2 * Copyright (c) 2015 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
26 #include "key-server.h"
27 #include "file-footer.h"
30 #include "rmi/common.h"
31 #include "key-manager/encrypted-key.h"
32 #include "key-manager/key-generator.h"
33 #include "upgrade-support.h"
39 const char *PRIVILEGE_PLATFORM = "http://tizen.org/privilege/internal/default/platform";
41 const std::map<int, size_t> KEY_SIZE = {
42 { Key::DEFAULT_256BIT, 32 },
43 { Key::DEFAULT_512BIT, 64 }
46 } // anonymous namespace
48 KeyServer::KeyServer(ServerContext& srv) :
51 server.expose(this, "", (int)(KeyServer::isInitialized)(std::string));
52 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::init)(std::string, std::string, int));
53 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::remove)(std::string, std::string));
54 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::changePassword)(std::string, std::string, std::string));
55 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::verifyPassword)(std::string, std::string));
56 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::storeMasterKey)(std::string, std::string));
57 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::removeMasterKey)(std::string));
60 KeyServer::~KeyServer()
64 int KeyServer::isInitialized(const std::string& dev)
66 RequestLifetime rl(server);
69 return error::InvalidParameter;
71 return FileFooter::exist(dev) ? error::None : error::NoSuchFile;
74 int KeyServer::init(const std::string& dev,
75 const std::string& password,
78 RequestLifetime rl(server);
81 return initAndGet(dev, password, params, dummy);
84 int KeyServer::initAndGet(const std::string& dev,
85 const std::string& password,
87 BinaryData& masterKey)
89 if (dev.empty() || password.empty() || KEY_SIZE.find(params) == KEY_SIZE.end())
90 return error::InvalidParameter;
92 masterKey = KeyGenerator::RNG(KEY_SIZE.at(params));
94 EncryptedKey ek(masterKey, password);
96 std::lock_guard<std::mutex> lock(footerLock);
97 FileFooter::write(dev, ek.serialize());
102 int KeyServer::remove(const std::string& dev, const std::string& password)
104 RequestLifetime rl(server);
106 if (dev.empty() || password.empty())
107 return error::InvalidParameter;
109 std::lock_guard<std::mutex> lock(footerLock);
111 int ret = internalGet(dev, password, key);
112 if (ret != error::None)
115 FileFooter::clear(dev);
119 int KeyServer::changePassword(const std::string& dev,
120 const std::string& curPassword,
121 const std::string& newPassword)
123 RequestLifetime rl(server);
125 if (dev.empty() || curPassword.empty() || newPassword.empty())
126 return error::InvalidParameter;
128 std::lock_guard<std::mutex> lock(footerLock);
129 if (!FileFooter::exist(dev)) {
130 ERROR(SINK, "Given device has no master key.");
131 return error::NoSuchFile;
134 EncryptedKey ek(FileFooter::read(dev));
136 auto key = ek.decrypt(curPassword);
138 ERROR(SINK, "Wrong password passed.");
139 return error::WrongPassword;
142 ek.encrypt(key, newPassword);
144 FileFooter::write(dev, ek.serialize());
146 UpgradeSupport::removeUpgradeFlag();
151 int KeyServer::changePassword2(const std::string& dev,
152 const BinaryData& masterKey,
153 const std::string& newPassword)
155 if (dev.empty() || masterKey.empty() || newPassword.empty())
156 return error::InvalidParameter;
158 std::lock_guard<std::mutex> lock(footerLock);
159 EncryptedKey ek(masterKey, newPassword);
161 FileFooter::write(dev, ek.serialize());
165 int KeyServer::verifyPassword(const std::string& dev,
166 const std::string& password)
168 RequestLifetime rl(server);
170 if (dev.empty() || password.empty())
171 return error::InvalidParameter;
174 std::lock_guard<std::mutex> lock(footerLock);
175 return internalGet(dev, password, dummy);
178 int KeyServer::get(const std::string& dev,
179 const std::string& password,
180 BinaryData& masterKey) const
182 if (dev.empty() || password.empty())
183 return error::InvalidParameter;
185 std::lock_guard<std::mutex> lock(footerLock);
186 return internalGet(dev, password, masterKey);
189 void KeyServer::removePassword(const std::string& dev)
194 std::lock_guard<std::mutex> lock(footerLock);
195 FileFooter::clear(dev);
198 int KeyServer::storeMasterKey(const std::string& dev,
199 const std::string& password)
201 RequestLifetime rl(server);
203 if (dev.empty() || password.empty())
204 return error::InvalidParameter;
206 std::unique_lock<std::mutex> lock(footerLock);
207 BinaryData masterKey;
208 int ret = internalGet(dev, password, masterKey);
209 if (ret != error::None)
215 UpgradeSupport::storeMasterKey(dev, masterKey);
216 } catch (const runtime::Exception& e) {
217 ERROR(SINK, e.what());
218 return error::Unknown;
223 int KeyServer::removeMasterKey(const std::string& dev)
225 RequestLifetime rl(server);
228 return error::InvalidParameter;
231 UpgradeSupport::removeMasterKey(dev);
232 } catch (const runtime::Exception& e) {
233 ERROR(SINK, e.what());
234 return error::Unknown;
239 int KeyServer::internalGet(const std::string& dev,
240 const std::string& password,
241 BinaryData& key) const
243 if (!FileFooter::exist(dev)) {
244 ERROR(SINK, "Given device has no master key.");
245 return error::NoSuchFile;
248 UpgradeSupport::removeUpgradeFlag();
250 EncryptedKey ek(FileFooter::read(dev));
252 key = ek.decrypt(password);
254 ERROR(SINK, "Wrong password passed.");
255 return error::WrongPassword;