2 * Copyright (c) 2015-2017 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
26 #include "key-server.h"
27 #include "file-footer.h"
30 #include "rmi/common.h"
31 #include "key-manager/encrypted-key.h"
32 #include "key-manager/key-generator.h"
33 #include "upgrade-support.h"
39 const char *PRIVILEGE_PLATFORM = "http://tizen.org/privilege/internal/default/platform";
41 const std::map<int, size_t> KEY_SIZE = {
42 { Key::DEFAULT_256BIT, 32 },
43 { Key::DEFAULT_512BIT, 64 }
46 } // anonymous namespace
48 KeyServer::KeyServer(ServerContext& srv) :
51 server.expose(this, "", (int)(KeyServer::isInitialized)(std::string));
52 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::init)(std::string, std::string, int));
53 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::remove)(std::string, std::string));
54 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::changePassword)(std::string, std::string, std::string));
55 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::verifyPassword)(std::string, std::string));
56 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::storeMasterKey)(std::string, std::string));
57 server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::removeMasterKey)(std::string));
60 KeyServer::~KeyServer()
64 int KeyServer::isInitialized(const std::string& dev)
67 return error::InvalidParameter;
69 return FileFooter::exist(dev) ? error::None : error::NoSuchFile;
72 int KeyServer::init(const std::string& dev,
73 const std::string& password,
77 return initAndGet(dev, password, params, dummy);
80 int KeyServer::initAndGet(const std::string& dev,
81 const std::string& password,
83 BinaryData& masterKey)
85 if (dev.empty() || password.empty() || KEY_SIZE.find(params) == KEY_SIZE.end())
86 return error::InvalidParameter;
88 masterKey = KeyGenerator::RNG(KEY_SIZE.at(params));
90 EncryptedKey ek(masterKey, password);
91 FileFooter::write(dev, ek.serialize());
96 int KeyServer::remove(const std::string& dev, const std::string& password)
98 int ret = verifyPassword(dev, password);
99 if (ret != error::None) {
100 if (ret == error::WrongPassword)
101 ERROR(SINK, "Wrong password passed.");
105 FileFooter::clear(dev);
109 int KeyServer::changePassword(const std::string& dev,
110 const std::string& curPassword,
111 const std::string& newPassword)
113 if (dev.empty() || curPassword.empty() || newPassword.empty())
114 return error::InvalidParameter;
116 if (!FileFooter::exist(dev)) {
117 ERROR(SINK, "Given device has no master key");
118 return error::NoSuchFile;
121 EncryptedKey ek(FileFooter::read(dev));
123 auto key = ek.decrypt(curPassword);
125 ERROR(SINK, "Wrong password passed");
126 return error::WrongPassword;
128 ek.encrypt(key, newPassword);
130 FileFooter::write(dev, ek.serialize());
134 int KeyServer::verifyPassword(const std::string& dev,
135 const std::string& password)
137 if (dev.empty() || password.empty())
138 return error::InvalidParameter;
140 if (!FileFooter::exist(dev)) {
141 ERROR(SINK, "Given device has no master key");
142 return error::NoSuchFile;
145 EncryptedKey ek(FileFooter::read(dev));
147 auto key = ek.decrypt(password);
149 return error::WrongPassword;
154 int KeyServer::get(const std::string& dev,
155 const std::string& password,
156 BinaryData& masterKey) const
158 if (dev.empty() || password.empty())
159 return error::InvalidParameter;
161 if (!FileFooter::exist(dev)) {
162 ERROR(SINK, "Given device has no master key");
163 return error::NoSuchFile;
166 EncryptedKey ek(FileFooter::read(dev));
168 masterKey = ek.decrypt(password);
169 if (masterKey.empty()) {
170 ERROR(SINK, "Wrong password passed");
171 return error::WrongPassword;
176 void KeyServer::removePassword(const std::string& dev)
181 FileFooter::clear(dev);
184 int KeyServer::storeMasterKey(const std::string& dev,
185 const std::string& password)
187 if (dev.empty() || password.empty())
188 return error::InvalidParameter;
190 if (!FileFooter::exist(dev)) {
191 ERROR(SINK, "Given device has no master key");
192 return error::NoSuchFile;
195 EncryptedKey ek(FileFooter::read(dev));
197 auto masterKey = ek.decrypt(password);
198 if (masterKey.empty()) {
199 ERROR(SINK, "Wrong password passed");
200 return error::WrongPassword;
204 UpgradeSupport::storeMasterKey(dev, masterKey);
205 } catch (const runtime::Exception& e) {
206 ERROR(SINK, e.what());
207 return error::Unknown;
212 int KeyServer::removeMasterKey(const std::string& dev)
215 return error::InvalidParameter;
218 UpgradeSupport::removeMasterKey(dev);
219 } catch (const runtime::Exception& e) {
220 ERROR(SINK, e.what());
221 return error::Unknown;