server/key-server.cpp

   1 /*
   2  *  Copyright (c) 2015-2017 Samsung Electronics Co., Ltd All Rights Reserved
   3  *
   4  *  Licensed under the Apache License, Version 2.0 (the "License");
   5  *  you may not use this file except in compliance with the License.
   6  *  You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  *  Unless required by applicable law or agreed to in writing, software
  11  *  distributed under the License is distributed on an "AS IS" BASIS,
  12  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  *  See the License for the specific language governing permissions and
  14  *  limitations under the License
  15  */
  16
  17 #include <stdlib.h>
  18
  19 #include <string>
  20 #include <algorithm>
  21 #include <map>
  22 #include <utility>
  23 #include <sstream>
  24 #include <iomanip>
  25
  26 #include "key-server.h"
  27 #include "file-footer.h"
  28 #include "logger.h"
  29 #include "misc.h"
  30 #include "rmi/common.h"
  31 #include "key-manager/encrypted-key.h"
  32 #include "key-manager/key-generator.h"
  33 #include "upgrade-support.h"
  34
  35 namespace ode {
  36
  37 namespace {
  38
  39 const char *PRIVILEGE_PLATFORM = "http://tizen.org/privilege/internal/default/platform";
  40
  41 const std::map<int, size_t> KEY_SIZE = {
  42         { Key::DEFAULT_256BIT, 32 },
  43         { Key::DEFAULT_512BIT, 64 }
  44 };
  45
  46 } // anonymous namespace
  47
  48 KeyServer::KeyServer(ServerContext& srv) :
  49         server(srv)
  50 {
  51         server.expose(this, "",                                 (int)(KeyServer::isInitialized)(std::string));
  52         server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::init)(std::string, std::string, int));
  53         server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::remove)(std::string, std::string));
  54         server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::changePassword)(std::string, std::string, std::string));
  55         server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::verifyPassword)(std::string, std::string));
  56         server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::storeMasterKey)(std::string, std::string));
  57         server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::removeMasterKey)(std::string));
  58 }
  59
  60 KeyServer::~KeyServer()
  61 {
  62 }
  63
  64 int KeyServer::isInitialized(const std::string& dev)
  65 {
  66         if (dev.empty())
  67                 return error::InvalidParameter;
  68
  69         return FileFooter::exist(dev) ? error::None : error::NoSuchFile;
  70 }
  71
  72 int KeyServer::init(const std::string& dev,
  73                                         const std::string& password,
  74                                         int params)
  75 {
  76         BinaryData dummy;
  77         return initAndGet(dev, password, params, dummy);
  78 }
  79
  80 int KeyServer::initAndGet(const std::string& dev,
  81                                                   const std::string& password,
  82                                                   int params,
  83                                                   BinaryData& masterKey)
  84 {
  85         if (dev.empty() || password.empty() || KEY_SIZE.find(params) == KEY_SIZE.end())
  86                 return error::InvalidParameter;
  87
  88         masterKey = KeyGenerator::RNG(KEY_SIZE.at(params));
  89
  90         EncryptedKey ek(masterKey, password);
  91
  92         std::lock_guard<std::mutex> lock(footerLock);
  93         FileFooter::write(dev, ek.serialize());
  94
  95         return error::None;
  96 }
  97
  98 int KeyServer::remove(const std::string& dev, const std::string& password)
  99 {
 100         if (dev.empty() || password.empty())
 101                 return error::InvalidParameter;
 102
 103         std::lock_guard<std::mutex> lock(footerLock);
 104         BinaryData key;
 105         int ret = internalGet(dev, password, key);
 106         if (ret != error::None)
 107                 return ret;
 108
 109         FileFooter::clear(dev);
 110         return error::None;
 111 }
 112
 113 int KeyServer::changePassword(const std::string& dev,
 114                                                           const std::string& curPassword,
 115                                                           const std::string& newPassword)
 116 {
 117
 118         if (dev.empty() || curPassword.empty() || newPassword.empty())
 119                 return error::InvalidParameter;
 120
 121         std::lock_guard<std::mutex> lock(footerLock);
 122         if (!FileFooter::exist(dev)) {
 123                 ERROR(SINK, "Given device has no master key.");
 124                 return error::NoSuchFile;
 125         }
 126
 127         EncryptedKey ek(FileFooter::read(dev));
 128
 129         auto key = ek.decrypt(curPassword);
 130         if (key.empty()) {
 131                 ERROR(SINK, "Wrong password passed.");
 132                 return error::WrongPassword;
 133         }
 134
 135         ek.encrypt(key, newPassword);
 136
 137         FileFooter::write(dev, ek.serialize());
 138
 139         UpgradeSupport::removeUpgradeFlag();
 140
 141         return error::None;
 142 }
 143
 144 int KeyServer::changePassword2(const std::string& dev,
 145                                                            const BinaryData& masterKey,
 146                                                            const std::string& newPassword)
 147 {
 148         if (dev.empty() || masterKey.empty() || newPassword.empty())
 149                 return error::InvalidParameter;
 150
 151         std::lock_guard<std::mutex> lock(footerLock);
 152         EncryptedKey ek(masterKey, newPassword);
 153
 154         FileFooter::write(dev, ek.serialize());
 155         return error::None;
 156 }
 157
 158 int KeyServer::verifyPassword(const std::string& dev,
 159                                                           const std::string& password)
 160 {
 161         if (dev.empty() || password.empty())
 162                 return error::InvalidParameter;
 163
 164         BinaryData dummy;
 165         std::lock_guard<std::mutex> lock(footerLock);
 166         return internalGet(dev, password, dummy);
 167 }
 168
 169 int KeyServer::get(const std::string& dev,
 170                                    const std::string& password,
 171                                    BinaryData& masterKey) const
 172 {
 173         if (dev.empty() || password.empty())
 174                 return error::InvalidParameter;
 175
 176         std::lock_guard<std::mutex> lock(footerLock);
 177         return internalGet(dev, password, masterKey);
 178 }
 179
 180 void KeyServer::removePassword(const std::string& dev)
 181 {
 182         if (dev.empty())
 183                 return;
 184
 185         std::lock_guard<std::mutex> lock(footerLock);
 186         FileFooter::clear(dev);
 187 }
 188
 189 int KeyServer::storeMasterKey(const std::string& dev,
 190                                                           const std::string& password)
 191 {
 192         if (dev.empty() || password.empty())
 193                 return error::InvalidParameter;
 194
 195         std::unique_lock<std::mutex> lock(footerLock);
 196         BinaryData masterKey;
 197         int ret = internalGet(dev, password, masterKey);
 198         if (ret != error::None)
 199                 return ret;
 200
 201         lock.unlock();
 202
 203         try {
 204                 UpgradeSupport::storeMasterKey(dev, masterKey);
 205         } catch (const runtime::Exception& e) {
 206                 ERROR(SINK, e.what());
 207                 return error::Unknown;
 208         }
 209         return error::None;
 210 }
 211
 212 int KeyServer::removeMasterKey(const std::string& dev)
 213 {
 214         if (dev.empty())
 215                 return error::InvalidParameter;
 216
 217         try {
 218                 UpgradeSupport::removeMasterKey(dev);
 219         } catch (const runtime::Exception& e) {
 220                 ERROR(SINK, e.what());
 221                 return error::Unknown;
 222         }
 223         return error::None;
 224 }
 225
 226 int KeyServer::internalGet(const std::string& dev,
 227                                                    const std::string& password,
 228                                                    BinaryData& key) const
 229 {
 230         if (!FileFooter::exist(dev)) {
 231                 ERROR(SINK, "Given device has no master key.");
 232                 return error::NoSuchFile;
 233         }
 234
 235         UpgradeSupport::removeUpgradeFlag();
 236
 237         EncryptedKey ek(FileFooter::read(dev));
 238
 239         key = ek.decrypt(password);
 240         if (key.empty()) {
 241                 ERROR(SINK, "Wrong password passed.");
 242                 return error::WrongPassword;
 243         }
 244         return error::None;
 245 }
 246
 247 } // namespace ode