src/security/FSec_PrivilegeInfo.cpp

   1 //
   2 // Open Service Platform
   3 // Copyright (c) 2012 Samsung Electronics Co., Ltd.
   4 //
   5 // Licensed under the Apache License, Version 2.0 (the License);
   6 // you may not use this file except in compliance with the License.
   7 // You may obtain a copy of the License at
   8 //
   9 //     http://www.apache.org/licenses/LICENSE-2.0
  10 //
  11 // Unless required by applicable law or agreed to in writing, software
  12 // distributed under the License is distributed on an "AS IS" BASIS,
  13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14 // See the License for the specific language governing permissions and
  15 // limitations under the License.
  16 //
  17
  18 /**
  19  * @file                FSec_PrivilegeManagerInfo.cpp
  20  * @brief               This is the implementation for the Privilege Information class.
  21  */
  22
  23 #include <unique_ptr.h>
  24 #include <stdlib.h>
  25 #include <FBaseSysLog.h>
  26 #include <FBase_StringConverter.h>
  27 #include <FBaseString.h>
  28 #include <FAppPkg_PackageInfoImpl.h>
  29 #include <FSecCryptoAesCipher.h>
  30 #include <FSecCryptoSha1Hmac.h>
  31 #include <FSecCryptoSha1Hash.h>
  32
  33 #include "FSec_DeviceKeyGenerator.h"
  34 #include "FSec_PrivilegeInfo.h"
  35
  36 using namespace Tizen::App;
  37 using namespace Tizen::App::Package;
  38 using namespace Tizen::Base;
  39 using namespace Tizen::Base::Utility;
  40 using namespace Tizen::Security::Crypto;
  41 using namespace Tizen::Text;
  42
  43 namespace Tizen { namespace Security
  44 {
  45
  46 _PrivilegeInfo::_PrivilegeInfo(void)
  47 {
  48         memset(__bitwisePrivilege, 0, MAX_BITWISE_PRIV_SIZE);
  49         __bitwiseLength = 0;
  50         __apiVisibility = 0;
  51 }
  52
  53 _PrivilegeInfo::~_PrivilegeInfo(void)
  54 {
  55
  56 }
  57
  58 result
  59 _PrivilegeInfo::Construct(const AppId& appId, const byte* pBitwisePrivilege)
  60 {
  61         result r = E_SUCCESS;
  62
  63         SysTryReturnResult(NID_SEC, (pBitwisePrivilege != null), E_INVALID_ARG, "One of the argument is invalid.");
  64         SysTryReturnResult(NID_SEC,
  65                                           appId.GetLength() > 0 && appId.GetLength() == MAX_APP_ID_SIZE, E_INVALID_ARG,
  66                                           "One of the argument is invalid.");
  67
  68         // Set base length of privilege information to max
  69         __bitwiseLength = MAX_BITWISE_PRIV_SIZE;
  70
  71         __appId = appId;
  72         memcpy(__bitwisePrivilege, pBitwisePrivilege, __bitwiseLength);
  73
  74         return r;
  75 }
  76
  77 result
  78 _PrivilegeInfo::Construct(const AppId& appId, const String& encryptedPrivileges, const String& checksum)
  79 {
  80         result r = E_SUCCESS;
  81         byte* pDecrytpedBitwisePrivilege = null;
  82
  83         std::unique_ptr<ByteBuffer> pBitwisePrivilege(null);
  84         _PackageInfoImpl infoImpl;
  85
  86         SysLog(NID_SEC, "Enter.");
  87
  88         SysTryReturnResult(NID_SEC,
  89                                           appId.GetLength() > 0 && appId.GetLength() == MAX_APP_ID_SIZE, E_INVALID_ARG,
  90                                           "One of the argument is invalid.");
  91         SysTryReturnResult(NID_SEC, encryptedPrivileges.GetLength() > 0, E_INVALID_ARG, "One of the argument is invalid.");
  92         SysTryReturnResult(NID_SEC, checksum.GetLength() > 0, E_INVALID_ARG, "One of the argument is invalid.");
  93
  94         pBitwisePrivilege.reset(StringUtil::DecodeBase64StringN(encryptedPrivileges));
  95         SysTryReturnResult(NID_SEC, pBitwisePrivilege != null, E_SYSTEM, "An unexpected system error occurred.");
  96
  97         pDecrytpedBitwisePrivilege = const_cast <byte*>(pBitwisePrivilege->GetPointer());
  98         SysTryReturnResult(NID_SEC, pDecrytpedBitwisePrivilege != null, E_SYSTEM, "An unexpected system error occurred.");
  99
 100         r = VerifyIntegrity(appId, pDecrytpedBitwisePrivilege, checksum, pBitwisePrivilege->GetLimit());
 101         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_INVALID_ARG, "The checksum is abnormal.");
 102
 103         // Set base length of privilege information
 104         __bitwiseLength = pBitwisePrivilege->GetLimit();
 105
 106         memcpy(__bitwisePrivilege, pDecrytpedBitwisePrivilege, __bitwiseLength);
 107         __appId = appId;
 108
 109         r = infoImpl.Construct(appId);
 110         if (r == E_APP_NOT_INSTALLED)
 111         {
 112                 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The package information does not exist.");
 113                 return E_DATA_NOT_FOUND;
 114         }
 115         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 116
 117         __apiVisibility = infoImpl.GetApiVisibility();
 118         SysTryReturnResult(NID_SEC, __apiVisibility >= 0, E_SYSTEM, "An unexpected system error occurred.");
 119
 120         SysLog(NID_SEC, "Exit.");
 121         return r;
 122 }
 123
 124 result
 125 _PrivilegeInfo::Construct(const AppId& appId, const String& encryptedPrivileges, const String& checksum, const String& encryptedVisibiliity, const String& visibilityChecksum)
 126 {
 127         result r = E_SUCCESS;
 128         byte* pDecrytpedBitwisePrivilege = null;
 129         int visibility = 0;
 130
 131         ByteBuffer ivByte;
 132         std::unique_ptr<ISecretKey> pKey(null);
 133         std::unique_ptr<ByteBuffer> pEncryptedBitwisePrivilege(null);
 134         std::unique_ptr<ByteBuffer> pBitwisePrivilege(null);
 135         std::unique_ptr<ByteBuffer> pEncryptedVisibility(null);
 136         std::unique_ptr<ByteBuffer> pVisibility(null);
 137         AesCipher cipherDec;
 138         _PackageInfoImpl infoImpl;
 139         const byte ivector[_IV_LEN] =
 140         {
 141                 0x3E, 0xB5, 0x01, 0x45, 0xE4, 0xF8, 0x75, 0x3F,
 142                 0x08, 0x9D, 0x9F, 0x57, 0x3B, 0x63, 0xEF, 0x4B
 143         };
 144
 145         SysLog(NID_SEC, "Enter.");
 146
 147         SysTryReturnResult(NID_SEC,
 148                                           appId.GetLength() > 0 && appId.GetLength() == MAX_APP_ID_SIZE, E_INVALID_ARG,
 149                                           "One of the argument is invalid.");
 150         SysTryReturnResult(NID_SEC, encryptedPrivileges.GetLength() > 0, E_INVALID_ARG, "One of the argument is invalid.");
 151         SysTryReturnResult(NID_SEC, checksum.GetLength() > 0, E_INVALID_ARG, "One of the argument is invalid.");
 152
 153         pEncryptedBitwisePrivilege.reset(StringUtil::DecodeBase64StringN(encryptedPrivileges));
 154         SysTryReturnResult(NID_SEC, pEncryptedBitwisePrivilege != null, E_SYSTEM, "An unexpected system error occurred.");
 155
 156         pEncryptedVisibility.reset(StringUtil::DecodeBase64StringN(encryptedVisibiliity));
 157         SysTryReturnResult(NID_SEC, pEncryptedVisibility != null, E_SYSTEM, "An unexpected system error occurred.");
 158
 159         r = ivByte.Construct(_IV_LEN);
 160         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 161
 162         r = ivByte.SetArray(ivector, 0, _IV_LEN);
 163         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 164         ivByte.Flip();
 165
 166         r = cipherDec.Construct(L"CBC/128/PKCS7PADDING", CIPHER_DECRYPT);
 167         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 168
 169         pKey.reset(_DeviceKeyGenerator::GenerateDeviceKeyN(_KEY_LEN));
 170         SysTryReturnResult(NID_SEC, pKey != null, E_SYSTEM, "An unexpected system error occurred.");
 171
 172         r = cipherDec.SetKey(*pKey.get());
 173         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 174
 175         r = cipherDec.SetInitialVector(ivByte);
 176         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 177
 178         pBitwisePrivilege.reset(cipherDec.DecryptN(*pEncryptedBitwisePrivilege.get()));
 179         SysTryReturnResult(NID_SEC, pBitwisePrivilege != null, E_SYSTEM, "An unexpected system error occurred.");
 180
 181         pVisibility.reset(cipherDec.DecryptN(*pEncryptedVisibility.get()));
 182         SysTryReturnResult(NID_SEC, pBitwisePrivilege != null, E_SYSTEM, "An unexpected system error occurred.");
 183
 184         pDecrytpedBitwisePrivilege = const_cast <byte*>(pBitwisePrivilege->GetPointer());
 185         SysTryReturnResult(NID_SEC, pDecrytpedBitwisePrivilege != null, E_SYSTEM, "An unexpected system error occurred.");
 186
 187         visibility = static_cast<int>(*(pVisibility->GetPointer()));
 188
 189         r = VerifyIntegrity(appId, pDecrytpedBitwisePrivilege, checksum, pBitwisePrivilege->GetLimit(), visibility, visibilityChecksum);
 190         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_INVALID_ARG, "The checksum is abnormal.");
 191
 192         // Set base length of privilege information
 193         __bitwiseLength = pBitwisePrivilege->GetLimit();
 194
 195         memcpy(__bitwisePrivilege, pDecrytpedBitwisePrivilege, __bitwiseLength);
 196         __appId = appId;
 197
 198         __apiVisibility = visibility;
 199
 200         SysLog(NID_SEC, "Exit.");
 201         return r;
 202 }
 203
 204 _PrivilegeInfo*
 205 _PrivilegeInfo::CloneN(void) const
 206 {
 207         _PrivilegeInfo* pPrivilegeInfo = null;
 208
 209         ClearLastResult();
 210
 211         pPrivilegeInfo = new (std::nothrow) _PrivilegeInfo();
 212         SysTryReturn(NID_SEC, pPrivilegeInfo != null, null, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] The memory is insufficient.");
 213
 214         pPrivilegeInfo->__bitwiseLength = this->__bitwiseLength;
 215
 216         pPrivilegeInfo->__appId.Clear();
 217         pPrivilegeInfo->__appId.Append(this->__appId);
 218         memcpy(pPrivilegeInfo->__bitwisePrivilege, this->__bitwisePrivilege, pPrivilegeInfo->__bitwiseLength);
 219
 220         return pPrivilegeInfo;
 221 }
 222
 223 result
 224 _PrivilegeInfo::Construct(const _PrivilegeInfo& privilegeInfo)
 225 {
 226         result r = E_SUCCESS;
 227
 228         SysTryReturnResult(NID_SEC, privilegeInfo.__appId.GetLength() > 0 && privilegeInfo.__appId.GetLength() == MAX_APP_ID_SIZE, E_INVALID_ARG, "The argument is invalid.");
 229
 230         __bitwiseLength = privilegeInfo.__bitwiseLength;
 231
 232         __appId = privilegeInfo.__appId;
 233         memcpy(__bitwisePrivilege, privilegeInfo.__bitwisePrivilege, __bitwiseLength);
 234
 235         __apiVisibility = privilegeInfo.__apiVisibility;
 236
 237         return r;
 238 }
 239
 240 const String
 241 _PrivilegeInfo::GetAppId(void) const
 242 {
 243         return __appId;
 244 }
 245
 246 result
 247 _PrivilegeInfo::GetBitwisePrivilegeN(byte*& pBitwisePrivilege) const
 248 {
 249         byte* pReturn = null;
 250         result r = E_SUCCESS;
 251
 252         SysLog(NID_SEC, "Enter.");
 253
 254         pReturn = (byte*) malloc(sizeof(byte) * MAX_BITWISE_PRIV_SIZE);
 255         SysTryReturnResult(NID_SEC, pReturn != null, E_OUT_OF_MEMORY, "Memory allocation is failed.");
 256         memcpy(pReturn, __bitwisePrivilege, MAX_BITWISE_PRIV_SIZE);
 257
 258         pBitwisePrivilege = pReturn;
 259
 260         SysLog(NID_SEC, "Exit.");
 261         return r;
 262 }
 263
 264 result
 265 _PrivilegeInfo::GetEncryptedBitwise(String& encryptedPrivileges) const
 266 {
 267         result r = E_SUCCESS;
 268         ByteBuffer ivByte;
 269         std::unique_ptr<ISecretKey> pKey(null);
 270         std::unique_ptr<ByteBuffer> pEncryptedBitwisePrivilege(null);
 271         std::unique_ptr<ByteBuffer> pBitwisePrivilege(null);
 272         AesCipher cipherEnc;
 273         const byte ivector[_IV_LEN] = { 0x3E, 0xB5, 0x01, 0x45, 0xE4, 0xF8, 0x75, 0x3F, 0x08, 0x9D, 0x9F, 0x57, 0x3B, 0x63, 0xEF, 0x4B};
 274
 275         SysLog(NID_SEC, "Enter.");
 276
 277         pBitwisePrivilege.reset(new (std::nothrow) ByteBuffer());
 278         SysTryReturnResult(NID_SEC, pBitwisePrivilege != null, E_OUT_OF_MEMORY, "Memory allocation is failed.");
 279
 280         r = pBitwisePrivilege->Construct(__bitwiseLength);
 281         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 282
 283         r = ivByte.Construct(_IV_LEN);
 284         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 285
 286         r = ivByte.SetArray(ivector, 0, _IV_LEN);
 287         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 288         ivByte.Flip();
 289
 290         r = pBitwisePrivilege->SetArray(__bitwisePrivilege, 0, __bitwiseLength);
 291         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 292         pBitwisePrivilege->Flip();
 293
 294         r = cipherEnc.Construct(L"CBC/128/PKCS7PADDING", CIPHER_ENCRYPT);
 295         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 296
 297         pKey.reset(_DeviceKeyGenerator::GenerateDeviceKeyN(_KEY_LEN));
 298         SysTryReturnResult(NID_SEC, pKey != null, E_SYSTEM, "An unexpected system error occurred.");
 299
 300         r = cipherEnc.SetKey(*(pKey.get()));
 301         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 302
 303         r = cipherEnc.SetInitialVector(ivByte);
 304         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 305
 306         pEncryptedBitwisePrivilege.reset(cipherEnc.EncryptN(*(pBitwisePrivilege.get())));
 307         SysTryReturnResult(NID_SEC, pEncryptedBitwisePrivilege != null, E_SYSTEM, "An unexpected system error occurred.");
 308
 309         r = StringUtil::EncodeToBase64String(*(pEncryptedBitwisePrivilege.get()), encryptedPrivileges);
 310         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 311
 312         SysLog(NID_SEC, "Exit.");
 313         return r;
 314 }
 315
 316 result
 317 _PrivilegeInfo::GetChecksum(String& checksum) const
 318 {
 319         result r = E_SUCCESS;
 320         byte tempChecksumString[MAX_BITWISE_PRIV_SIZE + MAX_APP_ID_SIZE];
 321
 322         ByteBuffer ivByte;
 323         ByteBuffer input;
 324         std::unique_ptr<ISecretKey> pKey(null);
 325         std::unique_ptr<IHmac> pHmac(null);
 326         std::unique_ptr<ByteBuffer> pChecksumByteBuffer(null);
 327         std::unique_ptr<char> pAppId(null);
 328
 329         pAppId.reset(_StringConverter::CopyToCharArrayN(__appId));
 330         SysTryReturnResult(NID_SEC, pAppId != null, E_SYSTEM, "An unexpected system error occurred.");
 331
 332         memcpy(tempChecksumString, pAppId.get(), MAX_APP_ID_SIZE);
 333         memcpy(tempChecksumString + MAX_APP_ID_SIZE, __bitwisePrivilege, __bitwiseLength);
 334
 335         pAppId.reset(null);
 336
 337         r = input.Construct(MAX_APP_ID_SIZE + __bitwiseLength);
 338         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 339
 340         r = input.SetArray(tempChecksumString, 0, MAX_APP_ID_SIZE + __bitwiseLength);
 341         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 342         input.Flip();
 343
 344         pHmac.reset(new (std::nothrow) Sha1Hmac());
 345         SysTryReturnResult(NID_SEC, pHmac != null, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Memory allocation is failed.");
 346
 347         pKey.reset(_DeviceKeyGenerator::GenerateDeviceKeyN(_KEY_LEN));
 348         SysTryReturnResult(NID_SEC, pKey != null, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 349
 350         r = pHmac->SetKey(*(pKey.get()));
 351         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 352
 353         pChecksumByteBuffer.reset(pHmac->GetHmacN(input));
 354         SysTryReturnResult(NID_SEC, pChecksumByteBuffer != null, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 355
 356         r = StringUtil::EncodeToBase64String(*(pChecksumByteBuffer.get()), checksum);
 357         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 358
 359         return r;
 360 }
 361
 362 bool
 363 _PrivilegeInfo::HasPrivilege(_Privilege privilege) const
 364 {
 365         bool ret = false;
 366         int targetIndex = static_cast< int >(privilege) / _BITS_IN_BYTE;
 367         byte privilegeBit = (byte) (static_cast< int >(privilege) % _BITS_IN_BYTE);
 368         byte bitwiseTargetPrivilege = 0;
 369         byte tempBitwisePrivilege = 0;
 370
 371         if (__apiVisibility != _API_VISIBILITY_NONE) // To be removed
 372         {
 373                 if (visibilityLevelListTable[privilege][_PRV_API_VER_2_0] > __apiVisibility)
 374                 {
 375                         SysLog(NID_SEC, "Result : FALSE [Visibility]");
 376                         return ret;
 377                 }
 378         }
 379
 380         bitwiseTargetPrivilege = bitwiseTargetPrivilege | (1 << privilegeBit);
 381         tempBitwisePrivilege = __bitwisePrivilege[targetIndex] & bitwiseTargetPrivilege;
 382
 383         if (bitwiseTargetPrivilege == tempBitwisePrivilege)
 384         {
 385                 SysLog(NID_SEC, "Result : TRUE");
 386                 ret = true;
 387         }
 388         else
 389         {
 390                 SysLogException(NID_SEC, E_PRIVILEGE_DENIED, "Result : FALSE [%ls, %ls]", __appId.GetPointer(), privilegeListTable[privilege].privilegeString);
 391         }
 392
 393         return ret;
 394 }
 395
 396 result
 397 _PrivilegeInfo::VerifyIntegrity(const AppId& appId, const byte* targetBitwisePrivilege, const Tizen::Base::String& storedChecksum, int length)
 398 {
 399         result r = E_SUCCESS;
 400         bool verifyResult = false;
 401         byte tempChecksumString[MAX_BITWISE_PRIV_SIZE + MAX_APP_ID_SIZE];
 402         String base64EncodedChecksum;
 403         ByteBuffer input;
 404         std::unique_ptr<IHash> pHash(null);
 405         std::unique_ptr<ByteBuffer> pChecksumByteBuffer(null);
 406         std::unique_ptr<char> pAppId(null);
 407
 408         SysLog(NID_SEC, "Enter.");
 409
 410         SysTryReturnResult(NID_SEC, length <= MAX_BITWISE_PRIV_SIZE, E_INVALID_ARG, "The privilege information of %ls is invalid.", appId.GetPointer());
 411
 412         pAppId.reset(_StringConverter::CopyToCharArrayN(appId));
 413         SysTryReturnResult(NID_SEC, pAppId != null, E_SYSTEM, "An unexpected system error occurred.");
 414
 415         memcpy(tempChecksumString, pAppId.get(), MAX_APP_ID_SIZE);
 416         memcpy(tempChecksumString + MAX_APP_ID_SIZE, targetBitwisePrivilege, length);
 417
 418         pAppId.reset(null);
 419
 420         r = input.Construct(MAX_APP_ID_SIZE + length);
 421         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 422
 423         r = input.SetArray(tempChecksumString, 0, MAX_APP_ID_SIZE + length);
 424         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 425         input.Flip();
 426
 427         pHash.reset(new (std::nothrow) Sha1Hash());
 428         SysTryReturnResult(NID_SEC, pHash != null, E_OUT_OF_MEMORY, "Memory allocation is failed.");
 429
 430         pChecksumByteBuffer.reset(pHash->GetHashN(input));
 431         SysTryReturnResult(NID_SEC, pChecksumByteBuffer != null, E_SYSTEM, "An unexpected system error occurred.");
 432
 433         r = StringUtil::EncodeToBase64String(*(pChecksumByteBuffer.get()), base64EncodedChecksum);
 434         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 435
 436         verifyResult = storedChecksum.Equals(base64EncodedChecksum, true);
 437         if (verifyResult != true)
 438         {
 439                 r = E_INVALID_ARG;
 440         }
 441
 442         SysLog(NID_SEC, "Exit.");
 443         return r;
 444 }
 445
 446 result
 447 _PrivilegeInfo::VerifyIntegrityEx(const AppId& appId, const byte* targetBitwisePrivilege, const Tizen::Base::String& storedChecksum, int length)
 448 {
 449         result r = E_SUCCESS;
 450         bool verifyResult = false;
 451         byte tempChecksumString[MAX_BITWISE_PRIV_SIZE + MAX_APP_ID_SIZE];
 452         String base64EncodedChecksum;
 453         ByteBuffer ivByte;
 454         ByteBuffer input;
 455         std::unique_ptr<IHmac> pHmac(null);
 456         std::unique_ptr<ByteBuffer> pChecksumByteBuffer(null);
 457         std::unique_ptr<ISecretKey> pKey(null);
 458         std::unique_ptr<char> pAppId(null);
 459
 460         SysLog(NID_SEC, "Enter.");
 461         SysTryReturnResult(NID_SEC, length <= MAX_BITWISE_PRIV_SIZE, E_INVALID_ARG, "The privilege information of [%ls] is invalid.", appId.GetPointer());
 462
 463         pAppId.reset(_StringConverter::CopyToCharArrayN(appId));
 464         SysTryReturnResult(NID_SEC, pAppId != null, E_SYSTEM, "An unexpected system error occurred.");
 465
 466         memcpy(tempChecksumString, pAppId.get(), MAX_APP_ID_SIZE);
 467         memcpy(tempChecksumString + MAX_APP_ID_SIZE, targetBitwisePrivilege, length);
 468
 469         pAppId.reset(null);
 470
 471         r = input.Construct(MAX_APP_ID_SIZE + length);
 472         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 473
 474         r = input.SetArray(tempChecksumString, 0, MAX_APP_ID_SIZE + length);
 475         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 476         input.Flip();
 477
 478         pHmac.reset(new (std::nothrow) Sha1Hmac());
 479         SysTryReturnResult(NID_SEC, pHmac != null, E_OUT_OF_MEMORY, "Memory allocation is failed.");
 480
 481         pKey.reset(_DeviceKeyGenerator::GenerateDeviceKeyN(_KEY_LEN));
 482         SysTryReturnResult(NID_SEC, pKey != null, E_SYSTEM, "An unexpected system error occurred.");
 483
 484         r = pHmac->SetKey(*(pKey.get()));
 485         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 486
 487         pChecksumByteBuffer.reset(pHmac->GetHmacN(input));
 488         SysTryReturnResult(NID_SEC, pChecksumByteBuffer != null, E_SYSTEM, "An unexpected system error occurred.");
 489
 490         r = StringUtil::EncodeToBase64String(*(pChecksumByteBuffer.get()), base64EncodedChecksum);
 491         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 492
 493         verifyResult = storedChecksum.Equals(base64EncodedChecksum, true);
 494         if (verifyResult != true)
 495         {
 496                 r = E_INVALID_ARG;
 497         }
 498
 499         SysLog(NID_SEC, "Exit.");
 500         return r;
 501 }
 502
 503 result
 504 _PrivilegeInfo::VerifyIntegrity(const AppId& appId, const byte* targetBitwisePrivilege, const Tizen::Base::String& storedChecksum, int length, int visibility, const Tizen::Base::String& storedVisibilityChecksum)
 505 {
 506         result r = E_SUCCESS;
 507         bool verifyResult = false;
 508         byte tempChecksumString[MAX_BITWISE_PRIV_SIZE + MAX_APP_ID_SIZE];
 509         byte tempVisibilityChecksumString[sizeof(int) + MAX_APP_ID_SIZE];
 510         String base64EncodedChecksum;
 511         String base64EncodedVisibilityChecksum;
 512         ByteBuffer ivByte;
 513         ByteBuffer input;
 514         ByteBuffer visibilityInput;
 515         std::unique_ptr<IHmac> pHmac(null);
 516         std::unique_ptr<ByteBuffer> pChecksumByteBuffer(null);
 517         std::unique_ptr<ByteBuffer> pVisibilityChecksumByteBuffer(null);
 518         std::unique_ptr<ISecretKey> pKey(null);
 519         std::unique_ptr<char> pAppId(null);
 520
 521         SysLog(NID_SEC, "Enter.");
 522         SysTryReturnResult(NID_SEC, length <= MAX_BITWISE_PRIV_SIZE, E_INVALID_ARG, "The privilege information of [%ls] is invalid.", appId.GetPointer());
 523
 524         pAppId.reset(_StringConverter::CopyToCharArrayN(appId));
 525         SysTryReturnResult(NID_SEC, pAppId != null, E_SYSTEM, "An unexpected system error occurred.");
 526
 527         memcpy(tempChecksumString, pAppId.get(), MAX_APP_ID_SIZE);
 528         memcpy(tempChecksumString + MAX_APP_ID_SIZE, targetBitwisePrivilege, length);
 529
 530         memcpy(tempVisibilityChecksumString, pAppId.get(), MAX_APP_ID_SIZE);
 531         memcpy(tempVisibilityChecksumString + MAX_APP_ID_SIZE, (byte*)(&visibility), sizeof(int));
 532
 533         pAppId.reset(null);
 534
 535         r = input.Construct(MAX_APP_ID_SIZE + length);
 536         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 537
 538         r = input.SetArray(tempChecksumString, 0, MAX_APP_ID_SIZE + length);
 539         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 540         input.Flip();
 541
 542         r = visibilityInput.Construct(MAX_APP_ID_SIZE + sizeof(int));
 543         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 544
 545         r = visibilityInput.SetArray(tempVisibilityChecksumString, 0, MAX_APP_ID_SIZE + sizeof(int));
 546         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 547         visibilityInput.Flip();
 548
 549         pHmac.reset(new (std::nothrow) Sha1Hmac());
 550         SysTryReturnResult(NID_SEC, pHmac != null, E_OUT_OF_MEMORY, "Memory allocation is failed.");
 551
 552         pKey.reset(_DeviceKeyGenerator::GenerateDeviceKeyN(_KEY_LEN));
 553         SysTryReturnResult(NID_SEC, pKey != null, E_SYSTEM, "An unexpected system error occurred.");
 554
 555         r = pHmac->SetKey(*(pKey.get()));
 556         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 557
 558         pChecksumByteBuffer.reset(pHmac->GetHmacN(input));
 559         SysTryReturnResult(NID_SEC, pChecksumByteBuffer != null, E_SYSTEM, "An unexpected system error occurred.");
 560
 561         r = StringUtil::EncodeToBase64String(*(pChecksumByteBuffer.get()), base64EncodedChecksum);
 562         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 563
 564         verifyResult = storedChecksum.Equals(base64EncodedChecksum, true);
 565         if (verifyResult != true)
 566         {
 567                 r = E_INVALID_ARG;
 568         }
 569
 570         pVisibilityChecksumByteBuffer.reset(pHmac->GetHmacN(visibilityInput));
 571         SysTryReturnResult(NID_SEC, pChecksumByteBuffer != null, E_SYSTEM, "An unexpected system error occurred.");
 572
 573         r = StringUtil::EncodeToBase64String(*(pVisibilityChecksumByteBuffer.get()), base64EncodedVisibilityChecksum);
 574         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred.");
 575
 576         verifyResult = storedVisibilityChecksum.Equals(base64EncodedVisibilityChecksum, true);
 577         if (verifyResult != true)
 578         {
 579                 r = E_INVALID_ARG;
 580         }
 581
 582         SysLog(NID_SEC, "Exit.");
 583         return r;
 584 }
 585
 586 }} //Tizen::Security