From: so.yu Date: Mon, 24 Jun 2013 07:48:23 +0000 (+0900) Subject: Remove the trust zone service X-Git-Tag: submit/tizen_2.2/20130714.153031~4 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=c6b301cde47d048804423ed1332b476a76687cc8;p=framework%2Fosp%2Fsecurity-service.git Remove the trust zone service Change-Id: Ie7a49d75064659c84fe3509d0a17b719faac3b14 Signed-off-by: so.yu --- diff --git a/CMakeLists.txt b/CMakeLists.txt index 7c36100..1746045 100755 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -29,8 +29,6 @@ SET (${this_target}_SOURCE_FILES ## CertificateService src/CertificateService.cpp src/CertificateServiceStub.cpp -## TrustZoneService - src/TrustZoneService.cpp ) ## SET EXTRA COMPILER FLAGS @@ -53,7 +51,7 @@ ADD_EXECUTABLE (${this_target} ${${this_target}_SOURCE_FILES}) TARGET_LINK_LIBRARIES(${this_target} -Xlinker --no-undefined -Xlinker --as-needed -pie) TARGET_LINK_LIBRARIES(${this_target} -Xlinker --version-script=${CMAKE_CURRENT_SOURCE_DIR}/system-service-export.ver) -TARGET_LINK_LIBRARIES(${this_target} -L/usr/lib/osp -losp-appfw -lchromium -ltzsvc) +TARGET_LINK_LIBRARIES(${this_target} -L/usr/lib/osp -losp-appfw -lchromium) TARGET_LINK_LIBRARIES(${this_target} "-L/usr/lib/osp-server -losp-appfw-server") ## Cory additional info diff --git a/inc/TrustZoneService.h b/inc/TrustZoneService.h deleted file mode 100644 index b8fee34..0000000 --- a/inc/TrustZoneService.h +++ /dev/null @@ -1,72 +0,0 @@ -// -// Copyright (c) 2012-2013 Samsung Electronics Co., Ltd. -// -// Licensed under the Apache License, Version 2.0 (the License); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - -/** - * @file TrustZoneService.h - * @brief This is the header file of the TrustZone Service. - */ - -#ifndef _TRUST_ZONE_SERVICE_H_ -#define _TRUST_ZONE_SERVICE_H_ - -#include -#include - -namespace Tizen { namespace Io -{ - //class _IpcServer; - //class _IpcBuffer; -}} - -namespace IPC -{ - class Message; -} - -namespace Tizen { namespace Base -{ - class String; -}} - -class _OSP_EXPORT_ TrustZoneService - : public Tizen::Io::_IIpcServerEventListener -{ - -public: - TrustZoneService(void); - ~TrustZoneService(void); - result Construct(void); - -public: - - virtual void OnIpcServerStarted(const Tizen::Io::_IpcServer& server); - virtual void OnIpcServerStopped(const Tizen::Io::_IpcServer& server); - virtual void OnIpcClientConnected(const Tizen::Io::_IpcServer& server, int clientId); - virtual void OnIpcClientDisconnected(const Tizen::Io::_IpcServer& server, int clientId); - virtual void OnIpcRequestReceived(Tizen::Io::_IpcServer& server, const IPC::Message& message); - - bool OnEncrypt(const Tizen::Base::ByteBuffer& appInfo, const Tizen::Base::ByteBuffer& plainBuffer, Tizen::Io::_IpcBuffer* encryptedBuffer, result* pRes); - bool OnDecrypt(const Tizen::Base::ByteBuffer& appInfo, const Tizen::Base::ByteBuffer& encryptedBuffer, Tizen::Io::_IpcBuffer* plainBuffer, result* pRes); - result Encrypt(const Tizen::Base::ByteBuffer& appInfo, const Tizen::Base::ByteBuffer& plainBuffer, byte** pBuffer, int& pBufferSize); - result Decrypt(const Tizen::Base::ByteBuffer& appInfo, const Tizen::Base::ByteBuffer& encryptedBuffer, byte** pBuffer, int& pBufferSize); - -private: - int SetPadding(const byte* pData, int dataLen, byte** ppOutData, int* outLen); -private: - Tizen::Io::_IpcServer* __pIpcServer; -}; // TrustZoneService - -#endif // _TRUST_ZONE_SERVICE_H_ diff --git a/packaging/osp-security-service.spec b/packaging/osp-security-service.spec index 83dbc5b..c4a6878 100755 --- a/packaging/osp-security-service.spec +++ b/packaging/osp-security-service.spec @@ -1,7 +1,7 @@ Name: osp-security-service Summary: osp security service -Version: 1.2.1.0 -Release: 2 +Version: 1.2.2.0 +Release: 1 Group: TO_BE/FILLED_IN License: TO_BE/FILLED_IN Source0: %{name}-%{version}.tar.gz @@ -13,7 +13,6 @@ BuildRequires: pkgconfig(pkgmgr) BuildRequires: pkgconfig(glib-2.0) BuildRequires: pkgconfig(osp-appfw) BuildRequires: osp-appfw-internal-devel -BuildRequires: libcryptsvc-devel BuildRequires: hash-signer # smack domain requires diff --git a/src/SecurityService.cpp b/src/SecurityService.cpp index 55bfe36..41f9e56 100644 --- a/src/SecurityService.cpp +++ b/src/SecurityService.cpp @@ -26,7 +26,6 @@ #include "SecurityService.h" #include "PrivilegeService.h" #include "CertificateService.h" -#include "TrustZoneService.h" using namespace Tizen::System; using namespace Tizen::App; @@ -90,10 +89,6 @@ SecurityService::OnAppInitializing(AppRegistry& appRegistry) r = __pCertificateService->Construct(); TryCatchTag(OSP_SECURITY_SERVICE, r == E_SUCCESS, r = E_SYSTEM; ret = true, "[E_SYSTEM] An unexpected system error occurred."); - __pTrustZoneService = new (std::nothrow) TrustZoneService(); - r = __pTrustZoneService->Construct(); - TryCatchTag(OSP_SECURITY_SERVICE, r == E_SUCCESS, r = E_SYSTEM; ret = true, "[E_SYSTEM] An unexpected system error occurred."); - AppLog("Exit"); return ret; diff --git a/src/TrustZoneService.cpp b/src/TrustZoneService.cpp deleted file mode 100755 index c60846e..0000000 --- a/src/TrustZoneService.cpp +++ /dev/null @@ -1,279 +0,0 @@ -// -// Copyright (c) 2012-2013 Samsung Electronics Co., Ltd. -// -// Licensed under the Apache License, Version 2.0 (the License); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - -/** - * @file TrustZoneService.cpp - * @brief This is the implementation file for TrustZoneService class. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "TrustZoneService.h" - -using namespace Tizen::Base; -using namespace Tizen::App; -using namespace Tizen::Io; -using namespace Tizen::Security; - -static const int TRUST_ZONE_HASH_LEN = 32; -static const int NON_TRUST_ZONE_HASH_LEN = 20; -static const int TRUST_ZONE_CHUNK_LEN = 1024; -static const int TRUST_ZONE_CIPHER_BLOCK_LEN = 1116; -static const int AES_CIPHER_BLCOK_LEN = 16; - - -TrustZoneService::TrustZoneService(void) - : __pIpcServer(null) -{ - -} - -TrustZoneService::~TrustZoneService(void) -{ - delete __pIpcServer; -} - - -result -TrustZoneService::Construct(void) -{ - result r = E_SUCCESS; - - __pIpcServer = new (std::nothrow) _IpcServer(); - TryReturnResult(__pIpcServer != null, E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] The memory is insufficient."); - - r = __pIpcServer->Construct("osp.security.ipcserver.trustzoneservice", *this); - TryReturnResult(r == E_SUCCESS, E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred."); - - return r; -} - -void -TrustZoneService::OnIpcServerStarted(const _IpcServer& server) -{ - -} - -void -TrustZoneService::OnIpcServerStopped(const _IpcServer& server) -{ - -} - -void -TrustZoneService::OnIpcClientConnected(const _IpcServer& server, int clientId) -{ - -} - -void -TrustZoneService::OnIpcClientDisconnected(const _IpcServer&server, int clientId) -{ - -} - -int -TrustZoneService::SetPadding(const byte* pData, int dataLen, byte** ppOutData, int* outLen) -{ - result r = E_SUCCESS; - int paddingSize = 0; - std::unique_ptr pOutput; - -#ifdef _TRUST_ZONE_ - if(dataLen % TRUST_ZONE_CHUNK_LEN == 0) - { - paddingSize = 0; - } - else - { - paddingSize = TRUST_ZONE_CHUNK_LEN - (dataLen % TRUST_ZONE_CHUNK_LEN); - } -#else - if(dataLen % AES_CIPHER_BLCOK_LEN == 0) - { - paddingSize = 0; - } - else - { - paddingSize = AES_CIPHER_BLCOK_LEN - (dataLen % AES_CIPHER_BLCOK_LEN); - } -#endif - - *outLen = paddingSize + dataLen; - pOutput = std::unique_ptr (new (std::nothrow) byte[dataLen + paddingSize]); - TryReturnResult(pOutput != null, 0, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Allocating new byte array failed."); - - memcpy(pOutput.get(), pData, dataLen); - if(paddingSize != 0) - memset(pOutput.get() + dataLen, 0, paddingSize); - *ppOutData = pOutput.release(); - - SetLastResult(r); - return paddingSize; -} - -result -TrustZoneService::Encrypt(const ByteBuffer& appInfo, const ByteBuffer& plainBuffer, byte** ppBuffer, int& bufferSize) -{ - result r = E_SUCCESS; - int tzResult = 0; - int encryptedSize = 0; - int wrapAppInfoLen = 0; - int tempDataLen = 0; - int paddingSize = 0; - byte* pData = null; - byte* pTempData = null; - byte* pAppInfo = null; - byte* pOutput = null; - - pData = const_cast< byte* >(plainBuffer.GetPointer()); - TryReturnResult(pData != null, E_INVALID_ARG, E_INVALID_ARG, "[E_INVALID_ARG] Input data should be valid."); - - pAppInfo = const_cast< byte* >(appInfo.GetPointer()); - TryReturnResult(pAppInfo != null, E_INVALID_ARG, E_INVALID_ARG, "[E_INVALID_ARG] Input data should be valid."); - - paddingSize = SetPadding(pData, plainBuffer.GetRemaining(), &pTempData, &tempDataLen); - r = GetLastResult(); - TryReturnResult(r == E_SUCCESS, r, r, "[%s] Failed to set padding.", GetErrorMessage(r)); - - encryptedSize = SecGetCipherLen(tempDataLen); - TryReturnResult(encryptedSize != 0, E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Trust Zone error occurred. "); - - byte encryptedData[encryptedSize]; - memset(encryptedData, 0, encryptedSize); -#ifdef _TRUST_ZONE_ - wrapAppInfoLen = SecGetCipherLen(TRUST_ZONE_HASH_LEN); -#else - wrapAppInfoLen = NON_TRUST_ZONE_HASH_LEN; -#endif - byte wrapAppInfo[wrapAppInfoLen]; - memset(wrapAppInfo, 0, wrapAppInfoLen); - - tzResult = SecEncryptTZCrypt(pTempData, tempDataLen, encryptedData, reinterpret_cast(&encryptedSize), pAppInfo, appInfo.GetRemaining(), wrapAppInfo, reinterpret_cast(&wrapAppInfoLen)); - delete[] pTempData; - TryReturnResult(tzResult == 0, E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to encrypt data (error code = %d). ", tzResult); - - pOutput = new (std::nothrow) byte[wrapAppInfoLen + encryptedSize + sizeof(int)]; - - memcpy(pOutput, &paddingSize, sizeof(int)); - memcpy(pOutput + sizeof(int), wrapAppInfo, wrapAppInfoLen); - memcpy(pOutput + sizeof(int) + wrapAppInfoLen, encryptedData, encryptedSize); - - *ppBuffer = pOutput; - bufferSize = wrapAppInfoLen + encryptedSize + sizeof(int); - - return r; -} - -result -TrustZoneService::Decrypt(const ByteBuffer& appInfo, const ByteBuffer& encryptedBuffer, byte** ppBuffer, int& bufferSize) -{ - result r = E_SUCCESS; - int tzResult = 0; - int decryptedSize = 0; - int encryptedSize = 0; - int wrapAppInfoLen = 0; - int paddingSize = 0; - byte* pData = null; - byte* pAppInfo = null; - byte* pOutput = null; - - pData = const_cast< byte* >(encryptedBuffer.GetPointer()); - TryReturnResult(pData != null, E_INVALID_ARG, E_INVALID_ARG, "[E_INVALID_ARG] Input data should be valid."); - - pAppInfo = const_cast< byte* >(appInfo.GetPointer()); - TryReturnResult(pAppInfo != null, E_INVALID_ARG, E_INVALID_ARG, "[E_INVALID_ARG] Input data should be valid."); - -#ifdef _TRUST_ZONE_ - wrapAppInfoLen = SecGetCipherLen(TRUST_ZONE_HASH_LEN); -#else - wrapAppInfoLen = NON_TRUST_ZONE_HASH_LEN; -#endif - - memcpy(&paddingSize, pData, sizeof(int)); - byte wrapAppInfo[wrapAppInfoLen]; - memcpy(wrapAppInfo, pData + sizeof(int), wrapAppInfoLen); - - encryptedSize = encryptedBuffer.GetRemaining()-wrapAppInfoLen-sizeof(int); -#ifdef _TRUST_ZONE_ - TryReturnResult((encryptedSize > 0)&&(encryptedSize % TRUST_ZONE_CIPHER_BLOCK_LEN == 0), E_INVALID_ARG, E_INVALID_ARG, "[E_INVALID_ARG] Input data (encrypted size = %d) should be valid.", encryptedSize); -#else - TryReturnResult(encryptedSize > 0, E_INVALID_ARG, E_INVALID_ARG, "[E_INVALID_ARG] Input data (encrypted size = %d) should be valid.", encryptedSize); -#endif - decryptedSize = encryptedSize; - byte decryptedData[decryptedSize]; - memset(decryptedData, 0, decryptedSize); - - tzResult = SecDecryptTZCrypt(pData+wrapAppInfoLen+sizeof(int), encryptedSize, decryptedData, reinterpret_cast(&decryptedSize), \ - pAppInfo, appInfo.GetRemaining(), wrapAppInfo, static_cast(wrapAppInfoLen)); - TryReturnResult(tzResult == 0, E_SYSTEM, E_SYSTEM, "[E_SYSTEM] Failed to decrypt data (error code = %d)", tzResult); - - pOutput = new (std::nothrow) byte[decryptedSize - paddingSize]; - - memcpy(pOutput, decryptedData, decryptedSize-paddingSize); - - *ppBuffer = pOutput; - bufferSize = decryptedSize-paddingSize; - - return r; -} - -bool -TrustZoneService::OnEncrypt(const ByteBuffer& appInfo, const ByteBuffer& plainBuffer, _IpcBuffer* ipcBuffer, result *pRes) -{ - byte* pBuffer = null; - int bufferSize = 0; - - *pRes = Encrypt(appInfo, plainBuffer, &pBuffer, bufferSize); - ipcBuffer->pBuffer = static_cast(pBuffer); - ipcBuffer->size = bufferSize; - - return true; -} - -bool -TrustZoneService::OnDecrypt(const ByteBuffer& appInfo, const ByteBuffer& encryptedBuffer, _IpcBuffer* ipcBuffer, result *pRes) -{ - byte* pBuffer = null; - int bufferSize = 0; - - *pRes = Decrypt(appInfo, encryptedBuffer, &pBuffer, bufferSize); - ipcBuffer->pBuffer = static_cast(pBuffer); - ipcBuffer->size = bufferSize; - - return true; -} - -void -TrustZoneService::OnIpcRequestReceived(_IpcServer& server, const IPC::Message& message) -{ - IPC_BEGIN_MESSAGE_MAP(TrustZoneService, message) - IPC_MESSAGE_HANDLER(TrustZoneService_Encrypt, OnEncrypt, &server) - IPC_MESSAGE_HANDLER(TrustZoneService_Decrypt, OnDecrypt, &server) - IPC_END_MESSAGE_MAP() -} -