Add checking return value

[platform/core/security/ode.git] / server / key-server.cpp

diff --git a/server/key-server.cpp b/server/key-server.cpp
index a0b00dd..2e6d55c 100644 (file)
--- a/server/key-server.cpp
+++ b/server/key-server.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2015-2017 Samsung Electronics Co., Ltd All Rights Reserved
+ *  Copyright (c) 2015 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
@@ -63,6 +63,8 @@ KeyServer::~KeyServer()
 
 int KeyServer::isInitialized(const std::string& dev)
 {
+       RequestLifetime rl(server);
+
        if (dev.empty())
                return error::InvalidParameter;
 
@@ -73,6 +75,8 @@ int KeyServer::init(const std::string& dev,
                                        const std::string& password,
                                        int params)
 {
+       RequestLifetime rl(server);
+
        BinaryData dummy;
        return initAndGet(dev, password, params, dummy);
 }
@@ -88,6 +92,8 @@ int KeyServer::initAndGet(const std::string& dev,
        masterKey = KeyGenerator::RNG(KEY_SIZE.at(params));
 
        EncryptedKey ek(masterKey, password);
+
+       std::lock_guard<std::mutex> lock(footerLock);
        FileFooter::write(dev, ek.serialize());
 
        return error::None;
@@ -95,12 +101,16 @@ int KeyServer::initAndGet(const std::string& dev,
 
 int KeyServer::remove(const std::string& dev, const std::string& password)
 {
-       int ret = verifyPassword(dev, password);
-       if (ret != error::None) {
-               if (ret == error::WrongPassword)
-                       ERROR(SINK, "Wrong password passed.");
+       RequestLifetime rl(server);
+
+       if (dev.empty() || password.empty())
+               return error::InvalidParameter;
+
+       std::lock_guard<std::mutex> lock(footerLock);
+       BinaryData key;
+       int ret = internalGet(dev, password, key);
+       if (ret != error::None)
                return ret;
-       }
 
        FileFooter::clear(dev);
        return error::None;
@@ -110,11 +120,14 @@ int KeyServer::changePassword(const std::string& dev,
                                                          const std::string& curPassword,
                                                          const std::string& newPassword)
 {
+       RequestLifetime rl(server);
+
        if (dev.empty() || curPassword.empty() || newPassword.empty())
                return error::InvalidParameter;
 
+       std::lock_guard<std::mutex> lock(footerLock);
        if (!FileFooter::exist(dev)) {
-               ERROR(SINK, "Given device has no master key");
+               ERROR(SINK, "Given device has no master key.");
                return error::NoSuchFile;
        }
 
@@ -122,33 +135,44 @@ int KeyServer::changePassword(const std::string& dev,
 
        auto key = ek.decrypt(curPassword);
        if (key.empty()) {
-               ERROR(SINK, "Wrong password passed");
+               ERROR(SINK, "Wrong password passed.");
                return error::WrongPassword;
        }
+
        ek.encrypt(key, newPassword);
 
        FileFooter::write(dev, ek.serialize());
+
+       UpgradeSupport::removeUpgradeFlag();
+
        return error::None;
 }
 
-int KeyServer::verifyPassword(const std::string& dev,
-                                                         const std::string& password)
+int KeyServer::changePassword2(const std::string& dev,
+                                                          const BinaryData& masterKey,
+                                                          const std::string& newPassword)
 {
-       if (dev.empty() || password.empty())
+       if (dev.empty() || masterKey.empty() || newPassword.empty())
                return error::InvalidParameter;
 
-       if (!FileFooter::exist(dev)) {
-               ERROR(SINK, "Given device has no master key");
-               return error::NoSuchFile;
-       }
+       std::lock_guard<std::mutex> lock(footerLock);
+       EncryptedKey ek(masterKey, newPassword);
 
-       EncryptedKey ek(FileFooter::read(dev));
+       FileFooter::write(dev, ek.serialize());
+       return error::None;
+}
 
-       auto key = ek.decrypt(password);
-       if (key.empty())
-               return error::WrongPassword;
+int KeyServer::verifyPassword(const std::string& dev,
+                                                         const std::string& password)
+{
+       RequestLifetime rl(server);
 
-       return error::None;
+       if (dev.empty() || password.empty())
+               return error::InvalidParameter;
+
+       BinaryData dummy;
+       std::lock_guard<std::mutex> lock(footerLock);
+       return internalGet(dev, password, dummy);
 }
 
 int KeyServer::get(const std::string& dev,
@@ -158,19 +182,8 @@ int KeyServer::get(const std::string& dev,
        if (dev.empty() || password.empty())
                return error::InvalidParameter;
 
-       if (!FileFooter::exist(dev)) {
-               ERROR(SINK, "Given device has no master key");
-               return error::NoSuchFile;
-       }
-
-       EncryptedKey ek(FileFooter::read(dev));
-
-       masterKey = ek.decrypt(password);
-       if (masterKey.empty()) {
-               ERROR(SINK, "Wrong password passed");
-               return error::WrongPassword;
-       }
-       return error::None;
+       std::lock_guard<std::mutex> lock(footerLock);
+       return internalGet(dev, password, masterKey);
 }
 
 void KeyServer::removePassword(const std::string& dev)
@@ -178,27 +191,25 @@ void KeyServer::removePassword(const std::string& dev)
        if (dev.empty())
                return;
 
+       std::lock_guard<std::mutex> lock(footerLock);
        FileFooter::clear(dev);
 }
 
 int KeyServer::storeMasterKey(const std::string& dev,
                                                          const std::string& password)
 {
+       RequestLifetime rl(server);
+
        if (dev.empty() || password.empty())
                return error::InvalidParameter;
 
-       if (!FileFooter::exist(dev)) {
-               ERROR(SINK, "Given device has no master key");
-               return error::NoSuchFile;
-       }
-
-       EncryptedKey ek(FileFooter::read(dev));
+       std::unique_lock<std::mutex> lock(footerLock);
+       BinaryData masterKey;
+       int ret = internalGet(dev, password, masterKey);
+       if (ret != error::None)
+               return ret;
 
-       auto masterKey = ek.decrypt(password);
-       if (masterKey.empty()) {
-               ERROR(SINK, "Wrong password passed");
-               return error::WrongPassword;
-       }
+       lock.unlock();
 
        try {
                UpgradeSupport::storeMasterKey(dev, masterKey);
@@ -211,6 +222,8 @@ int KeyServer::storeMasterKey(const std::string& dev,
 
 int KeyServer::removeMasterKey(const std::string& dev)
 {
+       RequestLifetime rl(server);
+
        if (dev.empty())
                return error::InvalidParameter;
 
@@ -223,4 +236,25 @@ int KeyServer::removeMasterKey(const std::string& dev)
        return error::None;
 }
 
+int KeyServer::internalGet(const std::string& dev,
+                                                  const std::string& password,
+                                                  BinaryData& key) const
+{
+       if (!FileFooter::exist(dev)) {
+               ERROR(SINK, "Given device has no master key.");
+               return error::NoSuchFile;
+       }
+
+       UpgradeSupport::removeUpgradeFlag();
+
+       EncryptedKey ek(FileFooter::read(dev));
+
+       key = ek.decrypt(password);
+       if (key.empty()) {
+               ERROR(SINK, "Wrong password passed.");
+               return error::WrongPassword;
+       }
+       return error::None;
+}
+
 } // namespace ode