add data encryption feature 33/95433/2 accepted/tizen/3.0/ivi/20161109.025318 accepted/tizen/3.0/mobile/20161109.025219 accepted/tizen/3.0/tv/20161109.025240 accepted/tizen/3.0/wearable/20161109.025257 submit/tizen_3.0/20161108.033051
authorgreatim <jaewon81.lim@samsung.com>
Thu, 3 Nov 2016 08:17:55 +0000 (17:17 +0900)
committergreatim <jaewon81.lim@samsung.com>
Mon, 7 Nov 2016 07:15:11 +0000 (16:15 +0900)
add data encryption feature
 - encryption on / off for each device
 - encryption message handshaking
 - encryption module

Change-Id: I89337af9d9a5bc6fac45401f962392491b3e43ae
Signed-off-by: greatim <jaewon81.lim@samsung.com>
CMakeLists.txt
packaging/sdbd.spec
src/plugin.c
src/sdb.c
src/sdb.h
src/sdbd_plugin.h
src/services.c
src/sockets.c
src/transport.c
src/transport_security.c [new file with mode: 0644]
src/transport_security.h [new file with mode: 0644]

index 6c88b77fca734b5c744b4b8b7cdb784532f42645..47edfd9cbb34b7b3797b621ba8dd1cf77051061e 100644 (file)
@@ -58,6 +58,7 @@ SET(SDBD_SRCS
        src/default_plugin_appcmd.c
        src/hashtable.c
        src/plugin.c
+       src/transport_security.c
 )
 
 include(FindPkgConfig)
@@ -69,6 +70,7 @@ pkg_check_modules(pkgs REQUIRED
     glib-2.0
     dbus-1
     dbus-glib-1
+       dlog
  )
  
 FOREACH(flag ${pkgs_CFLAGS})
@@ -86,6 +88,7 @@ ADD_DEFINITIONS("-D_GNU_SOURCE")
 ADD_DEFINITIONS("-DHAVE_FORKEXEC")
 ADD_DEFINITIONS("-D_DROP_PRIVILEGE")
 ADD_DEFINITIONS("-D_FILE_OFFSET_BITS=64")
+ADD_DEFINITIONS("-DSUPPORT_ENCRYPT")
 
 IF (_ARM_TARGET)
     ADD_DEFINITIONS("-DANDROID_GADGET=1")
index 1cf6758280b268f5fee11a27407b44bf82db6411..bc9408f3ec5cc6d2c4a506bc3abe93c7e51574ad 100644 (file)
@@ -25,6 +25,7 @@ BuildRequires: pkgconfig(vconf)
 BuildRequires: pkgconfig(glib-2.0)
 BuildRequires: pkgconfig(dbus-1)
 BuildRequires: pkgconfig(dbus-glib-1)
+BuildRequires: pkgconfig(dlog)
 Requires: dbus
 
 %description
index e8c70b98e0da4834a75dc0dca2e562d91df3f6a8..bee7aa41b0993d8d86e7c6824aced08ae260498f 100644 (file)
@@ -27,7 +27,7 @@
 #include "plugin.h"
 #include "sdbd_plugin.h"
 
-static void* plugin_handle = NULL;
+void* g_plugin_handle = NULL;
 
 PLUGIN_INIT plugin_init_proc = NULL;
 PLUGIN_SYNCHRONOUS_CMD_PROC plugin_sync_proc = NULL;
@@ -89,28 +89,28 @@ static int load_plugin_not_default()
     plugin_sync_proc = NULL;
     plugin_async_proc = NULL;
 
-    plugin_handle = dlopen ( PLUGIN_PATH, RTLD_NOW );
-    if ( plugin_handle == NULL ) {
+    g_plugin_handle = dlopen ( PLUGIN_PATH, RTLD_NOW );
+    if ( g_plugin_handle == NULL ) {
         D ( "failed to dlopen(%s). error: %s\n", PLUGIN_PATH, dlerror() );
         return 0;
     }
 
-    plugin_init_proc = dlsym ( plugin_handle, PLUGIN_PROC_NAME_INIT );
+    plugin_init_proc = dlsym ( g_plugin_handle, PLUGIN_PROC_NAME_INIT );
     if ( plugin_init_proc == NULL ) {
         D ( "failed to get the sdbd plugin init function. error: %s\n", dlerror() );
-        dlclose ( plugin_handle );
-        plugin_handle = NULL;
+        dlclose ( g_plugin_handle );
+        g_plugin_handle = NULL;
         return 0;
     }
 
     // if there is no implementation of plugin_sync_proc and plugin_async_proc,
     // then use default_plugin_sync_proc and default_plugin_async_proc
-    plugin_sync_proc = dlsym ( plugin_handle, PLUGIN_PROC_NAME_SYNC_CMD );
+    plugin_sync_proc = dlsym ( g_plugin_handle, PLUGIN_PROC_NAME_SYNC_CMD );
     if ( plugin_sync_proc == NULL ) {
         plugin_sync_proc = default_plugin_sync_proc;
     }
 
-    plugin_async_proc = dlsym ( plugin_handle, PLUGIN_PROC_NAME_ASYNC_CMD );
+    plugin_async_proc = dlsym ( g_plugin_handle, PLUGIN_PROC_NAME_ASYNC_CMD );
     if ( plugin_async_proc == NULL ) {
         plugin_async_proc = default_plugin_async_proc;
     }
@@ -149,9 +149,9 @@ void unload_sdbd_plugin()
         plugin_cmd_hashtable = NULL;
     }
 
-    if ( plugin_handle ) {
-        dlclose ( plugin_handle );
-        plugin_handle = NULL;
+    if ( g_plugin_handle ) {
+        dlclose ( g_plugin_handle );
+        g_plugin_handle = NULL;
     }
 }
 
index 9a0d5cfc37cf6c8948fdeef8dc259cf6f1b7cc1f..50cf9ed0b55f98f3c7d7ddcc9a0d159077a32741 100644 (file)
--- a/src/sdb.c
+++ b/src/sdb.c
 #include "plugin.h"
 #include "sdbd_plugin.h"
 
+#ifdef SUPPORT_ENCRYPT
+#include "transport_security.h"
+#endif
+
 #if !SDB_HOST
 #include <linux/prctl.h>
 #define SDB_PIDPATH "/tmp/.sdbd.pid"
@@ -368,6 +372,147 @@ void print_packet(const char *label, apacket *p)
 }
 #endif
 
+#ifdef SUPPORT_ENCRYPT
+/* 
+desc. : 암호화 실패 메시지 전송
+parameter : [in] apacket* p : sdbd로 들어온 메시지
+                       [in] atransport *t : 현재 연결에 대한 atransport
+                       [in] unsigned failed_value : 실패 값
+*/
+void send_encr_fail(apacket* p, atransport *t, unsigned failed_value){
+       apacket* enc_p;
+       enc_p = get_apacket();
+       enc_p->msg.command = A_ENCR; // 암호화 메시지
+       enc_p->msg.arg0 = failed_value; // 실패값
+       enc_p->msg.arg1 = p->msg.arg1;
+       send_packet(enc_p, t);
+       //put_apacket(enc_p);
+}
+
+/* 
+desc. : 암호화 메시지 핸들링
+parameter : [in] apacket* p : sdbd로 들어온 메시지
+                       [in/out] apacket* enc_p : sdb server로 전송할 메시지
+                       [in/out] atransport *t : 현재 연결에 대한 atransport
+ret : 0 : 정상적으로 메시지 전송
+         -1: 메시지 전송 실패
+*/
+int handle_encr_packet(apacket* p, apacket* enc_p, atransport *t){
+       static int sessionID = 0;
+       int retVal = 0;
+       if(p->msg.arg0 == ENCR_SET_ON_REQ){ // hello 메시지인 경우
+               t->sessionID = sessionID;
+               if((retVal = security_init(t->sessionID, NULL)) == 1){ // 암호화 handshaking을 위한 init                  
+                       if(security_parse_server_hello(t->sessionID, p) == 1){ // hello 메시지 파싱
+                               D("security_parse_server_hello success\n");
+                               if(security_gen_client_hello(t->sessionID, enc_p) == 1){ // hello 메시지 생성
+                                       D("security_gen_client_hello success\n");                               
+                                       enc_p->msg.command = A_ENCR;
+                                       enc_p->msg.arg0 = ENCR_SET_ON_REQ;
+                                       enc_p->msg.arg1 = p->msg.arg1;
+                                       sessionID++;
+                                       send_packet(enc_p, t);
+                               }
+                               else { // hello 메시지 생성 실패
+                                       D("security_gen_client_hello error\n");
+                                       send_encr_fail(p, t, ENCR_ON_FAIL); // 암호화 on 실패 메시지 전송
+                                       t->encryption = ENCR_OFF; // 암호화 모드는 off
+                                       security_deinit(t->sessionID);                          
+                                       return -1;
+                               }
+                       }
+                       else{ // hello 메시지 파싱 실패
+                               D("security_parse_server_hello error\n");
+                               send_encr_fail(p, t, ENCR_ON_FAIL);
+                               t->encryption = ENCR_OFF;
+                               security_deinit(t->sessionID);
+                               
+                               return -1;
+                       }
+               } else { // init 실패
+                       D("security_init error\n");
+                       send_encr_fail(p, t, ENCR_ON_FAIL);
+                       t->encryption = ENCR_OFF;
+                       if (retVal == -1)
+                       {
+                               security_deinit(t->sessionID);
+                       }
+                       //here!! do security_deinit(), but when plugin pointer is null -> not deinit
+                       return -1;
+               }
+       }
+       else if(p->msg.arg0 == ENCR_SET_ON_OK){ // ack 메시지인 경우
+               if(security_parse_server_ack(t->sessionID, p) == 1){    // ack 메시지 파싱
+                       if(security_gen_client_ack(t->sessionID, enc_p) == 1){ // ack 메시지 생성
+                               D("security_gen_client_ack success\n");
+                               enc_p->msg.command = A_ENCR;
+                               enc_p->msg.arg0 = ENCR_SET_ON_OK;
+                               enc_p->msg.arg1 = p->msg.arg1;
+                               t->encryption = ENCR_ON;
+                               send_packet(enc_p, t);
+                       }
+                       else { // ack 메시지 생성에 실패한 경우
+                               D("security_gen_client_ack error\n");
+                               send_encr_fail(p, t, ENCR_ON_FAIL);
+                               t->encryption = ENCR_OFF;
+                               security_deinit(t->sessionID);
+                               return -1;
+                       }
+               }
+               else { // ack 메시지 파싱에 실패한 경우
+                       D("security_parse_server_ack error\n");
+                       send_encr_fail(p, t, ENCR_ON_FAIL);
+                       t->encryption = ENCR_OFF;
+                       security_deinit(t->sessionID);
+                       return -1;
+               }
+       }
+       else if(p->msg.arg0 == ENCR_SET_OFF){ // 암호화 모드 off 요청 메시지
+               if(t->encryption == ENCR_ON && security_deinit(t->sessionID) == 1){ // 현재 암호화 모드가 on 상태인 경우
+                       enc_p = get_apacket();
+                       t->encryption = ENCR_OFF; // 현재 연결에 대한 암호화 모드 off
+                       enc_p->msg.command = A_ENCR;
+                       enc_p->msg.arg0 = ENCR_SET_OFF;
+                       enc_p->msg.arg1 = p->msg.arg1;
+                       send_packet(enc_p, t);
+               }
+               else { // 암호화 모드 off에 실패한 경우
+                       D("security_deinit error\n");
+                       send_encr_fail(p, t, ENCR_OFF_FAIL); // 암호화 모드 off 실패 메시지 전송
+                       return -1;
+               }
+       }
+       else if(p->msg.arg0 == ENCR_GET){ // 암호화 모드의 상태 요청 메시지인 경우
+               enc_p = get_apacket();
+               enc_p->msg.command = A_ENCR;
+               enc_p->msg.arg0 = ENCR_GET; // 암호화 모드 status get메시지
+               enc_p->msg.arg1 = p->msg.arg1;
+               if(t->encryption == ENCR_ON){ // 암호화 모드가 on인 경우
+                       enc_p->msg.data_length = 13;
+                       strncpy((char*)enc_p->data, "encryption:on", enc_p->msg.data_length); // encryption:on 메시지 전송
+               } else if(t->encryption == ENCR_OFF){ // 암호화 모드가 off인 경우
+                       enc_p->msg.data_length = 14;
+                       strncpy((char*)enc_p->data, "encryption:off", enc_p->msg.data_length); // encryption:off 메시지 전송
+               }
+               send_packet(enc_p, t);
+       }
+       else if (p->msg.arg0 == ENCR_ON_FAIL) // 암호화 모드를 on 하는 도중 실패한 경우 받는 메시지
+       {
+               t->encryption = ENCR_OFF; // 암호화 모드를 다시 off
+               D("encryption on failed\n");
+       }
+       else if (p->msg.arg0 == ENCR_OFF_FAIL) // 암호화 모드를 off하는 도중 실패한 경우 받는 메시지
+       {
+               //t->encryption = ENCR_ON;
+               D("encryption off failed\n");
+       }
+       //put_apacket(enc_p);
+       return 0;
+       
+}
+#endif
+
+
 static void send_ready(unsigned local, unsigned remote, atransport *t)
 {
     D("Calling send_ready \n");
@@ -394,8 +539,11 @@ static void send_connect(atransport *t)
     apacket *cp = get_apacket();
     cp->msg.command = A_CNXN;
     cp->msg.arg0 = A_VERSION;
+#ifdef SUPPORT_ENCRYPT
+       cp->msg.arg1 = MAX_PAYLOAD - 100; // connection 시, sdb server의 패킷 크기를 암호화 오버로드 만큼 줄임
+#else
     cp->msg.arg1 = MAX_PAYLOAD;
-
+#endif
     char device_name[256]={0,};
     int r = 0;
     int status = 0;
@@ -739,6 +887,15 @@ void handle_packet(apacket *p, atransport *t)
             }
         }
         break;
+#ifdef SUPPORT_ENCRYPT
+       case A_ENCR: // 암호화 메시지인 경우
+               if(t->connection_state != CS_OFFLINE) {
+                       apacket* enc_p = get_apacket();
+                       handle_encr_packet(p, enc_p, t);
+                       //put_apacket(enc_p);
+               }
+               break;
+#endif
 
     default:
         printf("handle_packet: what is %08x?!\n", p->msg.command);
@@ -1692,6 +1849,15 @@ static void init_capabilities(void) {
     }
 
 
+    // Encryption support
+    if(!request_capability_to_plugin(CAPABILITY_ENCRYPTION, g_capabilities.encryption_support,
+                            sizeof(g_capabilities.encryption_support))) {
+        D("failed to request. (%d:%d) \n", PLUGIN_SYNC_CMD_CAPABILITY, CAPABILITY_ENCRYPTION);
+        snprintf(g_capabilities.encryption_support, sizeof(g_capabilities.encryption_support),
+                    "%s", DISABLED);
+    }
+
+
     // Zone support
     ret = is_container_enabled();
     snprintf(g_capabilities.zone_support, sizeof(g_capabilities.zone_support),
index fec1a5d1aaf02b5c3dfc47aeda64147e86ad4663..348a7eb1a849298fe6eed08fe483691e7600a323 100644 (file)
--- a/src/sdb.h
+++ b/src/sdb.h
 #define A_CLSE 0x45534c43
 #define A_WRTE 0x45545257
 #define A_STAT 0x54415453
+#define A_ENCR 0x40682018 // encryption 메시지
+
+#ifdef SUPPORT_ENCRYPT
+ #define ENCR_SET_ON_REQ 0 // encryption hello 메시지
+ #define ENCR_SET_ON_OK 1 // encryption ack 메시지
+ #define ENCR_SET_OFF 2 // encryption mode off 메시지
+ #define ENCR_GET 3 // encryption status get 메시지
+ #define ENCR_ON_FAIL 4 // encryption on 실패 메시지
+ #define ENCR_OFF_FAIL 5 // encryption off 실패 메시지
+ #define ENCR_ON 1 // encryption on 상태
+ #define ENCR_OFF 0 // encryption off 상태
+#endif
 
 #define A_VERSION 0x02000000        // SDB protocol version
 
@@ -200,6 +212,11 @@ struct atransport
         /* a list of adisconnect callbacks called when the transport is kicked */
     int          kicked;
     adisconnect  disconnects;
+
+#ifdef SUPPORT_ENCRYPT
+       unsigned encryption; // 해당 연결이 암호화 모드인지 확인하는 flag , 0 = no-encryption / 1 = encryption
+       int sessionID; // 암호화 세션 ID, 암호화 map에 대한 key
+#endif
 };
 
 
@@ -257,6 +274,7 @@ typedef struct platform_capabilities
     char usbproto_support[CAPBUF_ITEMSIZE];     // enabled or disabled
     char sockproto_support[CAPBUF_ITEMSIZE];    // enabled or disabled
     char appcmd_support[CAPBUF_ITEMSIZE];       // enabled or disabled
+    char encryption_support[CAPBUF_ITEMSIZE];   // enabled or disabled
 
     char log_enable[CAPBUF_ITEMSIZE];           // enabled or disabled
     char log_path[CAPBUF_LL_ITEMSIZE];          // path of sdbd log
index 2bfb450af5ec311aae09a8c7d4e3b9bb6fc63cab..bcaaa8dbab9ee675d727d54dc0030a7a469842fb 100644 (file)
@@ -63,6 +63,7 @@
 #define CAPABILITY_LOG_ENABLE           10009
 #define CAPABILITY_LOG_PATH             10010
 #define CAPABILITY_APPCMD               10011
+#define CAPABILITY_ENCRYPTION           10012
 
 // ===============================================================================
 // priority definition
index 1c48905d451af1432e0645252cb6dac13d523f1a..d2d150039472b8afb3a5c6af3e46757041c5694b 100644 (file)
@@ -948,6 +948,10 @@ static void get_capability(int fd, void *cookie) {
     offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE,
                                 "rootonoff_support", g_capabilities.rootonoff_support);
 
+    // Encryption support
+    offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE,
+                                "encryption_support", g_capabilities.encryption_support);
+
     // Zone support
     offset += put_key_value_string(cap_buffer, offset, CAPBUF_SIZE,
                                 "zone_support", g_capabilities.zone_support);
index 574820afc21275d06f85e915130623bc67ea4b09..801ff42f7c7c8ad0587c7868a8d96d5090d438b3 100644 (file)
@@ -317,7 +317,17 @@ static void local_socket_event_func(int fd, unsigned ev, void *_s)
     if(ev & FDE_READ){
         apacket *p = get_apacket();
         unsigned char *x = p->data;
-        size_t avail = MAX_PAYLOAD;
+#ifdef SUPPORT_ENCRYPT
+               // sdb.c:536에서 sdb server의 패킷은 MAX_PAYLOAD-100으로 정하여서,
+               // sdb server에서 패킷 데이터의 크기를 MAX_PAYLOAD-100보다 작은 지를 체크함.
+               // sdbd에서 패킷 데이터를 MAX_PAYLOAD - 200로 잡아서 암호화 하게되면 
+               // 최대 MAX_PAYLOAD - 100 크기의 패킷을 생성하게 됨.
+               const size_t max_payload = MAX_PAYLOAD - 200; 
+        size_t avail = max_payload;
+#else
+               size_t avail = MAX_PAYLOAD;
+#endif
+
         int r = 0;
         int is_eof = 0;
 
@@ -340,11 +350,18 @@ static void local_socket_event_func(int fd, unsigned ev, void *_s)
         }
         D("LS(%d): fd=%d post avail loop. r=%d is_eof=%d forced_eof=%d\n",
           s->id, s->fd, r, is_eof, s->fde.force_eof);
+#ifdef SUPPORT_ENCRYPT
+       //변경된 최대 패킷 크기로 코드 수정
+        if((avail == max_payload) || (s->peer == 0)) {
+               put_apacket(p);
+        } else {
+            p->len = max_payload - avail;
+#else
         if((avail == MAX_PAYLOAD) || (s->peer == 0)) {
             put_apacket(p);
         } else {
             p->len = MAX_PAYLOAD - avail;
-
+#endif
             r = s->peer->enqueue(s->peer, p);
             D("LS(%d): fd=%d post peer->enqueue(). r=%d\n", s->id, s->fd, r);
 
index 7e2af3965bc065617b2d788c18345cac05ceb3c6..bc471d679e14cf0148dcc7369ce20a5471fd3622 100644 (file)
 
 #include "sdb.h"
 
+#ifdef SUPPORT_ENCRYPT
+#include "transport_security.h"
+#endif
+
 static void transport_unref(atransport *t);
 
 static atransport transport_list = {
@@ -286,6 +290,15 @@ static void *output_thread(void *_t)
         if(t->read_from_remote(p, t) == 0){
             D("%s: received remote packet, sending to transport\n",
               t->serial);
+
+#ifdef SUPPORT_ENCRYPT
+               if (t->encryption == ENCR_ON && p->msg.command != A_ENCR) // 현재 연결이 암호화 모드이고, 암호화 관련 메시지가 아닌 경우, 메시지 복호화
+               {
+                       security_decrypt(t->sessionID, p);
+               }
+
+#endif
+
             if(write_packet(t->fd, t->serial, &p)){
                 put_apacket(p);
                 D("%s: failed to write apacket to transport\n", t->serial);
@@ -355,6 +368,19 @@ static void *input_thread(void *_t)
         } else {
             if(active) {
                 D("%s: transport got packet, sending to remote\n", t->serial);
+
+#ifdef SUPPORT_ENCRYPT
+               if (t->encryption == ENCR_ON && p->msg.command != A_ENCR) // 현재 연결이 암호화 모드이고, 암호화 관련 메시지가 아닌 경우, 메시지를 암호화
+               {
+                       security_encrypt(t->sessionID, p);
+               }
+               else if(t->encryption == ENCR_OFF)
+               {
+
+               }
+
+#endif
+
                 t->write_to_remote(p, t);
             } else {
                 D("%s: transport ignoring packet while offline\n", t->serial);
diff --git a/src/transport_security.c b/src/transport_security.c
new file mode 100644 (file)
index 0000000..37d3b58
--- /dev/null
@@ -0,0 +1,261 @@
+#include <dlfcn.h>\r
+#include "transport_security.h"\r
+\r
+#define LOG_TAG "SDBD"\r
+#include <dlog.h>\r
+\r
+#define SAKEP_AKE_MSG_RECORD_FIXED_LEN                                                                                         36\r
+#define SAKEP_AES_ECB_ADDED_PADDING_SIZE                                                                               16\r
+\r
+extern void* g_plugin_handle;\r
+\r
+typedef int (*SDBD_PLUGIN_CMD_SECURITY_INIT_PROC_PTR)(const int nID, const char* pUserID);\r
+typedef int (*SDBD_PLUGIN_CMD_SECURITY_DEINIT_PROC_PTR)(const int nID);\r
+typedef int (*SDBD_PLUGIN_CMD_SECURITY_PARSE_SERVER_HELLO_PROC_PTR)(const int nID, unsigned char* pSrc, unsigned int* nSrcLen);\r
+typedef int (*SDBD_PLUGIN_CMD_SECURITY_GEN_CLIENT_HELLO_PROC_PTR)(const int nID, unsigned char* pSrc, unsigned int* nSrcLen);\r
+typedef int (*SDBD_PLUGIN_CMD_SECURITY_PARSE_SERVER_ACK_PROC_PTR)(const int nID, unsigned char* pSrc, unsigned int* nSrcLen);\r
+typedef int (*SDBD_PLUGIN_CMD_SECURITY_GEN_CLIENT_ACK_PROC_PTR)(const int nID, unsigned char* pSrc, unsigned int* nSrcLen);\r
+typedef int (*SDBD_PLUGIN_CMD_SECURITY_ENCRYPT_PROC_PTR)(const int nID, const unsigned char* pSrc, const unsigned int nSrcLen,\r
+               unsigned char* pDst, unsigned int* pnDstLen);\r
+typedef int (*SDBD_PLUGIN_CMD_SECURITY_DECRYPT_PROC_PTR)(const int nID, const unsigned char* pSrc, const unsigned int nSrcLen,\r
+               unsigned char* pDst, unsigned int* pnDstLen);\r
+\r
+SDBD_PLUGIN_CMD_SECURITY_INIT_PROC_PTR sdbd_plugin_cmd_security_init = NULL;\r
+SDBD_PLUGIN_CMD_SECURITY_DEINIT_PROC_PTR sdbd_plugin_cmd_security_deinit = NULL;\r
+SDBD_PLUGIN_CMD_SECURITY_PARSE_SERVER_HELLO_PROC_PTR sdbd_plugin_cmd_security_parse_server_hello = NULL;\r
+SDBD_PLUGIN_CMD_SECURITY_GEN_CLIENT_HELLO_PROC_PTR sdbd_plugin_cmd_security_gen_client_hello = NULL;\r
+SDBD_PLUGIN_CMD_SECURITY_PARSE_SERVER_ACK_PROC_PTR sdbd_plugin_cmd_security_parse_server_ack = NULL;\r
+SDBD_PLUGIN_CMD_SECURITY_GEN_CLIENT_ACK_PROC_PTR sdbd_plugin_cmd_security_gen_client_ack = NULL;\r
+SDBD_PLUGIN_CMD_SECURITY_ENCRYPT_PROC_PTR sdbd_plugin_cmd_security_encrypt = NULL;\r
+SDBD_PLUGIN_CMD_SECURITY_DECRYPT_PROC_PTR sdbd_plugin_cmd_security_decrypt = NULL;\r
+\r
+#define SDBD_PLUGIN_CMD_SECURITY_INIT_INTF "sdbd_plugin_cmd_security_init"\r
+#define SDBD_PLUGIN_CMD_SECURITY_DEINIT_INTF "sdbd_plugin_cmd_security_deinit"\r
+#define SDBD_PLUGIN_CMD_SECURITY_PARSE_SERVER_HELLO_INTF "sdbd_plugin_cmd_security_parse_server_hello"\r
+#define SDBD_PLUGIN_CMD_SECURITY_GEN_CLIENT_HELLO_INTF "sdbd_plugin_cmd_security_gen_client_hello"\r
+#define SDBD_PLUGIN_CMD_SECURITY_PARSE_SERVER_ACK_INTF "sdbd_plugin_cmd_security_parse_server_ack"\r
+#define SDBD_PLUGIN_CMD_SECURITY_GEN_CLIENT_ACK_INTF "sdbd_plugin_cmd_security_gen_client_ack"\r
+#define SDBD_PLUGIN_CMD_SECURITY_ENCRYPT_INTF "sdbd_plugin_cmd_security_encrypt"\r
+#define SDBD_PLUGIN_CMD_SECURITY_DECRYPT_INTF "sdbd_plugin_cmd_security_decrypt"\r
+\r
+int load_sdbd_plugin_security() {\r
+\r
+       if( sdbd_plugin_cmd_security_init == NULL ) {\r
+               LOGI("sdbd_plugin_cmd_security_init == NULL, dlsym sdbd_plugin_cmd_security_init");\r
+               sdbd_plugin_cmd_security_init = dlsym(g_plugin_handle, SDBD_PLUGIN_CMD_SECURITY_INIT_INTF);\r
+               if( sdbd_plugin_cmd_security_init == NULL ) {\r
+                       LOGI("sdbd_plugin_cmd_security_init == NULL, dlerror = [%s]", dlerror());\r
+               }\r
+       }\r
+       LOGI("sdbd_plugin_cmd_security_init = [0x%p]", sdbd_plugin_cmd_security_init);\r
+\r
+       \r
+       if( sdbd_plugin_cmd_security_deinit == NULL ) {\r
+               LOGI("sdbd_plugin_cmd_security_deinit == NULL, dlsym sdbd_plugin_cmd_security_deinit\n");\r
+               sdbd_plugin_cmd_security_deinit = dlsym(g_plugin_handle, SDBD_PLUGIN_CMD_SECURITY_DEINIT_INTF);\r
+               if( sdbd_plugin_cmd_security_deinit == NULL ) {\r
+                       LOGI("sdbd_plugin_cmd_security_deinit == NULL, dlerror = [%s]\n", dlerror());\r
+               }\r
+       }\r
+       LOGI("sdbd_plugin_cmd_security_deinit = [0x%p]\n", sdbd_plugin_cmd_security_deinit);\r
+//\r
+       if( sdbd_plugin_cmd_security_parse_server_hello == NULL ) {\r
+               LOGI("sdbd_plugin_cmd_security_parse_server_hello == NULL, dlsym sdbd_plugin_cmd_security_parse_server_hello\n");\r
+               sdbd_plugin_cmd_security_parse_server_hello = dlsym(g_plugin_handle, SDBD_PLUGIN_CMD_SECURITY_PARSE_SERVER_HELLO_INTF);\r
+               if( sdbd_plugin_cmd_security_parse_server_hello == NULL ) {\r
+                       LOGI("sdbd_plugin_cmd_security_parse_server_hello == NULL, dlerror = [%s]\n", dlerror());\r
+               }\r
+       }\r
+       LOGI("sdbd_plugin_cmd_security_parse_server_hello = [0x%p]\n", sdbd_plugin_cmd_security_parse_server_hello);\r
+//\r
+       if( sdbd_plugin_cmd_security_gen_client_hello == NULL ) {\r
+               LOGI("sdbd_plugin_cmd_security_gen_client_hello == NULL, dlsym sdbd_plugin_cmd_security_gen_client_hello\n");\r
+               sdbd_plugin_cmd_security_gen_client_hello = dlsym(g_plugin_handle, SDBD_PLUGIN_CMD_SECURITY_GEN_CLIENT_HELLO_INTF);\r
+               if( sdbd_plugin_cmd_security_gen_client_hello == NULL ) {\r
+                       LOGI("sdbd_plugin_cmd_security_gen_client_hello == NULL, dlerror = [%s]\n", dlerror());\r
+               }\r
+       }\r
+       LOGI("sdbd_plugin_cmd_security_gen_client_hello = [0x%p]\n", sdbd_plugin_cmd_security_gen_client_hello);\r
+//\r
+       if( sdbd_plugin_cmd_security_parse_server_ack == NULL ) {\r
+               LOGI("sdbd_plugin_cmd_security_parse_server_ack == NULL, dlsym sdbd_plugin_cmd_security_parse_server_ack\n");\r
+               sdbd_plugin_cmd_security_parse_server_ack = dlsym(g_plugin_handle, SDBD_PLUGIN_CMD_SECURITY_PARSE_SERVER_ACK_INTF);\r
+               if( sdbd_plugin_cmd_security_parse_server_ack == NULL ) {\r
+                       LOGI("sdbd_plugin_cmd_security_parse_server_ack == NULL, dlerror = [%s]\n", dlerror());\r
+               }\r
+       }\r
+       LOGI("sdbd_plugin_cmd_security_parse_server_ack = [0x%p]\n", sdbd_plugin_cmd_security_parse_server_ack);\r
+//\r
+       if( sdbd_plugin_cmd_security_gen_client_ack == NULL ) {\r
+               LOGI("sdbd_plugin_cmd_security_gen_client_ack == NULL, dlsym sdbd_plugin_cmd_security_gen_client_ack\n");\r
+               sdbd_plugin_cmd_security_gen_client_ack = dlsym(g_plugin_handle, SDBD_PLUGIN_CMD_SECURITY_GEN_CLIENT_ACK_INTF);\r
+               if( sdbd_plugin_cmd_security_gen_client_ack == NULL ) {\r
+                       LOGI("sdbd_plugin_cmd_security_gen_client_ack == NULL, dlerror = [%s]\n", dlerror());\r
+               }\r
+       }\r
+       LOGI("sdbd_plugin_cmd_security_gen_client_ack = [0x%p]\n", sdbd_plugin_cmd_security_gen_client_ack);\r
+\r
+       if( sdbd_plugin_cmd_security_encrypt == NULL ) {\r
+               LOGI("sdbd_plugin_cmd_security_encrypt == NULL, dlsym sdbd_plugin_cmd_security_encrypt");\r
+               sdbd_plugin_cmd_security_encrypt = dlsym(g_plugin_handle, SDBD_PLUGIN_CMD_SECURITY_ENCRYPT_INTF);\r
+               if( sdbd_plugin_cmd_security_encrypt == NULL ) {\r
+                       LOGI("sdbd_plugin_cmd_security_encrypt == NULL, dlerror = [%s]", dlerror());\r
+               }\r
+       }\r
+       LOGI("sdbd_plugin_cmd_security_encrypt = [0x%p]", sdbd_plugin_cmd_security_encrypt);\r
+\r
+       if( sdbd_plugin_cmd_security_decrypt == NULL ) {\r
+               LOGI("sdbd_plugin_cmd_security_decrypt == NULL, dlsym sdbd_plugin_cmd_security_decrypt");\r
+               sdbd_plugin_cmd_security_decrypt = dlsym(g_plugin_handle, SDBD_PLUGIN_CMD_SECURITY_DECRYPT_INTF);\r
+               if( sdbd_plugin_cmd_security_decrypt == NULL ) {\r
+                       LOGI("sdbd_plugin_cmd_security_decrypt == NULL, dlerror = [%s]", dlerror());\r
+               }\r
+       }\r
+       LOGI("sdbd_plugin_cmd_security_decrypt = [0x%p]", sdbd_plugin_cmd_security_decrypt);\r
+\r
+       return 1;\r
+}\r
+\r
+\r
+int security_init(const int nSessionID, const char* pUserID) {\r
+\r
+       if( sdbd_plugin_cmd_security_init == NULL ) {\r
+               LOGI("sdbd_plugin_cmd_security_init == NULL, return 0");\r
+               return 0;\r
+       }\r
+\r
+       return sdbd_plugin_cmd_security_init(nSessionID, pUserID);\r
+}\r
+\r
+int security_deinit(const int nSessionID) {\r
+       if( sdbd_plugin_cmd_security_deinit == NULL ) {\r
+               LOGI("sdbd_plugin_cmd_security_deinit == NULL, return 0\n");\r
+               return 0;\r
+       }\r
+\r
+       return sdbd_plugin_cmd_security_deinit(nSessionID);\r
+}\r
+\r
+\r
+int security_parse_server_hello(const int nSessionID, apacket* pApacket){\r
+       if( sdbd_plugin_cmd_security_parse_server_hello == NULL ) {\r
+               LOGI("sdbd_plugin_cmd_security_parse_server_hello == NULL, return 0\n");\r
+               return 0;\r
+       }\r
+       if( pApacket == NULL ) {\r
+               LOGI("pApacket == NULL, return 0\n");\r
+               return 0;\r
+       }\r
+\r
+       if( 0 == sdbd_plugin_cmd_security_parse_server_hello(nSessionID, pApacket->data, &pApacket->msg.data_length) ) {\r
+               LOGI("sdbd_plugin_cmd_security_parse_server_hello return 0\n");\r
+               return 0;\r
+       }\r
+       return 1;\r
+}\r
+\r
+int security_gen_client_hello(const int nSessionID, apacket* pApacket){\r
+       if( sdbd_plugin_cmd_security_gen_client_hello == NULL ) {\r
+               LOGI("sdbd_plugin_cmd_security_gen_client_hello == NULL, return 0\n");\r
+               return 0;\r
+       }\r
+       if( pApacket == NULL ) {\r
+               LOGI("pApacket == NULL, return 0\n");\r
+               return 0;\r
+       }\r
+\r
+       if( 0 == sdbd_plugin_cmd_security_gen_client_hello(nSessionID, pApacket->data, &pApacket->msg.data_length) ) {\r
+               LOGI("sdbd_plugin_cmd_security_gen_client_hello return 0\n");\r
+               return 0;\r
+       }\r
+       return 1;\r
+}\r
+\r
+int security_parse_server_ack(const int nSessionID, apacket* pApacket){\r
+       if( sdbd_plugin_cmd_security_parse_server_ack == NULL ) {\r
+               LOGI("sdbd_plugin_cmd_security_parse_server_ack == NULL, return 0\n");\r
+               return 0;\r
+       }\r
+       if( pApacket == NULL ) {\r
+               LOGI("pApacket == NULL, return 0\n");\r
+               return 0;\r
+       }\r
+\r
+       if( 0 == sdbd_plugin_cmd_security_parse_server_ack(nSessionID, pApacket->data, &pApacket->msg.data_length) ) {\r
+               LOGI("sdbd_plugin_cmd_security_parse_server_ack return 0\n");\r
+               return 0;\r
+       }\r
+       return 1;\r
+}\r
+\r
+int security_gen_client_ack(const int nSessionID, apacket* pApacket){\r
+       if( sdbd_plugin_cmd_security_gen_client_ack == NULL ) {\r
+               LOGI("sdbd_plugin_cmd_security_gen_client_ack == NULL, return 0\n");\r
+               return 0;\r
+       }\r
+       if( pApacket == NULL ) {\r
+               LOGI("pApacket == NULL, return 0\n");\r
+               return 0;\r
+       }\r
+\r
+       if( 0 == sdbd_plugin_cmd_security_gen_client_ack(nSessionID, pApacket->data, &pApacket->msg.data_length) ) {\r
+               LOGI("sdbd_plugin_cmd_security_gen_client_ack return 0\n");\r
+               return 0;\r
+       }\r
+       return 1;\r
+}\r
+\r
+\r
+int security_encrypt(const int nSessionID, apacket* pApacket) {\r
+\r
+       if( pApacket == NULL ) {\r
+               LOGI("pApacket == NULL, return 0");\r
+               return 0;\r
+       }\r
+\r
+       unsigned char *szTemp;\r
+       szTemp = (unsigned char *)malloc(pApacket->msg.data_length + SAKEP_AKE_MSG_RECORD_FIXED_LEN + SAKEP_AES_ECB_ADDED_PADDING_SIZE);\r
+       memset(szTemp, 0x00, pApacket->msg.data_length + SAKEP_AKE_MSG_RECORD_FIXED_LEN + SAKEP_AES_ECB_ADDED_PADDING_SIZE);\r
+\r
+       unsigned int nDstLen = 0;\r
+       if( 0 == sdbd_plugin_cmd_security_encrypt(nSessionID, pApacket->data, pApacket->msg.data_length, szTemp, &nDstLen) ) {\r
+               LOGI("sdbd_plugin_cmd_security_encrypt return 0");\r
+               return 0;\r
+       }\r
+\r
+       int i=0;\r
+       for(i=0 ; i<nDstLen ; ++i) {\r
+               pApacket->data[i] = szTemp[i];\r
+       }\r
+\r
+       pApacket->msg.data_length = nDstLen;\r
+       free(szTemp);\r
+       return 1;\r
+\r
+}\r
+\r
+int security_decrypt(const int nSessionID, apacket* pApacket) {\r
+\r
+       if( pApacket == NULL ) {\r
+                       LOGI("pApacket == NULL, return 0");\r
+                       return 0;\r
+       }\r
+\r
+       unsigned char *szTemp;\r
+       szTemp = (unsigned char *)malloc(pApacket->msg.data_length);\r
+       memset(szTemp, 0x00, pApacket->msg.data_length);\r
+       unsigned int nDstLen = 0;\r
+       if( 0 == sdbd_plugin_cmd_security_decrypt(nSessionID, pApacket->data, pApacket->msg.data_length, szTemp, &nDstLen) ) {\r
+               LOGI("sdbd_plugin_cmd_security_decrypt return 0");\r
+               return 0;\r
+       }\r
+\r
+       int i = 0;\r
+       for(i=0 ; i<nDstLen ; ++i) {\r
+               pApacket->data[i] = szTemp[i];\r
+       }\r
+\r
+       pApacket->msg.data_length = nDstLen;\r
+       free(szTemp);\r
+       return 1;\r
+}\r
diff --git a/src/transport_security.h b/src/transport_security.h
new file mode 100644 (file)
index 0000000..12fd689
--- /dev/null
@@ -0,0 +1,18 @@
+#ifndef __TRANSPORT_SECURITY_H__\r
+#define __TRANSPORT_SECURITY_H__\r
+\r
+#include <stdio.h>\r
+#include "sdb.h"\r
+\r
+int load_sdbd_plugin_security();\r
+\r
+int security_init(const int nID, const char* pUserID);\r
+int security_deinit(const int nSessionID);\r
+int security_parse_server_hello(const int nSessionID, apacket* pApacket);\r
+int security_gen_client_hello(const int nSessionID, apacket* pApacket);\r
+int security_parse_server_ack(const int nSessionID, apacket* pApacket);\r
+int security_gen_client_ack(const int nSessionID, apacket* pApacket);\r
+int security_encrypt(const int nID, apacket* pApacket);\r
+int security_decrypt(const int nID, apacket* pApacket);\r
+\r
+#endif\r