From: Jaemin Ryu <jm77.ryu@samsung.com>
Date: Wed, 5 Dec 2018 06:52:15 +0000 (+0900)
Subject: Add support for CSC mode decryption
X-Git-Tag: submit/tizen_4.0/20181226.090856^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=d047e8e772a4f602bb53503b09bba42cb07b8f1b;p=platform%2Fcore%2Fsecurity%2Fode.git

Add support for CSC mode decryption

Change-Id: I3e3f44338a510e6ef4dcf71e4905bda2930934a3
Signed-off-by: Jaemin Ryu <jm77.ryu@samsung.com>
---

diff --git a/fota/500.ode_upgrade.sh b/fota/500.ode_upgrade.sh
index c95b8e3..f8c40c0 100755
--- a/fota/500.ode_upgrade.sh
+++ b/fota/500.ode_upgrade.sh
@@ -17,4 +17,5 @@ fi
 
 if [ -e /opt/etc/ode_footer ]; then
 	touch /opt/etc/.ode_upgrade_started
+	rm -f /opt/etc/ode_footer
 fi
diff --git a/server/file-footer.cpp b/server/file-footer.cpp
index b81c14f..7531db4 100644
--- a/server/file-footer.cpp
+++ b/server/file-footer.cpp
@@ -79,7 +79,12 @@ void FileFooter::write(const std::string &key, const BinaryData &value)
 
 	runtime::File file(fileName);
 
-	file.create(S_IRUSR | S_IWUSR);
+	if (!file.exists()) {
+		file.create(S_IRUSR | S_IWUSR);
+	} else {
+		file.open(O_RDWR);
+	}
+
 	file.write(value.data(), value.size());
 }
 
diff --git a/server/internal-encryption.cpp b/server/internal-encryption.cpp
index 9c953c2..bcf0487 100644
--- a/server/internal-encryption.cpp
+++ b/server/internal-encryption.cpp
@@ -393,22 +393,33 @@ InternalEncryptionServer::~InternalEncryptionServer()
 {
 }
 
+int InternalEncryptionServer::migrateMasterKey(const std::string& dev, const std::string& password)
+{
+	try {
+		BinaryData masterKey = UpgradeSupport::loadMasterKey(dev);
+
+		// encrypt the master key with given password
+		return keyServer.changePassword2(dev, masterKey, password);
+	} catch (const runtime::Exception&) {
+		INFO("Failed to load the master key stored during upgrade.");
+	}
+
+	return error::Unknown;
+}
+
 int InternalEncryptionServer::setMountPassword(const std::string& password)
 {
 	const std::string& dev = engine->getSource();
 
 	// check if upgrade flag exists
-	if(UpgradeSupport::removeUpgradeFlag()) {
+	if (UpgradeSupport::checkUpgradeFlag()) {
 		INFO("Upgrade flag detected.");
-		// try to load the master key
-		try {
-			mountKey = UpgradeSupport::loadMasterKey(dev);
 
-			// encrypt the master key with given password
-			return keyServer.changePassword2(dev, mountKey, password);
-		} catch (const runtime::Exception&) {
-			INFO("Failed to load the master key stored during upgrade.");
-		}
+		int rc = migrateMasterKey(dev, password);
+		if (rc == error::None)
+			UpgradeSupport::removeUpgradeFlag();
+
+		return rc;
 	}
 
 	return keyServer.get(dev, password, mountKey);
@@ -564,6 +575,15 @@ int InternalEncryptionServer::decrypt(const std::string& password)
 		return error::NoSuchDevice;
 	}
 
+	// check if key migration is needed
+	if (UpgradeSupport::checkUpgradeFlag()) {
+		INFO("Upgrade flag detected.");
+		const std::string& dev = engine->getSource();
+		int rc = migrateMasterKey(dev, password);
+		if (rc == error::None)
+			UpgradeSupport::removeUpgradeFlag();
+	}
+
 	BinaryData masterKey;
 	int ret = keyServer.get(engine->getSource(), password, masterKey);
 	if (ret != error::None)
diff --git a/server/internal-encryption.h b/server/internal-encryption.h
index 3ad419b..488fac9 100644
--- a/server/internal-encryption.h
+++ b/server/internal-encryption.h
@@ -57,6 +57,9 @@ public:
 
 	std::string getDevicePath() const;
 
+private:
+	int migrateMasterKey(const std::string& dev, const std::string& password);
+
 private:
 	ServerContext& server;
 
diff --git a/server/key-server.cpp b/server/key-server.cpp
index 2dc279b..0a07ea5 100644
--- a/server/key-server.cpp
+++ b/server/key-server.cpp
@@ -114,6 +114,7 @@ int KeyServer::changePassword(const std::string& dev,
 							  const std::string& curPassword,
 							  const std::string& newPassword)
 {
+
 	if (dev.empty() || curPassword.empty() || newPassword.empty())
 		return error::InvalidParameter;
 
@@ -123,8 +124,6 @@ int KeyServer::changePassword(const std::string& dev,
 		return error::NoSuchFile;
 	}
 
-	UpgradeSupport::removeUpgradeFlag();
-
 	EncryptedKey ek(FileFooter::read(dev));
 
 	auto key = ek.decrypt(curPassword);
@@ -136,6 +135,9 @@ int KeyServer::changePassword(const std::string& dev,
 	ek.encrypt(key, newPassword);
 
 	FileFooter::write(dev, ek.serialize());
+
+	UpgradeSupport::removeUpgradeFlag();
+
 	return error::None;
 }
 
diff --git a/server/upgrade-support.cpp b/server/upgrade-support.cpp
index 3afad93..8fb3538 100644
--- a/server/upgrade-support.cpp
+++ b/server/upgrade-support.cpp
@@ -256,14 +256,18 @@ void createUpgradeFlag()
 	file.create(S_IRUSR | S_IWUSR); // 0600
 }
 
-bool removeUpgradeFlag()
+void removeUpgradeFlag()
 {
 	runtime::File file(UPGRADE_FLAG_PATH);
 	bool exists = file.exists();
 	if (exists)
 		file.remove();
+}
 
-	return exists;
+bool checkUpgradeFlag()
+{
+	runtime::File file(UPGRADE_FLAG_PATH);
+	return file.exists();
 }
 
 } // namespace UpgradeSupport
diff --git a/server/upgrade-support.h b/server/upgrade-support.h
index 2854072..ad47acf 100644
--- a/server/upgrade-support.h
+++ b/server/upgrade-support.h
@@ -29,7 +29,8 @@ void storeMasterKey(const std::string &device, const BinaryData& key);
 BinaryData loadMasterKey(const std::string &device);
 void removeMasterKey(const std::string &device);
 void createUpgradeFlag();
-bool removeUpgradeFlag();
+void removeUpgradeFlag();
+bool checkUpgradeFlag();
 
 } // namespace UpgradeSupport