BuildRequires: pkgconfig(cynara-client)
BuildRequires: pkgconfig(cynara-session)
BuildRequires: pkgconfig(cynara-creds-gdbus)
+BuildRequires: pkgconfig(openssl)
+BuildRequires: pkgconfig(key-manager)
BuildRequires: pkgconfig(account-common)
BuildRequires: pkgconfig(accounts-svc)
BuildRequires: pkgconfig(libtzplatform-config)
cynara-client
cynara-session
cynara-creds-gdbus
+ openssl
+ key-manager
account-common
accounts-svc
libtzplatform-config
SET(SERVER_SRCS
src/account-server.c
src/account-server-db.c
+ src/account-key-handler.c
+ src/account-crypto-service.c
)
INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/server/include)
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ *
+ * @file account-crypto-service.h
+ * @brief a header for key manupulatation.
+ */
+
+
+
+#ifndef __TIZEN_CORE_WAE_CRYPTO_SERVICE_H
+#define __TIZEN_CORE_WAE_CRYPTO_SERVICE_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+int encrypt_aes_cbc(const unsigned char* key, const int key_len, const unsigned char* data, const int data_len, char** encrypted_data, int* enc_data_len);
+
+int decrypt_aes_cbc(const unsigned char* key, const int key_len, const unsigned char* data, const int data_len, char** decrypted_data, int* dec_data_len);
+
+#ifdef __cplusplus
+}
+#endif
+#endif /* __TIZEN_CORE_WAE_CRYPTO_SERVICE_H */
--- /dev/null
+/*
+ * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ *
+ * @file account-key-handler.h
+ * @brief a header for key manupulatation.
+ */
+
+
+
+#ifndef __KEY_HANDLER_H
+#define __KEY_HANDLER_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int get_app_mkey(unsigned char **mkey, int *mkey_len);
+int create_app_mkey(unsigned char **mkey, int *mkey_len);
+int get_app_dek(char *mkey, const char *pkg_id, unsigned char **dek, int *dek_len);
+int create_app_dek(char *mkey, const char *pkg_id, unsigned char **dek, int *dek_len);
+int account_key_handler_get_account_dek(const char *alias, unsigned char **account_dek, int *dek_len);
+
+int clear_test_keys(const char *pkg_id);
+
+#ifdef __cplusplus
+}
+#endif
+#endif /* __KEY_HANDLER_H */
--- /dev/null
+
+/*
+ * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ *
+ * @file account-crypto-service.c
+ * @brief provides encryption and decription operations.
+ */
+#include <stdio.h>
+#include <tizen.h>
+
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+
+#include <dbg.h>
+#include <account-private.h>
+#include "account-crypto-service.h"
+
+#define AES_256_KEY_SIZE 32
+#define AES_CBC_IV "01234567890123456"
+
+//#define FALSE 0
+//#define TRUE 1
+
+#define CRYPTO_ERROR -1
+#define CRYPTO_ERROR_NONE 0
+#define CRYPTO_ERROR_INVALID_PARAMETER TIZEN_ERROR_INVALID_PARAMETER
+
+static int initialized = FALSE;
+
+void initialize()
+{
+ if(!initialized) {
+ ERR_load_crypto_strings();
+ OpenSSL_add_all_algorithms();
+ initialized = TRUE;
+ }
+}
+
+int encrypt_aes_cbc(const unsigned char* key, const int key_len, const unsigned char* data, const int data_len,
+ char** encrypted_data, int* enc_data_len)
+{
+ EVP_CIPHER_CTX *ctx;
+ int len;
+ unsigned char *ciphertext = NULL;
+ int ciphertext_len;
+ unsigned char *iv = (unsigned char *)AES_CBC_IV;
+ int ret = CRYPTO_ERROR_NONE;
+
+ initialize();
+
+ /* check input paramter */
+ if( key_len != 32 ) {
+ return CRYPTO_ERROR_INVALID_PARAMETER;
+ }
+
+ // assing a enough memory for decryption.
+ ciphertext = (unsigned char*) malloc(data_len + 32);
+ ACCOUNT_MEMSET(ciphertext, 0, data_len + 32);
+
+ _INFO("before EVP_CIPHER_CTX_new");
+ /* Create and initialise the context */
+ if(!(ctx = EVP_CIPHER_CTX_new())) {
+ ret = CRYPTO_ERROR;
+ goto error;
+ }
+ _INFO("after EVP_CIPHER_CTX_new success");
+
+ _INFO("before EVP_EncryptInit_ex");
+ /* Initialise the encryption operation. IMPORTANT - ensure you use a key
+ * and IV size appropriate for your cipher
+ * In this example we are using 256 bit AES (i.e. a 256 bit key). The
+ * IV size for *most* modes is the same as the block size. For AES this
+ * is 128 bits */
+ if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv)) {
+ ret = CRYPTO_ERROR;
+ goto error;
+ }
+ _INFO("after EVP_EncryptInit_ex success");
+
+ _INFO("before EVP_EncryptUpdate, data = %s, data_len=[%d]", data, data_len);
+ /* Provide the message to be encrypted, and obtain the encrypted output.
+ * EVP_EncryptUpdate can be called multiple times if necessary
+ */
+ if(1 != EVP_EncryptUpdate(ctx, ciphertext, &len, data, data_len)) {
+ ret = CRYPTO_ERROR;
+ goto error;
+ }
+ ciphertext_len = len;
+ _INFO("after EVP_EncryptUpdate, data = %s, data_len=[%d]", data, data_len);
+
+ _INFO("before EVP_EncryptFinal_ex, ciphertext_len=[%d]", ciphertext_len);
+ /* Finalise the encryption. Further ciphertext bytes may be written at
+ * this stage.
+ */
+ if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) {
+ ret = CRYPTO_ERROR;
+ goto error;
+ }
+ ciphertext_len += len;
+ _INFO("after EVP_EncryptFinal_ex, ciphertext_len=[%d]", ciphertext_len);
+
+ *encrypted_data = (char *)ciphertext;
+ *enc_data_len = ciphertext_len;
+
+ ret = CRYPTO_ERROR_NONE;
+error:
+ if(ctx != NULL)
+ EVP_CIPHER_CTX_free(ctx);
+ if(ret != CRYPTO_ERROR_NONE && ciphertext != NULL)
+ free(ciphertext);
+ return ret;
+}
+
+int decrypt_aes_cbc(const unsigned char* key, const int key_len, const unsigned char* data, const int data_len,
+ char** decrypted_data, int* dec_data_len)
+{
+ EVP_CIPHER_CTX *ctx;
+ int len;
+ unsigned char* plaintext = NULL;
+ int plaintext_len;
+ unsigned char *iv = (unsigned char *)AES_CBC_IV;
+ int ret = CRYPTO_ERROR_NONE;
+
+ initialize();
+
+ /* check input paramter */
+ if( key_len != 32 ) {
+ return CRYPTO_ERROR_INVALID_PARAMETER;
+ }
+
+ // assing a enough memory for decryption.
+ plaintext = (unsigned char*) malloc(data_len);
+ ACCOUNT_MEMSET(plaintext, 0, data_len);
+
+ _INFO("before EVP_CIPHER_CTX_new");
+ /* Create and initialise the context */
+ if(!(ctx = EVP_CIPHER_CTX_new())) {
+ ret = CRYPTO_ERROR;
+ goto error;
+ }
+ _INFO("after EVP_CIPHER_CTX_new");
+
+ _INFO("before EVP_DecryptInit_ex");
+ /* Initialise the decryption operation. IMPORTANT - ensure you use a key
+ * and IV size appropriate for your cipher
+ * In this example we are using 256 bit AES (i.e. a 256 bit key). The
+ * IV size for *most* modes is the same as the block size. For AES this
+ * is 128 bits */
+ if(1 != EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv)) {
+ ret = CRYPTO_ERROR;
+ goto error;
+ }
+ _INFO("after EVP_DecryptInit_ex");
+
+ _INFO("before EVP_DecryptUpdate, data_len=[%d]", data_len);
+ /* Provide the message to be decrypted, and obtain the plaintext output.
+ * EVP_DecryptUpdate can be called multiple times if necessary
+ */
+ if(1 != EVP_DecryptUpdate(ctx, plaintext, &len, data, data_len)) {
+ ret = CRYPTO_ERROR;
+ goto error;
+ }
+ plaintext_len = len;
+ _INFO("after EVP_DecryptUpdate, data_len=[%d], plaintext_len=[%d]", data_len, plaintext_len);
+
+ _INFO("before EVP_EncryptFinal_ex");
+ /* Finalise the decryption. Further plaintext bytes may be written at
+ * this stage.
+ */
+ if(1 != EVP_DecryptFinal_ex(ctx, plaintext + len, &len)) {
+ ret = CRYPTO_ERROR;
+ goto error;
+ }
+ plaintext_len += len;
+ _INFO("after EVP_EncryptFinal_ex, plaintext_len=[%d]",plaintext_len);
+
+ *decrypted_data = (char *)plaintext;
+ (*decrypted_data)[plaintext_len] = '\0';
+ *dec_data_len = plaintext_len;
+ _INFO("after decrypted_data = (char *)plaintext;, *decrypted_data = %s", *decrypted_data);
+
+ ret = CRYPTO_ERROR_NONE;
+error:
+ if(ctx != NULL)
+ EVP_CIPHER_CTX_free(ctx);
+ if(ret != CRYPTO_ERROR_NONE && plaintext != NULL)
+ free(plaintext);
+ return ret;
+}
--- /dev/null
+
+/*
+ * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ *
+ *
+ * @file account-key-handler.c
+ * @brief a c file for key manupulatation.
+ */
+
+#include <tizen.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <ckmc/ckmc-manager.h>
+#include <ckmc/ckmc-error.h>
+#include <account-private.h>
+#include <dbg.h>
+#include <account-error.h>
+#include "account-key-handler.h"
+
+#define ACCOUNT_MANAGER_MKEY_ALIAS "ACCOUNT_MANAGER_MKEY"
+#define ACCOUNT_MANAGER_DEK_ALIAS_PFX "ACCOUNT_MANAGER_DEK_"
+#define MKEY_LEN 32
+#define DEK_LEN 32
+
+#define RANDOM_FILE "/dev/urandom"
+
+int _get_random(int length, unsigned char** random)
+{
+ FILE *f;
+ //read random file
+ if((f = fopen(RANDOM_FILE, "r")) != NULL){
+ if(fread(*random, 1, length, f) != length) {
+ return CKMC_ERROR_UNKNOWN;
+ }
+ }
+ return CKMC_ERROR_NONE;
+}
+
+int get_app_mkey(unsigned char** mkey, int* mkey_len)
+{
+ int ret = CKMC_ERROR_NONE;
+
+ const char* password = "password";
+ ckmc_raw_buffer_s *mkey_buffer=NULL;
+ const char *alias = ACCOUNT_MANAGER_MKEY_ALIAS;
+
+ _INFO("start get_app_mkey");
+
+ _INFO("before ckmc_get_data");
+ ret = ckmc_get_data(alias, password, &mkey_buffer);
+ _INFO("after ckmc_get_data");
+ if (CKMC_ERROR_NONE != ret) {
+ _INFO("before mkey_buffer free");
+ if (mkey_buffer)
+ ckmc_buffer_free(mkey_buffer);
+ _INFO("after mkey_buffer free");
+ return ret;
+ }
+
+ _INFO("before mkey_buffer->size=[%d]", mkey_buffer->size);
+ *mkey_len = mkey_buffer->size;
+ *mkey = (unsigned char *) malloc((*mkey_len)+1);
+ memset(*mkey, 0, (*mkey_len)+1);
+ memcpy(*mkey, mkey_buffer->data, *mkey_len);
+// (*mkey)[*mkey_len] = '\0';
+ _INFO("before mkey_buffer free");
+ if(mkey_buffer)
+ ckmc_buffer_free(mkey_buffer);
+ _INFO("after mkey_buffer free");
+
+ _INFO("end get_app_mkey, mkey_address=[%x]", *mkey);
+ return CKMC_ERROR_NONE;
+}
+
+int create_app_mkey(unsigned char **mkey, int *mkey_len)
+{
+ unsigned char *random;
+ int ret = CKMC_ERROR_NONE;
+ const char *alias = ACCOUNT_MANAGER_MKEY_ALIAS;
+ ckmc_raw_buffer_s data;
+ ckmc_policy_s policy;
+// unsigned char *text = (unsigned char*)"mkey_test";
+
+ _INFO("start create_app_mkey");
+
+ random = (unsigned char *) malloc(MKEY_LEN);
+ _INFO("before _get_random");
+ ret = _get_random(MKEY_LEN, &random);
+ if(CKMC_ERROR_NONE != ret) {
+ return CKMC_ERROR_UNKNOWN;
+ }
+
+ policy.password = "password";
+ policy.extractable = true;
+
+ data.data = random;
+ data.size = MKEY_LEN;
+
+ _INFO("before ckmc_save_data");
+ ret = ckmc_save_data(alias, data, policy);
+ if(CKMC_ERROR_NONE != ret) {
+ if(random)
+ free(random);
+ return ret;
+ }
+
+ *mkey = random;
+ *mkey_len = MKEY_LEN;
+
+ _INFO("end create_app_mkey");
+ return CKMC_ERROR_NONE;
+}
+
+int get_app_dek(char *mkey, const char *pkg_id, unsigned char **dek, int *dek_len)
+{
+ int ret = CKMC_ERROR_NONE;
+ _INFO("start get_app_dek");
+
+ const char* password = mkey;
+ ckmc_raw_buffer_s *dek_buffer=NULL;
+ char alias[128] = {0,};
+
+ // sprintf(alias, "%s %s%s", pkg_id, APP_DEK_ALIAS_PFX, pkg_id);
+ sprintf(alias, "%s%s", ACCOUNT_MANAGER_DEK_ALIAS_PFX, pkg_id);
+
+ ret = ckmc_get_data(alias, password, &dek_buffer);
+ if (CKMC_ERROR_DB_ALIAS_UNKNOWN == ret) {
+ ckmc_buffer_free(dek_buffer);
+ return ret;
+ } else if (CKMC_ERROR_NONE != ret) {
+ ckmc_buffer_free(dek_buffer);
+ return ret;
+ }
+
+ *dek_len = dek_buffer->size;
+ *dek = (unsigned char *) malloc((*dek_len)+1);
+ _INFO("before memcpy dek_buffer");
+ memcpy(*dek, dek_buffer->data, (*dek_len)+1);
+ _INFO("before dek_buffer free");
+ ckmc_buffer_free(dek_buffer);
+
+ _INFO("end get_app_dek");
+ return CKMC_ERROR_NONE;
+}
+
+int create_app_dek(char *mkey, const char *pkg_id, unsigned char **dek, int *dek_len)
+{
+ unsigned char *random;
+ int ret = CKMC_ERROR_NONE;
+ ckmc_raw_buffer_s data;
+ ckmc_policy_s policy;
+ char alias[128] = {0,};
+// unsigned char *text = (unsigned char*)"dek_test";
+
+ _INFO("start create_app_dek");
+
+ sprintf(alias, "%s%s", ACCOUNT_MANAGER_DEK_ALIAS_PFX, pkg_id);
+
+ random = (unsigned char *) malloc(DEK_LEN);
+ ret = _get_random(DEK_LEN, &random);
+ if(CKMC_ERROR_NONE != ret) {
+ return CKMC_ERROR_UNKNOWN;
+ }
+
+ policy.password = mkey;
+ policy.extractable = true;
+
+ data.data = random;
+ data.size = DEK_LEN;
+
+ _INFO("before ckmc_save_data");
+ // save app_dek in key_manager
+ ret = ckmc_save_data(alias, data, policy);
+ if(CKMC_ERROR_NONE != ret) {
+ if(random)
+ free(random);
+ return ret;
+ }
+/*
+ // share app_dek for web app laucher to use app_dek
+ ret = ckmc_set_permission(alias, pkg_id, CKMC_PERMISSION_READ);
+ if(CKMC_ERROR_NONE != ret) {
+ return ret;
+ }
+*/
+ *dek = random;
+ *dek_len = DEK_LEN;
+
+ _INFO("end create_app_dek");
+
+ return CKMC_ERROR_NONE;
+}
+
+int account_key_handler_get_account_dek(const char *alias, unsigned char **account_dek, int *dek_len)
+{
+ int ret;
+ unsigned char *account_mkey = NULL;
+ int mkey_len = 0;
+
+ if (alias == NULL || account_dek == NULL || dek_len == NULL)
+ return ACCOUNT_ERROR_INVALID_PARAMETER;
+
+ _INFO("before get_app_mkey");
+ ret = get_app_mkey(&account_mkey, &mkey_len);
+ _INFO("after get_app_mkey ret=[%d]", ret);
+ if (ret != CKMC_ERROR_NONE) { // To Do : error value
+ _INFO("before create_app_mkey");
+ ret = create_app_mkey(&account_mkey, &mkey_len);
+ if (ret != CKMC_ERROR_NONE) { // To Do : error value
+ _ERR("create_app_mkey failed ret=[%d]", ret);
+ return ret; // To Do : error value
+ }
+ }
+
+ _INFO("before get_app_mkey");
+ ret = get_app_dek((char *)account_mkey, alias, account_dek, dek_len);
+ _INFO("after get_app_mkey, ret=[%d]", ret);
+ if (ret != CKMC_ERROR_NONE) { // To Do : error value
+ ret = create_app_dek((char *)account_mkey, alias, account_dek, dek_len);
+ _ACCOUNT_FREE(account_mkey);
+ if (ret != CKMC_ERROR_NONE) { // To Do : error value
+ _ERR("create_app_dek failed ret=[%d]", ret);
+ return ret; // To Do : error value
+ }
+ }
+
+ _INFO("end account_key_hander_get_account_dek");
+
+ return ACCOUNT_ERROR_NONE;
+}
+
+
+int clear_test_keys(const char* pkg_id)
+{
+ int ret = CKMC_ERROR_NONE;
+ char alias[128] = {0,};
+
+ ret = ckmc_remove_alias(ACCOUNT_MANAGER_MKEY_ALIAS);
+ if(CKMC_ERROR_NONE != ret) {
+ return ret;
+ }
+
+ sprintf(alias, "%s%s", ACCOUNT_MANAGER_DEK_ALIAS_PFX, pkg_id);
+ ret = ckmc_remove_alias(alias);
+ if(CKMC_ERROR_NONE != ret) {
+ return ret;
+ }
+
+ return CKMC_ERROR_NONE;
+}
#include <account.h>
#include <account-error.h>
#include "account-server-db.h"
+#include "account-key-handler.h"
+#include "account-crypto-service.h"
typedef sqlite3_stmt* account_stmt;
#define EASYSIGNUP_CMDLINE "/usr/bin/esu-agent"
#define EASYSIGNUP_APPID "com.samsung.esu-agent"
+#define ACCESS_TOKEN_ALIAS "access_token"
+
#define ACCOUNT_DB_OPEN_READONLY 0
#define ACCOUNT_DB_OPEN_READWRITE 1
return error_code;
}
+static int __encrypt_data(unsigned char *data, const int data_len, char **pp_encrypted_data)
+{
+ int ret;
+ int enc_data_len = 0;
+ int key_len = 0;
+ const char *alias = ACCESS_TOKEN_ALIAS;
+ unsigned char *key = NULL;
+
+ _INFO("before account_key_handler_get_account_dek");
+
+ ret = account_key_handler_get_account_dek(alias, &key, &key_len);
+ if (ret != ACCOUNT_ERROR_NONE) {
+ //To Do : fail
+ _ERR("account_key_handler_get_account_dek failed");
+ }
+ _INFO("after account_key_handler_get_account_dek");
+
+ _INFO("before _encrypt_aes_cbc");
+
+ ret = encrypt_aes_cbc(key, key_len, data, data_len, pp_encrypted_data, &enc_data_len);
+ if (ret != ACCOUNT_ERROR_NONE) {
+ //To Do : fail
+ _ERR("encrypt_aes_cbc failed");
+ }
+
+ _INFO("after encrypt_aes_cbc");
+
+ return ACCOUNT_ERROR_NONE;
+}
+
+
+static int _encrypt_access_token(account_s *account)
+{
+ int ret = -1;
+ char *encrypted_token = NULL;
+
+ if (account->access_token) {
+ _INFO("before __encrypt_data");
+ ret = __encrypt_data((unsigned char *)(account->access_token), strlen(account->access_token), &encrypted_token);
+ _INFO("after _encrypt_data, ret=[%d]", ret);
+ free(account->access_token);
+ account->access_token = NULL;
+ if( ret == ACCOUNT_ERROR_NONE) {
+ account->access_token = encrypted_token;
+ _INFO("after access_token, encrypted_token size=[%d]", strlen(account->access_token));
+ }
+ else {
+ //To Do : fail
+ _ERR("_encrypt_data fail");
+ return ret;
+ }
+ }
+
+ return ACCOUNT_ERROR_NONE;
+}
+
+
+static int __decrypt_data(unsigned char *data, const int data_len, char **pp_decrypted_data)
+{
+ int ret;
+ int dec_data_len = 0;
+ int key_len = 0;
+ const char *alias = ACCESS_TOKEN_ALIAS;
+ unsigned char *key = NULL;
+
+ _INFO("before account_key_handler_get_account_dek");
+ ret = account_key_handler_get_account_dek(alias, &key, &key_len);
+ if (ret != ACCOUNT_ERROR_NONE) {
+ //To Do : fail
+ _ERR("account_key_handler_get_account_dek failed");
+ }
+
+ _INFO("before _decrypt_aes_cbc");
+ decrypt_aes_cbc(key, key_len, data, data_len, pp_decrypted_data, &dec_data_len);
+ if (ret != ACCOUNT_ERROR_NONE) {
+ //To Do : fail
+ _ERR("decrypt_aes_cbc failed");
+ }
+ _INFO("after decrypt_aes_cbc, dec_data = %s", *pp_decrypted_data);
+
+ return ACCOUNT_ERROR_NONE;
+}
+
+static int _decrypt_access_token(account_s *account)
+{
+ int ret = -1;
+ char *decrypted_token = NULL;
+
+ if (account->access_token) {
+ ret = __decrypt_data((unsigned char *)account->access_token, strlen(account->access_token), &decrypted_token);
+ free(account->access_token);
+ account->access_token = NULL;
+ if( ret == ACCOUNT_ERROR_NONE)
+ account->access_token = decrypted_token;
+ else {
+ //To Do : fail
+ _ERR("_decrypt_access_token fail");
+ return ret;
+ }
+ }
+ _INFO("_decrypt_access_token end");
+
+ return ACCOUNT_ERROR_NONE;
+}
+
static int _remove_sensitive_info_from_non_owning_account(int caller_pid, account_s *account)
{
if (account == NULL)
free (account->access_token);
account->access_token = NULL;
+ } else {
+ int ret = _decrypt_access_token(account);
+ if (ret != ACCOUNT_ERROR_NONE)
+ {
+ _ERR("_decrypt_access_token error");
+ return ret;
+ }
}
_ACCOUNT_FREE(caller_package_name);
return ACCOUNT_ERROR_NONE;
return ACCOUNT_ERROR_PERMISSION_DENIED;
}
+ error_code = _encrypt_access_token(account);
+ if (error_code != ACCOUNT_ERROR_NONE)
+ {
+ _ERR("_encrypt_access_token error");
+ return error_code;
+ }
+
_account_compare_old_record_by_user_name(account, user_name, package_name);
if( _account_db_err_code() == SQLITE_PERM ){
return ACCOUNT_ERROR_NOT_ALLOW_MULTIPLE;
}
+ error_code = _encrypt_access_token(data);
+ if (error_code != ACCOUNT_ERROR_NONE)
+ {
+ _ERR("_encrypt_access_token error");
+ return error_code;
+ }
+
error_code = _account_execute_insert_query(data);
if (error_code != ACCOUNT_ERROR_NONE)
return ACCOUNT_ERROR_PERMISSION_DENIED;
}
+ error_code = _encrypt_access_token(account);
+ if (error_code != ACCOUNT_ERROR_NONE)
+ {
+ _ERR("_encrypt_access_token error");
+ return error_code;
+ }
+
error_code = _account_compare_old_record(account, account_id);
if (error_code != ACCOUNT_ERROR_NONE) {
ACCOUNT_ERROR("_account_compare_old_record fail\n");
return ACCOUNT_ERROR_INVALID_PARAMETER;
}
+ error_code = _encrypt_access_token(account);
+ if (error_code != ACCOUNT_ERROR_NONE)
+ {
+ _ERR("_encrypt_access_token error");
+ return error_code;
+ }
+
error_code = _account_compare_old_record(account, account_id);
if (error_code != ACCOUNT_ERROR_NONE) {
ACCOUNT_ERROR("_account_compare_old_record fail\n");