}
}
+int KeyClient::storeMasterKey(const std::string& device,
+ const std::string& password)
+{
+ try {
+ return context->methodCall<int>("KeyServer::storeMasterKey",
+ device,
+ password);
+ } catch (runtime::Exception& e) {
+ return error::Unknown;
+ }
+}
+
+int KeyClient::removeMasterKey(const std::string& device)
+{
+ try {
+ return context->methodCall<int>("KeyServer::removeMasterKey",
+ device);
+ } catch (runtime::Exception& e) {
+ return error::Unknown;
+ }
+}
+
} // namespace ode
const std::string& curPW,
const std::string& newPW);
int verifyPassword(const std::string& dev, const std::string& password);
-
+ int storeMasterKey(const std::string& dev, const std::string& password);
+ int removeMasterKey(const std::string& dev);
private:
RmiClientPtr& context;
};
return ODE_ERROR_NONE;
}
+
+int ode_key_store_master_key(const char* device, const char* password)
+{
+ RET_ON_FAILURE(device, ODE_ERROR_INVALID_PARAMETER);
+ RET_ON_FAILURE(password, ODE_ERROR_INVALID_PARAMETER);
+
+ ClientContext client;
+ RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED);
+ KeyClient key = client.createInterface<KeyClient>();
+ return toApiError(key.storeMasterKey(device, password));
+}
+
+int ode_key_remove_master_key(const char* device)
+{
+ RET_ON_FAILURE(device, ODE_ERROR_INVALID_PARAMETER);
+
+ ClientContext client;
+ RET_ON_FAILURE(client.connect() == 0, ODE_ERROR_CONNECTION_REFUSED);
+ KeyClient key = client.createInterface<KeyClient>();
+ return toApiError(key.removeMasterKey(device));
+}
const char* password,
bool* result);
+/**
+ * @brief Stores the master encryption key
+ *
+ * @details This API can be used to store the @a device key for the purpose
+ * of system upgrade. It will decrypt the key using @a password and
+ * pass it to a key storage plugin. Storing the key will overwrite
+ * a key stored previously for given device.The actual method for
+ * storing the key depends on the plugin. This API requires that at
+ * least one such plugin exists. During system upgrade the key will
+ * be retrieved using this plugin. After the system upgrade is
+ * finished the key should be removed using
+ * ode_key_remove_master_key().
+ *
+ * @since_tizen 4.0
+ *
+ * @param[in] device The device for which the key should be stored
+ * @param[in] password The current password the key is secured with
+ *
+ * @return #ODE_ERROR_NONE on success, otherwise a negative value
+ * @retval #ODE_ERROR_NONE Successful
+ * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter
+ * @retval #ODE_ERROR_KEY_REJECTED Password doesn't match
+ * @retval #ODE_ERROR_NO_SUCH_FILE No key exists for given @a device
+ * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have
+ * the privilege to call this API
+ * @retval #ODE_ERROR_CONNECTION_REFUSED Connection to the server failed
+ * @retval #ODE_ERROR_UNKNOWN Unknown error
+ *
+ * @see ode_key_remove_master_key()
+ */
+ODE_API int ode_key_store_master_key(const char* device, const char* password);
+
+/**
+ * @brief Removes the master encryption key
+ *
+ * @details This API can be used to remove the @a device key that was stored
+ * earlier using ode_key_store_master_key(). It should be used when
+ * system upgrade is finished and the key is no longer necessary.
+ * Removing a non-existing key will succeed. This API requires that
+ * at least one plugin supporting key storage is present.
+ *
+ * @since_tizen 4.0
+ *
+ * @param[in] device The device for which the key should be removed
+ *
+ * @return #ODE_ERROR_NONE on success, otherwise a negative value
+ * @retval #ODE_ERROR_NONE Successful
+ * @retval #ODE_ERROR_INVALID_PARAMETER Invalid parameter
+ * @retval #ODE_ERROR_PERMISSION_DENIED The application does not have
+ * the privilege to call this API
+ * @retval #ODE_ERROR_CONNECTION_REFUSED Connection to the server failed
+ * @retval #ODE_ERROR_UNKNOWN Unknown error
+ *
+ * @see ode_key_remove_master_key()
+ */
+ODE_API int ode_key_remove_master_key(const char* device);
+
/*
* @}
*/
const std::string& newPW) = 0;
virtual int verifyPassword(const std::string& dev,
const std::string& password) = 0;
+ virtual int storeMasterKey(const std::string& dev,
+ const std::string& password) = 0;
+ virtual int removeMasterKey(const std::string& dev) = 0;
};
} // namespace ode
#include <algorithm>
#include <map>
#include <utility>
+#include <sstream>
+#include <iomanip>
#include "key-server.h"
#include "file-footer.h"
#include "rmi/common.h"
#include "key-manager/encrypted-key.h"
#include "key-manager/key-generator.h"
-
-#include <klay/exception.h>
+#include "upgrade-support.h"
namespace ode {
server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::remove)(std::string, std::string));
server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::changePassword)(std::string, std::string, std::string));
server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::verifyPassword)(std::string, std::string));
+ server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::storeMasterKey)(std::string, std::string));
+ server.expose(this, PRIVILEGE_PLATFORM, (int)(KeyServer::removeMasterKey)(std::string));
}
KeyServer::~KeyServer()
FileFooter::clear(dev);
}
+int KeyServer::storeMasterKey(const std::string& dev,
+ const std::string& password)
+{
+ if (dev.empty() || password.empty())
+ return error::InvalidParameter;
+
+ if (!FileFooter::exist(dev)) {
+ ERROR(SINK, "Given device has no master key");
+ return error::NoSuchFile;
+ }
+
+ EncryptedKey ek(FileFooter::read(dev));
+
+ auto masterKey = ek.decrypt(password);
+ if (masterKey.empty()) {
+ ERROR(SINK, "Wrong password passed");
+ return error::WrongPassword;
+ }
+
+ try {
+ UpgradeSupport::storeMasterKey(dev, masterKey);
+ } catch (const runtime::Exception& e) {
+ ERROR(SINK, e.what());
+ return error::Unknown;
+ }
+ return error::None;
+}
+
+int KeyServer::removeMasterKey(const std::string& dev)
+{
+ if (dev.empty())
+ return error::InvalidParameter;
+
+ try {
+ UpgradeSupport::removeMasterKey(dev);
+ } catch (const runtime::Exception& e) {
+ ERROR(SINK, e.what());
+ return error::Unknown;
+ }
+ return error::None;
+}
+
} // namespace ode
const std::string& password,
BinaryData& masterKey) const;
void removePassword(const std::string& dev);
+ int storeMasterKey(const std::string& dev, const std::string& password);
+ int removeMasterKey(const std::string& dev);
private:
ServerContext& server;
projects / platform / core / security / ode.git / commitdiff