Use common typedef for binary data

[platform/core/security/ode.git] / server / key-server.cpp

/*
 *  Copyright (c) 2015-2017 Samsung Electronics Co., Ltd All Rights Reserved
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License
 */

#include <stdlib.h>

#include <string>
#include <algorithm>
#include <map>
#include <utility>

#include "key-server.h"
#include "file-footer.h"
#include "logger.h"
#include "misc.h"
#include "rmi/common.h"
#include "key-manager/encrypted-key.h"
#include "key-manager/key-generator.h"

#include <klay/exception.h>

namespace ode {

namespace {

const char *PRIVILEGE_PLATFORM = "http://tizen.org/privilege/internal/default/platform";

const std::map<int, size_t> KEY_SIZE = {
        { Key::DEFAULT_256BIT, 32 },
        { Key::DEFAULT_512BIT, 64 }
};

} // anonymous namespace

KeyServer::KeyServer(ServerContext& srv) :
        server(srv)
{
        server.expose(this, "",                                 (int)(KeyServer::isInitialized)(std::string));
        server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::init)(std::string, std::string, int));
        server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::remove)(std::string, std::string));
        server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::changePassword)(std::string, std::string, std::string));
        server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::verifyPassword)(std::string, std::string));
}

KeyServer::~KeyServer()
{
}

int KeyServer::isInitialized(const std::string& dev)
{
        if (dev.empty())
                return error::InvalidParameter;

        return FileFooter::exist(dev) ? error::None : error::NoSuchFile;
}

int KeyServer::init(const std::string& dev,
                                        const std::string& password,
                                        int params)
{
        BinaryData dummy;
        return initAndGet(dev, password, params, dummy);
}

int KeyServer::initAndGet(const std::string& dev,
                                                  const std::string& password,
                                                  int params,
                                                  BinaryData& masterKey)
{
        if (dev.empty() || password.empty() || KEY_SIZE.find(params) == KEY_SIZE.end())
                return error::InvalidParameter;

        masterKey = KeyGenerator::RNG(KEY_SIZE.at(params));

        EncryptedKey ek(masterKey, password);
        FileFooter::write(dev, ek.serialize());

        return error::None;
}

int KeyServer::remove(const std::string& dev, const std::string& password)
{
        int ret = verifyPassword(dev, password);
        if (ret != error::None) {
                if (ret == error::WrongPassword)
                        ERROR(SINK, "Wrong password passed.");
                return ret;
        }

        FileFooter::clear(dev);
        return error::None;
}

int KeyServer::changePassword(const std::string& dev,
                                                          const std::string& curPassword,
                                                          const std::string& newPassword)
{
        if (dev.empty() || curPassword.empty() || newPassword.empty())
                return error::InvalidParameter;

        if (!FileFooter::exist(dev)) {
                ERROR(SINK, "Given device has no master key");
                return error::NoSuchFile;
        }

        EncryptedKey ek(FileFooter::read(dev));

        auto key = ek.decrypt(curPassword);
        if (key.empty()) {
                ERROR(SINK, "Wrong password passed");
                return error::WrongPassword;
        }
        ek.encrypt(key, newPassword);

        FileFooter::write(dev, ek.serialize());
        return error::None;
}

int KeyServer::verifyPassword(const std::string& dev,
                                                          const std::string& password)
{
        if (dev.empty() || password.empty())
                return error::InvalidParameter;

        if (!FileFooter::exist(dev)) {
                ERROR(SINK, "Given device has no master key");
                return error::NoSuchFile;
        }

        EncryptedKey ek(FileFooter::read(dev));

        auto key = ek.decrypt(password);
        if (key.empty())
                return error::WrongPassword;

        return error::None;
}

int KeyServer::get(const std::string& dev,
                                   const std::string& password,
                                   BinaryData& masterKey) const
{
        if (dev.empty() || password.empty())
                return error::InvalidParameter;

        if (!FileFooter::exist(dev)) {
                ERROR(SINK, "Given device has no master key");
                return error::NoSuchFile;
        }

        EncryptedKey ek(FileFooter::read(dev));

        masterKey = ek.decrypt(password);
        if (masterKey.empty()) {
                ERROR(SINK, "Wrong password passed");
                return error::WrongPassword;
        }
        return error::None;
}

void KeyServer::removePassword(const std::string& dev)
{
        if (dev.empty())
                return;

        FileFooter::clear(dev);
}

} // namespace ode