ADD_DEFINITIONS("-DSMACK_ENABLED")
ADD_DEFINITIONS("-DSQLCIPHER_HAS_CODEC")
ADD_DEFINITIONS("-DBINDIR=\"${BINDIR}\"")
-ADD_DEFINITIONS("-DINSTALLER_LABEL=\"${INSTALLER_LABEL}\"")
# IF (CMAKE_BUILD_TYPE MATCHES "DEBUG")
ADD_DEFINITIONS("-DTIZEN_DEBUG_ENABLE")
* limitations under the License
*
* @file web_app_enc.h
- * @version 1.0
+ * @version 2.0
* @brief APIs of WEB_APP_ENC module.
*/
#ifndef __WEB_APP_ENC__
#endif
#include <stddef.h>
+#include <stdbool.h>
+#include <sys/types.h>
/**
* @addtogroup CAPI_WEB_APP_ENC_MODULE
} wae_error_e;
/**
- * @brief Application Type.
+ * @brief Encrypts web application data
+ *
* @since_tizen 3.0
+ * @param[in] uid User id of the application being encrypted
+ * @param[in] pkg_id The package id of an application
+ * @param[in] data The data block to be encrypted
+ * @param[in] data_len The length of @a data
+ * @param[out] pencrypted_data The encrypted data block which must be freed by free()
+ * @param[out] pencrypted_data_len The length of data pointed by @a pencrypted_data
+ *
+ * @return #WAE_ERROR_NONE on success, otherwise a negative error value
+ * @retval #WAE_ERROR_INVALID_PARAMETER Invalid input parameter
+ * @retval #WAE_ERROR_PERMISSION_DENIED Non-authenticated application request
+ * @retval #WAE_ERROR_NO_KEY No internal key
+ * @retval #WAE_ERROR_KEY_MANAGER key-manager internal error
+ * @retval #WAE_ERROR_CRYPTO failed in crypto operation
+ * @retval #WAE_ERROR_UNKNOWN Failed with unknown reason
+ *
+ * @see wae_decrypt_web_application()
+ * @see wae_remove_app_dek()
*/
-typedef enum {
- WAE_DOWNLOADED_NORMAL_APP = 0, /**< Downloaded Normal Application*/
- WAE_DOWNLOADED_GLOBAL_APP = 1, /**< Downloaded Global Application*/
- WAE_PRELOADED_APP = 2 /**< Preloaded Application*/
-} wae_app_type_e;
+int wae_encrypt_web_application(uid_t uid, const char *pkg_id,
+ const unsigned char *data, size_t data_len,
+ unsigned char **pencrypted_data, size_t *pencrypted_data_len);
/**
- * @brief Encrypts web application data with internal key(APP DEK: Application Data Encryption Key).
+ * @brief Encrypts global web application data
*
* @since_tizen 3.0
* @param[in] pkg_id The package id of an application
- * @param[in] app_type The application type
+ * @param[in] is_preloaded Whether the package is preloaded or not
* @param[in] data The data block to be encrypted
* @param[in] data_len The length of @a data
- * @param[out] pencrypted_data The data block contaning encrypted data block which must be freed by free()
+ * @param[out] pencrypted_data The encrypted data block which must be freed by free()
* @param[out] pencrypted_data_len The length of data pointed by @a pencrypted_data
*
* @return #WAE_ERROR_NONE on success, otherwise a negative error value
* @retval #WAE_ERROR_CRYPTO failed in crypto operation
* @retval #WAE_ERROR_UNKNOWN Failed with unknown reason
*
- * @see wae_decrypt_web_application()
+ * @see wae_decrypt_global_web_application()
+ * @see wae_remove_global_app_dek()
*/
-int wae_encrypt_web_application(const char *pkg_id, wae_app_type_e app_type,
- const unsigned char *data, size_t data_len,
- unsigned char **pencrypted_data, size_t *pencrypted_data_len);
+int wae_encrypt_global_web_application(const char *pkg_id, bool is_preloaded,
+ const unsigned char *data, size_t data_len,
+ unsigned char **pencrypted_data, size_t *pencrypted_data_len);
/**
- * @brief Encrypts web application data with internal key.
+ * @brief Decrypts web application data.
*
* @since_tizen 3.0
+ * @param[in] uid User id of the application being decrypted
* @param[in] pkg_id The package id of an application
- * @param[in] app_type The application type
* @param[in] data The data block to be decrypted
* @param[in] data_len The length of @a data
- * @param[out] pdecrypted_data Data block contaning decrypted data block which must be freed by free()
+ * @param[out] pdecrypted_data The decrypted data block which must be freed by free()
* @param[out] pdecrypted_data_len The length of data pointed by @a pdecrypted_data
*
* @return #WAE_ERROR_NONE on success, otherwise a negative error value
* @retval #WAE_ERROR_UNKNOWN Failed with unknown reason
*
* @see wae_encrypt_web_application()
+ * @see wae_remove_app_dek()
*/
-int wae_decrypt_web_application(const char *pkg_id, wae_app_type_e app_type,
+int wae_decrypt_web_application(uid_t uid, const char *pkg_id,
const unsigned char *data, size_t data_len,
unsigned char **pdecrypted_data, size_t *pdecrypted_data_len);
/**
- * @brief Remove a APP DEK(Application Data Encryption Key) used for encrytpion and decryption of a web application.
+ * @brief Decrypts global web application data.
+ *
+ * @since_tizen 3.0
+ * @param[in] pkg_id The package id of an application
+ * @param[in] is_preloaded Whether the package is preloaded or not
+ * @param[in] data The data block to be decrypted
+ * @param[in] data_len The length of @a data
+ * @param[out] pdecrypted_data The decrypted data block which must be freed by free()
+ * @param[out] pdecrypted_data_len The length of data pointed by @a pdecrypted_data
+ *
+ * @return #WAE_ERROR_NONE on success, otherwise a negative error value
+ * @retval #WAE_ERROR_INVALID_PARAMETER Invalid input parameter
+ * @retval #WAE_ERROR_PERMISSION_DENIED Non-authenticated application request
+ * @retval #WAE_ERROR_NO_KEY No internal key
+ * @retval #WAE_ERROR_KEY_MANAGER key-manager internal error
+ * @retval #WAE_ERROR_CRYPTO failed in crypto operation
+ * @retval #WAE_ERROR_UNKNOWN Failed with unknown reason
+ *
+ * @see wae_encrypt_global_web_application()
+ * @see wae_remove_global_app_dek()
+ */
+int wae_decrypt_global_web_application(const char *pkg_id, bool is_preloaded,
+ const unsigned char *data, size_t data_len,
+ unsigned char **pdecrypted_data, size_t *pdecrypted_data_len);
+
+/**
+ * @brief Remove key used for encryption the web application.
*
* @since_tizen 3.0
+ * @param[in] uid User id of the application being uninstalled
* @param[in] pkg_id The package id of an application
- * @param[in] app_type The application type
*
* @return #WAE_ERROR_NONE on success, otherwise a negative error value
* @retval #WAE_ERROR_INVALID_PARAMETER Invalid input parameter
* @retval #WAE_ERROR_KEY_MANAGER key-manager internal error
* @retval #WAE_ERROR_UNKNOWN Failed with unknown reason
*
+ * @see wae_encrypt_web_application()
+ * @see wae_decrypt_web_application()
+ */
+int wae_remove_app_dek(uid_t uid, const char *pkg_id);
+
+/**
+ * @brief Remove key used for encryption the global web application.
+ *
+ * @since_tizen 3.0
+ * @param[in] pkg_id The package id of an application
+ * @param[in] is_preloaded Whether the package is preloaded or not
+ *
+ * @return #WAE_ERROR_NONE on success, otherwise a negative error value
+ * @retval #WAE_ERROR_INVALID_PARAMETER Invalid input parameter
+ * @retval #WAE_ERROR_PERMISSION_DENIED Non-authenticated application request
+ * @retval #WAE_ERROR_NO_KEY No internal key
+ * @retval #WAE_ERROR_KEY_MANAGER key-manager internal error
+ * @retval #WAE_ERROR_UNKNOWN Failed with unknown reason
+ *
+ * @see wae_encrypt_global_web_application()
+ * @see wae_decrypt_global_web_application()
*/
-int wae_remove_app_dek(const char *pkg_id, wae_app_type_e app_type);
+int wae_remove_global_app_dek(const char *pkg_id, bool is_preloaded);
/**
* @}
<domain name="_" />
</request>
<assign>
- <filesystem path="@BINDIR@/wae_tests" label="_" exec_label="@INSTALLER_LABEL@" />
+ <filesystem path="@BINDIR@/wae_tests" label="_" exec_label="System" />
</assign>
</manifest>
%description test
Web application encryption and decryption service (test)
-%define installer_label "User"
%define bin_dir %TZ_SYS_BIN
%define rw_share_dir %TZ_SYS_SHARE
-DSYSTEMD_UNIT_DIR=%{_unitdir} \
-DCMAKE_BUILD_TYPE=%{build_type} \
-DRW_SHARE_DIR=%rw_share_dir \
- -DBINDIR=%bin_dir \
- -DINSTALLER_LABEL=%installer_label
+ -DBINDIR=%bin_dir
make %{?jobs:-j%jobs}
#include <tzplatform_config.h>
+#include "web_app_enc.h"
#include "wae_log.h"
#include "crypto_service.h"
#include "key_manager.h"
crypto_element_map_destroy(_map);
}
-static const crypto_element_s *_get_app_ce_from_cache(const char *pkg_id)
+char *_create_map_key(uid_t uid, const char *pkg_id)
{
- return crypto_element_map_get(_map, pkg_id);
+ char *key = NULL;
+
+ int ret = asprintf(&key, "%u-%s", uid, pkg_id);
+
+ return (ret == -1) ? NULL : key;
}
-static int _add_app_ce_to_cache(const char *pkg_id, crypto_element_s *ce)
+static const crypto_element_s *_get_app_ce_from_cache(const char *key)
{
- return crypto_element_map_add(&_map, pkg_id, ce);
+ return crypto_element_map_get(_map, key);
}
-void _remove_app_ce_from_cache(const char *pkg_id)
+static int _add_app_ce_to_cache(const char *key, crypto_element_s *ce)
{
- crypto_element_map_remove(&_map, pkg_id);
+ return crypto_element_map_add(&_map, key, ce);
+}
+
+void _remove_app_ce_from_cache(const char *key)
+{
+ crypto_element_map_remove(&_map, key);
}
int _get_random(raw_buffer_s *rb)
static int _write_to_file(const char *path, const raw_buffer_s *data)
{
- if (path == NULL || data == NULL || data->buf == NULL || data->size == 0)
+ if (path == NULL || !is_buffer_valid(data))
return WAE_ERROR_INVALID_PARAMETER;
FILE *f = fopen(path, "w");
if (f == NULL) {
- WAE_SLOGE("WAE: Fail to open a file. file=%s", path);
+ WAE_SLOGE("Failed to open a file(%s)", path);
return WAE_ERROR_FILE;
}
fclose(f);
if (write_len != (int)data->size) {
- WAE_SLOGE("WAE: Fail to write a file. file=%s", path);
+ WAE_SLOGE("Failed to write a file(%s)", path);
return WAE_ERROR_FILE;
}
return _write_to_file(path, encrypted);
}
-int get_app_ce(const char *pkg_id, wae_app_type_e app_type, bool create_for_migrated_app,
- const crypto_element_s **pce)
+int get_app_ce(uid_t uid, const char *pkg_id, wae_app_type_e app_type,
+ bool create_for_migrated_app, const crypto_element_s **pce)
{
if (pkg_id == NULL || pce == NULL)
return WAE_ERROR_INVALID_PARAMETER;
- const crypto_element_s *cached_ce = _get_app_ce_from_cache(pkg_id);
+ if (uid == 0 && app_type == WAE_DOWNLOADED_NORMAL_APP)
+ return WAE_ERROR_INVALID_PARAMETER;
+
+ const char *key = NULL;
+ char *_key_per_user = NULL;
+
+ if (app_type == WAE_DOWNLOADED_NORMAL_APP) {
+ _key_per_user = _create_map_key(uid, pkg_id);
+ if (_key_per_user == NULL)
+ return WAE_ERROR_MEMORY;
+
+ key = _key_per_user;
+ } else {
+ key = pkg_id;
+ }
+
+ int ret = WAE_ERROR_NONE;
+ const crypto_element_s *cached_ce = _get_app_ce_from_cache(key);
if (cached_ce != NULL) {
- WAE_SLOGD("cache hit of app ce for pkg_id(%s)", pkg_id);
+ WAE_SLOGD("cache hit of app ce for key(%s)", key);
*pce = cached_ce;
- return WAE_ERROR_NONE;
+ goto finish;
}
- WAE_SLOGD("cache miss of app ce for pkg_id(%s)", pkg_id);
+ WAE_SLOGD("cache miss of app ce for key(%s)", key);
crypto_element_s *ce = NULL;
- int ret = get_from_key_manager(pkg_id, app_type, &ce);
+ ret = get_from_key_manager(key, app_type, &ce);
if (create_for_migrated_app &&
(ret == WAE_ERROR_NO_KEY && app_type == WAE_DOWNLOADED_GLOBAL_APP)) {
- WAE_SLOGI("No dek found for pkg_id(%s)! It should be migrated app.", pkg_id);
+ WAE_SLOGI("No dek found for key(%s)! It should be migrated app.", key);
- if ((ret = get_old_ss_crypto_element(pkg_id, &ce)) != WAE_ERROR_NONE)
- goto error;
+ if ((ret = get_old_ss_crypto_element(key, &ce)) != WAE_ERROR_NONE)
+ goto finish;
// (k.tak) disable to save ce to key-maanger for migrated app because of permission issue.
- //ret = save_to_key_manager(pkg_id, app_type, ce);
+ //ret = save_to_key_manager(key, pkg_id, app_type, ce);
//if (ret != WAE_ERROR_NONE) {
// WAE_SLOGW("Failed to save migrated app ce to key-manager with ret(%d). "
// "Ignore this error because we can create ce later again.", ret);
// ret = WAE_ERROR_NONE;
//}
} else if (ret != WAE_ERROR_NONE) {
- WAE_SLOGE("Failed to get crypto element from key-manager. pkg_id=%s, ret=%d",
- pkg_id, ret);
- goto error;
+ WAE_SLOGE("Failed to get crypto element from key-manager. key(%s) ret(%d)",
+ key, ret);
+ goto finish;
}
- ret = _add_app_ce_to_cache(pkg_id, ce);
+ ret = _add_app_ce_to_cache(key, ce);
if (ret != WAE_ERROR_NONE) {
- WAE_SLOGE("Failed to add ce to cache for pkg_id(%s) ret(%d)", pkg_id, ret);
- goto error;
+ WAE_SLOGE("Failed to add ce to cache for key(%s) ret(%d)", key, ret);
+ goto finish;
}
*pce = ce;
- WAE_SLOGD("Successfully get ce! pkgid(%s)", pkg_id);
+ WAE_SLOGD("Successfully get ce! key(%s)", key);
- return WAE_ERROR_NONE;
+finish:
+ free(_key_per_user);
-error:
- crypto_element_destroy(ce);
+ if (ret != WAE_ERROR_NONE)
+ crypto_element_destroy(ce);
return ret;
}
-int create_app_ce(const char *pkg_id, wae_app_type_e app_type, const crypto_element_s **pce)
+int create_app_ce(uid_t uid, const char *pkg_id, wae_app_type_e app_type,
+ const crypto_element_s **pce)
{
raw_buffer_s *dek = buffer_create(DEK_LEN);
raw_buffer_s *iv = buffer_create(IV_LEN);
crypto_element_s *ce = crypto_element_create(dek, iv);
int ret = WAE_ERROR_NONE;
+ const char *key = NULL;
+ char *_key_per_user = NULL;
if (ce == NULL) {
ret = WAE_ERROR_MEMORY;
goto error;
}
+ if (app_type == WAE_DOWNLOADED_NORMAL_APP) {
+ _key_per_user = _create_map_key(uid, pkg_id);
+ if (_key_per_user == NULL) {
+ ret = WAE_ERROR_MEMORY;
+ goto error;
+ }
+
+ key = _key_per_user;
+ } else {
+ key = pkg_id;
+ }
+
memcpy(ce->iv->buf, AES_CBC_IV, ce->iv->size);
ret = _get_random(dek);
if (ret != WAE_ERROR_NONE) {
- WAE_SLOGE("Failed to get random for dek. pkg_id(%s) ret(%d)", pkg_id, ret);
+ WAE_SLOGE("Failed to get random for dek. key(%s) ret(%d)", key, ret);
goto error;
}
- ret = save_to_key_manager(pkg_id, app_type, ce);
+ ret = save_to_key_manager(key, pkg_id, app_type, ce);
if (ret != WAE_ERROR_NONE) {
- WAE_SLOGE("Failed to save ce to key-manager. pkg_id(%s) app_type(%d) ret(%d)",
- pkg_id, app_type, ret);
+ WAE_SLOGE("Failed to save ce to key-manager. key(%s) app_type(%d) ret(%d)",
+ key, app_type, ret);
goto error;
}
- ret = _add_app_ce_to_cache(pkg_id, ce);
+ ret = _add_app_ce_to_cache(key, ce);
if (ret != WAE_ERROR_NONE) {
- WAE_SLOGE("Failed to add ce to cache for pkg_id(%s) ret(%d)", pkg_id, ret);
+ WAE_SLOGE("Failed to add ce to cache for key(%s) ret(%d)", key, ret);
goto error;
}
*pce = ce;
- WAE_SLOGI("Success to create dek/iv and store it in key-manager. pkg_id(%s)", pkg_id);
-
- return WAE_ERROR_NONE;
+ WAE_SLOGI("Success to create dek/iv and store it in key-manager. key(%s)", key);
error:
- if (ce == NULL) {
- buffer_destroy(dek);
- buffer_destroy(iv);
- } else {
- crypto_element_destroy(ce);
+ if (ret != WAE_ERROR_NONE) {
+ if (ce == NULL) {
+ buffer_destroy(dek);
+ buffer_destroy(iv);
+ } else {
+ crypto_element_destroy(ce);
+ }
}
+ free(_key_per_user);
+
return ret;
}
continue;
}
- ret = save_to_key_manager(pkg_id, WAE_PRELOADED_APP, ce);
+ ret = save_to_key_manager(pkg_id, pkg_id, WAE_PRELOADED_APP, ce);
if (ret == WAE_ERROR_KEY_EXISTS) {
WAE_SLOGI("Key Manager already has dek. It will be ignored. file=%s",
return ret;
}
-int remove_app_ce(const char *pkg_id, wae_app_type_e app_type)
+int remove_app_ce(uid_t uid, const char *pkg_id, wae_app_type_e app_type)
{
- int ret = remove_from_key_manager(pkg_id, app_type);
+ if (uid == 0 && app_type == WAE_DOWNLOADED_NORMAL_APP)
+ return WAE_ERROR_INVALID_PARAMETER;
+
+ const char *key = NULL;
+ char *_key_per_user = NULL;
+
+ if (app_type == WAE_DOWNLOADED_NORMAL_APP) {
+ _key_per_user = _create_map_key(uid, pkg_id);
+ if (_key_per_user == NULL)
+ return WAE_ERROR_MEMORY;
+
+ key = _key_per_user;
+ } else {
+ key = pkg_id;
+ }
+
+ int ret = remove_from_key_manager(key, app_type);
if (ret != WAE_ERROR_NONE)
- WAE_SLOGE("Failed to remove app ce for pkg_id(%s) ret(%d)", pkg_id, ret);
+ WAE_SLOGE("Failed to remove app ce for key(%s) ret(%d)", key, ret);
else
- WAE_SLOGI("Success to remove app ce for pkg_id(%s)", pkg_id);
+ WAE_SLOGI("Success to remove app ce for key(%s)", key);
+
+ _remove_app_ce_from_cache(key);
- _remove_app_ce_from_cache(pkg_id);
+ free(_key_per_user);
return ret;
}
#include <stdbool.h>
#include <stddef.h>
+#include <sys/types.h>
-#include "web_app_enc.h"
#include "types.h"
#define MAX_PATH_LEN 512
/* functions with "_" prefix are internal static functions but declared here for testing */
-void _remove_app_ce_from_cache(const char *pkg_id);
+char *_create_map_key(uid_t uid, const char *pkg_id);
+void _remove_app_ce_from_cache(const char *key);
int _get_random(raw_buffer_s *rb);
int _get_preloaded_app_dek_file_path(const char *pkg_id, size_t size, char *path);
int _read_encrypted_app_dek_from_file(const char *pkg_id, raw_buffer_s **pencrypted);
int _write_encrypted_app_dek_to_file(const char *pkg_id, const raw_buffer_s *encrypted);
/* functions for interface */
-int get_app_ce(const char *pkg_id, wae_app_type_e app_type, bool create_for_migrated_app,
- const crypto_element_s **pce);
-int create_app_ce(const char *pkg_id, wae_app_type_e app_type,
+int get_app_ce(uid_t uid, const char *pkg_id, wae_app_type_e app_type,
+ bool create_for_migrated_app, const crypto_element_s **pce);
+int create_app_ce(uid_t uid, const char *pkg_id, wae_app_type_e app_type,
const crypto_element_s **pce);
+int remove_app_ce(uid_t uid, const char *pkg_id, wae_app_type_e app_type);
+
int get_preloaded_app_ce(const char *pkg_id, const crypto_element_s **pce);
int create_preloaded_app_ce(const char *pkg_id, const crypto_element_s **pce);
int load_preloaded_app_deks(bool reload);
-int remove_app_ce(const char *pkg_id, wae_app_type_e app_type);
#ifdef __cplusplus
}
#include <ckmc/ckmc-manager.h>
+#include "web_app_enc.h"
#include "wae_log.h"
#define MAX_ALIAS_LEN 256
return ret;
}
-static void _get_alias(const char *pkg_id, wae_app_type_e type, bool forSave,
+static void _get_alias(const char *name, UNUSED wae_app_type_e type, UNUSED bool forSave,
char *alias, size_t buff_len)
{
- if (type == WAE_DOWNLOADED_NORMAL_APP) {
- if (forSave) {
- snprintf(alias, buff_len, "%s%s",
- APP_DEK_ALIAS_PFX,
- pkg_id);
- } else {
- snprintf(alias, buff_len, "%c%s%s%s%s",
- '/', INSTALLER_LABEL,
- ckmc_owner_id_separator,
- APP_DEK_ALIAS_PFX,
- pkg_id);
- }
- } else { // system alias
- snprintf(alias, buff_len, "%s%s%s%s",
- ckmc_owner_id_system,
- ckmc_owner_id_separator,
- APP_DEK_ALIAS_PFX,
- pkg_id);
- }
+ snprintf(alias, buff_len, "%s%s%s%s",
+ ckmc_owner_id_system,
+ ckmc_owner_id_separator,
+ APP_DEK_ALIAS_PFX,
+ name);
}
static void _get_dek_loading_done_alias(char *alias, size_t buff_len)
return _to_wae_error(ckmc_remove_alias(alias));
}
-int save_to_key_manager(const char *pkg_id, wae_app_type_e type, const crypto_element_s *ce)
+int save_to_key_manager(const char *name, const char *pkg_id, wae_app_type_e type,
+ const crypto_element_s *ce)
{
char alias[MAX_ALIAS_LEN] = {0, };
- _get_alias(pkg_id, type, true, alias, sizeof(alias));
+ _get_alias(name, type, true, alias, sizeof(alias));
ckmc_raw_buffer_s *buf = NULL;
int ret = _serialize(ce, &buf);
if (ret != WAE_ERROR_NONE) {
- WAE_SLOGE("Failed to serialize crypto element of pkg_id: %s", pkg_id);
+ WAE_SLOGE("Failed to serialize crypto element of name(%s)", name);
return ret;
}
ckmc_buffer_free(buf);
if (ret != WAE_ERROR_NONE) {
- WAE_SLOGE("Failed to add crypto element to ckm: pkg_id(%s) alias(%s) ret(%d)",
- pkg_id, alias, ret);
+ WAE_SLOGE("Failed to add crypto element to ckm: name(%s) alias(%s) ret(%d)",
+ name, alias, ret);
return ret;
}
return ret;
}
- WAE_SLOGI("Success to save crypto element to key-manager. pkg_id(%s)", pkg_id);
+ WAE_SLOGI("Success to save crypto element to key-manager. name(%s)", name);
return WAE_ERROR_NONE;
}
-int get_from_key_manager(const char *pkg_id, wae_app_type_e type, crypto_element_s **pce)
+int get_from_key_manager(const char *name, wae_app_type_e type, crypto_element_s **pce)
{
- if (pkg_id == NULL || pce == NULL)
+ if (name == NULL || pce == NULL)
return WAE_ERROR_INVALID_PARAMETER;
char alias[MAX_ALIAS_LEN] = {0, };
- _get_alias(pkg_id, type, false, alias, sizeof(alias));
+ _get_alias(name, type, false, alias, sizeof(alias));
ckmc_raw_buffer_s *buf = NULL;
int ret = _to_wae_error(ckmc_get_data(alias, NULL, &buf));
return ret;
}
-int remove_from_key_manager(const char *pkg_id, wae_app_type_e type)
+int remove_from_key_manager(const char *name, wae_app_type_e type)
{
char alias[MAX_ALIAS_LEN] = {0, };
- _get_alias(pkg_id, type, true, alias, sizeof(alias));
+ _get_alias(name, type, true, alias, sizeof(alias));
return _to_wae_error(ckmc_remove_alias(alias));
}
#include <stdbool.h>
-#include "web_app_enc.h"
#include "types.h"
-int save_to_key_manager(const char *pkg_id, wae_app_type_e type, const crypto_element_s *ce);
-int get_from_key_manager(const char *pkg_id, wae_app_type_e type, crypto_element_s **pce);
-int remove_from_key_manager(const char *pkg_id, wae_app_type_e type);
+int save_to_key_manager(const char *name, const char *pkg_id, wae_app_type_e type,
+ const crypto_element_s *ce);
+int get_from_key_manager(const char *name, wae_app_type_e type, crypto_element_s **pce);
+int remove_from_key_manager(const char *name, wae_app_type_e type);
bool is_app_deks_loaded_in_key_manager();
int set_app_deks_loaded_to_key_manager();
#include <stdbool.h>
#include <stddef.h>
+#define API __attribute__ ((visibility("default")))
+#define UNUSED __attribute__ ((unused))
+
+typedef enum {
+ WAE_DOWNLOADED_NORMAL_APP = 0,
+ WAE_DOWNLOADED_GLOBAL_APP = 1,
+ WAE_PRELOADED_APP = 2
+} wae_app_type_e;
+
typedef struct _raw_buffer_s {
unsigned char *buf;
size_t size;
#include "wae_log.h"
int _wae_encrypt_downloaded_web_application(
- const char *pkg_id, wae_app_type_e app_type,
+ uid_t uid, const char *pkg_id, wae_app_type_e app_type,
const unsigned char *data, size_t data_len,
unsigned char **pencrypted_data, size_t *pencrypted_data_len)
{
return WAE_ERROR_INVALID_PARAMETER;
const crypto_element_s *e = NULL;
- int ret = get_app_ce(pkg_id, app_type, false, &e);
+ int ret = get_app_ce(uid, pkg_id, app_type, false, &e);
if (ret == WAE_ERROR_NO_KEY)
- ret = create_app_ce(pkg_id, app_type, &e);
+ ret = create_app_ce(uid, pkg_id, app_type, &e);
if (ret != WAE_ERROR_NONE)
return ret;
return WAE_ERROR_NONE;
}
-int _wae_decrypt_downloaded_web_application(const char *pkg_id, wae_app_type_e app_type,
+int _wae_decrypt_downloaded_web_application(
+ uid_t uid, const char *pkg_id, wae_app_type_e app_type,
const unsigned char *data, size_t data_len,
unsigned char **pdecrypted_data, size_t *pdecrypted_data_len)
{
_data.size = data_len;
const crypto_element_s *ce = NULL;
- int ret = get_app_ce(pkg_id, app_type, true, &ce);
+ int ret = get_app_ce(uid, pkg_id, app_type, true, &ce);
if (ret != WAE_ERROR_NONE)
return ret;
return WAE_ERROR_NONE;
}
-int _wae_decrypt_preloaded_web_application(const char *pkg_id, wae_app_type_e app_type,
+int _wae_decrypt_preloaded_web_application(const char *pkg_id,
const unsigned char *data, size_t data_len,
unsigned char **pdecrypted_data, size_t *pdecrypted_data_len)
{
// same with the decryption of downloaded web application
- return _wae_decrypt_downloaded_web_application(pkg_id, app_type,
+ return _wae_decrypt_downloaded_web_application(0, pkg_id, WAE_PRELOADED_APP,
data, data_len, pdecrypted_data, pdecrypted_data_len);
}
-int wae_encrypt_web_application(const char *pkg_id, wae_app_type_e app_type,
- const unsigned char *data, size_t data_len,
- unsigned char **pencrypted_data, size_t *pencrypted_data_len)
+int wae_encrypt_web_application(
+ uid_t uid, const char *pkg_id,
+ const unsigned char *data, size_t data_len,
+ unsigned char **pencrypted_data, size_t *pencrypted_data_len)
{
- if (app_type == WAE_PRELOADED_APP)
+ return _wae_encrypt_downloaded_web_application(
+ uid, pkg_id, WAE_DOWNLOADED_NORMAL_APP,
+ data, data_len, pencrypted_data, pencrypted_data_len);
+}
+
+int wae_encrypt_global_web_application(
+ const char *pkg_id, bool is_preloaded,
+ const unsigned char *data, size_t data_len,
+ unsigned char **pencrypted_data, size_t *pencrypted_data_len)
+{
+ if (is_preloaded)
return _wae_encrypt_preloaded_web_application(pkg_id,
data, data_len, pencrypted_data, pencrypted_data_len);
else
- return _wae_encrypt_downloaded_web_application(pkg_id, app_type,
+ return _wae_encrypt_downloaded_web_application(
+ 0, pkg_id, WAE_DOWNLOADED_GLOBAL_APP,
data, data_len, pencrypted_data, pencrypted_data_len);
}
-int wae_decrypt_web_application(const char *pkg_id, wae_app_type_e app_type,
- const unsigned char *data, size_t data_len,
- unsigned char **pdecrypted_data, size_t *pdecrypted_data_len)
+int wae_decrypt_web_application(
+ uid_t uid, const char *pkg_id,
+ const unsigned char *data, size_t data_len,
+ unsigned char **pdecrypted_data, size_t *pdecrypted_data_len)
+{
+ return _wae_decrypt_downloaded_web_application(
+ uid, pkg_id, WAE_DOWNLOADED_NORMAL_APP,
+ data, data_len, pdecrypted_data, pdecrypted_data_len);
+}
+
+int wae_decrypt_global_web_application(
+ const char *pkg_id, bool is_preloaded,
+ const unsigned char *data, size_t data_len,
+ unsigned char **pdecrypted_data, size_t *pdecrypted_data_len)
{
- if (app_type == WAE_PRELOADED_APP)
- return _wae_decrypt_preloaded_web_application(pkg_id, app_type,
+ if (is_preloaded)
+ return _wae_decrypt_preloaded_web_application(pkg_id,
data, data_len, pdecrypted_data, pdecrypted_data_len);
else
- return _wae_decrypt_downloaded_web_application(pkg_id, app_type,
+ return _wae_decrypt_downloaded_web_application(
+ 0, pkg_id, WAE_DOWNLOADED_GLOBAL_APP,
data, data_len, pdecrypted_data, pdecrypted_data_len);
}
-int wae_remove_app_dek(const char *pkg_id, wae_app_type_e app_type)
+int wae_remove_app_dek(uid_t uid, const char *pkg_id)
+{
+ return remove_app_ce(uid, pkg_id, WAE_DOWNLOADED_NORMAL_APP);
+}
+
+int wae_remove_global_app_dek(const char *pkg_id, bool is_preloaded)
{
- return remove_app_ce(pkg_id, app_type);
+ return remove_app_ce(0, pkg_id, is_preloaded ? WAE_PRELOADED_APP : WAE_DOWNLOADED_GLOBAL_APP);
}
_get_preloaded_app_dek_file_path(pkg_id2, sizeof(path2), path2);
// remove old test data
- remove_app_ce(pkg_id1, WAE_PRELOADED_APP);
- remove_app_ce(pkg_id2, WAE_PRELOADED_APP);
+ remove_app_ce(0, pkg_id1, WAE_PRELOADED_APP);
+ remove_app_ce(0, pkg_id2, WAE_PRELOADED_APP);
unlink(path1);
unlink(path2);
"Failed to load_preloaded_app_deks. ec: " << ret);
const crypto_element_s *readed1 = nullptr;
- ret = get_app_ce(pkg_id1, WAE_PRELOADED_APP, false, &readed1);
+ ret = get_app_ce(0, pkg_id1, WAE_PRELOADED_APP, false, &readed1);
BOOST_REQUIRE_MESSAGE(ret == WAE_ERROR_NONE, "Failed to get_app_dek. ec: " << ret);
const crypto_element_s *readed2 = nullptr;
- ret = get_app_ce(pkg_id2, WAE_PRELOADED_APP, false, &readed2);
+ ret = get_app_ce(0, pkg_id2, WAE_PRELOADED_APP, false, &readed2);
BOOST_REQUIRE_MESSAGE(ret == WAE_ERROR_NONE, "Failed to get_app_dek. ec: " << ret);
BOOST_REQUIRE_MESSAGE(readed1 == ce1, "cached ce and actual address is different!");
BOOST_REQUIRE_MESSAGE(readed2 == ce2, "cached ce and actual address is different!");
- ret = remove_app_ce(pkg_id1, WAE_PRELOADED_APP);
+ ret = remove_app_ce(0, pkg_id1, WAE_PRELOADED_APP);
BOOST_REQUIRE_MESSAGE(ret == WAE_ERROR_NONE, "Failed remove app ce. ec: " << ret);
- ret = remove_app_ce(pkg_id2, WAE_PRELOADED_APP);
+ ret = remove_app_ce(0, pkg_id2, WAE_PRELOADED_APP);
BOOST_REQUIRE_MESSAGE(ret == WAE_ERROR_NONE, "Failed remove app ce. ec: " << ret);
}
* @version 2.0
* @brief API test for preloaded/global apps
*/
-#include "web_app_enc.h"
-
#include <boost/test/unit_test.hpp>
+#include "types.h"
#include "test-helper.h"
BOOST_AUTO_TEST_SUITE(SYSTEM)
* @version 2.0
* @brief test for normal downloaded app
*/
-#include "web_app_enc.h"
-
#include <boost/test/unit_test.hpp>
+#include "types.h"
#include "test-helper.h"
BOOST_AUTO_TEST_SUITE(USER)
#include <cstring>
#include <vector>
+#include "web_app_enc.h"
#include "key_handler.h"
#include "crypto_service.h"
#include "types.h"
namespace Wae {
namespace Test {
+namespace {
+
+const uid_t UID_OWNER = 5001;
+
+} // namespace anonymous
void add_get_remove_ce(wae_app_type_e app_type)
{
const char *pkg_id = "TEST_PKG_ID";
const crypto_element_s *ce = nullptr;
- int tmp = create_app_ce(pkg_id, app_type, &ce);
+ uid_t uid = app_type == WAE_DOWNLOADED_NORMAL_APP ? UID_OWNER : 0;
+
+ int tmp = create_app_ce(uid, pkg_id, app_type, &ce);
BOOST_REQUIRE_MESSAGE(tmp == WAE_ERROR_NONE, "Failed to create_app_ce. ec: " << tmp);
const crypto_element_s *stored_ce = nullptr;
- tmp = get_app_ce(pkg_id, app_type, true, &stored_ce);
+ tmp = get_app_ce(uid, pkg_id, app_type, true, &stored_ce);
BOOST_REQUIRE_MESSAGE(tmp == WAE_ERROR_NONE, "Failed to get_app_ce. ec: " << tmp);
BOOST_REQUIRE_MESSAGE(ce == stored_ce,
"ce(" << ce << ") and cached ce(" << stored_ce << ") pointer addr is different!");
- tmp = remove_app_ce(pkg_id, app_type);
+ tmp = remove_app_ce(uid, pkg_id, app_type);
BOOST_REQUIRE_MESSAGE(tmp == WAE_ERROR_NONE, "Failed to remove_app_ce. ec: " << tmp);
if (app_type == WAE_DOWNLOADED_GLOBAL_APP) {
- tmp = get_app_ce(pkg_id, app_type, true, &stored_ce);
+ tmp = get_app_ce(uid, pkg_id, app_type, true, &stored_ce);
BOOST_REQUIRE_MESSAGE(tmp == WAE_ERROR_NONE && stored_ce->is_migrated_app,
"when getting app ce which is there isn't, it should be migrated case! "
"ret("<< tmp << ") and is_migrated_app(" << stored_ce->is_migrated_app << ")");
} else {
- tmp = get_app_ce(pkg_id, app_type, false, &stored_ce);
+ tmp = get_app_ce(uid, pkg_id, app_type, false, &stored_ce);
BOOST_REQUIRE_MESSAGE(tmp == WAE_ERROR_NO_KEY,
"removed app ce is still remaining. ret(" << tmp << ")");
}
void create_app_ce(wae_app_type_e app_type)
{
+ uid_t uid = app_type == WAE_DOWNLOADED_NORMAL_APP ? UID_OWNER : 0;
const char *pkg_id = "TEST_PKG_ID";
- remove_app_ce(pkg_id, app_type);
+ remove_app_ce(uid, pkg_id, app_type);
const crypto_element_s *ce = nullptr;
- int tmp = create_app_ce(pkg_id, app_type, &ce);
+ int tmp = create_app_ce(uid, pkg_id, app_type, &ce);
BOOST_REQUIRE_MESSAGE(tmp == WAE_ERROR_NONE, "Failed to create_app_ce. ec: " << tmp);
const crypto_element_s *stored_ce = nullptr;
- tmp = get_app_ce(pkg_id, app_type, false, &stored_ce);
+ tmp = get_app_ce(uid, pkg_id, app_type, false, &stored_ce);
BOOST_REQUIRE_MESSAGE(tmp == WAE_ERROR_NONE, "Failed to get_app_ce. ec: " << tmp);
BOOST_REQUIRE_MESSAGE(ce == stored_ce,
"ce(" << ce << ") and cached ce(" << stored_ce << ") pointer addr is different!");
- tmp = remove_app_ce(pkg_id, app_type);
+ tmp = remove_app_ce(uid, pkg_id, app_type);
BOOST_REQUIRE_MESSAGE(tmp == WAE_ERROR_NONE, "Failed to remove_app_ce. ec: " << tmp);
}
void encrypt_decrypt_web_app(wae_app_type_e app_type)
{
+ uid_t uid = app_type == WAE_DOWNLOADED_NORMAL_APP ? UID_OWNER : 0;
const char *pkg_id1 = "testpkg_for_normal";
const char *pkg_id2 = "testpkg_for_global";
const char *pkg_id3 = "testpkg_for_preloaded";
}
// remove old test data
- wae_remove_app_dek(pkg_id, app_type);
+ if (app_type == WAE_DOWNLOADED_NORMAL_APP)
+ wae_remove_app_dek(uid, pkg_id);
+ else
+ wae_remove_global_app_dek(pkg_id, app_type == WAE_PRELOADED_APP);
if (app_type == WAE_PRELOADED_APP)
clear_app_deks_loaded_from_key_manager();
// test for downloaded web application
unsigned char *_encrypted = nullptr;
size_t _enc_len = 0;
- int tmp = wae_encrypt_web_application(pkg_id, app_type, plaintext.data(),
- plaintext.size(), &_encrypted, &_enc_len);
+ int tmp = 0;
+ if (app_type == WAE_DOWNLOADED_NORMAL_APP)
+ tmp = wae_encrypt_web_application(uid, pkg_id, plaintext.data(), plaintext.size(),
+ &_encrypted, &_enc_len);
+ else
+ tmp = wae_encrypt_global_web_application(pkg_id, app_type == WAE_PRELOADED_APP,
+ plaintext.data(), plaintext.size(),
+ &_encrypted, &_enc_len);
+
BOOST_REQUIRE_MESSAGE(tmp == WAE_ERROR_NONE,
"Failed to wae_encrypt_web_application. ec: " << tmp);
free(_encrypted);
// encrypt test twice
- tmp = wae_encrypt_web_application(pkg_id, app_type, plaintext.data(),
- plaintext.size(), &_encrypted, &_enc_len);
+ if (app_type == WAE_DOWNLOADED_NORMAL_APP)
+ tmp = wae_encrypt_web_application(uid, pkg_id, plaintext.data(),
+ plaintext.size(), &_encrypted, &_enc_len);
+ else
+ tmp = wae_encrypt_global_web_application(pkg_id, app_type == WAE_PRELOADED_APP,
+ plaintext.data(), plaintext.size(),
+ &_encrypted, &_enc_len);
+
BOOST_REQUIRE_MESSAGE(tmp == WAE_ERROR_NONE,
"Failed to wae_encrypt_web_application second time. ec: " << tmp);
auto encrypted = bytearr_to_vec(_encrypted, _enc_len);
free(_encrypted);
- _remove_app_ce_from_cache(pkg_id);
+ if (app_type == WAE_DOWNLOADED_NORMAL_APP) {
+ char *key_per_user = _create_map_key(uid, pkg_id);
+ _remove_app_ce_from_cache(key_per_user);
+ free(key_per_user);
+ } else {
+ _remove_app_ce_from_cache(pkg_id);
+ }
if (app_type == WAE_PRELOADED_APP)
load_preloaded_app_deks(true);
unsigned char *_decrypted = nullptr;
size_t _dec_len = 0;
- tmp = wae_decrypt_web_application(pkg_id, app_type, encrypted.data(),
- encrypted.size(), &_decrypted, &_dec_len);
+ if (app_type == WAE_DOWNLOADED_NORMAL_APP)
+ tmp = wae_decrypt_web_application(uid, pkg_id, encrypted.data(), encrypted.size(),
+ &_decrypted, &_dec_len);
+ else
+ tmp = wae_decrypt_global_web_application(pkg_id, app_type == WAE_PRELOADED_APP,
+ encrypted.data(), encrypted.size(),
+ &_decrypted, &_dec_len);
+
BOOST_REQUIRE_MESSAGE(tmp == WAE_ERROR_NONE,
"Failed to wae_decrypt_web_application. ec: " << tmp);
"plaintext(" << bytes_to_hex(plaintext) << ") "
"decrypted(" << bytes_to_hex(decrypted) << ")");
- tmp = wae_remove_app_dek(pkg_id, app_type);
+ if (app_type == WAE_DOWNLOADED_NORMAL_APP)
+ tmp = wae_remove_app_dek(uid, pkg_id);
+ else
+ tmp = wae_remove_global_app_dek(pkg_id, app_type == WAE_PRELOADED_APP);
BOOST_REQUIRE_MESSAGE(tmp == WAE_ERROR_NONE,
"Failed to wae_remove_app_dek. ec: " << tmp);
}
*/
#pragma once
-#include "web_app_enc.h"
+#include "types.h"
namespace Wae {
namespace Test {
projects / platform / core / security / libwebappenc.git / commitdiff