMService() {
  43     delete m_logic;
  44 }
  45
  46 void CKMService::Start() {
  47     Create();
  48 }
  49
  50 void CKMService::Stop() {
  51     Join();
  52 }
  53
  54 GenericSocketService::ServiceDescriptionVector CKMService::GetServiceDescription()
  55 {
  56     return ServiceDescriptionVector {
  57         {SERVICE_SOCKET_CKM_CONTROL, "key-manager::api-control", SOCKET_ID_CONTROL},
  58         {SERVICE_SOCKET_CKM_STORAGE, "key-manager::api-storage", SOCKET_ID_STORAGE}
  59     };
  60 }
  61
  62 bool CKMService::ProcessOne(
  63     const ConnectionID &conn,
  64     ConnectionInfo &info)
  65 {
  66     LogDebug ("process One");
  67     RawBuffer response;
  68
  69     Try {
  70         if (!info.buffer.Ready())
  71             return false;
  72
  73         if (info.interfaceID == SOCKET_ID_CONTROL)
  74             response = ProcessControl(info.buffer);
  75         else
  76             response = ProcessStorage(info.credentials, info.buffer);
  77
  78         m_serviceManager->Write(conn, response);
  79
  80         return true;
  81     } Catch (MessageBuffer::Exception::Base) {
  82         LogError("Broken protocol. Closing socket.");
  83     } Catch (Exception::BrokenProtocol) {
  84         LogError("Broken protocol. Closing socket.");
  85     } catch (const DataType::Exception::Base &e) {
  86         LogError("Closing socket. DBDataType::Exception: " << e.DumpToString());
  87     } catch (const std::string &e) {
  88         LogError("String exception(" << e << "). Closing socket");
  89     } catch (const std::exception &e) {
  90         LogError("Std exception:: " << e.what());
  91     } catch (...) {
  92         LogError("Unknown exception. Closing socket.");
  93     }
  94
  95     m_serviceManager->Close(conn);
  96     return false;
  97 }
  98
  99 RawBuffer CKMService::ProcessControl(MessageBuffer &buffer) {
 100     int command = 0;
 101     uid_t user = 0;
 102     ControlCommand cc;
 103     Password newPass, oldPass;
 104     Label smackLabel;
 105
 106     buffer.Deserialize(command);
 107
 108     LogDebug("Process control. Command: " << command);
 109
 110     cc = static_cast<ControlCommand>(command);
 111
 112     switch(cc) {
 113     case ControlCommand::UNLOCK_USER_KEY:
 114         buffer.Deserialize(user, newPass);
 115         return m_logic->unlockUserKey(user, newPass);
 116     case ControlCommand::LOCK_USER_KEY:
 117         buffer.Deserialize(user);
 118         return m_logic->lockUserKey(user);
 119     case ControlCommand::REMOVE_USER_DATA:
 120         buffer.Deserialize(user);
 121         return m_logic->removeUserData(user);
 122     case ControlCommand::CHANGE_USER_PASSWORD:
 123         buffer.Deserialize(user, oldPass, newPass);
 124         return m_logic->changeUserPassword(user, oldPass, newPass);
 125     case ControlCommand::RESET_USER_PASSWORD:
 126         buffer.Deserialize(user, newPass);
 127         return m_logic->resetUserPassword(user, newPass);
 128     case ControlCommand::REMOVE_APP_DATA:
 129         buffer.Deserialize(smackLabel);
 130         return m_logic->removeApplicationData(smackLabel);
 131     case ControlCommand::UPDATE_CC_MODE:
 132         return m_logic->updateCCMode();
 133     case ControlCommand::SET_PERMISSION:
 134     {
 135         Name name;
 136         Label label;
 137         Label accessorLabel;
 138         PermissionMask permissionMask = 0;
 139
 140         buffer.Deserialize(user, name, label, accessorLabel, permissionMask);
 141
 142         Credentials cred(user, label);
 143         return m_logic->setPermission(
 144             cred,
 145             command,
 146             0, // dummy
 147             name,
 148             label,
 149             accessorLabel,
 150             permissionMask);
 151     }
 152     default:
 153         Throw(Exception::BrokenProtocol);
 154     }
 155 }
 156
 157 RawBuffer CKMService::ProcessStorage(Credentials &cred, MessageBuffer &buffer)
 158 {
 159     int command = 0;
 160     int msgID = 0;
 161     int tmpDataType = 0;
 162     Name name;
 163     Label label, accessorLabel;
 164     std::string user;
 165
 166     buffer.Deserialize(command);
 167     buffer.Deserialize(msgID);
 168
 169     LogDebug("Process storage. Command: " << command);
 170
 171     switch(static_cast<LogicCommand>(command)) {
 172         case LogicCommand::SAVE:
 173         {
 174             RawBuffer rawData;
 175             PolicySerializable policy;
 176             buffer.Deserialize(tmpDataType, name, label, rawData, policy);
 177             return m_logic->saveData(
 178                 cred,
 179                 msgID,
 180                 name,
 181                 label,
 182                 rawData,
 183                 DataType(tmpDataType),
 184                 policy);
 185         }
 186         case LogicCommand::SAVE_PKCS12:
 187         {
 188             RawBuffer rawData;
 189             PKCS12Serializable pkcs;
 190             PolicySerializable keyPolicy, certPolicy;
 191             buffer.Deserialize(name, label, pkcs, keyPolicy, certPolicy);
 192             return m_logic->savePKCS12(
 193                 cred,
 194                 msgID,
 195                 name,
 196                 label,
 197                 pkcs,
 198                 keyPolicy,
 199                 certPolicy);
 200         }
 201         case LogicCommand::REMOVE:
 202         {
 203             buffer.Deserialize(name, label);
 204             return m_logic->removeData(
 205                 cred,
 206                 msgID,
 207                 name,
 208                 label);
 209         }
 210         case LogicCommand::GET:
 211         {
 212             Password password;
 213             buffer.Deserialize(tmpDataType, name, label, password);
 214             return m_logic->getData(
 215                 cred,
 216                 msgID,
 217                 DataType(tmpDataType),
 218                 name,
 219                 label,
 220                 password);
 221         }
 222         case LogicCommand::GET_PKCS12:
 223         {
 224             Password passKey;
 225             Password passCert;
 226             buffer.Deserialize(name,
 227                                label,
 228                                passKey,
 229                                passCert);
 230             return m_logic->getPKCS12(
 231                 cred,
 232                 msgID,
 233                 name,
 234                 label,
 235                 passKey,
 236                 passCert);
 237         }
 238         case LogicCommand::GET_LIST:
 239         {
 240             buffer.Deserialize(tmpDataType);
 241             return m_logic->getDataList(
 242                 cred,
 243                 msgID,
 244                 DataType(tmpDataType));
 245         }
 246         case LogicCommand::CREATE_KEY_AES:
 247         {
 248             int size = 0;
 249             Name keyName;
 250             Label keyLabel;
 251             PolicySerializable policyKey;
 252             buffer.Deserialize(size,
 253                                policyKey,
 254                                keyName,
 255                                keyLabel);
 256             return m_logic->createKeyAES(
 257                 cred,
 258                 msgID,
 259                 size,
 260                 keyName,
 261                 keyLabel,
 262                 policyKey);
 263         }
 264         case LogicCommand::CREATE_KEY_PAIR:
 265         {
 266             CryptoAlgorithmSerializable keyGenAlgorithm;
 267             Name privateKeyName;
 268             Label privateKeyLabel;
 269             Name publicKeyName;
 270             Label publicKeyLabel;
 271             PolicySerializable policyPrivateKey;
 272             PolicySerializable policyPublicKey;
 273             buffer.Deserialize(keyGenAlgorithm,
 274                                policyPrivateKey,
 275                                policyPublicKey,
 276                                privateKeyName,
 277                                privateKeyLabel,
 278                                publicKeyName,
 279                                publicKeyLabel);
 280             return m_logic->createKeyPair(
 281                 cred,
 282                 msgID,
 283                 keyGenAlgorithm,
 284                 privateKeyName,
 285                 privateKeyLabel,
 286                 publicKeyName,
 287                 publicKeyLabel,
 288                 policyPrivateKey,
 289                 policyPublicKey);
 290         }
 291         case LogicCommand::GET_CHAIN_CERT:
 292         {
 293             RawBuffer certificate;
 294             RawBufferVector untrustedVector;
 295             RawBufferVector trustedVector;
 296             bool systemCerts;
 297             buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
 298             return m_logic->getCertificateChain(
 299                 cred,
 300                 msgID,
 301                 certificate,
 302                 untrustedVector,
 303                 trustedVector,
 304                 systemCerts);
 305         }
 306         case LogicCommand::GET_CHAIN_ALIAS:
 307         {
 308             RawBuffer certificate;
 309             LabelNameVector untrustedVector;
 310             LabelNameVector trustedVector;
 311             bool systemCerts;
 312             buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
 313             return m_logic->getCertificateChain(
 314                 cred,
 315                 msgID,
 316                 certificate,
 317                 untrustedVector,
 318                 trustedVector,
 319                 systemCerts);
 320         }
 321         case LogicCommand::CREATE_SIGNATURE:
 322         {
 323             Password password;        // password for private_key
 324             RawBuffer message;
 325             int padding = 0, hash = 0;
 326             buffer.Deserialize(name, label, password, message, hash, padding);
 327             return m_logic->createSignature(
 328                   cred,
 329                   msgID,
 330                   name,
 331                   label,
 332                   password,           // password for private_key
 333                   message,
 334                   static_cast<HashAlgorithm>(hash),
 335                   static_cast<RSAPaddingAlgorithm>(padding));
 336         }
 337         case LogicCommand::VERIFY_SIGNATURE:
 338         {
 339             Password password;           // password for public_key (optional)
 340             RawBuffer message;
 341             RawBuffer signature;
 342             //HashAlgorithm hash;
 343             //RSAPaddingAlgorithm padding;
 344             int padding = 0, hash = 0;
 345             buffer.Deserialize(name,
 346                                label,
 347                                password,
 348                                message,
 349                                signature,
 350                                hash,
 351                                padding);
 352             return m_logic->verifySignature(
 353                 cred,
 354                 msgID,
 355                 name,
 356                 label,
 357                 password,           // password for public_key (optional)
 358                 message,
 359                 signature,
 360                 static_cast<const HashAlgorithm>(hash),
 361                 static_cast<const RSAPaddingAlgorithm>(padding));
 362         }
 363         case LogicCommand::SET_PERMISSION:
 364         {
 365             PermissionMask permissionMask = 0;
 366             buffer.Deserialize(name, label, accessorLabel, permissionMask);
 367             return m_logic->setPermission(
 368                 cred,
 369                 command,
 370                 msgID,
 371                 name,
 372                 label,
 373                 accessorLabel,
 374                 permissionMask);
 375         }
 376         default:
 377             Throw(Exception::BrokenProtocol);
 378     }
 379 }
 380
 381 } // namespace CKM
 382