2013-10-01 08:09:56 +04:00
|
|
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
|
|
|
/* vim: set sw=4 ts=8 et ft=cpp: */
|
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
|
|
|
|
#include <fcntl.h>
|
2014-05-15 08:12:40 +04:00
|
|
|
#include <limits.h>
|
|
|
|
#include <pwd.h>
|
2013-10-01 08:09:56 +04:00
|
|
|
#include <sys/stat.h>
|
2014-05-15 08:12:40 +04:00
|
|
|
#include <sys/types.h>
|
2013-10-01 08:09:56 +04:00
|
|
|
|
2013-12-17 22:26:45 +04:00
|
|
|
#undef CHROMIUM_LOG
|
2013-10-01 08:09:56 +04:00
|
|
|
#if defined(MOZ_WIDGET_GONK)
|
|
|
|
#include <android/log.h>
|
2013-12-17 22:26:45 +04:00
|
|
|
#define CHROMIUM_LOG(args...) __android_log_print(ANDROID_LOG_INFO, "Gonk", args)
|
2013-10-01 08:09:56 +04:00
|
|
|
#else
|
2013-12-17 22:26:45 +04:00
|
|
|
#define CHROMIUM_LOG(args...) printf(args);
|
2013-10-01 08:09:56 +04:00
|
|
|
#endif
|
|
|
|
|
|
|
|
#include "KeyStore.h"
|
|
|
|
#include "jsfriendapi.h"
|
|
|
|
#include "MainThreadUtils.h" // For NS_IsMainThread.
|
|
|
|
|
|
|
|
#include "plbase64.h"
|
|
|
|
#include "certdb.h"
|
2013-11-12 06:07:21 +04:00
|
|
|
#include "ScopedNSSTypes.h"
|
2013-10-01 08:09:56 +04:00
|
|
|
|
|
|
|
using namespace mozilla::ipc;
|
2014-07-03 11:08:01 +04:00
|
|
|
#if ANDROID_VERSION >= 18
|
|
|
|
// After Android 4.3, it uses binder to access keystore instead of unix socket.
|
|
|
|
#include <android/log.h>
|
|
|
|
#include <binder/BinderService.h>
|
|
|
|
#include <binder/IPCThreadState.h>
|
|
|
|
#include <binder/IServiceManager.h>
|
|
|
|
#include <security/keystore/include/keystore/IKeystoreService.h>
|
|
|
|
#include <security/keystore/include/keystore/keystore.h>
|
|
|
|
|
|
|
|
using namespace android;
|
|
|
|
|
|
|
|
namespace android {
|
|
|
|
// This class is used to make compiler happy.
|
|
|
|
class BpKeystoreService : public BpInterface<IKeystoreService>
|
|
|
|
{
|
|
|
|
public:
|
|
|
|
BpKeystoreService(const sp<IBinder>& impl)
|
|
|
|
: BpInterface<IKeystoreService>(impl)
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
|
|
|
virtual int32_t get(const String16& name, uint8_t** item, size_t* itemLength) {return 0;}
|
|
|
|
virtual int32_t test() {return 0;}
|
|
|
|
virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid, int32_t flags) {return 0;}
|
|
|
|
virtual int32_t del(const String16& name, int uid) {return 0;}
|
|
|
|
virtual int32_t exist(const String16& name, int uid) {return 0;}
|
|
|
|
virtual int32_t saw(const String16& name, int uid, Vector<String16>* matches) {return 0;}
|
|
|
|
virtual int32_t reset() {return 0;}
|
|
|
|
virtual int32_t password(const String16& password) {return 0;}
|
|
|
|
virtual int32_t lock() {return 0;}
|
|
|
|
virtual int32_t unlock(const String16& password) {return 0;}
|
|
|
|
virtual int32_t zero() {return 0;}
|
|
|
|
virtual int32_t import(const String16& name, const uint8_t* data, size_t length, int uid, int32_t flags) {return 0;}
|
|
|
|
virtual int32_t sign(const String16& name, const uint8_t* data, size_t length, uint8_t** out, size_t* outLength) {return 0;}
|
|
|
|
virtual int32_t verify(const String16& name, const uint8_t* data, size_t dataLength, const uint8_t* signature, size_t signatureLength) {return 0;}
|
|
|
|
virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength) {return 0;}
|
|
|
|
virtual int32_t del_key(const String16& name, int uid) {return 0;}
|
|
|
|
virtual int32_t grant(const String16& name, int32_t granteeUid) {return 0;}
|
|
|
|
virtual int32_t ungrant(const String16& name, int32_t granteeUid) {return 0;}
|
|
|
|
virtual int64_t getmtime(const String16& name) {return 0;}
|
|
|
|
virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey, int32_t destUid) {return 0;}
|
|
|
|
virtual int32_t clear_uid(int64_t uid) {return 0;}
|
|
|
|
#if ANDROID_VERSION == 18
|
|
|
|
virtual int32_t generate(const String16& name, int uid, int32_t flags) {return 0;}
|
|
|
|
virtual int32_t is_hardware_backed() {return 0;}
|
|
|
|
#else
|
|
|
|
virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize, int32_t flags, Vector<sp<KeystoreArg> >* args) {return 0;}
|
|
|
|
virtual int32_t is_hardware_backed(const String16& keyType) {return 0;}
|
|
|
|
#endif
|
|
|
|
};
|
|
|
|
|
|
|
|
IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.keystore");
|
|
|
|
|
|
|
|
// Here comes binder requests.
|
|
|
|
status_t BnKeystoreService::onTransact(uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
|
|
|
|
{
|
|
|
|
switch(code) {
|
|
|
|
case TEST: {
|
|
|
|
CHECK_INTERFACE(IKeystoreService, data, reply);
|
|
|
|
reply->writeNoException();
|
|
|
|
reply->writeInt32(test());
|
|
|
|
return NO_ERROR;
|
|
|
|
} break;
|
|
|
|
case GET: {
|
|
|
|
CHECK_INTERFACE(IKeystoreService, data, reply);
|
|
|
|
String16 name = data.readString16();
|
|
|
|
String8 tmp(name);
|
|
|
|
uint8_t* data = NULL;
|
|
|
|
size_t dataLength = 0;
|
|
|
|
int32_t ret = get(name, &data, &dataLength);
|
|
|
|
|
|
|
|
reply->writeNoException();
|
|
|
|
if (ret == 1) {
|
|
|
|
reply->writeInt32(dataLength);
|
|
|
|
void* buf = reply->writeInplace(dataLength);
|
|
|
|
memcpy(buf, data, dataLength);
|
|
|
|
free(data);
|
|
|
|
} else {
|
|
|
|
reply->writeInt32(-1);
|
|
|
|
}
|
|
|
|
return NO_ERROR;
|
|
|
|
} break;
|
|
|
|
default:
|
|
|
|
return NO_ERROR;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Provide service for binder.
|
|
|
|
class KeyStoreService: public BnKeystoreService
|
|
|
|
{
|
|
|
|
public:
|
|
|
|
int32_t test() {
|
|
|
|
uid_t callingUid = IPCThreadState::self()->getCallingUid();
|
|
|
|
if (!mozilla::ipc::checkPermission(callingUid)) {
|
|
|
|
return ::PERMISSION_DENIED;
|
|
|
|
}
|
|
|
|
|
|
|
|
return ::NO_ERROR;
|
|
|
|
}
|
|
|
|
|
|
|
|
int32_t get(const String16& name, uint8_t** item, size_t* itemLength) {
|
|
|
|
uid_t callingUid = IPCThreadState::self()->getCallingUid();
|
|
|
|
if (!mozilla::ipc::checkPermission(callingUid)) {
|
|
|
|
return ::PERMISSION_DENIED;
|
|
|
|
}
|
|
|
|
|
|
|
|
String8 certName(name);
|
|
|
|
return mozilla::ipc::getCertificate(certName.string(), (const uint8_t **)item, (int *)itemLength);
|
|
|
|
}
|
|
|
|
|
|
|
|
int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid, int32_t flags) {return ::UNDEFINED_ACTION;}
|
|
|
|
int32_t del(const String16& name, int uid) {return ::UNDEFINED_ACTION;}
|
|
|
|
int32_t exist(const String16& name, int uid) {return ::UNDEFINED_ACTION;}
|
|
|
|
int32_t saw(const String16& name, int uid, Vector<String16>* matches) {return ::UNDEFINED_ACTION;}
|
|
|
|
int32_t reset() {return ::UNDEFINED_ACTION;}
|
|
|
|
int32_t password(const String16& password) {return ::UNDEFINED_ACTION;}
|
|
|
|
int32_t lock() {return ::UNDEFINED_ACTION;}
|
|
|
|
int32_t unlock(const String16& password) {return ::UNDEFINED_ACTION;}
|
|
|
|
int32_t zero() {return ::UNDEFINED_ACTION;}
|
|
|
|
int32_t import(const String16& name, const uint8_t* data, size_t length, int uid, int32_t flags) {return ::UNDEFINED_ACTION;}
|
|
|
|
int32_t sign(const String16& name, const uint8_t* data, size_t length, uint8_t** out, size_t* outLength) {return ::UNDEFINED_ACTION;}
|
|
|
|
int32_t verify(const String16& name, const uint8_t* data, size_t dataLength, const uint8_t* signature, size_t signatureLength) {return ::UNDEFINED_ACTION;}
|
|
|
|
int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength) {return ::UNDEFINED_ACTION;}
|
|
|
|
int32_t del_key(const String16& name, int uid) {return ::UNDEFINED_ACTION;}
|
|
|
|
int32_t grant(const String16& name, int32_t granteeUid) {return ::UNDEFINED_ACTION;}
|
|
|
|
int32_t ungrant(const String16& name, int32_t granteeUid) {return ::UNDEFINED_ACTION;}
|
|
|
|
int64_t getmtime(const String16& name) {return ::UNDEFINED_ACTION;}
|
|
|
|
int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey, int32_t destUid) {return ::UNDEFINED_ACTION;}
|
|
|
|
int32_t clear_uid(int64_t uid) {return ::UNDEFINED_ACTION;}
|
|
|
|
#if ANDROID_VERSION == 18
|
|
|
|
virtual int32_t generate(const String16& name, int uid, int32_t flags) {return ::UNDEFINED_ACTION;}
|
|
|
|
virtual int32_t is_hardware_backed() {return ::UNDEFINED_ACTION;}
|
|
|
|
#else
|
|
|
|
virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize, int32_t flags, Vector<sp<KeystoreArg> >* args) {return ::UNDEFINED_ACTION;}
|
|
|
|
virtual int32_t is_hardware_backed(const String16& keyType) {return ::UNDEFINED_ACTION;}
|
|
|
|
#endif
|
|
|
|
};
|
|
|
|
|
|
|
|
} // namespace android
|
|
|
|
|
|
|
|
void startKeyStoreService()
|
|
|
|
{
|
|
|
|
android::sp<android::IServiceManager> sm = android::defaultServiceManager();
|
|
|
|
android::sp<android::KeyStoreService> keyStoreService = new android::KeyStoreService();
|
|
|
|
sm->addService(String16("android.security.keystore"), keyStoreService);
|
|
|
|
}
|
|
|
|
#else
|
|
|
|
void startKeyStoreService() { return; }
|
|
|
|
#endif
|
2013-10-01 08:09:56 +04:00
|
|
|
|
|
|
|
namespace mozilla {
|
|
|
|
namespace ipc {
|
|
|
|
|
|
|
|
static const char* KEYSTORE_SOCKET_NAME = "keystore";
|
|
|
|
static const char* KEYSTORE_SOCKET_PATH = "/dev/socket/keystore";
|
2014-05-15 08:12:40 +04:00
|
|
|
static const char* KEYSTORE_ALLOWED_USERS[] = {
|
|
|
|
"root",
|
|
|
|
"wifi",
|
|
|
|
NULL
|
|
|
|
};
|
|
|
|
static const char* KEYSTORE_ALLOWED_PREFIXES[] = {
|
|
|
|
"WIFI_SERVERCERT_",
|
|
|
|
"WIFI_USERCERT_",
|
|
|
|
"WIFI_USERKEY_",
|
|
|
|
NULL
|
|
|
|
};
|
2013-10-01 08:09:56 +04:00
|
|
|
|
2014-07-03 11:08:01 +04:00
|
|
|
// Transform base64 certification data into DER format
|
|
|
|
void
|
|
|
|
FormatCaData(const uint8_t *aCaData, int aCaDataLength,
|
|
|
|
const char *aName, const uint8_t **aFormatData,
|
|
|
|
int *aFormatDataLength)
|
|
|
|
{
|
|
|
|
int bufSize = strlen(CA_BEGIN) + strlen(CA_END) + strlen(CA_TAILER) * 2 +
|
|
|
|
strlen(aName) * 2 + aCaDataLength + aCaDataLength/CA_LINE_SIZE + 2;
|
|
|
|
char *buf = (char *)malloc(bufSize);
|
|
|
|
|
|
|
|
*aFormatDataLength = bufSize;
|
|
|
|
*aFormatData = (const uint8_t *)buf;
|
|
|
|
|
|
|
|
char *ptr = buf;
|
|
|
|
int len;
|
|
|
|
|
|
|
|
// Create DER header.
|
|
|
|
len = snprintf(ptr, bufSize, "%s%s%s", CA_BEGIN, aName, CA_TAILER);
|
|
|
|
ptr += len;
|
|
|
|
bufSize -= len;
|
|
|
|
|
|
|
|
// Split base64 data in lines.
|
|
|
|
int copySize;
|
|
|
|
while (aCaDataLength > 0) {
|
|
|
|
copySize = (aCaDataLength > CA_LINE_SIZE) ? CA_LINE_SIZE : aCaDataLength;
|
|
|
|
|
|
|
|
memcpy(ptr, aCaData, copySize);
|
|
|
|
ptr += copySize;
|
|
|
|
aCaData += copySize;
|
|
|
|
aCaDataLength -= copySize;
|
|
|
|
bufSize -= copySize;
|
|
|
|
|
|
|
|
*ptr = '\n';
|
|
|
|
ptr++;
|
|
|
|
bufSize--;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Create DEA tailer.
|
|
|
|
snprintf(ptr, bufSize, "%s%s%s", CA_END, aName, CA_TAILER);
|
|
|
|
}
|
|
|
|
|
|
|
|
ResponseCode
|
|
|
|
getCertificate(const char *aCertName, const uint8_t **aCertData, int *aCertDataLength)
|
|
|
|
{
|
|
|
|
// certificate name prefix check.
|
|
|
|
if (!aCertName) {
|
|
|
|
return KEY_NOT_FOUND;
|
|
|
|
}
|
|
|
|
|
|
|
|
const char **prefix = KEYSTORE_ALLOWED_PREFIXES;
|
|
|
|
for (; *prefix; prefix++ ) {
|
|
|
|
if (!strncmp(*prefix, aCertName, strlen(*prefix))) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (!(*prefix)) {
|
|
|
|
return KEY_NOT_FOUND;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get cert from NSS by name
|
|
|
|
ScopedCERTCertificate cert(CERT_FindCertByNickname(CERT_GetDefaultCertDB(),
|
|
|
|
aCertName));
|
|
|
|
|
|
|
|
if (!cert) {
|
|
|
|
return KEY_NOT_FOUND;
|
|
|
|
}
|
|
|
|
|
|
|
|
char *certDER = PL_Base64Encode((const char *)cert->derCert.data,
|
|
|
|
cert->derCert.len, nullptr);
|
|
|
|
if (!certDER) {
|
|
|
|
return SYSTEM_ERROR;
|
|
|
|
}
|
|
|
|
|
|
|
|
FormatCaData((const uint8_t *)certDER, strlen(certDER), "CERTIFICATE",
|
|
|
|
aCertData, aCertDataLength);
|
|
|
|
PL_strfree(certDER);
|
|
|
|
|
|
|
|
return SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool
|
|
|
|
checkPermission(uid_t uid)
|
|
|
|
{
|
|
|
|
struct passwd *userInfo = getpwuid(uid);
|
|
|
|
for (const char **user = KEYSTORE_ALLOWED_USERS; *user; user++ ) {
|
|
|
|
if (!strcmp(*user, userInfo->pw_name)) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2013-10-01 08:09:56 +04:00
|
|
|
int
|
|
|
|
KeyStoreConnector::Create()
|
|
|
|
{
|
|
|
|
MOZ_ASSERT(!NS_IsMainThread());
|
|
|
|
|
|
|
|
int fd;
|
|
|
|
|
|
|
|
unlink(KEYSTORE_SOCKET_PATH);
|
|
|
|
|
|
|
|
fd = socket(AF_LOCAL, SOCK_STREAM, 0);
|
|
|
|
|
|
|
|
if (fd < 0) {
|
|
|
|
NS_WARNING("Could not open keystore socket!");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return fd;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool
|
|
|
|
KeyStoreConnector::CreateAddr(bool aIsServer,
|
|
|
|
socklen_t& aAddrSize,
|
|
|
|
sockaddr_any& aAddr,
|
|
|
|
const char* aAddress)
|
|
|
|
{
|
|
|
|
// Keystore socket must be server
|
|
|
|
MOZ_ASSERT(aIsServer);
|
|
|
|
|
|
|
|
aAddr.un.sun_family = AF_LOCAL;
|
|
|
|
if(strlen(KEYSTORE_SOCKET_PATH) > sizeof(aAddr.un.sun_path)) {
|
|
|
|
NS_WARNING("Address too long for socket struct!");
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
strcpy((char*)&aAddr.un.sun_path, KEYSTORE_SOCKET_PATH);
|
|
|
|
aAddrSize = strlen(KEYSTORE_SOCKET_PATH) + offsetof(struct sockaddr_un, sun_path) + 1;
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
bool
|
|
|
|
KeyStoreConnector::SetUp(int aFd)
|
|
|
|
{
|
2014-05-15 08:12:40 +04:00
|
|
|
// Socket permission check.
|
|
|
|
struct ucred userCred;
|
|
|
|
socklen_t len = sizeof(struct ucred);
|
|
|
|
|
|
|
|
if (getsockopt(aFd, SOL_SOCKET, SO_PEERCRED, &userCred, &len)) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2014-07-03 11:08:01 +04:00
|
|
|
return ::checkPermission(userCred.uid);
|
2013-10-01 08:09:56 +04:00
|
|
|
}
|
|
|
|
|
2013-10-25 06:00:24 +04:00
|
|
|
bool
|
|
|
|
KeyStoreConnector::SetUpListenSocket(int aFd)
|
|
|
|
{
|
|
|
|
// Allow access of wpa_supplicant(different user, differnt group)
|
|
|
|
chmod(KEYSTORE_SOCKET_PATH, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH);
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2013-10-01 08:09:56 +04:00
|
|
|
void
|
|
|
|
KeyStoreConnector::GetSocketAddr(const sockaddr_any& aAddr,
|
|
|
|
nsAString& aAddrStr)
|
|
|
|
{
|
|
|
|
// Unused.
|
|
|
|
MOZ_CRASH("This should never be called!");
|
|
|
|
}
|
|
|
|
|
|
|
|
KeyStore::KeyStore()
|
|
|
|
{
|
2014-07-03 11:08:01 +04:00
|
|
|
::startKeyStoreService();
|
2013-10-01 08:09:56 +04:00
|
|
|
Listen();
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
KeyStore::Shutdown()
|
|
|
|
{
|
|
|
|
mShutdown = true;
|
|
|
|
CloseSocket();
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
KeyStore::Listen()
|
|
|
|
{
|
|
|
|
ListenSocket(new KeyStoreConnector());
|
|
|
|
|
|
|
|
ResetHandlerInfo();
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
KeyStore::ResetHandlerInfo()
|
|
|
|
{
|
|
|
|
mHandlerInfo.state = STATE_IDLE;
|
|
|
|
mHandlerInfo.command = 0;
|
|
|
|
mHandlerInfo.paramCount = 0;
|
2013-10-24 00:36:09 +04:00
|
|
|
mHandlerInfo.commandPattern = nullptr;
|
2013-10-01 08:09:56 +04:00
|
|
|
for (int i = 0; i < MAX_PARAM; i++) {
|
|
|
|
mHandlerInfo.param[i].length = 0;
|
|
|
|
memset(mHandlerInfo.param[i].data, 0, VALUE_SIZE);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
bool
|
|
|
|
KeyStore::CheckSize(UnixSocketRawData *aMessage, size_t aExpectSize)
|
|
|
|
{
|
|
|
|
return (aMessage->mSize - aMessage->mCurrentWriteOffset >= aExpectSize) ?
|
|
|
|
true : false;
|
|
|
|
}
|
|
|
|
|
2014-05-15 08:12:40 +04:00
|
|
|
ResponseCode
|
2013-10-01 08:09:56 +04:00
|
|
|
KeyStore::ReadCommand(UnixSocketRawData *aMessage)
|
|
|
|
{
|
|
|
|
if (mHandlerInfo.state != STATE_IDLE) {
|
|
|
|
NS_WARNING("Wrong state in ReadCommand()!");
|
2014-05-15 08:12:40 +04:00
|
|
|
return SYSTEM_ERROR;
|
2013-10-01 08:09:56 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!CheckSize(aMessage, 1)) {
|
|
|
|
NS_WARNING("Data size error in ReadCommand()!");
|
2014-05-15 08:12:40 +04:00
|
|
|
return PROTOCOL_ERROR;
|
2013-10-01 08:09:56 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
mHandlerInfo.command = aMessage->mData[aMessage->mCurrentWriteOffset];
|
|
|
|
aMessage->mCurrentWriteOffset++;
|
|
|
|
|
|
|
|
// Find corrsponding command pattern
|
|
|
|
const struct ProtocolCommand *command = commands;
|
|
|
|
while (command->command && command->command != mHandlerInfo.command) {
|
|
|
|
command++;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!command->command) {
|
|
|
|
NS_WARNING("Unsupported command!");
|
2014-05-15 08:12:40 +04:00
|
|
|
return PROTOCOL_ERROR;
|
2013-10-01 08:09:56 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
// Get command pattern.
|
|
|
|
mHandlerInfo.commandPattern = command;
|
|
|
|
if (command->paramNum) {
|
|
|
|
// Read command parameter if needed.
|
|
|
|
mHandlerInfo.state = STATE_READ_PARAM_LEN;
|
|
|
|
} else {
|
|
|
|
mHandlerInfo.state = STATE_PROCESSING;
|
|
|
|
}
|
|
|
|
|
2014-05-15 08:12:40 +04:00
|
|
|
return SUCCESS;
|
2013-10-01 08:09:56 +04:00
|
|
|
}
|
|
|
|
|
2014-05-15 08:12:40 +04:00
|
|
|
ResponseCode
|
2013-10-01 08:09:56 +04:00
|
|
|
KeyStore::ReadLength(UnixSocketRawData *aMessage)
|
|
|
|
{
|
|
|
|
if (mHandlerInfo.state != STATE_READ_PARAM_LEN) {
|
|
|
|
NS_WARNING("Wrong state in ReadLength()!");
|
2014-05-15 08:12:40 +04:00
|
|
|
return SYSTEM_ERROR;
|
2013-10-01 08:09:56 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!CheckSize(aMessage, 2)) {
|
|
|
|
NS_WARNING("Data size error in ReadLength()!");
|
2014-05-15 08:12:40 +04:00
|
|
|
return PROTOCOL_ERROR;
|
2013-10-01 08:09:56 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
// Read length of command parameter.
|
|
|
|
unsigned short dataLength;
|
|
|
|
memcpy(&dataLength, &aMessage->mData[aMessage->mCurrentWriteOffset], 2);
|
|
|
|
aMessage->mCurrentWriteOffset += 2;
|
|
|
|
mHandlerInfo.param[mHandlerInfo.paramCount].length = ntohs(dataLength);
|
|
|
|
|
|
|
|
mHandlerInfo.state = STATE_READ_PARAM_DATA;
|
|
|
|
|
2014-05-15 08:12:40 +04:00
|
|
|
return SUCCESS;
|
2013-10-01 08:09:56 +04:00
|
|
|
}
|
|
|
|
|
2014-05-15 08:12:40 +04:00
|
|
|
ResponseCode
|
2013-10-01 08:09:56 +04:00
|
|
|
KeyStore::ReadData(UnixSocketRawData *aMessage)
|
|
|
|
{
|
|
|
|
if (mHandlerInfo.state != STATE_READ_PARAM_DATA) {
|
|
|
|
NS_WARNING("Wrong state in ReadData()!");
|
2014-05-15 08:12:40 +04:00
|
|
|
return SYSTEM_ERROR;
|
2013-10-01 08:09:56 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!CheckSize(aMessage, mHandlerInfo.param[mHandlerInfo.paramCount].length)) {
|
|
|
|
NS_WARNING("Data size error in ReadData()!");
|
2014-05-15 08:12:40 +04:00
|
|
|
return PROTOCOL_ERROR;
|
2013-10-01 08:09:56 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
// Read command parameter.
|
|
|
|
memcpy(mHandlerInfo.param[mHandlerInfo.paramCount].data,
|
|
|
|
&aMessage->mData[aMessage->mCurrentWriteOffset],
|
|
|
|
mHandlerInfo.param[mHandlerInfo.paramCount].length);
|
|
|
|
aMessage->mCurrentWriteOffset += mHandlerInfo.param[mHandlerInfo.paramCount].length;
|
|
|
|
mHandlerInfo.paramCount++;
|
|
|
|
|
|
|
|
if (mHandlerInfo.paramCount == mHandlerInfo.commandPattern->paramNum) {
|
|
|
|
mHandlerInfo.state = STATE_PROCESSING;
|
|
|
|
} else {
|
|
|
|
mHandlerInfo.state = STATE_READ_PARAM_LEN;
|
|
|
|
}
|
|
|
|
|
2014-05-15 08:12:40 +04:00
|
|
|
return SUCCESS;
|
2013-10-01 08:09:56 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
// Status response
|
|
|
|
void
|
|
|
|
KeyStore::SendResponse(ResponseCode aResponse)
|
|
|
|
{
|
|
|
|
if (aResponse == NO_RESPONSE)
|
|
|
|
return;
|
|
|
|
|
|
|
|
uint8_t response = (uint8_t)aResponse;
|
|
|
|
UnixSocketRawData* data = new UnixSocketRawData((const void *)&response, 1);
|
|
|
|
SendSocketData(data);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Data response
|
|
|
|
void
|
|
|
|
KeyStore::SendData(const uint8_t *aData, int aLength)
|
|
|
|
{
|
|
|
|
unsigned short dataLength = htons(aLength);
|
|
|
|
|
|
|
|
UnixSocketRawData* length = new UnixSocketRawData((const void *)&dataLength, 2);
|
|
|
|
SendSocketData(length);
|
|
|
|
|
|
|
|
UnixSocketRawData* data = new UnixSocketRawData((const void *)aData, aLength);
|
|
|
|
SendSocketData(data);
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
KeyStore::ReceiveSocketData(nsAutoPtr<UnixSocketRawData>& aMessage)
|
|
|
|
{
|
|
|
|
MOZ_ASSERT(NS_IsMainThread());
|
|
|
|
|
2014-05-15 08:12:40 +04:00
|
|
|
// Handle request.
|
|
|
|
ResponseCode result = SUCCESS;
|
2013-10-01 08:09:56 +04:00
|
|
|
while (aMessage->mCurrentWriteOffset < aMessage->mSize ||
|
|
|
|
mHandlerInfo.state == STATE_PROCESSING) {
|
|
|
|
switch (mHandlerInfo.state) {
|
|
|
|
case STATE_IDLE:
|
2014-05-15 08:12:40 +04:00
|
|
|
result = ReadCommand(aMessage);
|
2013-10-01 08:09:56 +04:00
|
|
|
break;
|
|
|
|
case STATE_READ_PARAM_LEN:
|
2014-05-15 08:12:40 +04:00
|
|
|
result = ReadLength(aMessage);
|
2013-10-01 08:09:56 +04:00
|
|
|
break;
|
|
|
|
case STATE_READ_PARAM_DATA:
|
2014-05-15 08:12:40 +04:00
|
|
|
result = ReadData(aMessage);
|
2013-10-01 08:09:56 +04:00
|
|
|
break;
|
|
|
|
case STATE_PROCESSING:
|
|
|
|
if (mHandlerInfo.command == 'g') {
|
|
|
|
// Get CA
|
|
|
|
const uint8_t *certData;
|
|
|
|
int certDataLength;
|
|
|
|
const char *certName = (const char *)mHandlerInfo.param[0].data;
|
|
|
|
|
2014-07-03 11:08:01 +04:00
|
|
|
result = getCertificate(certName, &certData, &certDataLength);
|
|
|
|
if (result != SUCCESS) {
|
2014-05-15 08:12:40 +04:00
|
|
|
break;
|
|
|
|
}
|
2013-10-01 08:09:56 +04:00
|
|
|
|
|
|
|
SendResponse(SUCCESS);
|
|
|
|
SendData(certData, certDataLength);
|
|
|
|
|
|
|
|
free((void *)certData);
|
|
|
|
}
|
|
|
|
|
|
|
|
ResetHandlerInfo();
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2014-05-15 08:12:40 +04:00
|
|
|
if (result != SUCCESS) {
|
|
|
|
SendResponse(result);
|
2013-10-01 08:09:56 +04:00
|
|
|
ResetHandlerInfo();
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
KeyStore::OnConnectSuccess()
|
|
|
|
{
|
|
|
|
mShutdown = false;
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
KeyStore::OnConnectError()
|
|
|
|
{
|
|
|
|
if (!mShutdown) {
|
|
|
|
Listen();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
KeyStore::OnDisconnect()
|
|
|
|
{
|
|
|
|
if (!mShutdown) {
|
|
|
|
Listen();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
} // namespace ipc
|
|
|
|
} // namespace mozilla
|