/*
- * Copyright (c) 2015-2017 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <string>
#include <algorithm>
#include <map>
+#include <utility>
+#include <sstream>
+#include <iomanip>
#include "key-server.h"
#include "file-footer.h"
#include "logger.h"
-#include "key-manager/key-manager.h"
#include "misc.h"
#include "rmi/common.h"
+#include "key-manager/encrypted-key.h"
+#include "key-manager/key-generator.h"
+#include "upgrade-support.h"
namespace ode {
server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::remove)(std::string, std::string));
server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::changePassword)(std::string, std::string, std::string));
server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::verifyPassword)(std::string, std::string));
+ server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::storeMasterKey)(std::string, std::string));
+ server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::removeMasterKey)(std::string));
}
KeyServer::~KeyServer()
int KeyServer::isInitialized(const std::string& dev)
{
+ RequestLifetime rl(server);
+
if (dev.empty())
return error::InvalidParameter;
const std::string& password,
int params)
{
+ RequestLifetime rl(server);
+
+ BinaryData dummy;
+ return initAndGet(dev, password, params, dummy);
+}
+
+int KeyServer::initAndGet(const std::string& dev,
+ const std::string& password,
+ int params,
+ BinaryData& masterKey)
+{
if (dev.empty() || password.empty() || KEY_SIZE.find(params) == KEY_SIZE.end())
return error::InvalidParameter;
- KeyManager::data pwData(password.begin(), password.end());
- KeyManager keyManager;
+ masterKey = KeyGenerator::RNG(KEY_SIZE.at(params));
- keyManager.initPassword(pwData, KEY_SIZE.at(params));
+ EncryptedKey ek(masterKey, password);
+
+ std::lock_guard<std::mutex> lock(footerLock);
+ FileFooter::write(dev, ek.serialize());
- FileFooter::write(dev, keyManager.serialize());
return error::None;
}
int KeyServer::remove(const std::string& dev, const std::string& password)
{
+ RequestLifetime rl(server);
+
if (dev.empty() || password.empty())
return error::InvalidParameter;
- KeyManager::data pwData(password.begin(), password.end());
- KeyManager keyManager(FileFooter::read(dev));
-
- if (!keyManager.verifyPassword(pwData)) {
- ERROR(SINK, "Wrong password passed.");
- return error::WrongPassword;
- }
+ std::lock_guard<std::mutex> lock(footerLock);
+ BinaryData key;
+ int ret = internalGet(dev, password, key);
+ if (ret != error::None)
+ return ret;
FileFooter::clear(dev);
return error::None;
const std::string& curPassword,
const std::string& newPassword)
{
+ RequestLifetime rl(server);
+
if (dev.empty() || curPassword.empty() || newPassword.empty())
return error::InvalidParameter;
- KeyManager::data curPwData(curPassword.begin(), curPassword.end());
- KeyManager::data newPwData(newPassword.begin(), newPassword.end());
- KeyManager keyManager(FileFooter::read(dev));
+ std::lock_guard<std::mutex> lock(footerLock);
+ if (!FileFooter::exist(dev)) {
+ ERROR(SINK, "Given device has no master key.");
+ return error::NoSuchFile;
+ }
+
+ EncryptedKey ek(FileFooter::read(dev));
- if (!keyManager.verifyPassword(curPwData)) {
+ auto key = ek.decrypt(curPassword);
+ if (key.empty()) {
ERROR(SINK, "Wrong password passed.");
return error::WrongPassword;
}
- keyManager.changePassword(curPwData, newPwData);
- FileFooter::write(dev, keyManager.serialize());
+ ek.encrypt(key, newPassword);
+
+ FileFooter::write(dev, ek.serialize());
+
+ UpgradeSupport::removeUpgradeFlag();
+
+ return error::None;
+}
+
+int KeyServer::changePassword2(const std::string& dev,
+ const BinaryData& masterKey,
+ const std::string& newPassword)
+{
+ if (dev.empty() || masterKey.empty() || newPassword.empty())
+ return error::InvalidParameter;
+
+ std::lock_guard<std::mutex> lock(footerLock);
+ EncryptedKey ek(masterKey, newPassword);
+
+ FileFooter::write(dev, ek.serialize());
return error::None;
}
int KeyServer::verifyPassword(const std::string& dev,
const std::string& password)
{
+ RequestLifetime rl(server);
+
+ if (dev.empty() || password.empty())
+ return error::InvalidParameter;
+
+ BinaryData dummy;
+ std::lock_guard<std::mutex> lock(footerLock);
+ return internalGet(dev, password, dummy);
+}
+
+int KeyServer::get(const std::string& dev,
+ const std::string& password,
+ BinaryData& masterKey) const
+{
+ if (dev.empty() || password.empty())
+ return error::InvalidParameter;
+
+ std::lock_guard<std::mutex> lock(footerLock);
+ return internalGet(dev, password, masterKey);
+}
+
+void KeyServer::removePassword(const std::string& dev)
+{
+ if (dev.empty())
+ return;
+
+ std::lock_guard<std::mutex> lock(footerLock);
+ FileFooter::clear(dev);
+}
+
+int KeyServer::storeMasterKey(const std::string& dev,
+ const std::string& password)
+{
+ RequestLifetime rl(server);
+
if (dev.empty() || password.empty())
return error::InvalidParameter;
- KeyManager::data pwData(password.begin(), password.end());
- KeyManager keyManager(FileFooter::read(dev));
+ std::unique_lock<std::mutex> lock(footerLock);
+ BinaryData masterKey;
+ int ret = internalGet(dev, password, masterKey);
+ if (ret != error::None)
+ return ret;
+
+ lock.unlock();
+
+ try {
+ UpgradeSupport::storeMasterKey(dev, masterKey);
+ } catch (const runtime::Exception& e) {
+ ERROR(SINK, e.what());
+ return error::Unknown;
+ }
+ return error::None;
+}
+
+int KeyServer::removeMasterKey(const std::string& dev)
+{
+ RequestLifetime rl(server);
+
+ if (dev.empty())
+ return error::InvalidParameter;
+
+ try {
+ UpgradeSupport::removeMasterKey(dev);
+ } catch (const runtime::Exception& e) {
+ ERROR(SINK, e.what());
+ return error::Unknown;
+ }
+ return error::None;
+}
- return keyManager.verifyPassword(pwData) ? error::None : error::WrongPassword;
+int KeyServer::internalGet(const std::string& dev,
+ const std::string& password,
+ BinaryData& key) const
+{
+ if (!FileFooter::exist(dev)) {
+ ERROR(SINK, "Given device has no master key.");
+ return error::NoSuchFile;
+ }
+
+ UpgradeSupport::removeUpgradeFlag();
+
+ EncryptedKey ek(FileFooter::read(dev));
+
+ key = ek.decrypt(password);
+ if (key.empty()) {
+ ERROR(SINK, "Wrong password passed.");
+ return error::WrongPassword;
+ }
+ return error::None;
}
} // namespace ode
projects / platform / core / security / ode.git / blobdiff