projects / platform / core / security / ode.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cd3b697)
Add support for CSC mode decryption 00/194500/4 accepted/tizen/4.0/unified/20181226.234218 submit/tizen_4.0/20181226.090856
authorJaemin Ryu <jm77.ryu@samsung.com>
Wed, 5 Dec 2018 06:52:15 +0000 (15:52 +0900)
committerJaemin Ryu <jm77.ryu@samsung.com>
Wed, 5 Dec 2018 10:50:05 +0000 (19:50 +0900)
Change-Id: I3e3f44338a510e6ef4dcf71e4905bda2930934a3
Signed-off-by: Jaemin Ryu <jm77.ryu@samsung.com>
fota/500.ode_upgrade.sh patch | blob | history
server/file-footer.cpp patch | blob | history
server/internal-encryption.cpp patch | blob | history
server/internal-encryption.h patch | blob | history
server/key-server.cpp patch | blob | history
server/upgrade-support.cpp patch | blob | history
server/upgrade-support.h patch | blob | history

diff --git a/fota/500.ode_upgrade.sh b/fota/500.ode_upgrade.sh
index c95b8e326a8897c08ea78edc612a40d31cbf7bbe..f8c40c02cd6182b0ba5ec88ac382b38536fdf8a0 100755 (executable)
--- a/fota/500.ode_upgrade.sh
+++ b/fota/500.ode_upgrade.sh
@@ -17,4 +17,5 @@ fi
 
 if [ -e /opt/etc/ode_footer ]; then
        touch /opt/etc/.ode_upgrade_started
+       rm -f /opt/etc/ode_footer
 fi
diff --git a/server/file-footer.cpp b/server/file-footer.cpp
index b81c14feacae9f5a8341e64ce5d7713c39eec6b5..7531db493f89775a3fe72ad1fa4a9c6cb1bd84b8 100644 (file)
--- a/server/file-footer.cpp
+++ b/server/file-footer.cpp
@@ -79,7 +79,12 @@ void FileFooter::write(const std::string &key, const BinaryData &value)
 
        runtime::File file(fileName);
 
-       file.create(S_IRUSR | S_IWUSR);
+       if (!file.exists()) {
+               file.create(S_IRUSR | S_IWUSR);
+       } else {
+               file.open(O_RDWR);
+       }
+
        file.write(value.data(), value.size());
 }
 
diff --git a/server/internal-encryption.cpp b/server/internal-encryption.cpp
index 9c953c226fc7506ae8827f5700b21bd2ee8dfe8b..bcf0487efeb6f6f94fb0c2e071923cdf64af9563 100644 (file)
--- a/server/internal-encryption.cpp
+++ b/server/internal-encryption.cpp
@@ -393,22 +393,33 @@ InternalEncryptionServer::~InternalEncryptionServer()
 {
 }
 
+int InternalEncryptionServer::migrateMasterKey(const std::string& dev, const std::string& password)
+{
+       try {
+               BinaryData masterKey = UpgradeSupport::loadMasterKey(dev);
+
+               // encrypt the master key with given password
+               return keyServer.changePassword2(dev, masterKey, password);
+       } catch (const runtime::Exception&) {
+               INFO("Failed to load the master key stored during upgrade.");
+       }
+
+       return error::Unknown;
+}
+
 int InternalEncryptionServer::setMountPassword(const std::string& password)
 {
        const std::string& dev = engine->getSource();
 
        // check if upgrade flag exists
-       if(UpgradeSupport::removeUpgradeFlag()) {
+       if (UpgradeSupport::checkUpgradeFlag()) {
                INFO("Upgrade flag detected.");
-               // try to load the master key
-               try {
-                       mountKey = UpgradeSupport::loadMasterKey(dev);
 
-                       // encrypt the master key with given password
-                       return keyServer.changePassword2(dev, mountKey, password);
-               } catch (const runtime::Exception&) {
-                       INFO("Failed to load the master key stored during upgrade.");
-               }
+               int rc = migrateMasterKey(dev, password);
+               if (rc == error::None)
+                       UpgradeSupport::removeUpgradeFlag();
+
+               return rc;
        }
 
        return keyServer.get(dev, password, mountKey);
@@ -564,6 +575,15 @@ int InternalEncryptionServer::decrypt(const std::string& password)
                return error::NoSuchDevice;
        }
 
+       // check if key migration is needed
+       if (UpgradeSupport::checkUpgradeFlag()) {
+               INFO("Upgrade flag detected.");
+               const std::string& dev = engine->getSource();
+               int rc = migrateMasterKey(dev, password);
+               if (rc == error::None)
+                       UpgradeSupport::removeUpgradeFlag();
+       }
+
        BinaryData masterKey;
        int ret = keyServer.get(engine->getSource(), password, masterKey);
        if (ret != error::None)
diff --git a/server/internal-encryption.h b/server/internal-encryption.h
index 3ad419bac7e960b8b2f03c9ea539de920a22b88c..488fac908586986983dda881d73b5c9932784e61 100644 (file)
--- a/server/internal-encryption.h
+++ b/server/internal-encryption.h
@@ -57,6 +57,9 @@ public:
 
        std::string getDevicePath() const;
 
+private:
+       int migrateMasterKey(const std::string& dev, const std::string& password);
+
 private:
        ServerContext& server;
 
diff --git a/server/key-server.cpp b/server/key-server.cpp
index 2dc279bdec4cf4e976339a98b02518875def2d8b..0a07ea5b8d5e1a72187e4a750bc7da79453303df 100644 (file)
--- a/server/key-server.cpp
+++ b/server/key-server.cpp
@@ -114,6 +114,7 @@ int KeyServer::changePassword(const std::string& dev,
                                                          const std::string& curPassword,
                                                          const std::string& newPassword)
 {
+
        if (dev.empty() || curPassword.empty() || newPassword.empty())
                return error::InvalidParameter;
 
@@ -123,8 +124,6 @@ int KeyServer::changePassword(const std::string& dev,
                return error::NoSuchFile;
        }
 
-       UpgradeSupport::removeUpgradeFlag();
-
        EncryptedKey ek(FileFooter::read(dev));
 
        auto key = ek.decrypt(curPassword);
@@ -136,6 +135,9 @@ int KeyServer::changePassword(const std::string& dev,
        ek.encrypt(key, newPassword);
 
        FileFooter::write(dev, ek.serialize());
+
+       UpgradeSupport::removeUpgradeFlag();
+
        return error::None;
 }
 
diff --git a/server/upgrade-support.cpp b/server/upgrade-support.cpp
index 3afad93019a0ff8bb078c8d1583d7751cabda264..8fb3538b7ce2649f1b776185a342b94d75a6a6df 100644 (file)
--- a/server/upgrade-support.cpp
+++ b/server/upgrade-support.cpp
@@ -256,14 +256,18 @@ void createUpgradeFlag()
        file.create(S_IRUSR | S_IWUSR); // 0600
 }
 
-bool removeUpgradeFlag()
+void removeUpgradeFlag()
 {
        runtime::File file(UPGRADE_FLAG_PATH);
        bool exists = file.exists();
        if (exists)
                file.remove();
+}
 
-       return exists;
+bool checkUpgradeFlag()
+{
+       runtime::File file(UPGRADE_FLAG_PATH);
+       return file.exists();
 }
 
 } // namespace UpgradeSupport
diff --git a/server/upgrade-support.h b/server/upgrade-support.h
index 2854072f87c4bce65b6f0ba3078dcb4d86e15c80..ad47acfc0f9bf6121dc23d6eb9dab877e043dd23 100644 (file)
--- a/server/upgrade-support.h
+++ b/server/upgrade-support.h
@@ -29,7 +29,8 @@ void storeMasterKey(const std::string &device, const BinaryData& key);
 BinaryData loadMasterKey(const std::string &device);
 void removeMasterKey(const std::string &device);
 void createUpgradeFlag();
-bool removeUpgradeFlag();
+void removeUpgradeFlag();
+bool checkUpgradeFlag();
 
 } // namespace UpgradeSupport
 
Domain: Security / Utilities;