2 * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file ckm-service.cpp
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief CKM service implementation.
23 #include <protocols.h>
25 #include <dpl/serialization.h>
26 #include <dpl/log/log.h>
28 #include <ckm-service.h>
29 #include <ckm-logic.h>
32 const CKM::InterfaceID SOCKET_ID_CONTROL = 0;
33 const CKM::InterfaceID SOCKET_ID_STORAGE = 1;
34 } // namespace anonymous
38 CKMService::CKMService()
39 : m_logic(new CKMLogic)
42 CKMService::~CKMService() {
46 void CKMService::Start() {
50 void CKMService::Stop() {
54 GenericSocketService::ServiceDescriptionVector CKMService::GetServiceDescription()
56 return ServiceDescriptionVector {
57 {SERVICE_SOCKET_CKM_CONTROL, "http://tizen.org/privilege/keymanager.admin", SOCKET_ID_CONTROL},
58 {SERVICE_SOCKET_CKM_STORAGE, "http://tizen.org/privilege/keymanager", SOCKET_ID_STORAGE}
62 void CKMService::SetCommManager(CommMgr *manager)
64 ThreadService::SetCommManager(manager);
68 // CKMService does not support security check
69 // so 3rd parameter is not used
70 bool CKMService::ProcessOne(
71 const ConnectionID &conn,
75 LogDebug ("process One");
79 if (!info.buffer.Ready())
82 if (info.interfaceID == SOCKET_ID_CONTROL)
83 response = ProcessControl(info.buffer);
85 response = ProcessStorage(info.credentials, info.buffer);
87 m_serviceManager->Write(conn, response);
90 } Catch (MessageBuffer::Exception::Base) {
91 LogError("Broken protocol. Closing socket.");
92 } Catch (Exception::BrokenProtocol) {
93 LogError("Broken protocol. Closing socket.");
94 } catch (const DataType::Exception::Base &e) {
95 LogError("Closing socket. DBDataType::Exception: " << e.DumpToString());
96 } catch (const std::string &e) {
97 LogError("String exception(" << e << "). Closing socket");
98 } catch (const std::exception &e) {
99 LogError("Std exception:: " << e.what());
101 LogError("Unknown exception. Closing socket.");
104 m_serviceManager->Close(conn);
108 RawBuffer CKMService::ProcessControl(MessageBuffer &buffer) {
112 Password newPass, oldPass;
115 buffer.Deserialize(command);
117 LogDebug("Process control. Command: " << command);
119 cc = static_cast<ControlCommand>(command);
122 case ControlCommand::UNLOCK_USER_KEY:
123 buffer.Deserialize(user, newPass);
124 return m_logic->unlockUserKey(user, newPass);
125 case ControlCommand::LOCK_USER_KEY:
126 buffer.Deserialize(user);
127 return m_logic->lockUserKey(user);
128 case ControlCommand::REMOVE_USER_DATA:
129 buffer.Deserialize(user);
130 return m_logic->removeUserData(user);
131 case ControlCommand::CHANGE_USER_PASSWORD:
132 buffer.Deserialize(user, oldPass, newPass);
133 return m_logic->changeUserPassword(user, oldPass, newPass);
134 case ControlCommand::RESET_USER_PASSWORD:
135 buffer.Deserialize(user, newPass);
136 return m_logic->resetUserPassword(user, newPass);
137 case ControlCommand::REMOVE_APP_DATA:
138 buffer.Deserialize(smackLabel);
139 return m_logic->removeApplicationData(smackLabel);
140 case ControlCommand::UPDATE_CC_MODE:
141 return m_logic->updateCCMode();
142 case ControlCommand::SET_PERMISSION:
147 PermissionMask permissionMask = 0;
149 buffer.Deserialize(user, name, label, accessorLabel, permissionMask);
151 Credentials cred(user, label);
152 return m_logic->setPermission(
162 Throw(Exception::BrokenProtocol);
166 RawBuffer CKMService::ProcessStorage(Credentials &cred, MessageBuffer &buffer)
172 Label label, accessorLabel;
174 buffer.Deserialize(command);
175 buffer.Deserialize(msgID);
177 // This is a workaround solution for locktype=None in Tizen 2.2.1
178 // When locktype is None, lockscreen app doesn't interfere with unlocking process.
179 // Therefor lockscreen app cannot notify unlock events to key-manager when locktype is None.
180 // So, to unlock user data when lock type is None, key-manager always try to unlock user data with null password.
181 // Even if the result is fail, it will be ignored.
182 Password nullPassword("");
183 m_logic->unlockUserKey(cred.clientUid, nullPassword);
185 LogDebug("Process storage. Command: " << command);
187 switch(static_cast<LogicCommand>(command)) {
188 case LogicCommand::SAVE:
191 PolicySerializable policy;
192 buffer.Deserialize(tmpDataType, name, label, rawData, policy);
193 return m_logic->saveData(
199 DataType(tmpDataType),
202 case LogicCommand::SAVE_PKCS12:
205 PKCS12Serializable pkcs;
206 PolicySerializable keyPolicy, certPolicy;
207 buffer.Deserialize(name, label, pkcs, keyPolicy, certPolicy);
208 return m_logic->savePKCS12(
217 case LogicCommand::REMOVE:
219 buffer.Deserialize(name, label);
220 return m_logic->removeData(
226 case LogicCommand::GET:
229 buffer.Deserialize(tmpDataType, name, label, password);
230 return m_logic->getData(
233 DataType(tmpDataType),
238 case LogicCommand::GET_PKCS12:
242 buffer.Deserialize(name,
246 return m_logic->getPKCS12(
254 case LogicCommand::GET_LIST:
256 buffer.Deserialize(tmpDataType);
257 return m_logic->getDataList(
260 DataType(tmpDataType));
262 case LogicCommand::CREATE_KEY_AES:
267 PolicySerializable policyKey;
268 buffer.Deserialize(size,
272 return m_logic->createKeyAES(
280 case LogicCommand::CREATE_KEY_PAIR:
282 CryptoAlgorithmSerializable keyGenAlgorithm;
284 Label privateKeyLabel;
286 Label publicKeyLabel;
287 PolicySerializable policyPrivateKey;
288 PolicySerializable policyPublicKey;
289 buffer.Deserialize(keyGenAlgorithm,
296 return m_logic->createKeyPair(
307 case LogicCommand::GET_CHAIN_CERT:
309 RawBuffer certificate;
310 RawBufferVector untrustedVector;
311 RawBufferVector trustedVector;
312 bool systemCerts = false;
313 buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
314 return m_logic->getCertificateChain(
322 case LogicCommand::GET_CHAIN_ALIAS:
324 RawBuffer certificate;
325 LabelNameVector untrustedVector;
326 LabelNameVector trustedVector;
327 bool systemCerts = false;
328 buffer.Deserialize(certificate, untrustedVector, trustedVector, systemCerts);
329 return m_logic->getCertificateChain(
337 case LogicCommand::CREATE_SIGNATURE:
339 Password password; // password for private_key
341 int padding = 0, hash = 0;
342 buffer.Deserialize(name, label, password, message, hash, padding);
343 return m_logic->createSignature(
348 password, // password for private_key
350 static_cast<HashAlgorithm>(hash),
351 static_cast<RSAPaddingAlgorithm>(padding));
353 case LogicCommand::VERIFY_SIGNATURE:
355 Password password; // password for public_key (optional)
358 //HashAlgorithm hash;
359 //RSAPaddingAlgorithm padding;
360 int padding = 0, hash = 0;
361 buffer.Deserialize(name,
368 return m_logic->verifySignature(
373 password, // password for public_key (optional)
376 static_cast<const HashAlgorithm>(hash),
377 static_cast<const RSAPaddingAlgorithm>(padding));
379 case LogicCommand::SET_PERMISSION:
381 PermissionMask permissionMask = 0;
382 buffer.Deserialize(name, label, accessorLabel, permissionMask);
383 return m_logic->setPermission(
393 Throw(Exception::BrokenProtocol);
397 void CKMService::ProcessMessage(MsgKeyRequest msg)
399 Crypto::GObjShPtr key;
400 int ret = m_logic->getKeyForService(msg.cred,
405 MsgKeyResponse kResp(msg.id, key, ret);
407 if (!m_commMgr->SendMessage(kResp))
408 LogError("No listener found"); // can't do much more
410 LogError("Uncaught exception in SendMessage. Check listeners.");
414 void CKMService::CustomHandle(const ReadEvent &event) {
415 LogDebug("Read event");
416 auto &info = m_connectionInfoMap[event.connectionID.counter];
417 info.buffer.Push(event.rawBuffer);
418 while(ProcessOne(event.connectionID, info, true));
421 void CKMService::CustomHandle(const SecurityEvent & /*event*/) {
422 LogError("This should not happend! SecurityEvent was called on CKMService!");