Modify get encryption/decryption key from device unique key

[Issue#] N/A
[Problem] N/A
[Cause] N/A
[Solution] Modify get encryption key from osp app-fw.
The key is made from device unique key and hashed.
[SCMRequest] N/A

diff --git a/build/encryption/CMakeLists.txt b/build/encryption/CMakeLists.txt
index 710ada6..99b7a35 100644 (file)
--- a/build/encryption/CMakeLists.txt
+++ b/build/encryption/CMakeLists.txt
@@ -23,6 +23,7 @@ INCLUDE(FindPkgConfig)
 PKG_CHECK_MODULES(SYS_ENCRYPTION
     dlog
     openssl
+    osp-appfw
     REQUIRED
 )
 

diff --git a/modules/encryption/include/dpl/encryption/resource_decryption.h b/modules/encryption/include/dpl/encryption/resource_decryption.h
index c22b1d2..eaf8ad8 100644 (file)
--- a/modules/encryption/include/dpl/encryption/resource_decryption.h
+++ b/modules/encryption/include/dpl/encryption/resource_decryption.h
@@ -50,7 +50,7 @@ class ResourceDecryptor
 
   private:
       AES_KEY* GetDecryptionKey();
-      AES_KEY *m_decKey;
+      AES_KEY m_decKey;
 
 };
 } //namespace WRTDecryptor 

diff --git a/modules/encryption/src/resource_decryption.cpp b/modules/encryption/src/resource_decryption.cpp
index db45f81..6b9f8e8 100644 (file)
--- a/modules/encryption/src/resource_decryption.cpp
+++ b/modules/encryption/src/resource_decryption.cpp
@@ -21,6 +21,11 @@
  */
 #include <stddef.h>
 #include <dpl/encryption/resource_decryption.h>
+#ifdef Try
+#undef Try
+#endif
+#include <FSecSecretKey.h>
+#include <security/FSec_DeviceKeyGenerator.h>
 
 #include <fcntl.h>
 #include <string>
@@ -28,19 +33,17 @@
 #include <dpl/exception.h>
 
 namespace {
-inline std::string GetDefaultEncryptKeyPath() {
-    return "/opt/share/widget/data/";
-}
+#define BITS_SIZE 128
+#define KEY_SIZE 16
 }
+
 namespace WRTDecryptor{
-ResourceDecryptor::ResourceDecryptor() :
-    m_decKey(NULL)
+ResourceDecryptor::ResourceDecryptor()
 {
     LogDebug("Started Decryption");
 }
 
-ResourceDecryptor::ResourceDecryptor(std::string userKey) :
-    m_decKey(NULL)
+ResourceDecryptor::ResourceDecryptor(std::string userKey)
 {
     LogDebug("Finished Decryption");
     SetDecryptionKey(userKey);
@@ -48,47 +51,57 @@ ResourceDecryptor::ResourceDecryptor(std::string userKey) :
 
 ResourceDecryptor::~ResourceDecryptor()
 {
-    delete m_decKey;
 }
 
 void ResourceDecryptor::SetDecryptionKey(std::string userKey)
 {
-    /* TODO : get key from secure storage */
-    std::string keyPath = GetDefaultEncryptKeyPath() + userKey + "_dec";
-    LogDebug("Description Key path : " << keyPath);
+    if (userKey.empty()) {
+        return;
+    }
+    using namespace Tizen;
+    using namespace Tizen::Base;
 
-    FILE* fp = fopen(keyPath.c_str(), "rb");
-    if (fp == NULL) {
-        ThrowMsg(ResourceDecryptor::Exception::GetDecKeyFailed,
-                "Failed to get decryption key");
+    Tizen::Base::String appId;
+    appId.Format(userKey.size(), L"%s", userKey.c_str());
+    Tizen::Security::ISecretKey* pSecretKey =
+        Tizen::Security::_DeviceKeyGenerator::GenerateDeviceKeyN(appId, KEY_SIZE);
+
+    Tizen::Base::ByteBuffer* bf = pSecretKey->GetEncodedN();
+    unsigned char *key = new unsigned char[KEY_SIZE+1];
+
+    int i=0;
+    while(bf->HasRemaining()) {
+        byte b;
+        bf->GetByte(b);
+        key[i] = b;
+        i++;
     }
+    key[KEY_SIZE] = '\n';
 
-    m_decKey = new AES_KEY;
-    size_t resultSize =fread(m_decKey, 1, sizeof(AES_KEY),fp);
-    if (resultSize!= sizeof(AES_KEY))
+    if ( 0 > AES_set_decrypt_key(key, BITS_SIZE, &m_decKey)) {
+        delete key;
         ThrowMsg(ResourceDecryptor::Exception::GetDecKeyFailed,
-                "Failed to get AES key");
-
-    fclose(fp);
+                "Failed to create decryption key");
+    }
+    delete key;
 }
 
 AES_KEY* ResourceDecryptor::GetDecryptionKey()
 {
-    return m_decKey;
+    return &m_decKey;
 }
 
 void ResourceDecryptor::GetDecryptedChunk(unsigned char*
         inBuf, unsigned char* decBuf, size_t inBufSize)
 {
     Assert(decBuf);
-    Assert(m_decKey);
-    if (decBuf == NULL || m_decKey == NULL) {
+    if (decBuf == NULL) {
         ThrowMsg(ResourceDecryptor::Exception::EncryptionFailed,
                 "Failed to Get Decryption Chunk");
     }
     unsigned char ivec[16] = {0, };
 
-    AES_cbc_encrypt(inBuf, decBuf, inBufSize, m_decKey, ivec, AES_DECRYPT);
+    AES_cbc_encrypt(inBuf, decBuf, inBufSize, &m_decKey, ivec, AES_DECRYPT);
     LogDebug("Success decryption");
 }
 

diff --git a/modules/encryption/src/resource_encryption.cpp b/modules/encryption/src/resource_encryption.cpp
index e89940e..9110b7f 100644 (file)
--- a/modules/encryption/src/resource_encryption.cpp
+++ b/modules/encryption/src/resource_encryption.cpp
@@ -22,18 +22,20 @@
 #include <stddef.h>
 #include <dpl/encryption/resource_encryption.h>
 
+#ifdef Try
+#undef Try
+#endif
+#include <FSecSecretKey.h>
+#include <security/FSec_DeviceKeyGenerator.h>
+
 #include <fcntl.h>
 #include <dpl/log/log.h>
 
 namespace {
 #define BITS_SIZE 128
-const char* ENCRYPTION_FILE = "_enc";
-const char* DECRYPTION_FILE = "_dec";
-
-inline std::string GetDefaultEncryptKeyPath() {
-    return "/opt/share/widget/data";
-}
+#define KEY_SIZE 16
 }
+
 namespace WRTEncryptor{
 ResourceEncryptor::ResourceEncryptor()
 {
@@ -59,44 +61,32 @@ void ResourceEncryptor::CreateEncryptionKey(std::string userKey)
         return;
     }
 
-    AES_KEY decKey;
-    const unsigned char* key = reinterpret_cast<unsigned char*>(
-                                    const_cast<char*>(userKey.c_str()));
+    using namespace Tizen;
+    using namespace Tizen::Base;
+    Tizen::Base::String appId;
+    appId.Format(userKey.size(), L"%s", userKey.c_str());
+    Tizen::Security::ISecretKey* pSecretKey =
+        Tizen::Security::_DeviceKeyGenerator::GenerateDeviceKeyN(appId, KEY_SIZE);
+
+    Tizen::Base::ByteBuffer* bf = pSecretKey->GetEncodedN();
+    unsigned char *key = new unsigned char[KEY_SIZE+1];
+
+    int i=0;
+    while(bf->HasRemaining()) {
+        byte b;
+        bf->GetByte(b);
+        key[i] = b;
+        i++;
+    }
+    key[KEY_SIZE] = '\n';
 
     if ( 0 > AES_set_encrypt_key(key, BITS_SIZE, &m_encKey)) {
+        delete key;
         ThrowMsg(ResourceEncryptor::Exception::CreateEncKeyFailed,
                 "Failed to create encryption key");
     }
-    if ( 0 > AES_set_decrypt_key(key, BITS_SIZE, &decKey)) {
-        ThrowMsg(ResourceEncryptor::Exception::CreateDecKeyFailed,
-                "Failed to create decryption key");
-    }
-
-    std::string encPath, decPath;
-
-    encPath = GetDefaultEncryptKeyPath() + "/" + userKey + ENCRYPTION_FILE;
-    decPath = GetDefaultEncryptKeyPath() + "/" + userKey + DECRYPTION_FILE;
-
-    /* TODO : save keys to secure storage */
-    LogDebug("Encryption Key path " << encPath);
-    LogDebug("Decryption Key path " << decPath);
-
-    FILE* encFp = fopen(encPath.c_str(), "wb");
-    if (encFp == NULL) {
-        ThrowMsg(ResourceEncryptor::Exception::CreateEncKeyFileFailed,
-                "Failed to save encryption key");
-    }
-    fwrite(&m_encKey, 1, sizeof(m_encKey), encFp);
-    fclose(encFp);
-
-    FILE* decFp = fopen(decPath.c_str(), "wb");
-    if (decFp == NULL) {
-        ThrowMsg(ResourceEncryptor::Exception::CreateDecKeyFileFailed,
-                "Failed to save decryption key");
-    }
+    delete key;
 
-    fwrite(&decKey, 1, sizeof(decKey), decFp);
-    fclose(decFp);
     LogDebug("Success to create ecryption and decryption key");
 }
 

diff --git a/packaging/wrt-commons.spec b/packaging/wrt-commons.spec
index f6743e4..84f14ef 100644 (file)
--- a/packaging/wrt-commons.spec
+++ b/packaging/wrt-commons.spec
@@ -23,6 +23,11 @@ BuildRequires:  pkgconfig(libxml-2.0)
 BuildRequires:  pkgconfig(openssl)
 BuildRequires:  pkgconfig(libiri)
 BuildRequires:  pkgconfig(libidn)
+BuildRequires:  pkgconfig(osp-appfw)
+BuildRequires:  osp-appfw-internal-devel
+
+# runtime requires
+Requires: osp-appfw
 
 %description
 Wrt common library