src/server/appfw/security/FSec_PrivilegeManagerServer.cpp

   1 //
   2 // Copyright (c) 2013 Samsung Electronics Co., Ltd.
   3 //
   4 // Licensed under the Apache License, Version 2.0 (the License);
   5 // you may not use this file except in compliance with the License.
   6 // You may obtain a copy of the License at
   7 //
   8 //     http://www.apache.org/licenses/LICENSE-2.0
   9 //
  10 // Unless required by applicable law or agreed to in writing, software
  11 // distributed under the License is distributed on an "AS IS" BASIS,
  12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 // See the License for the specific language governing permissions and
  14 // limitations under the License.
  15 //
  16
  17 /**
  18  * @file                FSec_PrivilegeManagerServer.cpp
  19  * @brief               This is the implementation for the _PrivilegeManagerServer class.
  20  */
  21
  22 #include <stdlib.h>
  23 #include <pthread.h>
  24 #include <unique_ptr.h>
  25 #include <dukgen.h>
  26
  27 #include <FAppPkg_PackageInfoImpl.h>
  28 #include <FAppPkg_PackageManagerImpl.h>
  29 #include <FBaseString.h>
  30 #include <FBaseSysLog.h>
  31 #include <FSec_AccessControlTypes.h>
  32 #include <FSec_PrivilegeManager.h>
  33 #include <FSecSecretKey.h>
  34 #include <FSecCryptoAesCipher.h>
  35 #include <FSecCryptoSha1Hmac.h>
  36 #include <FBase_StringConverter.h>
  37 #include <FBaseInternalTypes.h>
  38
  39 #include "FSec_PrivilegeManagerServer.h"
  40
  41 using namespace Tizen::App;
  42 using namespace Tizen::App::Package;
  43 using namespace Tizen::Base;
  44 using namespace Tizen::Base::Utility;
  45 using namespace Tizen::Base::Collection;
  46 using namespace Tizen::Io;
  47 using namespace Tizen::Security;
  48 using namespace Tizen::Security::Crypto;
  49
  50 namespace Tizen { namespace Security
  51 {
  52
  53 _PrivilegeManagerServer::_PrivilegeManagerServer(void)
  54 {
  55         return;
  56 }
  57
  58 _PrivilegeManagerServer::~_PrivilegeManagerServer(void)
  59 {
  60         return;
  61 }
  62
  63 result
  64 _PrivilegeManagerServer::RetrievePrivilege(const AppId& appId, String* pEncryptedBitwise, String* pHmac, ArrayList*& pPrivilegeList)
  65 {
  66         result r = E_SUCCESS;
  67         String encryptedBitwise;
  68         String hmac;
  69         ArrayList* pPrivilegeStringList = null;
  70
  71         r = _PrivilegeManager::RetrieveCipherPrivilegeExN(appId, encryptedBitwise, hmac, pPrivilegeStringList);
  72         SysTryReturnResult(NID_SEC, r == E_SUCCESS, r, "Propagating.");
  73
  74         pEncryptedBitwise->Append(encryptedBitwise);
  75         pHmac->Append(hmac);
  76
  77         if (pPrivilegeStringList != null)
  78         {
  79                 IEnumerator* pEnum = null;
  80                 pEnum = pPrivilegeStringList->GetEnumeratorN();
  81                 while (pEnum->MoveNext() == E_SUCCESS)
  82                 {
  83                         String* tempString = static_cast<String*>(pEnum->GetCurrent());
  84                         pPrivilegeList->Add(new String(*tempString));
  85                 }
  86
  87                 delete pEnum;
  88
  89                 pPrivilegeStringList->RemoveAll(true);
  90                 delete pPrivilegeStringList;
  91         }
  92
  93         return r;
  94 }
  95
  96
  97 result
  98 _PrivilegeManagerServer::GenerateVisibilityString(AppId appId, String* pEncryptedVisibility, String* pHmac)
  99 {
 100         _PackageInfoImpl infoImpl;
 101         result r = E_SUCCESS;
 102         int visibility = 0;
 103
 104         String encryptedVisibility;
 105         String checksum;
 106
 107         r = infoImpl.Construct(appId);
 108         if (r == E_PKG_NOT_INSTALLED)
 109         {
 110                 SysLogException(NID_SEC, E_DATA_NOT_FOUND, "[E_DATA_NOT_FOUND] The privilege information does not exist.");
 111                 return E_DATA_NOT_FOUND;
 112         }
 113         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 114
 115         visibility = infoImpl.GetApiVisibility();
 116         SysTryReturnResult(NID_SEC, visibility >= 0, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 117
 118         r = GetEncryptedVisibility(visibility, encryptedVisibility);
 119         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 120
 121         r = GetChecksum(appId, visibility, checksum);
 122         SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 123
 124         pEncryptedVisibility->Append(encryptedVisibility);
 125         pHmac->Append(checksum);
 126
 127         return r;
 128 }
 129
 130 result
 131 _PrivilegeManagerServer::GetEncryptedVisibility(int visibility, String& encryptedVisibility)
 132 {
 133         result r = E_SUCCESS;
 134         ISecretKey* pKey = null;
 135         ByteBuffer ivByte;
 136         ByteBuffer* pEncryptedVisibility = null;
 137         ByteBuffer* pTempVisibility = null;
 138         AesCipher cipherEnc;
 139         const byte ivector[_IV_LEN] = { 0x3E, 0xB5, 0x01, 0x45, 0xE4, 0xF8, 0x75, 0x3F, 0x08, 0x9D, 0x9F, 0x57, 0x3B, 0x63, 0xEF, 0x4B};
 140
 141         pTempVisibility = new (std::nothrow) ByteBuffer();
 142         SysTryReturnResult(NID_SEC, pTempVisibility != null, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Memory allocation is failed.");
 143
 144         r = pTempVisibility->Construct(sizeof(int));
 145         SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 146
 147         r = ivByte.Construct(_IV_LEN);
 148         SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 149
 150         r = ivByte.SetArray(ivector, 0, _IV_LEN);
 151         SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 152         ivByte.Flip();
 153
 154         r = pTempVisibility->SetArray((byte*)(&visibility), 0, sizeof(int));
 155         SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 156         pTempVisibility->Flip();
 157
 158         r = cipherEnc.Construct(L"CBC/128/PKCS7PADDING", CIPHER_ENCRYPT);
 159         SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 160
 161         pKey = GetDeviceUniqueKeyN();
 162         SysTryCatch(NID_SEC, pKey != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 163
 164         r = cipherEnc.SetKey(*pKey);
 165         SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 166
 167         r = cipherEnc.SetInitialVector(ivByte);
 168         SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 169
 170         pEncryptedVisibility = cipherEnc.EncryptN(*pTempVisibility);
 171         SysTryCatch(NID_SEC, pTempVisibility != null, r = E_SYSTEM, E_SYSTEM,
 172                            "[E_SYSTEM] An unexpected system error occurred.");
 173
 174         r = StringUtil::EncodeToBase64String(*pEncryptedVisibility, encryptedVisibility);
 175         SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 176
 177         // fall through
 178
 179 CATCH:
 180
 181         delete pTempVisibility;
 182         delete pKey;
 183         delete pEncryptedVisibility;
 184
 185         return r;
 186 }
 187
 188 result
 189 _PrivilegeManagerServer::GetChecksum(AppId appId, int visibility, String& checksum)
 190 {
 191         result r = E_SUCCESS;
 192         byte tempChecksumString[sizeof(int) + MAX_APP_ID_SIZE];
 193
 194         ISecretKey* pKey = null;
 195         ByteBuffer ivByte;
 196         ByteBuffer input;
 197         IHmac* pHmac = null;
 198         ByteBuffer* pChecksumByteBuffer = null;
 199
 200         std::unique_ptr<char[]> pAppId(null);
 201         pAppId.reset(_StringConverter::CopyToCharArrayN(appId));
 202         SysTryCatch(NID_SEC, pAppId != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 203
 204         memcpy(tempChecksumString, pAppId.get(), MAX_APP_ID_SIZE);
 205         memcpy(tempChecksumString + MAX_APP_ID_SIZE, (byte*)(&visibility), sizeof(int));
 206
 207         r = input.Construct(MAX_APP_ID_SIZE + sizeof(int));
 208         SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 209
 210         r = input.SetArray(tempChecksumString, 0, MAX_APP_ID_SIZE + sizeof(int));
 211         SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 212         input.Flip();
 213
 214         pHmac = new (std::nothrow) Sha1Hmac();
 215         SysTryCatch(NID_SEC, pHmac != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Memory allocation is failed.");
 216
 217         pKey = GetDeviceUniqueKeyN();
 218         SysTryCatch(NID_SEC, pKey != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 219
 220         r = pHmac->SetKey(*pKey);
 221         SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 222
 223         pChecksumByteBuffer = pHmac->GetHmacN(input);
 224         SysTryCatch(NID_SEC, pChecksumByteBuffer != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 225
 226         r = StringUtil::EncodeToBase64String(*pChecksumByteBuffer, checksum);
 227         SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred.");
 228
 229         // fall through
 230
 231 CATCH:
 232
 233         delete pKey;
 234         delete pHmac;
 235         delete pChecksumByteBuffer;
 236
 237         return r;
 238 }
 239
 240 ISecretKey*
 241 _PrivilegeManagerServer::GetDeviceUniqueKeyN(void)
 242 {
 243         result r = E_SUCCESS;
 244         ByteBuffer* pTempValue = null;
 245         ISecretKey* pKey = null;
 246
 247         char uniqueInfo[_INFO_LEN] =
 248         {
 249                 0x09, 0x25, 0x19, 0x87, 0xBF, 0x02, 0x14, 0x19,
 250                 0x88, 0xDD, 0x12, 0x30, 0x19, 0x86, 0xAD, 0xED
 251         };
 252
 253         char* pUniqueKey = null;
 254         pUniqueKey = GetDeviceUniqueKey(uniqueInfo, _INFO_LEN, _KEY_LEN);
 255         SysTryCatch(NID_SEC, pUniqueKey != null, , E_SYSTEM, "[E_SYSTEM] Failed to generate the unique key.");
 256
 257         pTempValue = new (std::nothrow) ByteBuffer();
 258         SysTryCatch(NID_SEC, pTempValue != null, , E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
 259
 260         r = pTempValue->Construct(_KEY_LEN);
 261         SysTryCatch(NID_SEC, r == E_SUCCESS, , r, "[%s] Failed to generate device unique key.", GetErrorMessage(r));
 262
 263         r = pTempValue->SetArray(reinterpret_cast <byte*>(pUniqueKey), 0, _KEY_LEN);
 264         SysTryCatch(NID_SEC, r == E_SUCCESS, , r, "[%s] Failed to generate device unique key.", GetErrorMessage(r));
 265
 266         pTempValue->Flip();
 267
 268         pKey = new (std::nothrow) SecretKey();
 269         SysTryCatch(NID_SEC, pKey != null, , E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory.");
 270
 271         r = pKey->SetKey(*pTempValue);
 272         SysTryCatch(NID_SEC, r == E_SUCCESS, , r, "[%s] Failed to generate device unique key.", GetErrorMessage(r));
 273
 274         if (pUniqueKey != null)
 275         {
 276                 free(pUniqueKey);
 277         }
 278         delete pTempValue;
 279
 280         return pKey;
 281
 282 CATCH:
 283         if (pUniqueKey != null)
 284         {
 285                 free(pUniqueKey);
 286         }
 287         delete pTempValue;
 288         delete pKey;
 289
 290         return null;
 291 }
 292
 293 }} //Tizen::Security