2 * Copyright (c) 2015-2017 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
26 #include "key-server.h"
27 #include "file-footer.h"
30 #include "rmi/common.h"
31 #include "key-manager/encrypted-key.h"
32 #include "key-manager/key-generator.h"
33 #include "upgrade-support.h"
39 const char *PRIVILEGE_PLATFORM = "http://tizen.org/privilege/internal/default/platform";
41 const std::map<int, size_t> KEY_SIZE = {
42 { Key::DEFAULT_256BIT, 32 },
43 { Key::DEFAULT_512BIT, 64 }
46 } // anonymous namespace
48 KeyServer::KeyServer(ServerContext& srv) :
51 server.expose(this, "", (int)(KeyServer::isInitialized)(std::string));
52 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::init)(std::string, std::string, int));
53 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::remove)(std::string, std::string));
54 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::changePassword)(std::string, std::string, std::string));
55 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::verifyPassword)(std::string, std::string));
56 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::storeMasterKey)(std::string, std::string));
57 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::removeMasterKey)(std::string));
60 KeyServer::~KeyServer()
64 int KeyServer::isInitialized(const std::string& dev)
67 return error::InvalidParameter;
69 return FileFooter::exist(dev) ? error::None : error::NoSuchFile;
72 int KeyServer::init(const std::string& dev,
73 const std::string& password,
77 return initAndGet(dev, password, params, dummy);
80 int KeyServer::initAndGet(const std::string& dev,
81 const std::string& password,
83 BinaryData& masterKey)
85 if (dev.empty() || password.empty() || KEY_SIZE.find(params) == KEY_SIZE.end())
86 return error::InvalidParameter;
88 masterKey = KeyGenerator::RNG(KEY_SIZE.at(params));
90 EncryptedKey ek(masterKey, password);
92 std::lock_guard<std::mutex> lock(footerLock);
93 FileFooter::write(dev, ek.serialize());
98 int KeyServer::remove(const std::string& dev, const std::string& password)
100 if (dev.empty() || password.empty())
101 return error::InvalidParameter;
103 std::lock_guard<std::mutex> lock(footerLock);
105 int ret = internalGet(dev, password, key);
106 if (ret != error::None)
109 FileFooter::clear(dev);
113 int KeyServer::changePassword(const std::string& dev,
114 const std::string& curPassword,
115 const std::string& newPassword)
118 if (dev.empty() || curPassword.empty() || newPassword.empty())
119 return error::InvalidParameter;
121 std::lock_guard<std::mutex> lock(footerLock);
122 if (!FileFooter::exist(dev)) {
123 ERROR(SINK, "Given device has no master key.");
124 return error::NoSuchFile;
127 EncryptedKey ek(FileFooter::read(dev));
129 auto key = ek.decrypt(curPassword);
131 ERROR(SINK, "Wrong password passed.");
132 return error::WrongPassword;
135 ek.encrypt(key, newPassword);
137 FileFooter::write(dev, ek.serialize());
139 UpgradeSupport::removeUpgradeFlag();
144 int KeyServer::changePassword2(const std::string& dev,
145 const BinaryData& masterKey,
146 const std::string& newPassword)
148 if (dev.empty() || masterKey.empty() || newPassword.empty())
149 return error::InvalidParameter;
151 std::lock_guard<std::mutex> lock(footerLock);
152 EncryptedKey ek(masterKey, newPassword);
154 FileFooter::write(dev, ek.serialize());
158 int KeyServer::verifyPassword(const std::string& dev,
159 const std::string& password)
161 if (dev.empty() || password.empty())
162 return error::InvalidParameter;
165 std::lock_guard<std::mutex> lock(footerLock);
166 return internalGet(dev, password, dummy);
169 int KeyServer::get(const std::string& dev,
170 const std::string& password,
171 BinaryData& masterKey) const
173 if (dev.empty() || password.empty())
174 return error::InvalidParameter;
176 std::lock_guard<std::mutex> lock(footerLock);
177 return internalGet(dev, password, masterKey);
180 void KeyServer::removePassword(const std::string& dev)
185 std::lock_guard<std::mutex> lock(footerLock);
186 FileFooter::clear(dev);
189 int KeyServer::storeMasterKey(const std::string& dev,
190 const std::string& password)
192 if (dev.empty() || password.empty())
193 return error::InvalidParameter;
195 std::unique_lock<std::mutex> lock(footerLock);
196 BinaryData masterKey;
197 int ret = internalGet(dev, password, masterKey);
198 if (ret != error::None)
204 UpgradeSupport::storeMasterKey(dev, masterKey);
205 } catch (const runtime::Exception& e) {
206 ERROR(SINK, e.what());
207 return error::Unknown;
212 int KeyServer::removeMasterKey(const std::string& dev)
215 return error::InvalidParameter;
218 UpgradeSupport::removeMasterKey(dev);
219 } catch (const runtime::Exception& e) {
220 ERROR(SINK, e.what());
221 return error::Unknown;
226 int KeyServer::internalGet(const std::string& dev,
227 const std::string& password,
228 BinaryData& key) const
230 if (!FileFooter::exist(dev)) {
231 ERROR(SINK, "Given device has no master key.");
232 return error::NoSuchFile;
235 UpgradeSupport::removeUpgradeFlag();
237 EncryptedKey ek(FileFooter::read(dev));
239 key = ek.decrypt(password);
241 ERROR(SINK, "Wrong password passed.");
242 return error::WrongPassword;