2 * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Dongsun Lee (ds73.lee@samsung.com)
20 * @brief Key manupulatation.
22 #include "key_handler.h"
30 #include <ckmc/ckmc-manager.h>
31 #include <tzplatform_config.h>
34 #include "web_app_enc.h"
35 #include "crypto_service.h"
37 #define RANDOM_FILE "/dev/urandom"
38 #define WRT_INSTALLER_LABEL "/User"
39 #define APP_DEK_KEK_PRIKEY_PASSWORD "wae_appdek_kek_1q2w3e4r"
40 #define APP_DEK_ALIAS_PFX "APP_DEK_"
41 #define APP_DEK_LOADING_DONE_ALIAS "APP_DEKS_LOADING_FINISHED"
42 #define APP_DEK_FILE_PFX "WAE_APP_DEK"
43 #define APP_DEK_KEK_ALIAS "WAE_APP_DEK_KEK"
46 #define MAX_ALIAS_LEN 256
47 #define MAX_PKGID_LEN 256
48 #define MAX_CACHE_SIZE 100
50 typedef struct _dek_cache_element{
51 char pkgId[MAX_PKGID_LEN];
52 unsigned char dek[DEK_LEN];
55 dek_cache_element APP_DEK_CACHE[MAX_CACHE_SIZE];
56 int NEXT_CACHE_IDX = -1;
58 void _initialize_cache()
61 memset(APP_DEK_CACHE, 0, sizeof(dek_cache_element)*MAX_CACHE_SIZE);
64 unsigned char* _get_app_dek_from_cache(const char* pkgId)
68 if(NEXT_CACHE_IDX < 0)
71 for(i =0; i<MAX_CACHE_SIZE; i++) {
72 //WAE_SLOGI("CACHED APP_DEK[%d]=%s", i, APP_DEK_CACHE[i].pkgId);
73 if( strlen(APP_DEK_CACHE[i].pkgId) == strlen(pkgId) &&
74 strncmp(pkgId, APP_DEK_CACHE[i].pkgId, strlen(pkgId)) == 0) {
75 return APP_DEK_CACHE[i].dek;
81 void _add_app_dek_to_cache(const char* pkgId, unsigned char* dek)
85 if(NEXT_CACHE_IDX < 0)
88 // if existing one has the same pkgid
89 for(i =0; i<MAX_CACHE_SIZE; i++) {
90 if( strlen(APP_DEK_CACHE[i].pkgId) == strlen(pkgId) &&
91 strncmp(pkgId, APP_DEK_CACHE[i].pkgId, strlen(pkgId)) == 0) {
92 memcpy(APP_DEK_CACHE[i].dek, dek, DEK_LEN);
98 strncpy(APP_DEK_CACHE[NEXT_CACHE_IDX].pkgId, pkgId, strlen(pkgId));
99 memcpy(APP_DEK_CACHE[NEXT_CACHE_IDX].dek, dek, DEK_LEN);
102 if(NEXT_CACHE_IDX >= MAX_CACHE_SIZE)
106 void _remove_app_dek_from_cache(const char* pkgId)
110 for(i =0; i<MAX_CACHE_SIZE; i++) {
111 if( strlen(APP_DEK_CACHE[i].pkgId) == strlen(pkgId) &&
112 strncmp(pkgId, APP_DEK_CACHE[i].pkgId, strlen(pkgId)) == 0) {
113 memset(APP_DEK_CACHE[i].pkgId, 0, sizeof(APP_DEK_CACHE[i].pkgId));
120 int _to_wae_error(int key_manager_error)
122 switch(key_manager_error) {
123 case CKMC_ERROR_NONE: return WAE_ERROR_NONE;
124 case CKMC_ERROR_INVALID_PARAMETER: return WAE_ERROR_INVALID_PARAMETER;
125 case CKMC_ERROR_PERMISSION_DENIED: return WAE_ERROR_PERMISSION_DENIED;
126 case CKMC_ERROR_DB_ALIAS_UNKNOWN: return WAE_ERROR_NO_KEY;
127 case CKMC_ERROR_DB_ALIAS_EXISTS: return WAE_ERROR_KEY_EXISTS;
128 default: return WAE_ERROR_KEY_MANAGER;
132 int _get_random(size_t length, unsigned char* random)
138 if((f = fopen(RANDOM_FILE, "r")) != NULL){
140 if((ch = fgetc(f)) == EOF){
143 random[i] = (unsigned char) ch;
149 return WAE_ERROR_NONE;
152 void _get_alias(const char* pPkgId, wae_app_type_e appType, bool forSave, char* alias, size_t buff_len)
154 if(appType == WAE_DOWNLOADED_NORMAL_APP) {
156 snprintf(alias, buff_len, "%s%s",
160 snprintf(alias, buff_len, "%s%s%s%s",
162 ckmc_owner_id_separator,
166 }else { // system alias
168 snprintf(alias, buff_len, "%s%s%s%s",
169 ckmc_owner_id_system,
170 ckmc_owner_id_separator,
176 void _get_dek_kek_alias(char* alias, size_t buff_len)
178 snprintf(alias, buff_len, "%s%s%s",
179 ckmc_owner_id_system,
180 ckmc_owner_id_separator,
184 void _get_dek_loading_done_alias(char* alias, size_t buff_len)
186 snprintf(alias, buff_len, "%s%s%s",
187 ckmc_owner_id_system,
188 ckmc_owner_id_separator,
189 APP_DEK_LOADING_DONE_ALIAS);
192 const char* _get_dek_kek_pub_key_path()
194 return tzplatform_mkpath4(TZ_SYS_SHARE, "wae", "app_dek", "WAE_APPDEK_KEK_PublicKey.pem");
197 const char* _get_dek_kek_pri_key_path()
199 return tzplatform_mkpath4(TZ_SYS_SHARE, "wae", "app_dek", "WAE_APPDEK_KEK_PrivateKey.pem");
202 const char* _get_dek_store_path()
204 return tzplatform_mkpath3(TZ_SYS_SHARE, "wae", "app_dek");
207 int _add_dek_to_key_manager(const char* pPkgId, wae_app_type_e appType, const unsigned char* pDek, size_t len)
209 int ret = WAE_ERROR_NONE;
210 char alias[MAX_ALIAS_LEN] = {0,};
211 ckmc_raw_buffer_s buff;
212 ckmc_policy_s policy;
214 buff.data = (unsigned char *)pDek;
217 policy.password = NULL;
218 policy.extractable = true;
220 // save app_dek in key_manager
221 _get_alias(pPkgId, appType, true, alias, sizeof(alias));
223 // even if it fails to remove, ignore it.
224 ret = _to_wae_error( ckmc_remove_alias(alias));
226 ret = _to_wae_error(ckmc_save_data(alias, buff, policy));
227 if(ret != WAE_ERROR_NONE) {
228 WAE_SLOGE("WAE: Fail to add APP_DEK to key-manager. pkgId=%s, alias=%s, ret=%d", pPkgId, alias, ret);
232 // share app_dek for web app laucher to use app_dek
233 ret = _to_wae_error(ckmc_set_permission(alias, pPkgId, CKMC_PERMISSION_READ));
234 if(ret != WAE_ERROR_NONE) {
235 WAE_SLOGE("WAE: Fail to set_permission to APP_DEK. pkgId=%s, ret=%d", pPkgId, ret);
238 WAE_SLOGI("WAE: Success to add APP_DEK to key-manager. pkgId=%s, alias=%s", pPkgId, alias);
244 int _get_preloaded_app_dek_file_path(const char* pPkgId, size_t size, char *path)
248 ret = snprintf(path, size, "%s/%s_%s.adek",
249 _get_dek_store_path(), APP_DEK_FILE_PFX, pPkgId);
252 return WAE_ERROR_INVALID_PARAMETER; /* buffer size too small */
254 return WAE_ERROR_NONE;
257 int _extract_pkg_id_from_file_name(const char* fileName, char* pkgId)
259 char* start = strstr(fileName, APP_DEK_FILE_PFX);
261 WAE_SLOGE("WAE: Fail to extract pkgid from APP_DEK file. fileName=%s", fileName);
262 return WAE_ERROR_FILE;
264 start = start + strlen(APP_DEK_FILE_PFX) + 1;
265 char* end = strstr(fileName, ".adek");
267 WAE_SLOGE("WAE: Fail to extract pkgid from APP_DEK file. fileName=%s", fileName);
268 return WAE_ERROR_FILE;
270 strncpy(pkgId, start, end-start);
271 pkgId[end-start] = 0;//terminate string
272 return WAE_ERROR_NONE;
275 int _read_encrypted_app_dek_from_file(const char* pPkgId, unsigned char** encrypted_app_dek, size_t *len)
277 char path[MAX_PATH_LEN] = {0,};
278 _get_preloaded_app_dek_file_path(pPkgId, sizeof(path), path);
279 return _read_from_file(path, encrypted_app_dek, len);
282 int _write_encrypted_app_dek_to_file(const char* pPkgId, const unsigned char* encrypted_app_dek, size_t len)
284 char path[MAX_PATH_LEN] = {0,};
285 _get_preloaded_app_dek_file_path(pPkgId, sizeof(path), path);
286 return _write_to_file( path, encrypted_app_dek, len);
289 int _read_from_file(const char* path, unsigned char** data, size_t* len)
291 int ret = WAE_ERROR_NONE;
294 unsigned char* file_contents = NULL;
298 f = fopen(path, "r");
300 WAE_SLOGE("WAE: Fail to open a file. file=%s", path);
301 ret = WAE_ERROR_FILE;
305 fseek(f, 0, SEEK_END); // move to the end of a file
308 WAE_SLOGE("WAE: Failed to get file size by ftell. ret: %d", file_len);
309 ret = WAE_ERROR_FILE;
313 fseek(f, 0, SEEK_SET); // move to the start of a file
315 file_contents = (unsigned char*) malloc(file_len);
316 if(file_contents == NULL) {
317 WAE_SLOGE("WAE: Fail to allocate memory for encrypted_app_dek");
318 ret = WAE_ERROR_MEMORY;
321 memset(file_contents, 0x00, file_len);
323 while( (ch = fgetc(f)) != EOF) {
324 file_contents[i++]=(char)ch;
327 *data = file_contents;
333 if(ret != WAE_ERROR_NONE && file_contents != NULL)
339 int _write_to_file(const char* path, const unsigned char* data, size_t len)
341 int ret = WAE_ERROR_NONE;
346 f = fopen(path, "w");
348 WAE_SLOGE("WAE: Fail to open a file. file=%s", path);
349 ret = WAE_ERROR_FILE;
353 write_len = fwrite(data, 1, len, f);
354 if(write_len != (int) len) {
355 WAE_SLOGE("WAE: Fail to write a file. file=%s", path);
356 ret = WAE_ERROR_FILE;
366 int get_app_dek(const char* pPkgId, wae_app_type_e appType, unsigned char** ppDek, size_t* dekLen)
368 int ret = WAE_ERROR_NONE;
370 char* password = NULL;
371 ckmc_raw_buffer_s *pDekBuffer = NULL;
372 char alias[MAX_ALIAS_LEN] = {0,};
373 unsigned char* pDek = NULL;
374 unsigned char* cached_dek = NULL;
376 // get dek from cache
377 cached_dek = _get_app_dek_from_cache(pPkgId);
378 if(cached_dek == NULL) {
379 // get APP_DEK from system database
380 _get_alias(pPkgId, appType, false, alias, sizeof(alias));
382 ret = _to_wae_error(ckmc_get_data(alias, password, &pDekBuffer));
383 if(ret != WAE_ERROR_NONE) {
384 WAE_SLOGI("WAE: Fail to get APP_DEK from key-manager. pkgId=%s, alias=%s, ret=%d",
390 pDek = (unsigned char*) malloc(DEK_LEN);
392 WAE_SLOGE("Fail to allocate a memory");
393 ret = WAE_ERROR_MEMORY;
396 memcpy(pDek, (cached_dek != NULL) ? cached_dek : pDekBuffer->data, DEK_LEN);
400 WAE_SLOGI("WAE: Success to get APP_DEK from key-manager. pkgId=%s, alias=%s", pPkgId, alias);
402 if(pDekBuffer != NULL)
403 ckmc_buffer_free(pDekBuffer);
404 if(ret != WAE_ERROR_NONE && pDek != NULL)
410 int create_app_dek(const char* pPkgId, wae_app_type_e appType, unsigned char** ppDek, size_t* dekLen)
412 int ret = WAE_ERROR_NONE;
413 unsigned char *dek= NULL;
415 dek = (unsigned char*) malloc(DEK_LEN);
417 ret = WAE_ERROR_MEMORY;
421 ret = _get_random(DEK_LEN, dek);
422 if(ret != WAE_ERROR_NONE) {
423 WAE_SLOGE("WAE: Fail to get random for APP_DEK. pkgId=%s, ret=%d", pPkgId, ret);
427 // save app_dek in key_manager
428 ret = _add_dek_to_key_manager(pPkgId, appType, dek, DEK_LEN);
429 if(ret != WAE_ERROR_NONE) {
433 // store APP_DEK in cache
434 _add_app_dek_to_cache(pPkgId, dek);
439 WAE_SLOGI("WAE: Success to create APP_DEK and store it in key-manager. pkgId=%s", pPkgId);
441 if(ret != WAE_ERROR_NONE && dek != NULL)
447 int get_preloaded_app_dek(const char* pPkgId, unsigned char** ppDek, size_t* dekLen)
449 int ret = WAE_ERROR_NONE;
450 unsigned char* cached_dek= NULL;
451 unsigned char* dek = NULL;
453 // get dek from cache
454 cached_dek = _get_app_dek_from_cache(pPkgId);
455 if(cached_dek == NULL) {
456 WAE_SLOGE("WAE: Fail to get APP_DEK from cache for preloaded app");
457 ret = WAE_ERROR_NO_KEY;
461 dek = (unsigned char*) malloc(DEK_LEN);
463 WAE_SLOGE("WAE: Fail to allocate memory for preloaded app dek");
464 ret = WAE_ERROR_MEMORY;
467 memcpy(dek, cached_dek, DEK_LEN);
472 if(ret != WAE_ERROR_NONE && dek != NULL)
478 int create_preloaded_app_dek(const char* pPkgId, unsigned char** ppDek, size_t* dekLen)
480 int ret = WAE_ERROR_NONE;
481 unsigned char* dek = NULL;
482 unsigned char* encrypted_app_dek = NULL;
483 size_t encrypted_app_dek_len = 0;
484 unsigned char* pubKey = NULL;
485 size_t pubKeyLen = 0;
488 dek = (unsigned char*) malloc(DEK_LEN);
490 ret = WAE_ERROR_MEMORY;
494 ret = _get_random(DEK_LEN, dek);
495 if(ret != WAE_ERROR_NONE) {
499 // encrypt APP_DEK with APP_DEK_KEK
500 ret = _read_from_file(_get_dek_kek_pub_key_path(), &pubKey, &pubKeyLen);
501 if(ret != WAE_ERROR_NONE) {
502 WAE_SLOGE("WAE: Fail to read APP_DEK_KEK Public Key");
506 ret = encrypt_app_dek(pubKey, pubKeyLen, dek, DEK_LEN, &encrypted_app_dek, &encrypted_app_dek_len);
507 if(ret != WAE_ERROR_NONE) {
508 WAE_SLOGE("WAE: Fail to encrypt APP_DEK with APP_DEK_KEK");
512 // write APP_DEK in a file
513 ret = _write_encrypted_app_dek_to_file(pPkgId, encrypted_app_dek, encrypted_app_dek_len);
514 if(ret != WAE_ERROR_NONE) {
515 WAE_SLOGE("WAE: Fail to write encrypted APP_DEK. pkgId=%s", pPkgId);
519 // store APP_DEK in cache
520 _add_app_dek_to_cache(pPkgId, dek);
524 WAE_SLOGI("WAE: Success to create preleaded APP_DEK and write it in initail value file. pkgId=%s", pPkgId);
529 if(encrypted_app_dek != NULL)
530 free(encrypted_app_dek);
531 if(ret != WAE_ERROR_NONE && dek != NULL)
537 int _get_app_dek_kek(unsigned char** ppDekKek, size_t* kekLen)
539 int ret = WAE_ERROR_NONE;
541 ret = _read_from_file(_get_dek_kek_pri_key_path(), ppDekKek, kekLen);
542 if(ret != WAE_ERROR_NONE) {
543 WAE_SLOGE("WAE: Fail to read APP_DEK_KEK Private Key");
547 char* password = NULL;
548 ckmc_raw_buffer_s *pKekBuffer = NULL;
549 unsigned char* pKek = NULL;
551 char dek_kek_alias[MAX_ALIAS_LEN] = {0, };
552 _get_dek_kek_alias(dek_kek_alias, sizeof(dek_kek_alias));
554 ret = _to_wae_error(ckmc_get_data(dek_kek_alias, password, &pKekBuffer));
555 if(ret != WAE_ERROR_NONE) {
556 WAE_SLOGE("Fail to get APP_DEK_KEK from key-manager. alias=%s, ret=%d", APP_DEK_KEK_ALIAS, ret);
560 pKek = (unsigned char*) malloc(pKekBuffer->size);
562 WAE_SLOGE("Fail to allocate a memory");
563 ret = WAE_ERROR_MEMORY;
566 memcpy(pKek, pKekBuffer->data, pKekBuffer->size);
569 *kekLen = pKekBuffer->size;
570 WAE_SLOGI("Success to get APP_DEK_KEK from key-manager.");
572 if(pKekBuffer != NULL)
573 ckmc_buffer_free(pKekBuffer);
574 if(ret != WAE_ERROR_NONE && pKek != NULL)
581 int _get_app_deks_loaded()
583 int ret = WAE_ERROR_NONE;
585 ckmc_raw_buffer_s *pBuffer = NULL;
586 char loading_done_alias[MAX_ALIAS_LEN] = {0, };
588 _get_dek_loading_done_alias(loading_done_alias, sizeof(loading_done_alias));
590 ret = _to_wae_error(ckmc_get_data(loading_done_alias, NULL, &pBuffer));
591 if(ret == WAE_ERROR_NO_KEY) {
592 WAE_SLOGI("WAE: APP_DEK_LOADING was not done");
593 } else if(ret == WAE_ERROR_NONE) {
594 WAE_SLOGI("WAE: APP_DEK_LOADING was already done");
596 WAE_SLOGE("WAE: Fail to get information from key-manager about APP_DEK_LOADING_DONE_ALIAS. ret=%d", ret);
602 ckmc_buffer_free(pBuffer);
607 int _set_app_deks_loaded()
609 int ret = WAE_ERROR_NONE;
610 ckmc_raw_buffer_s buff;
611 ckmc_policy_s policy;
612 unsigned char dummyData[1] = {0};
614 buff.data = dummyData;
615 buff.size = sizeof(dummyData);
617 policy.password = NULL;
618 policy.extractable = true;
620 char loading_done_alias[MAX_ALIAS_LEN] = {0, };
621 _get_dek_loading_done_alias(loading_done_alias, sizeof(loading_done_alias));
623 ret = _to_wae_error(ckmc_save_data(loading_done_alias, buff, policy));
624 if(ret == WAE_ERROR_KEY_EXISTS) {
625 WAE_SLOGI("WAE: APP_DEK_LOADING was already done");
626 ret = WAE_ERROR_NONE;
627 } else if(ret != WAE_ERROR_NONE) {
628 WAE_SLOGE("WAE: Fail to set APP_DEK_LOADING_DONE_ALIAS to key-manager. ret=%d", ret);
632 WAE_SLOGI("Success to set APP_DEK_LOADING_DONE_ALIAS to key-manager.");
637 int _clear_app_deks_loaded()
639 int ret = WAE_ERROR_NONE;
640 char loading_done_alias[MAX_ALIAS_LEN] = {0, };
641 _get_dek_loading_done_alias(loading_done_alias, sizeof(loading_done_alias));
643 ret = _to_wae_error(ckmc_remove_alias(loading_done_alias));
644 if(ret == WAE_ERROR_NO_KEY) {
645 WAE_SLOGI("APP_DEK_LOADING_DONE_ALIAS was not set to key-manager before.");
646 ret = WAE_ERROR_NONE;
647 }else if(ret != WAE_ERROR_NONE) {
648 WAE_SLOGE("Fail to clear APP_DEK_LOADING_DONE_ALIAS to key-manager. ret=%d", ret);
654 int load_preloaded_app_deks(bool reload)
656 int ret = WAE_ERROR_NONE;
658 char pkgId[MAX_PKGID_LEN] = {0, };
662 struct dirent *result;
664 char file_path_buff[MAX_PATH_LEN];
665 unsigned char* encrypted_app_dek = NULL;
666 size_t encrypted_app_dek_len = 0;
667 unsigned char* app_dek = NULL;
668 size_t app_dek_len = 0;
669 unsigned char* priKey = NULL;
670 size_t priKeyLen = 0;
672 int error_during_loading = 0;
675 // check if all deks were already loaded into key-manager.
676 ret = _get_app_deks_loaded();
677 if(ret == WAE_ERROR_NONE) {
682 ret = _get_app_dek_kek(&priKey, &priKeyLen);
683 if(ret != WAE_ERROR_NONE) {
684 WAE_SLOGE("Fail to get APP_DEK_KEK Private Key");
688 dir = opendir(_get_dek_store_path());
690 WAE_SLOGE("Fail to open dir. dir=%s", _get_dek_store_path());
691 ret = WAE_ERROR_FILE;
696 error = readdir_r(dir, &entry, &result);
698 ret = WAE_ERROR_FILE;
701 // readdir_r returns NULL in *result if the end
702 // of the directory stream is reached
706 // regular file && start with KEY_MANAGER_INITIAL_VALUE_FILE_PFX
707 if(entry.d_type == DT_REG && strstr(entry.d_name, APP_DEK_FILE_PFX) != NULL) {
708 memset(file_path_buff, 0, sizeof(file_path_buff));
709 ret = snprintf(file_path_buff, sizeof(file_path_buff), "%s/%s",
710 _get_dek_store_path(), entry.d_name);
712 WAE_SLOGE("Failed to make file path by snprintf.");
713 ret = WAE_ERROR_INVALID_PARAMETER; /* buffer size too small */
717 ret = _extract_pkg_id_from_file_name(entry.d_name, pkgId);
718 if(ret != WAE_ERROR_NONE) {
719 WAE_SLOGW("Fail to extract pkgid from file. It will be ignored. file=%s",file_path_buff);
723 ret = _read_from_file(file_path_buff, &encrypted_app_dek, &encrypted_app_dek_len);
724 if(ret != WAE_ERROR_NONE || encrypted_app_dek == NULL) {
725 error_during_loading++;
726 WAE_SLOGW("Fail to read file. It will be ignored. file=%s",file_path_buff);
730 ret = decrypt_app_dek(priKey, priKeyLen, APP_DEK_KEK_PRIKEY_PASSWORD,
731 encrypted_app_dek, encrypted_app_dek_len,
732 &app_dek, &app_dek_len);
733 if(ret != WAE_ERROR_NONE || app_dek == NULL) {
734 error_during_loading++;
735 WAE_SLOGW("Fail to decrypt APP DEK. It will be ignored. file=%s",file_path_buff);
739 // save app_dek in key_manager
740 ret = _add_dek_to_key_manager(pkgId, WAE_PRELOADED_APP, app_dek, app_dek_len);
743 free(encrypted_app_dek);
745 encrypted_app_dek = NULL;
747 if(ret == WAE_ERROR_KEY_EXISTS) {
748 WAE_SLOGI("Key Manager already has APP_DEK. It will be ignored. file=%s",file_path_buff);
750 }else if(ret != WAE_ERROR_NONE) {
751 error_during_loading++;
752 WAE_SLOGW("Fail to add APP DEK to key-manager. file=%s",file_path_buff);
758 ret = _set_app_deks_loaded();
759 if(ret == WAE_ERROR_NONE) {
760 WAE_SLOGI("Success to load_preloaded_app_deks");
761 ret = WAE_ERROR_NONE;
763 WAE_SLOGW("Fail to _set_app_deks_loaded to key-manager. ret=%d", ret);
773 int remove_app_dek(const char* pPkgId, wae_app_type_e appType)
775 int ret = CKMC_ERROR_NONE;
776 char alias[MAX_ALIAS_LEN] = {0,};
778 _get_alias(pPkgId, appType, true, alias,sizeof(alias));
780 ret = _to_wae_error(ckmc_remove_alias(alias));
781 if(ret != WAE_ERROR_NONE) {
782 WAE_SLOGE("Fail to remove APP_DEK from key-manager. pkgId=%s, alias=%s, ret=%d", pPkgId, alias, ret);
786 _remove_app_dek_from_cache(pPkgId);
787 WAE_SLOGI("Success to remove APP_DEK from key-manager. pkgId=%s", pPkgId);
789 return WAE_ERROR_NONE;