2 * Copyright (c) 2015-2017 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
26 #include "key-server.h"
27 #include "file-footer.h"
30 #include "rmi/common.h"
31 #include "key-manager/encrypted-key.h"
32 #include "key-manager/key-generator.h"
33 #include "upgrade-support.h"
39 const char *PRIVILEGE_PLATFORM = "http://tizen.org/privilege/internal/default/platform";
41 const std::map<int, size_t> KEY_SIZE = {
42 { Key::DEFAULT_256BIT, 32 },
43 { Key::DEFAULT_512BIT, 64 }
46 } // anonymous namespace
48 KeyServer::KeyServer(ServerContext& srv) :
51 server.expose(this, "", (int)(KeyServer::isInitialized)(std::string));
52 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::init)(std::string, std::string, int));
53 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::remove)(std::string, std::string));
54 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::changePassword)(std::string, std::string, std::string));
55 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::verifyPassword)(std::string, std::string));
56 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::storeMasterKey)(std::string, std::string));
57 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::removeMasterKey)(std::string));
60 KeyServer::~KeyServer()
64 int KeyServer::isInitialized(const std::string& dev)
67 return error::InvalidParameter;
69 return FileFooter::exist(dev) ? error::None : error::NoSuchFile;
72 int KeyServer::init(const std::string& dev,
73 const std::string& password,
77 return initAndGet(dev, password, params, dummy);
80 int KeyServer::initAndGet(const std::string& dev,
81 const std::string& password,
83 BinaryData& masterKey)
85 if (dev.empty() || password.empty() || KEY_SIZE.find(params) == KEY_SIZE.end())
86 return error::InvalidParameter;
88 masterKey = KeyGenerator::RNG(KEY_SIZE.at(params));
90 EncryptedKey ek(masterKey, password);
92 std::lock_guard<std::mutex> lock(footerLock);
93 FileFooter::write(dev, ek.serialize());
98 int KeyServer::remove(const std::string& dev, const std::string& password)
100 if (dev.empty() || password.empty())
101 return error::InvalidParameter;
103 std::lock_guard<std::mutex> lock(footerLock);
105 int ret = internalGet(dev, password, key);
106 if (ret != error::None)
109 FileFooter::clear(dev);
113 int KeyServer::changePassword(const std::string& dev,
114 const std::string& curPassword,
115 const std::string& newPassword)
117 if (dev.empty() || curPassword.empty() || newPassword.empty())
118 return error::InvalidParameter;
120 std::lock_guard<std::mutex> lock(footerLock);
121 if (!FileFooter::exist(dev)) {
122 ERROR(SINK, "Given device has no master key.");
123 return error::NoSuchFile;
126 EncryptedKey ek(FileFooter::read(dev));
128 auto key = ek.decrypt(curPassword);
130 ERROR(SINK, "Wrong password passed.");
131 return error::WrongPassword;
134 ek.encrypt(key, newPassword);
136 FileFooter::write(dev, ek.serialize());
140 int KeyServer::verifyPassword(const std::string& dev,
141 const std::string& password)
143 if (dev.empty() || password.empty())
144 return error::InvalidParameter;
147 std::lock_guard<std::mutex> lock(footerLock);
148 return internalGet(dev, password, dummy);
151 int KeyServer::get(const std::string& dev,
152 const std::string& password,
153 BinaryData& masterKey) const
155 if (dev.empty() || password.empty())
156 return error::InvalidParameter;
158 std::lock_guard<std::mutex> lock(footerLock);
159 return internalGet(dev, password, masterKey);
162 void KeyServer::removePassword(const std::string& dev)
167 std::lock_guard<std::mutex> lock(footerLock);
168 FileFooter::clear(dev);
171 int KeyServer::storeMasterKey(const std::string& dev,
172 const std::string& password)
174 if (dev.empty() || password.empty())
175 return error::InvalidParameter;
177 std::unique_lock<std::mutex> lock(footerLock);
178 BinaryData masterKey;
179 int ret = internalGet(dev, password, masterKey);
180 if (ret != error::None)
186 UpgradeSupport::storeMasterKey(dev, masterKey);
187 } catch (const runtime::Exception& e) {
188 ERROR(SINK, e.what());
189 return error::Unknown;
194 int KeyServer::removeMasterKey(const std::string& dev)
197 return error::InvalidParameter;
200 UpgradeSupport::removeMasterKey(dev);
201 } catch (const runtime::Exception& e) {
202 ERROR(SINK, e.what());
203 return error::Unknown;
208 int KeyServer::internalGet(const std::string& dev,
209 const std::string& password,
210 BinaryData& key) const
212 if (!FileFooter::exist(dev)) {
213 ERROR(SINK, "Given device has no master key.");
214 return error::NoSuchFile;
217 EncryptedKey ek(FileFooter::read(dev));
219 key = ek.decrypt(password);
221 ERROR(SINK, "Wrong password passed.");
222 return error::WrongPassword;