2 * Copyright (c) 2015-2017 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
24 #include "key-server.h"
25 #include "file-footer.h"
28 #include "rmi/common.h"
29 #include "key-manager/encrypted-key.h"
30 #include "key-manager/key-generator.h"
32 #include <klay/exception.h>
38 const char *PRIVILEGE_PLATFORM = "http://tizen.org/privilege/internal/default/platform";
40 const std::map<int, size_t> KEY_SIZE = {
41 { Key::DEFAULT_256BIT, 32 },
42 { Key::DEFAULT_512BIT, 64 }
45 } // anonymous namespace
47 KeyServer::KeyServer(ServerContext& srv) :
50 server.expose(this, "", (int)(KeyServer::isInitialized)(std::string));
51 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::init)(std::string, std::string, int));
52 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::remove)(std::string, std::string));
53 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::changePassword)(std::string, std::string, std::string));
54 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::verifyPassword)(std::string, std::string));
57 KeyServer::~KeyServer()
61 int KeyServer::isInitialized(const std::string& dev)
64 return error::InvalidParameter;
66 return FileFooter::exist(dev) ? error::None : error::NoSuchFile;
69 int KeyServer::init(const std::string& dev,
70 const std::string& password,
74 return initAndGet(dev, password, params, dummy);
77 int KeyServer::initAndGet(const std::string& dev,
78 const std::string& password,
80 BinaryData& masterKey)
82 if (dev.empty() || password.empty() || KEY_SIZE.find(params) == KEY_SIZE.end())
83 return error::InvalidParameter;
85 masterKey = KeyGenerator::RNG(KEY_SIZE.at(params));
87 EncryptedKey ek(masterKey, password);
88 FileFooter::write(dev, ek.serialize());
93 int KeyServer::remove(const std::string& dev, const std::string& password)
95 int ret = verifyPassword(dev, password);
96 if (ret != error::None) {
97 if (ret == error::WrongPassword)
98 ERROR(SINK, "Wrong password passed.");
102 FileFooter::clear(dev);
106 int KeyServer::changePassword(const std::string& dev,
107 const std::string& curPassword,
108 const std::string& newPassword)
110 if (dev.empty() || curPassword.empty() || newPassword.empty())
111 return error::InvalidParameter;
113 if (!FileFooter::exist(dev)) {
114 ERROR(SINK, "Given device has no master key");
115 return error::NoSuchFile;
118 EncryptedKey ek(FileFooter::read(dev));
120 auto key = ek.decrypt(curPassword);
122 ERROR(SINK, "Wrong password passed");
123 return error::WrongPassword;
125 ek.encrypt(key, newPassword);
127 FileFooter::write(dev, ek.serialize());
131 int KeyServer::verifyPassword(const std::string& dev,
132 const std::string& password)
134 if (dev.empty() || password.empty())
135 return error::InvalidParameter;
137 if (!FileFooter::exist(dev)) {
138 ERROR(SINK, "Given device has no master key");
139 return error::NoSuchFile;
142 EncryptedKey ek(FileFooter::read(dev));
144 auto key = ek.decrypt(password);
146 return error::WrongPassword;
151 int KeyServer::get(const std::string& dev,
152 const std::string& password,
153 BinaryData& masterKey) const
155 if (dev.empty() || password.empty())
156 return error::InvalidParameter;
158 if (!FileFooter::exist(dev)) {
159 ERROR(SINK, "Given device has no master key");
160 return error::NoSuchFile;
163 EncryptedKey ek(FileFooter::read(dev));
165 masterKey = ek.decrypt(password);
166 if (masterKey.empty()) {
167 ERROR(SINK, "Wrong password passed");
168 return error::WrongPassword;
173 void KeyServer::removePassword(const std::string& dev)
178 FileFooter::clear(dev);