From: Kyungwook Tak Date: Wed, 27 Jul 2016 07:54:50 +0000 (+0900) Subject: [API changed] Add uid parameter X-Git-Tag: submit/tizen/20160811.013634^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=cc76acebe224f4b8a273752b2400190ab0aab679;p=platform%2Fcore%2Fsecurity%2Flibwebappenc.git [API changed] Add uid parameter Installer will be run as system (from user) so we cannot retrieve user id from client credential(by key-manager). Change-Id: I1e091bfc0b88fce418cd209a7a1adab021b6c0d2 Signed-off-by: Kyungwook Tak --- diff --git a/CMakeLists.txt b/CMakeLists.txt index 84dd0d5..436eb74 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -56,7 +56,6 @@ ADD_DEFINITIONS("-DAPI_VERSION=\"$(API_VERSION)\"") ADD_DEFINITIONS("-DSMACK_ENABLED") ADD_DEFINITIONS("-DSQLCIPHER_HAS_CODEC") ADD_DEFINITIONS("-DBINDIR=\"${BINDIR}\"") -ADD_DEFINITIONS("-DINSTALLER_LABEL=\"${INSTALLER_LABEL}\"") # IF (CMAKE_BUILD_TYPE MATCHES "DEBUG") ADD_DEFINITIONS("-DTIZEN_DEBUG_ENABLE") diff --git a/include/web_app_enc.h b/include/web_app_enc.h index c876792..47cbe78 100644 --- a/include/web_app_enc.h +++ b/include/web_app_enc.h @@ -14,7 +14,7 @@ * limitations under the License * * @file web_app_enc.h - * @version 1.0 + * @version 2.0 * @brief APIs of WEB_APP_ENC module. */ #ifndef __WEB_APP_ENC__ @@ -25,6 +25,8 @@ extern "C" { #endif #include +#include +#include /** * @addtogroup CAPI_WEB_APP_ENC_MODULE @@ -49,24 +51,40 @@ typedef enum { } wae_error_e; /** - * @brief Application Type. + * @brief Encrypts web application data + * * @since_tizen 3.0 + * @param[in] uid User id of the application being encrypted + * @param[in] pkg_id The package id of an application + * @param[in] data The data block to be encrypted + * @param[in] data_len The length of @a data + * @param[out] pencrypted_data The encrypted data block which must be freed by free() + * @param[out] pencrypted_data_len The length of data pointed by @a pencrypted_data + * + * @return #WAE_ERROR_NONE on success, otherwise a negative error value + * @retval #WAE_ERROR_INVALID_PARAMETER Invalid input parameter + * @retval #WAE_ERROR_PERMISSION_DENIED Non-authenticated application request + * @retval #WAE_ERROR_NO_KEY No internal key + * @retval #WAE_ERROR_KEY_MANAGER key-manager internal error + * @retval #WAE_ERROR_CRYPTO failed in crypto operation + * @retval #WAE_ERROR_UNKNOWN Failed with unknown reason + * + * @see wae_decrypt_web_application() + * @see wae_remove_app_dek() */ -typedef enum { - WAE_DOWNLOADED_NORMAL_APP = 0, /**< Downloaded Normal Application*/ - WAE_DOWNLOADED_GLOBAL_APP = 1, /**< Downloaded Global Application*/ - WAE_PRELOADED_APP = 2 /**< Preloaded Application*/ -} wae_app_type_e; +int wae_encrypt_web_application(uid_t uid, const char *pkg_id, + const unsigned char *data, size_t data_len, + unsigned char **pencrypted_data, size_t *pencrypted_data_len); /** - * @brief Encrypts web application data with internal key(APP DEK: Application Data Encryption Key). + * @brief Encrypts global web application data * * @since_tizen 3.0 * @param[in] pkg_id The package id of an application - * @param[in] app_type The application type + * @param[in] is_preloaded Whether the package is preloaded or not * @param[in] data The data block to be encrypted * @param[in] data_len The length of @a data - * @param[out] pencrypted_data The data block contaning encrypted data block which must be freed by free() + * @param[out] pencrypted_data The encrypted data block which must be freed by free() * @param[out] pencrypted_data_len The length of data pointed by @a pencrypted_data * * @return #WAE_ERROR_NONE on success, otherwise a negative error value @@ -77,21 +95,22 @@ typedef enum { * @retval #WAE_ERROR_CRYPTO failed in crypto operation * @retval #WAE_ERROR_UNKNOWN Failed with unknown reason * - * @see wae_decrypt_web_application() + * @see wae_decrypt_global_web_application() + * @see wae_remove_global_app_dek() */ -int wae_encrypt_web_application(const char *pkg_id, wae_app_type_e app_type, - const unsigned char *data, size_t data_len, - unsigned char **pencrypted_data, size_t *pencrypted_data_len); +int wae_encrypt_global_web_application(const char *pkg_id, bool is_preloaded, + const unsigned char *data, size_t data_len, + unsigned char **pencrypted_data, size_t *pencrypted_data_len); /** - * @brief Encrypts web application data with internal key. + * @brief Decrypts web application data. * * @since_tizen 3.0 + * @param[in] uid User id of the application being decrypted * @param[in] pkg_id The package id of an application - * @param[in] app_type The application type * @param[in] data The data block to be decrypted * @param[in] data_len The length of @a data - * @param[out] pdecrypted_data Data block contaning decrypted data block which must be freed by free() + * @param[out] pdecrypted_data The decrypted data block which must be freed by free() * @param[out] pdecrypted_data_len The length of data pointed by @a pdecrypted_data * * @return #WAE_ERROR_NONE on success, otherwise a negative error value @@ -103,17 +122,44 @@ int wae_encrypt_web_application(const char *pkg_id, wae_app_type_e app_type, * @retval #WAE_ERROR_UNKNOWN Failed with unknown reason * * @see wae_encrypt_web_application() + * @see wae_remove_app_dek() */ -int wae_decrypt_web_application(const char *pkg_id, wae_app_type_e app_type, +int wae_decrypt_web_application(uid_t uid, const char *pkg_id, const unsigned char *data, size_t data_len, unsigned char **pdecrypted_data, size_t *pdecrypted_data_len); /** - * @brief Remove a APP DEK(Application Data Encryption Key) used for encrytpion and decryption of a web application. + * @brief Decrypts global web application data. + * + * @since_tizen 3.0 + * @param[in] pkg_id The package id of an application + * @param[in] is_preloaded Whether the package is preloaded or not + * @param[in] data The data block to be decrypted + * @param[in] data_len The length of @a data + * @param[out] pdecrypted_data The decrypted data block which must be freed by free() + * @param[out] pdecrypted_data_len The length of data pointed by @a pdecrypted_data + * + * @return #WAE_ERROR_NONE on success, otherwise a negative error value + * @retval #WAE_ERROR_INVALID_PARAMETER Invalid input parameter + * @retval #WAE_ERROR_PERMISSION_DENIED Non-authenticated application request + * @retval #WAE_ERROR_NO_KEY No internal key + * @retval #WAE_ERROR_KEY_MANAGER key-manager internal error + * @retval #WAE_ERROR_CRYPTO failed in crypto operation + * @retval #WAE_ERROR_UNKNOWN Failed with unknown reason + * + * @see wae_encrypt_global_web_application() + * @see wae_remove_global_app_dek() + */ +int wae_decrypt_global_web_application(const char *pkg_id, bool is_preloaded, + const unsigned char *data, size_t data_len, + unsigned char **pdecrypted_data, size_t *pdecrypted_data_len); + +/** + * @brief Remove key used for encryption the web application. * * @since_tizen 3.0 + * @param[in] uid User id of the application being uninstalled * @param[in] pkg_id The package id of an application - * @param[in] app_type The application type * * @return #WAE_ERROR_NONE on success, otherwise a negative error value * @retval #WAE_ERROR_INVALID_PARAMETER Invalid input parameter @@ -122,8 +168,29 @@ int wae_decrypt_web_application(const char *pkg_id, wae_app_type_e app_type, * @retval #WAE_ERROR_KEY_MANAGER key-manager internal error * @retval #WAE_ERROR_UNKNOWN Failed with unknown reason * + * @see wae_encrypt_web_application() + * @see wae_decrypt_web_application() + */ +int wae_remove_app_dek(uid_t uid, const char *pkg_id); + +/** + * @brief Remove key used for encryption the global web application. + * + * @since_tizen 3.0 + * @param[in] pkg_id The package id of an application + * @param[in] is_preloaded Whether the package is preloaded or not + * + * @return #WAE_ERROR_NONE on success, otherwise a negative error value + * @retval #WAE_ERROR_INVALID_PARAMETER Invalid input parameter + * @retval #WAE_ERROR_PERMISSION_DENIED Non-authenticated application request + * @retval #WAE_ERROR_NO_KEY No internal key + * @retval #WAE_ERROR_KEY_MANAGER key-manager internal error + * @retval #WAE_ERROR_UNKNOWN Failed with unknown reason + * + * @see wae_encrypt_global_web_application() + * @see wae_decrypt_global_web_application() */ -int wae_remove_app_dek(const char *pkg_id, wae_app_type_e app_type); +int wae_remove_global_app_dek(const char *pkg_id, bool is_preloaded); /** * @} diff --git a/packaging/libwebappenc-test.manifest.in b/packaging/libwebappenc-test.manifest.in index 13d4d92..0e22627 100644 --- a/packaging/libwebappenc-test.manifest.in +++ b/packaging/libwebappenc-test.manifest.in @@ -3,6 +3,6 @@ - + diff --git a/packaging/libwebappenc.spec b/packaging/libwebappenc.spec index ed5434a..7d796f9 100644 --- a/packaging/libwebappenc.spec +++ b/packaging/libwebappenc.spec @@ -37,7 +37,6 @@ Requires: %{name} = %{version}-%{release} %description test Web application encryption and decryption service (test) -%define installer_label "User" %define bin_dir %TZ_SYS_BIN %define rw_share_dir %TZ_SYS_SHARE @@ -53,8 +52,7 @@ Web application encryption and decryption service (test) -DSYSTEMD_UNIT_DIR=%{_unitdir} \ -DCMAKE_BUILD_TYPE=%{build_type} \ -DRW_SHARE_DIR=%rw_share_dir \ - -DBINDIR=%bin_dir \ - -DINSTALLER_LABEL=%installer_label + -DBINDIR=%bin_dir make %{?jobs:-j%jobs} diff --git a/srcs/key_handler.c b/srcs/key_handler.c index af7280b..cf3de1d 100644 --- a/srcs/key_handler.c +++ b/srcs/key_handler.c @@ -29,6 +29,7 @@ #include +#include "web_app_enc.h" #include "wae_log.h" #include "crypto_service.h" #include "key_manager.h" @@ -56,19 +57,28 @@ static void deinit_lib(void) crypto_element_map_destroy(_map); } -static const crypto_element_s *_get_app_ce_from_cache(const char *pkg_id) +char *_create_map_key(uid_t uid, const char *pkg_id) { - return crypto_element_map_get(_map, pkg_id); + char *key = NULL; + + int ret = asprintf(&key, "%u-%s", uid, pkg_id); + + return (ret == -1) ? NULL : key; } -static int _add_app_ce_to_cache(const char *pkg_id, crypto_element_s *ce) +static const crypto_element_s *_get_app_ce_from_cache(const char *key) { - return crypto_element_map_add(&_map, pkg_id, ce); + return crypto_element_map_get(_map, key); } -void _remove_app_ce_from_cache(const char *pkg_id) +static int _add_app_ce_to_cache(const char *key, crypto_element_s *ce) { - crypto_element_map_remove(&_map, pkg_id); + return crypto_element_map_add(&_map, key, ce); +} + +void _remove_app_ce_from_cache(const char *key) +{ + crypto_element_map_remove(&_map, key); } int _get_random(raw_buffer_s *rb) @@ -110,13 +120,13 @@ static const char *_get_dek_store_path() static int _write_to_file(const char *path, const raw_buffer_s *data) { - if (path == NULL || data == NULL || data->buf == NULL || data->size == 0) + if (path == NULL || !is_buffer_valid(data)) return WAE_ERROR_INVALID_PARAMETER; FILE *f = fopen(path, "w"); if (f == NULL) { - WAE_SLOGE("WAE: Fail to open a file. file=%s", path); + WAE_SLOGE("Failed to open a file(%s)", path); return WAE_ERROR_FILE; } @@ -125,7 +135,7 @@ static int _write_to_file(const char *path, const raw_buffer_s *data) fclose(f); if (write_len != (int)data->size) { - WAE_SLOGE("WAE: Fail to write a file. file=%s", path); + WAE_SLOGE("Failed to write a file(%s)", path); return WAE_ERROR_FILE; } @@ -226,110 +236,145 @@ int _write_encrypted_app_dek_to_file(const char *pkg_id, const raw_buffer_s *enc return _write_to_file(path, encrypted); } -int get_app_ce(const char *pkg_id, wae_app_type_e app_type, bool create_for_migrated_app, - const crypto_element_s **pce) +int get_app_ce(uid_t uid, const char *pkg_id, wae_app_type_e app_type, + bool create_for_migrated_app, const crypto_element_s **pce) { if (pkg_id == NULL || pce == NULL) return WAE_ERROR_INVALID_PARAMETER; - const crypto_element_s *cached_ce = _get_app_ce_from_cache(pkg_id); + if (uid == 0 && app_type == WAE_DOWNLOADED_NORMAL_APP) + return WAE_ERROR_INVALID_PARAMETER; + + const char *key = NULL; + char *_key_per_user = NULL; + + if (app_type == WAE_DOWNLOADED_NORMAL_APP) { + _key_per_user = _create_map_key(uid, pkg_id); + if (_key_per_user == NULL) + return WAE_ERROR_MEMORY; + + key = _key_per_user; + } else { + key = pkg_id; + } + + int ret = WAE_ERROR_NONE; + const crypto_element_s *cached_ce = _get_app_ce_from_cache(key); if (cached_ce != NULL) { - WAE_SLOGD("cache hit of app ce for pkg_id(%s)", pkg_id); + WAE_SLOGD("cache hit of app ce for key(%s)", key); *pce = cached_ce; - return WAE_ERROR_NONE; + goto finish; } - WAE_SLOGD("cache miss of app ce for pkg_id(%s)", pkg_id); + WAE_SLOGD("cache miss of app ce for key(%s)", key); crypto_element_s *ce = NULL; - int ret = get_from_key_manager(pkg_id, app_type, &ce); + ret = get_from_key_manager(key, app_type, &ce); if (create_for_migrated_app && (ret == WAE_ERROR_NO_KEY && app_type == WAE_DOWNLOADED_GLOBAL_APP)) { - WAE_SLOGI("No dek found for pkg_id(%s)! It should be migrated app.", pkg_id); + WAE_SLOGI("No dek found for key(%s)! It should be migrated app.", key); - if ((ret = get_old_ss_crypto_element(pkg_id, &ce)) != WAE_ERROR_NONE) - goto error; + if ((ret = get_old_ss_crypto_element(key, &ce)) != WAE_ERROR_NONE) + goto finish; // (k.tak) disable to save ce to key-maanger for migrated app because of permission issue. - //ret = save_to_key_manager(pkg_id, app_type, ce); + //ret = save_to_key_manager(key, pkg_id, app_type, ce); //if (ret != WAE_ERROR_NONE) { // WAE_SLOGW("Failed to save migrated app ce to key-manager with ret(%d). " // "Ignore this error because we can create ce later again.", ret); // ret = WAE_ERROR_NONE; //} } else if (ret != WAE_ERROR_NONE) { - WAE_SLOGE("Failed to get crypto element from key-manager. pkg_id=%s, ret=%d", - pkg_id, ret); - goto error; + WAE_SLOGE("Failed to get crypto element from key-manager. key(%s) ret(%d)", + key, ret); + goto finish; } - ret = _add_app_ce_to_cache(pkg_id, ce); + ret = _add_app_ce_to_cache(key, ce); if (ret != WAE_ERROR_NONE) { - WAE_SLOGE("Failed to add ce to cache for pkg_id(%s) ret(%d)", pkg_id, ret); - goto error; + WAE_SLOGE("Failed to add ce to cache for key(%s) ret(%d)", key, ret); + goto finish; } *pce = ce; - WAE_SLOGD("Successfully get ce! pkgid(%s)", pkg_id); + WAE_SLOGD("Successfully get ce! key(%s)", key); - return WAE_ERROR_NONE; +finish: + free(_key_per_user); -error: - crypto_element_destroy(ce); + if (ret != WAE_ERROR_NONE) + crypto_element_destroy(ce); return ret; } -int create_app_ce(const char *pkg_id, wae_app_type_e app_type, const crypto_element_s **pce) +int create_app_ce(uid_t uid, const char *pkg_id, wae_app_type_e app_type, + const crypto_element_s **pce) { raw_buffer_s *dek = buffer_create(DEK_LEN); raw_buffer_s *iv = buffer_create(IV_LEN); crypto_element_s *ce = crypto_element_create(dek, iv); int ret = WAE_ERROR_NONE; + const char *key = NULL; + char *_key_per_user = NULL; if (ce == NULL) { ret = WAE_ERROR_MEMORY; goto error; } + if (app_type == WAE_DOWNLOADED_NORMAL_APP) { + _key_per_user = _create_map_key(uid, pkg_id); + if (_key_per_user == NULL) { + ret = WAE_ERROR_MEMORY; + goto error; + } + + key = _key_per_user; + } else { + key = pkg_id; + } + memcpy(ce->iv->buf, AES_CBC_IV, ce->iv->size); ret = _get_random(dek); if (ret != WAE_ERROR_NONE) { - WAE_SLOGE("Failed to get random for dek. pkg_id(%s) ret(%d)", pkg_id, ret); + WAE_SLOGE("Failed to get random for dek. key(%s) ret(%d)", key, ret); goto error; } - ret = save_to_key_manager(pkg_id, app_type, ce); + ret = save_to_key_manager(key, pkg_id, app_type, ce); if (ret != WAE_ERROR_NONE) { - WAE_SLOGE("Failed to save ce to key-manager. pkg_id(%s) app_type(%d) ret(%d)", - pkg_id, app_type, ret); + WAE_SLOGE("Failed to save ce to key-manager. key(%s) app_type(%d) ret(%d)", + key, app_type, ret); goto error; } - ret = _add_app_ce_to_cache(pkg_id, ce); + ret = _add_app_ce_to_cache(key, ce); if (ret != WAE_ERROR_NONE) { - WAE_SLOGE("Failed to add ce to cache for pkg_id(%s) ret(%d)", pkg_id, ret); + WAE_SLOGE("Failed to add ce to cache for key(%s) ret(%d)", key, ret); goto error; } *pce = ce; - WAE_SLOGI("Success to create dek/iv and store it in key-manager. pkg_id(%s)", pkg_id); - - return WAE_ERROR_NONE; + WAE_SLOGI("Success to create dek/iv and store it in key-manager. key(%s)", key); error: - if (ce == NULL) { - buffer_destroy(dek); - buffer_destroy(iv); - } else { - crypto_element_destroy(ce); + if (ret != WAE_ERROR_NONE) { + if (ce == NULL) { + buffer_destroy(dek); + buffer_destroy(iv); + } else { + crypto_element_destroy(ce); + } } + free(_key_per_user); + return ret; } @@ -542,7 +587,7 @@ int load_preloaded_app_deks(bool reload) continue; } - ret = save_to_key_manager(pkg_id, WAE_PRELOADED_APP, ce); + ret = save_to_key_manager(pkg_id, pkg_id, WAE_PRELOADED_APP, ce); if (ret == WAE_ERROR_KEY_EXISTS) { WAE_SLOGI("Key Manager already has dek. It will be ignored. file=%s", @@ -574,16 +619,34 @@ error: return ret; } -int remove_app_ce(const char *pkg_id, wae_app_type_e app_type) +int remove_app_ce(uid_t uid, const char *pkg_id, wae_app_type_e app_type) { - int ret = remove_from_key_manager(pkg_id, app_type); + if (uid == 0 && app_type == WAE_DOWNLOADED_NORMAL_APP) + return WAE_ERROR_INVALID_PARAMETER; + + const char *key = NULL; + char *_key_per_user = NULL; + + if (app_type == WAE_DOWNLOADED_NORMAL_APP) { + _key_per_user = _create_map_key(uid, pkg_id); + if (_key_per_user == NULL) + return WAE_ERROR_MEMORY; + + key = _key_per_user; + } else { + key = pkg_id; + } + + int ret = remove_from_key_manager(key, app_type); if (ret != WAE_ERROR_NONE) - WAE_SLOGE("Failed to remove app ce for pkg_id(%s) ret(%d)", pkg_id, ret); + WAE_SLOGE("Failed to remove app ce for key(%s) ret(%d)", key, ret); else - WAE_SLOGI("Success to remove app ce for pkg_id(%s)", pkg_id); + WAE_SLOGI("Success to remove app ce for key(%s)", key); + + _remove_app_ce_from_cache(key); - _remove_app_ce_from_cache(pkg_id); + free(_key_per_user); return ret; } diff --git a/srcs/key_handler.h b/srcs/key_handler.h index e64d81c..791e149 100644 --- a/srcs/key_handler.h +++ b/srcs/key_handler.h @@ -28,28 +28,30 @@ extern "C" { #include #include +#include -#include "web_app_enc.h" #include "types.h" #define MAX_PATH_LEN 512 /* functions with "_" prefix are internal static functions but declared here for testing */ -void _remove_app_ce_from_cache(const char *pkg_id); +char *_create_map_key(uid_t uid, const char *pkg_id); +void _remove_app_ce_from_cache(const char *key); int _get_random(raw_buffer_s *rb); int _get_preloaded_app_dek_file_path(const char *pkg_id, size_t size, char *path); int _read_encrypted_app_dek_from_file(const char *pkg_id, raw_buffer_s **pencrypted); int _write_encrypted_app_dek_to_file(const char *pkg_id, const raw_buffer_s *encrypted); /* functions for interface */ -int get_app_ce(const char *pkg_id, wae_app_type_e app_type, bool create_for_migrated_app, - const crypto_element_s **pce); -int create_app_ce(const char *pkg_id, wae_app_type_e app_type, +int get_app_ce(uid_t uid, const char *pkg_id, wae_app_type_e app_type, + bool create_for_migrated_app, const crypto_element_s **pce); +int create_app_ce(uid_t uid, const char *pkg_id, wae_app_type_e app_type, const crypto_element_s **pce); +int remove_app_ce(uid_t uid, const char *pkg_id, wae_app_type_e app_type); + int get_preloaded_app_ce(const char *pkg_id, const crypto_element_s **pce); int create_preloaded_app_ce(const char *pkg_id, const crypto_element_s **pce); int load_preloaded_app_deks(bool reload); -int remove_app_ce(const char *pkg_id, wae_app_type_e app_type); #ifdef __cplusplus } diff --git a/srcs/key_manager.c b/srcs/key_manager.c index 4ef5b8a..aeee748 100644 --- a/srcs/key_manager.c +++ b/srcs/key_manager.c @@ -27,6 +27,7 @@ #include +#include "web_app_enc.h" #include "wae_log.h" #define MAX_ALIAS_LEN 256 @@ -192,28 +193,14 @@ error: return ret; } -static void _get_alias(const char *pkg_id, wae_app_type_e type, bool forSave, +static void _get_alias(const char *name, UNUSED wae_app_type_e type, UNUSED bool forSave, char *alias, size_t buff_len) { - if (type == WAE_DOWNLOADED_NORMAL_APP) { - if (forSave) { - snprintf(alias, buff_len, "%s%s", - APP_DEK_ALIAS_PFX, - pkg_id); - } else { - snprintf(alias, buff_len, "%c%s%s%s%s", - '/', INSTALLER_LABEL, - ckmc_owner_id_separator, - APP_DEK_ALIAS_PFX, - pkg_id); - } - } else { // system alias - snprintf(alias, buff_len, "%s%s%s%s", - ckmc_owner_id_system, - ckmc_owner_id_separator, - APP_DEK_ALIAS_PFX, - pkg_id); - } + snprintf(alias, buff_len, "%s%s%s%s", + ckmc_owner_id_system, + ckmc_owner_id_separator, + APP_DEK_ALIAS_PFX, + name); } static void _get_dek_loading_done_alias(char *alias, size_t buff_len) @@ -276,16 +263,17 @@ int clear_app_deks_loaded_from_key_manager() return _to_wae_error(ckmc_remove_alias(alias)); } -int save_to_key_manager(const char *pkg_id, wae_app_type_e type, const crypto_element_s *ce) +int save_to_key_manager(const char *name, const char *pkg_id, wae_app_type_e type, + const crypto_element_s *ce) { char alias[MAX_ALIAS_LEN] = {0, }; - _get_alias(pkg_id, type, true, alias, sizeof(alias)); + _get_alias(name, type, true, alias, sizeof(alias)); ckmc_raw_buffer_s *buf = NULL; int ret = _serialize(ce, &buf); if (ret != WAE_ERROR_NONE) { - WAE_SLOGE("Failed to serialize crypto element of pkg_id: %s", pkg_id); + WAE_SLOGE("Failed to serialize crypto element of name(%s)", name); return ret; } @@ -298,8 +286,8 @@ int save_to_key_manager(const char *pkg_id, wae_app_type_e type, const crypto_el ckmc_buffer_free(buf); if (ret != WAE_ERROR_NONE) { - WAE_SLOGE("Failed to add crypto element to ckm: pkg_id(%s) alias(%s) ret(%d)", - pkg_id, alias, ret); + WAE_SLOGE("Failed to add crypto element to ckm: name(%s) alias(%s) ret(%d)", + name, alias, ret); return ret; } @@ -312,19 +300,19 @@ int save_to_key_manager(const char *pkg_id, wae_app_type_e type, const crypto_el return ret; } - WAE_SLOGI("Success to save crypto element to key-manager. pkg_id(%s)", pkg_id); + WAE_SLOGI("Success to save crypto element to key-manager. name(%s)", name); return WAE_ERROR_NONE; } -int get_from_key_manager(const char *pkg_id, wae_app_type_e type, crypto_element_s **pce) +int get_from_key_manager(const char *name, wae_app_type_e type, crypto_element_s **pce) { - if (pkg_id == NULL || pce == NULL) + if (name == NULL || pce == NULL) return WAE_ERROR_INVALID_PARAMETER; char alias[MAX_ALIAS_LEN] = {0, }; - _get_alias(pkg_id, type, false, alias, sizeof(alias)); + _get_alias(name, type, false, alias, sizeof(alias)); ckmc_raw_buffer_s *buf = NULL; int ret = _to_wae_error(ckmc_get_data(alias, NULL, &buf)); @@ -338,11 +326,11 @@ int get_from_key_manager(const char *pkg_id, wae_app_type_e type, crypto_element return ret; } -int remove_from_key_manager(const char *pkg_id, wae_app_type_e type) +int remove_from_key_manager(const char *name, wae_app_type_e type) { char alias[MAX_ALIAS_LEN] = {0, }; - _get_alias(pkg_id, type, true, alias, sizeof(alias)); + _get_alias(name, type, true, alias, sizeof(alias)); return _to_wae_error(ckmc_remove_alias(alias)); } diff --git a/srcs/key_manager.h b/srcs/key_manager.h index ec84561..4566b09 100644 --- a/srcs/key_manager.h +++ b/srcs/key_manager.h @@ -28,12 +28,12 @@ extern "C" { #include -#include "web_app_enc.h" #include "types.h" -int save_to_key_manager(const char *pkg_id, wae_app_type_e type, const crypto_element_s *ce); -int get_from_key_manager(const char *pkg_id, wae_app_type_e type, crypto_element_s **pce); -int remove_from_key_manager(const char *pkg_id, wae_app_type_e type); +int save_to_key_manager(const char *name, const char *pkg_id, wae_app_type_e type, + const crypto_element_s *ce); +int get_from_key_manager(const char *name, wae_app_type_e type, crypto_element_s **pce); +int remove_from_key_manager(const char *name, wae_app_type_e type); bool is_app_deks_loaded_in_key_manager(); int set_app_deks_loaded_to_key_manager(); diff --git a/srcs/types.h b/srcs/types.h index 7e27aeb..51ed9fc 100644 --- a/srcs/types.h +++ b/srcs/types.h @@ -29,6 +29,15 @@ extern "C" { #include #include +#define API __attribute__ ((visibility("default"))) +#define UNUSED __attribute__ ((unused)) + +typedef enum { + WAE_DOWNLOADED_NORMAL_APP = 0, + WAE_DOWNLOADED_GLOBAL_APP = 1, + WAE_PRELOADED_APP = 2 +} wae_app_type_e; + typedef struct _raw_buffer_s { unsigned char *buf; size_t size; diff --git a/srcs/web_app_enc.c b/srcs/web_app_enc.c index 22da420..5846105 100644 --- a/srcs/web_app_enc.c +++ b/srcs/web_app_enc.c @@ -30,7 +30,7 @@ #include "wae_log.h" int _wae_encrypt_downloaded_web_application( - const char *pkg_id, wae_app_type_e app_type, + uid_t uid, const char *pkg_id, wae_app_type_e app_type, const unsigned char *data, size_t data_len, unsigned char **pencrypted_data, size_t *pencrypted_data_len) { @@ -39,10 +39,10 @@ int _wae_encrypt_downloaded_web_application( return WAE_ERROR_INVALID_PARAMETER; const crypto_element_s *e = NULL; - int ret = get_app_ce(pkg_id, app_type, false, &e); + int ret = get_app_ce(uid, pkg_id, app_type, false, &e); if (ret == WAE_ERROR_NO_KEY) - ret = create_app_ce(pkg_id, app_type, &e); + ret = create_app_ce(uid, pkg_id, app_type, &e); if (ret != WAE_ERROR_NONE) return ret; @@ -64,7 +64,8 @@ int _wae_encrypt_downloaded_web_application( return WAE_ERROR_NONE; } -int _wae_decrypt_downloaded_web_application(const char *pkg_id, wae_app_type_e app_type, +int _wae_decrypt_downloaded_web_application( + uid_t uid, const char *pkg_id, wae_app_type_e app_type, const unsigned char *data, size_t data_len, unsigned char **pdecrypted_data, size_t *pdecrypted_data_len) { @@ -77,7 +78,7 @@ int _wae_decrypt_downloaded_web_application(const char *pkg_id, wae_app_type_e a _data.size = data_len; const crypto_element_s *ce = NULL; - int ret = get_app_ce(pkg_id, app_type, true, &ce); + int ret = get_app_ce(uid, pkg_id, app_type, true, &ce); if (ret != WAE_ERROR_NONE) return ret; @@ -134,40 +135,69 @@ int _wae_encrypt_preloaded_web_application(const char *pkg_id, return WAE_ERROR_NONE; } -int _wae_decrypt_preloaded_web_application(const char *pkg_id, wae_app_type_e app_type, +int _wae_decrypt_preloaded_web_application(const char *pkg_id, const unsigned char *data, size_t data_len, unsigned char **pdecrypted_data, size_t *pdecrypted_data_len) { // same with the decryption of downloaded web application - return _wae_decrypt_downloaded_web_application(pkg_id, app_type, + return _wae_decrypt_downloaded_web_application(0, pkg_id, WAE_PRELOADED_APP, data, data_len, pdecrypted_data, pdecrypted_data_len); } -int wae_encrypt_web_application(const char *pkg_id, wae_app_type_e app_type, - const unsigned char *data, size_t data_len, - unsigned char **pencrypted_data, size_t *pencrypted_data_len) +int wae_encrypt_web_application( + uid_t uid, const char *pkg_id, + const unsigned char *data, size_t data_len, + unsigned char **pencrypted_data, size_t *pencrypted_data_len) { - if (app_type == WAE_PRELOADED_APP) + return _wae_encrypt_downloaded_web_application( + uid, pkg_id, WAE_DOWNLOADED_NORMAL_APP, + data, data_len, pencrypted_data, pencrypted_data_len); +} + +int wae_encrypt_global_web_application( + const char *pkg_id, bool is_preloaded, + const unsigned char *data, size_t data_len, + unsigned char **pencrypted_data, size_t *pencrypted_data_len) +{ + if (is_preloaded) return _wae_encrypt_preloaded_web_application(pkg_id, data, data_len, pencrypted_data, pencrypted_data_len); else - return _wae_encrypt_downloaded_web_application(pkg_id, app_type, + return _wae_encrypt_downloaded_web_application( + 0, pkg_id, WAE_DOWNLOADED_GLOBAL_APP, data, data_len, pencrypted_data, pencrypted_data_len); } -int wae_decrypt_web_application(const char *pkg_id, wae_app_type_e app_type, - const unsigned char *data, size_t data_len, - unsigned char **pdecrypted_data, size_t *pdecrypted_data_len) +int wae_decrypt_web_application( + uid_t uid, const char *pkg_id, + const unsigned char *data, size_t data_len, + unsigned char **pdecrypted_data, size_t *pdecrypted_data_len) +{ + return _wae_decrypt_downloaded_web_application( + uid, pkg_id, WAE_DOWNLOADED_NORMAL_APP, + data, data_len, pdecrypted_data, pdecrypted_data_len); +} + +int wae_decrypt_global_web_application( + const char *pkg_id, bool is_preloaded, + const unsigned char *data, size_t data_len, + unsigned char **pdecrypted_data, size_t *pdecrypted_data_len) { - if (app_type == WAE_PRELOADED_APP) - return _wae_decrypt_preloaded_web_application(pkg_id, app_type, + if (is_preloaded) + return _wae_decrypt_preloaded_web_application(pkg_id, data, data_len, pdecrypted_data, pdecrypted_data_len); else - return _wae_decrypt_downloaded_web_application(pkg_id, app_type, + return _wae_decrypt_downloaded_web_application( + 0, pkg_id, WAE_DOWNLOADED_GLOBAL_APP, data, data_len, pdecrypted_data, pdecrypted_data_len); } -int wae_remove_app_dek(const char *pkg_id, wae_app_type_e app_type) +int wae_remove_app_dek(uid_t uid, const char *pkg_id) +{ + return remove_app_ce(uid, pkg_id, WAE_DOWNLOADED_NORMAL_APP); +} + +int wae_remove_global_app_dek(const char *pkg_id, bool is_preloaded) { - return remove_app_ce(pkg_id, app_type); + return remove_app_ce(0, pkg_id, is_preloaded ? WAE_PRELOADED_APP : WAE_DOWNLOADED_GLOBAL_APP); } diff --git a/tests/internals.cpp b/tests/internals.cpp index b5c106d..1fa9aff 100644 --- a/tests/internals.cpp +++ b/tests/internals.cpp @@ -310,8 +310,8 @@ BOOST_AUTO_TEST_CASE(get_create_preloaded_app_dek_2) _get_preloaded_app_dek_file_path(pkg_id2, sizeof(path2), path2); // remove old test data - remove_app_ce(pkg_id1, WAE_PRELOADED_APP); - remove_app_ce(pkg_id2, WAE_PRELOADED_APP); + remove_app_ce(0, pkg_id1, WAE_PRELOADED_APP); + remove_app_ce(0, pkg_id2, WAE_PRELOADED_APP); unlink(path1); unlink(path2); @@ -331,20 +331,20 @@ BOOST_AUTO_TEST_CASE(get_create_preloaded_app_dek_2) "Failed to load_preloaded_app_deks. ec: " << ret); const crypto_element_s *readed1 = nullptr; - ret = get_app_ce(pkg_id1, WAE_PRELOADED_APP, false, &readed1); + ret = get_app_ce(0, pkg_id1, WAE_PRELOADED_APP, false, &readed1); BOOST_REQUIRE_MESSAGE(ret == WAE_ERROR_NONE, "Failed to get_app_dek. ec: " << ret); const crypto_element_s *readed2 = nullptr; - ret = get_app_ce(pkg_id2, WAE_PRELOADED_APP, false, &readed2); + ret = get_app_ce(0, pkg_id2, WAE_PRELOADED_APP, false, &readed2); BOOST_REQUIRE_MESSAGE(ret == WAE_ERROR_NONE, "Failed to get_app_dek. ec: " << ret); BOOST_REQUIRE_MESSAGE(readed1 == ce1, "cached ce and actual address is different!"); BOOST_REQUIRE_MESSAGE(readed2 == ce2, "cached ce and actual address is different!"); - ret = remove_app_ce(pkg_id1, WAE_PRELOADED_APP); + ret = remove_app_ce(0, pkg_id1, WAE_PRELOADED_APP); BOOST_REQUIRE_MESSAGE(ret == WAE_ERROR_NONE, "Failed remove app ce. ec: " << ret); - ret = remove_app_ce(pkg_id2, WAE_PRELOADED_APP); + ret = remove_app_ce(0, pkg_id2, WAE_PRELOADED_APP); BOOST_REQUIRE_MESSAGE(ret == WAE_ERROR_NONE, "Failed remove app ce. ec: " << ret); } diff --git a/tests/non-normals.cpp b/tests/non-normals.cpp index 81c0173..78c2197 100644 --- a/tests/non-normals.cpp +++ b/tests/non-normals.cpp @@ -20,10 +20,9 @@ * @version 2.0 * @brief API test for preloaded/global apps */ -#include "web_app_enc.h" - #include +#include "types.h" #include "test-helper.h" BOOST_AUTO_TEST_SUITE(SYSTEM) diff --git a/tests/normals.cpp b/tests/normals.cpp index 5d67910..fad04f1 100644 --- a/tests/normals.cpp +++ b/tests/normals.cpp @@ -20,10 +20,9 @@ * @version 2.0 * @brief test for normal downloaded app */ -#include "web_app_enc.h" - #include +#include "types.h" #include "test-helper.h" BOOST_AUTO_TEST_SUITE(USER) diff --git a/tests/test-helper.cpp b/tests/test-helper.cpp index f303b75..d0ca263 100644 --- a/tests/test-helper.cpp +++ b/tests/test-helper.cpp @@ -23,6 +23,7 @@ #include #include +#include "web_app_enc.h" #include "key_handler.h" #include "crypto_service.h" #include "types.h" @@ -32,32 +33,39 @@ namespace Wae { namespace Test { +namespace { + +const uid_t UID_OWNER = 5001; + +} // namespace anonymous void add_get_remove_ce(wae_app_type_e app_type) { const char *pkg_id = "TEST_PKG_ID"; const crypto_element_s *ce = nullptr; - int tmp = create_app_ce(pkg_id, app_type, &ce); + uid_t uid = app_type == WAE_DOWNLOADED_NORMAL_APP ? UID_OWNER : 0; + + int tmp = create_app_ce(uid, pkg_id, app_type, &ce); BOOST_REQUIRE_MESSAGE(tmp == WAE_ERROR_NONE, "Failed to create_app_ce. ec: " << tmp); const crypto_element_s *stored_ce = nullptr; - tmp = get_app_ce(pkg_id, app_type, true, &stored_ce); + tmp = get_app_ce(uid, pkg_id, app_type, true, &stored_ce); BOOST_REQUIRE_MESSAGE(tmp == WAE_ERROR_NONE, "Failed to get_app_ce. ec: " << tmp); BOOST_REQUIRE_MESSAGE(ce == stored_ce, "ce(" << ce << ") and cached ce(" << stored_ce << ") pointer addr is different!"); - tmp = remove_app_ce(pkg_id, app_type); + tmp = remove_app_ce(uid, pkg_id, app_type); BOOST_REQUIRE_MESSAGE(tmp == WAE_ERROR_NONE, "Failed to remove_app_ce. ec: " << tmp); if (app_type == WAE_DOWNLOADED_GLOBAL_APP) { - tmp = get_app_ce(pkg_id, app_type, true, &stored_ce); + tmp = get_app_ce(uid, pkg_id, app_type, true, &stored_ce); BOOST_REQUIRE_MESSAGE(tmp == WAE_ERROR_NONE && stored_ce->is_migrated_app, "when getting app ce which is there isn't, it should be migrated case! " "ret("<< tmp << ") and is_migrated_app(" << stored_ce->is_migrated_app << ")"); } else { - tmp = get_app_ce(pkg_id, app_type, false, &stored_ce); + tmp = get_app_ce(uid, pkg_id, app_type, false, &stored_ce); BOOST_REQUIRE_MESSAGE(tmp == WAE_ERROR_NO_KEY, "removed app ce is still remaining. ret(" << tmp << ")"); } @@ -65,28 +73,30 @@ void add_get_remove_ce(wae_app_type_e app_type) void create_app_ce(wae_app_type_e app_type) { + uid_t uid = app_type == WAE_DOWNLOADED_NORMAL_APP ? UID_OWNER : 0; const char *pkg_id = "TEST_PKG_ID"; - remove_app_ce(pkg_id, app_type); + remove_app_ce(uid, pkg_id, app_type); const crypto_element_s *ce = nullptr; - int tmp = create_app_ce(pkg_id, app_type, &ce); + int tmp = create_app_ce(uid, pkg_id, app_type, &ce); BOOST_REQUIRE_MESSAGE(tmp == WAE_ERROR_NONE, "Failed to create_app_ce. ec: " << tmp); const crypto_element_s *stored_ce = nullptr; - tmp = get_app_ce(pkg_id, app_type, false, &stored_ce); + tmp = get_app_ce(uid, pkg_id, app_type, false, &stored_ce); BOOST_REQUIRE_MESSAGE(tmp == WAE_ERROR_NONE, "Failed to get_app_ce. ec: " << tmp); BOOST_REQUIRE_MESSAGE(ce == stored_ce, "ce(" << ce << ") and cached ce(" << stored_ce << ") pointer addr is different!"); - tmp = remove_app_ce(pkg_id, app_type); + tmp = remove_app_ce(uid, pkg_id, app_type); BOOST_REQUIRE_MESSAGE(tmp == WAE_ERROR_NONE, "Failed to remove_app_ce. ec: " << tmp); } void encrypt_decrypt_web_app(wae_app_type_e app_type) { + uid_t uid = app_type == WAE_DOWNLOADED_NORMAL_APP ? UID_OWNER : 0; const char *pkg_id1 = "testpkg_for_normal"; const char *pkg_id2 = "testpkg_for_global"; const char *pkg_id3 = "testpkg_for_preloaded"; @@ -108,7 +118,10 @@ void encrypt_decrypt_web_app(wae_app_type_e app_type) } // remove old test data - wae_remove_app_dek(pkg_id, app_type); + if (app_type == WAE_DOWNLOADED_NORMAL_APP) + wae_remove_app_dek(uid, pkg_id); + else + wae_remove_global_app_dek(pkg_id, app_type == WAE_PRELOADED_APP); if (app_type == WAE_PRELOADED_APP) clear_app_deks_loaded_from_key_manager(); @@ -121,30 +134,55 @@ void encrypt_decrypt_web_app(wae_app_type_e app_type) // test for downloaded web application unsigned char *_encrypted = nullptr; size_t _enc_len = 0; - int tmp = wae_encrypt_web_application(pkg_id, app_type, plaintext.data(), - plaintext.size(), &_encrypted, &_enc_len); + int tmp = 0; + if (app_type == WAE_DOWNLOADED_NORMAL_APP) + tmp = wae_encrypt_web_application(uid, pkg_id, plaintext.data(), plaintext.size(), + &_encrypted, &_enc_len); + else + tmp = wae_encrypt_global_web_application(pkg_id, app_type == WAE_PRELOADED_APP, + plaintext.data(), plaintext.size(), + &_encrypted, &_enc_len); + BOOST_REQUIRE_MESSAGE(tmp == WAE_ERROR_NONE, "Failed to wae_encrypt_web_application. ec: " << tmp); free(_encrypted); // encrypt test twice - tmp = wae_encrypt_web_application(pkg_id, app_type, plaintext.data(), - plaintext.size(), &_encrypted, &_enc_len); + if (app_type == WAE_DOWNLOADED_NORMAL_APP) + tmp = wae_encrypt_web_application(uid, pkg_id, plaintext.data(), + plaintext.size(), &_encrypted, &_enc_len); + else + tmp = wae_encrypt_global_web_application(pkg_id, app_type == WAE_PRELOADED_APP, + plaintext.data(), plaintext.size(), + &_encrypted, &_enc_len); + BOOST_REQUIRE_MESSAGE(tmp == WAE_ERROR_NONE, "Failed to wae_encrypt_web_application second time. ec: " << tmp); auto encrypted = bytearr_to_vec(_encrypted, _enc_len); free(_encrypted); - _remove_app_ce_from_cache(pkg_id); + if (app_type == WAE_DOWNLOADED_NORMAL_APP) { + char *key_per_user = _create_map_key(uid, pkg_id); + _remove_app_ce_from_cache(key_per_user); + free(key_per_user); + } else { + _remove_app_ce_from_cache(pkg_id); + } if (app_type == WAE_PRELOADED_APP) load_preloaded_app_deks(true); unsigned char *_decrypted = nullptr; size_t _dec_len = 0; - tmp = wae_decrypt_web_application(pkg_id, app_type, encrypted.data(), - encrypted.size(), &_decrypted, &_dec_len); + if (app_type == WAE_DOWNLOADED_NORMAL_APP) + tmp = wae_decrypt_web_application(uid, pkg_id, encrypted.data(), encrypted.size(), + &_decrypted, &_dec_len); + else + tmp = wae_decrypt_global_web_application(pkg_id, app_type == WAE_PRELOADED_APP, + encrypted.data(), encrypted.size(), + &_decrypted, &_dec_len); + BOOST_REQUIRE_MESSAGE(tmp == WAE_ERROR_NONE, "Failed to wae_decrypt_web_application. ec: " << tmp); @@ -155,7 +193,10 @@ void encrypt_decrypt_web_app(wae_app_type_e app_type) "plaintext(" << bytes_to_hex(plaintext) << ") " "decrypted(" << bytes_to_hex(decrypted) << ")"); - tmp = wae_remove_app_dek(pkg_id, app_type); + if (app_type == WAE_DOWNLOADED_NORMAL_APP) + tmp = wae_remove_app_dek(uid, pkg_id); + else + tmp = wae_remove_global_app_dek(pkg_id, app_type == WAE_PRELOADED_APP); BOOST_REQUIRE_MESSAGE(tmp == WAE_ERROR_NONE, "Failed to wae_remove_app_dek. ec: " << tmp); } diff --git a/tests/test-helper.h b/tests/test-helper.h index c0c77f6..b4d1f42 100644 --- a/tests/test-helper.h +++ b/tests/test-helper.h @@ -20,7 +20,7 @@ */ #pragma once -#include "web_app_enc.h" +#include "types.h" namespace Wae { namespace Test {