server/key-server.cpp

   1 /*
   2  *  Copyright (c) 2015 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
   3  *
   4  *  Licensed under the Apache License, Version 2.0 (the "License");
   5  *  you may not use this file except in compliance with the License.
   6  *  You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  *  Unless required by applicable law or agreed to in writing, software
  11  *  distributed under the License is distributed on an "AS IS" BASIS,
  12  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  *  See the License for the specific language governing permissions and
  14  *  limitations under the License
  15  */
  16
  17 #include <stdlib.h>
  18
  19 #include <string>
  20 #include <algorithm>
  21 #include <map>
  22 #include <utility>
  23 #include <sstream>
  24 #include <iomanip>
  25
  26 #include "key-server.h"
  27 #include "file-footer.h"
  28 #include "logger.h"
  29 #include "misc.h"
  30 #include "rmi/common.h"
  31 #include "key-manager/encrypted-key.h"
  32 #include "key-manager/key-generator.h"
  33 #include "upgrade-support.h"
  34
  35 namespace ode {
  36
  37 namespace {
  38
  39 const char *PRIVILEGE_PLATFORM = "http://tizen.org/privilege/internal/default/platform";
  40
  41 const std::map<int, size_t> KEY_SIZE = {
  42         { Key::DEFAULT_256BIT, 32 },
  43         { Key::DEFAULT_512BIT, 64 }
  44 };
  45
  46 } // anonymous namespace
  47
  48 KeyServer::KeyServer(ServerContext& srv) :
  49         server(srv)
  50 {
  51         server.expose(this, "",                                 (int)(KeyServer::isInitialized)(std::string));
  52         server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::init)(std::string, std::string, int));
  53         server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::remove)(std::string, std::string));
  54         server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::changePassword)(std::string, std::string, std::string));
  55         server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::verifyPassword)(std::string, std::string));
  56         server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::storeMasterKey)(std::string, std::string));
  57         server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::removeMasterKey)(std::string));
  58 }
  59
  60 KeyServer::~KeyServer()
  61 {
  62 }
  63
  64 int KeyServer::isInitialized(const std::string& dev)
  65 {
  66         RequestLifetime rl(server);
  67
  68         if (dev.empty())
  69                 return error::InvalidParameter;
  70
  71         return FileFooter::exist(dev) ? error::None : error::NoSuchFile;
  72 }
  73
  74 int KeyServer::init(const std::string& dev,
  75                                         const std::string& password,
  76                                         int params)
  77 {
  78         RequestLifetime rl(server);
  79
  80         BinaryData dummy;
  81         return initAndGet(dev, password, params, dummy);
  82 }
  83
  84 int KeyServer::initAndGet(const std::string& dev,
  85                                                   const std::string& password,
  86                                                   int params,
  87                                                   BinaryData& masterKey)
  88 {
  89         if (dev.empty() || password.empty() || KEY_SIZE.find(params) == KEY_SIZE.end())
  90                 return error::InvalidParameter;
  91
  92         masterKey = KeyGenerator::RNG(KEY_SIZE.at(params));
  93
  94         EncryptedKey ek(masterKey, password);
  95
  96         std::lock_guard<std::mutex> lock(footerLock);
  97         FileFooter::write(dev, ek.serialize());
  98
  99         return error::None;
 100 }
 101
 102 int KeyServer::remove(const std::string& dev, const std::string& password)
 103 {
 104         RequestLifetime rl(server);
 105
 106         if (dev.empty() || password.empty())
 107                 return error::InvalidParameter;
 108
 109         std::lock_guard<std::mutex> lock(footerLock);
 110         BinaryData key;
 111         int ret = internalGet(dev, password, key);
 112         if (ret != error::None)
 113                 return ret;
 114
 115         FileFooter::clear(dev);
 116         return error::None;
 117 }
 118
 119 int KeyServer::changePassword(const std::string& dev,
 120                                                           const std::string& curPassword,
 121                                                           const std::string& newPassword)
 122 {
 123         RequestLifetime rl(server);
 124
 125         if (dev.empty() || curPassword.empty() || newPassword.empty())
 126                 return error::InvalidParameter;
 127
 128         std::lock_guard<std::mutex> lock(footerLock);
 129         if (!FileFooter::exist(dev)) {
 130                 ERROR(SINK, "Given device has no master key.");
 131                 return error::NoSuchFile;
 132         }
 133
 134         EncryptedKey ek(FileFooter::read(dev));
 135
 136         auto key = ek.decrypt(curPassword);
 137         if (key.empty()) {
 138                 ERROR(SINK, "Wrong password passed.");
 139                 return error::WrongPassword;
 140         }
 141
 142         ek.encrypt(key, newPassword);
 143
 144         FileFooter::write(dev, ek.serialize());
 145
 146         UpgradeSupport::removeUpgradeFlag();
 147
 148         return error::None;
 149 }
 150
 151 int KeyServer::changePassword2(const std::string& dev,
 152                                                            const BinaryData& masterKey,
 153                                                            const std::string& newPassword)
 154 {
 155         if (dev.empty() || masterKey.empty() || newPassword.empty())
 156                 return error::InvalidParameter;
 157
 158         std::lock_guard<std::mutex> lock(footerLock);
 159         EncryptedKey ek(masterKey, newPassword);
 160
 161         FileFooter::write(dev, ek.serialize());
 162         return error::None;
 163 }
 164
 165 int KeyServer::verifyPassword(const std::string& dev,
 166                                                           const std::string& password)
 167 {
 168         RequestLifetime rl(server);
 169
 170         if (dev.empty() || password.empty())
 171                 return error::InvalidParameter;
 172
 173         BinaryData dummy;
 174         std::lock_guard<std::mutex> lock(footerLock);
 175         return internalGet(dev, password, dummy);
 176 }
 177
 178 int KeyServer::get(const std::string& dev,
 179                                    const std::string& password,
 180                                    BinaryData& masterKey) const
 181 {
 182         if (dev.empty() || password.empty())
 183                 return error::InvalidParameter;
 184
 185         std::lock_guard<std::mutex> lock(footerLock);
 186         return internalGet(dev, password, masterKey);
 187 }
 188
 189 void KeyServer::removePassword(const std::string& dev)
 190 {
 191         if (dev.empty())
 192                 return;
 193
 194         std::lock_guard<std::mutex> lock(footerLock);
 195         FileFooter::clear(dev);
 196 }
 197
 198 int KeyServer::storeMasterKey(const std::string& dev,
 199                                                           const std::string& password)
 200 {
 201         RequestLifetime rl(server);
 202
 203         if (dev.empty() || password.empty())
 204                 return error::InvalidParameter;
 205
 206         std::unique_lock<std::mutex> lock(footerLock);
 207         BinaryData masterKey;
 208         int ret = internalGet(dev, password, masterKey);
 209         if (ret != error::None)
 210                 return ret;
 211
 212         lock.unlock();
 213
 214         try {
 215                 UpgradeSupport::storeMasterKey(dev, masterKey);
 216         } catch (const runtime::Exception& e) {
 217                 ERROR(SINK, e.what());
 218                 return error::Unknown;
 219         }
 220         return error::None;
 221 }
 222
 223 int KeyServer::removeMasterKey(const std::string& dev)
 224 {
 225         RequestLifetime rl(server);
 226
 227         if (dev.empty())
 228                 return error::InvalidParameter;
 229
 230         try {
 231                 UpgradeSupport::removeMasterKey(dev);
 232         } catch (const runtime::Exception& e) {
 233                 ERROR(SINK, e.what());
 234                 return error::Unknown;
 235         }
 236         return error::None;
 237 }
 238
 239 int KeyServer::internalGet(const std::string& dev,
 240                                                    const std::string& password,
 241                                                    BinaryData& key) const
 242 {
 243         if (!FileFooter::exist(dev)) {
 244                 ERROR(SINK, "Given device has no master key.");
 245                 return error::NoSuchFile;
 246         }
 247
 248         UpgradeSupport::removeUpgradeFlag();
 249
 250         EncryptedKey ek(FileFooter::read(dev));
 251
 252         key = ek.decrypt(password);
 253         if (key.empty()) {
 254                 ERROR(SINK, "Wrong password passed.");
 255                 return error::WrongPassword;
 256         }
 257         return error::None;
 258 }
 259
 260 } // namespace ode