From: Soyoung Kim Date: Fri, 28 Dec 2012 09:15:24 +0000 (+0900) Subject: changed to get encryption/decryption key from device unique key X-Git-Tag: submit/trunk/20121228.114913~1 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=fd06565a2b3bde256d977f6ad28ef40941890a0f;p=platform%2Fframework%2Fweb%2Fwrt-commons.git changed to get encryption/decryption key from device unique key [Issue#] N/A [Problem] N/A [Cause] N/A [Solution] Modify get encryption key from cal library made from osp-security team The key is made from device unique key and hashed. [SCMRequest] N/A Change-Id: I3f1051339a6f56e5cb6a5083489f32b69d435550 --- diff --git a/build/encryption/CMakeLists.txt b/build/encryption/CMakeLists.txt index 710ada6..bf38cae 100644 --- a/build/encryption/CMakeLists.txt +++ b/build/encryption/CMakeLists.txt @@ -54,6 +54,8 @@ TARGET_LINK_LIBRARIES(${TARGET_DPL_ENCRYPTION} ${TARGET_DPL_EFL} ) +TARGET_LINK_LIBRARIES(${TARGET_DPL_ENCRYPTION} -L./libs -lcal) + # Target library properties SET_TARGET_PROPERTIES(${TARGET_DPL_ENCRYPTION} PROPERTIES SOVERSION ${API_VERSION} diff --git a/build/encryption/libs/libcal.a b/build/encryption/libs/libcal.a new file mode 100755 index 0000000..8400c5f Binary files /dev/null and b/build/encryption/libs/libcal.a differ diff --git a/build/encryption/libs/libcal.arm.a b/build/encryption/libs/libcal.arm.a new file mode 100755 index 0000000..f1d622b Binary files /dev/null and b/build/encryption/libs/libcal.arm.a differ diff --git a/build/encryption/libs/libcal.i586.a b/build/encryption/libs/libcal.i586.a new file mode 100755 index 0000000..b02e413 Binary files /dev/null and b/build/encryption/libs/libcal.i586.a differ diff --git a/modules/encryption/include/dpl/encryption/resource_decryption.h b/modules/encryption/include/dpl/encryption/resource_decryption.h index c22b1d2..2a39eb1 100644 --- a/modules/encryption/include/dpl/encryption/resource_decryption.h +++ b/modules/encryption/include/dpl/encryption/resource_decryption.h @@ -28,8 +28,9 @@ #include #include -namespace WRTDecryptor{ +extern char** calculate(char*pappId, int idLen, int keyLen); +namespace WRTDecryptor{ class ResourceDecryptor { public: @@ -50,7 +51,7 @@ class ResourceDecryptor private: AES_KEY* GetDecryptionKey(); - AES_KEY *m_decKey; + AES_KEY m_decKey; }; } //namespace WRTDecryptor diff --git a/modules/encryption/include/dpl/encryption/resource_encryption.h b/modules/encryption/include/dpl/encryption/resource_encryption.h index ffc82c2..6f57a93 100644 --- a/modules/encryption/include/dpl/encryption/resource_encryption.h +++ b/modules/encryption/include/dpl/encryption/resource_encryption.h @@ -28,8 +28,9 @@ #include #include -namespace WRTEncryptor{ +extern char** calculate(char*pappId, int idLen, int keyLen); +namespace WRTEncryptor{ class ResourceEncryptor { public: diff --git a/modules/encryption/src/resource_decryption.cpp b/modules/encryption/src/resource_decryption.cpp index db45f81..9e8b39f 100644 --- a/modules/encryption/src/resource_decryption.cpp +++ b/modules/encryption/src/resource_decryption.cpp @@ -28,19 +28,16 @@ #include namespace { -inline std::string GetDefaultEncryptKeyPath() { - return "/opt/share/widget/data/"; -} +#define BITS_SIZE 128 +#define KEY_SIZE 16 } namespace WRTDecryptor{ -ResourceDecryptor::ResourceDecryptor() : - m_decKey(NULL) +ResourceDecryptor::ResourceDecryptor() { LogDebug("Started Decryption"); } -ResourceDecryptor::ResourceDecryptor(std::string userKey) : - m_decKey(NULL) +ResourceDecryptor::ResourceDecryptor(std::string userKey) { LogDebug("Finished Decryption"); SetDecryptionKey(userKey); @@ -48,47 +45,39 @@ ResourceDecryptor::ResourceDecryptor(std::string userKey) : ResourceDecryptor::~ResourceDecryptor() { - delete m_decKey; } void ResourceDecryptor::SetDecryptionKey(std::string userKey) { - /* TODO : get key from secure storage */ - std::string keyPath = GetDefaultEncryptKeyPath() + userKey + "_dec"; - LogDebug("Description Key path : " << keyPath); - - FILE* fp = fopen(keyPath.c_str(), "rb"); - if (fp == NULL) { - ThrowMsg(ResourceDecryptor::Exception::GetDecKeyFailed, - "Failed to get decryption key"); + if (userKey.empty()) { + return; } - m_decKey = new AES_KEY; - size_t resultSize =fread(m_decKey, 1, sizeof(AES_KEY),fp); - if (resultSize!= sizeof(AES_KEY)) - ThrowMsg(ResourceDecryptor::Exception::GetDecKeyFailed, - "Failed to get AES key"); + char **duk = calculate(const_cast(userKey.c_str()), userKey.size(), KEY_SIZE); + unsigned char *key = reinterpret_cast(*duk); - fclose(fp); + if ( 0 > AES_set_decrypt_key(key, BITS_SIZE, &m_decKey)) { + ThrowMsg(ResourceDecryptor::Exception::GetDecKeyFailed, + "Failed to create decryption key"); + } } AES_KEY* ResourceDecryptor::GetDecryptionKey() { - return m_decKey; + return &m_decKey; } void ResourceDecryptor::GetDecryptedChunk(unsigned char* inBuf, unsigned char* decBuf, size_t inBufSize) { Assert(decBuf); - Assert(m_decKey); - if (decBuf == NULL || m_decKey == NULL) { + if (decBuf == NULL) { ThrowMsg(ResourceDecryptor::Exception::EncryptionFailed, "Failed to Get Decryption Chunk"); } unsigned char ivec[16] = {0, }; - AES_cbc_encrypt(inBuf, decBuf, inBufSize, m_decKey, ivec, AES_DECRYPT); + AES_cbc_encrypt(inBuf, decBuf, inBufSize, &m_decKey, ivec, AES_DECRYPT); LogDebug("Success decryption"); } diff --git a/modules/encryption/src/resource_encryption.cpp b/modules/encryption/src/resource_encryption.cpp index e89940e..a238705 100644 --- a/modules/encryption/src/resource_encryption.cpp +++ b/modules/encryption/src/resource_encryption.cpp @@ -27,12 +27,7 @@ namespace { #define BITS_SIZE 128 -const char* ENCRYPTION_FILE = "_enc"; -const char* DECRYPTION_FILE = "_dec"; - -inline std::string GetDefaultEncryptKeyPath() { - return "/opt/share/widget/data"; -} +#define KEY_SIZE 16 } namespace WRTEncryptor{ ResourceEncryptor::ResourceEncryptor() @@ -59,44 +54,13 @@ void ResourceEncryptor::CreateEncryptionKey(std::string userKey) return; } - AES_KEY decKey; - const unsigned char* key = reinterpret_cast( - const_cast(userKey.c_str())); + char **duk = calculate(const_cast(userKey.c_str()), userKey.size(), KEY_SIZE); + unsigned char *key = reinterpret_cast(*duk); if ( 0 > AES_set_encrypt_key(key, BITS_SIZE, &m_encKey)) { ThrowMsg(ResourceEncryptor::Exception::CreateEncKeyFailed, "Failed to create encryption key"); } - if ( 0 > AES_set_decrypt_key(key, BITS_SIZE, &decKey)) { - ThrowMsg(ResourceEncryptor::Exception::CreateDecKeyFailed, - "Failed to create decryption key"); - } - - std::string encPath, decPath; - - encPath = GetDefaultEncryptKeyPath() + "/" + userKey + ENCRYPTION_FILE; - decPath = GetDefaultEncryptKeyPath() + "/" + userKey + DECRYPTION_FILE; - - /* TODO : save keys to secure storage */ - LogDebug("Encryption Key path " << encPath); - LogDebug("Decryption Key path " << decPath); - - FILE* encFp = fopen(encPath.c_str(), "wb"); - if (encFp == NULL) { - ThrowMsg(ResourceEncryptor::Exception::CreateEncKeyFileFailed, - "Failed to save encryption key"); - } - fwrite(&m_encKey, 1, sizeof(m_encKey), encFp); - fclose(encFp); - - FILE* decFp = fopen(decPath.c_str(), "wb"); - if (decFp == NULL) { - ThrowMsg(ResourceEncryptor::Exception::CreateDecKeyFileFailed, - "Failed to save decryption key"); - } - - fwrite(&decKey, 1, sizeof(decKey), decFp); - fclose(decFp); LogDebug("Success to create ecryption and decryption key"); } diff --git a/packaging/wrt-commons.spec b/packaging/wrt-commons.spec index 0751d22..a9d7772 100644 --- a/packaging/wrt-commons.spec +++ b/packaging/wrt-commons.spec @@ -44,6 +44,13 @@ Wrt common library development headers %endif %build + +%ifarch %{ix86} +cp build/encryption/libs/libcal.i586.a build/encryption/libs/libcal.a +%else +cp build/encryption/libs/libcal.arm.a build/encryption/libs/libcal.a +%endif + export LDFLAGS+="-Wl,--rpath=%{_libdir} -Wl,--hash-style=both -Wl,--as-needed" cmake . -DVERSION=%{version} \