From 6e4394b2cfca8735833dcb1619a49201fe83139e Mon Sep 17 00:00:00 2001 From: "hb.min" Date: Thu, 23 May 2013 17:56:46 +0900 Subject: [PATCH] Modify the _PrivilegeInfo class to use duk Change-Id: I19a7047b93294b35e748fb424e3568e3411b5ed5 Signed-off-by: hb.min --- src/security/FSec_PrivilegeInfo.cpp | 67 ++++++++++++++++++++-- src/security/FSec_PrivilegeInfo.h | 4 ++ src/security/inc/FSec_AccessControlTypes.h | 1 + src/server/CMakeLists.txt | 2 + src/server/inc/FSec_PrivilegeManagerServer.h | 1 + .../security/FSec_PrivilegeManagerServer.cpp | 61 +++++++++++++++++++- 6 files changed, 127 insertions(+), 9 deletions(-) diff --git a/src/security/FSec_PrivilegeInfo.cpp b/src/security/FSec_PrivilegeInfo.cpp index 5dd1799..873a1ba 100644 --- a/src/security/FSec_PrivilegeInfo.cpp +++ b/src/security/FSec_PrivilegeInfo.cpp @@ -21,16 +21,18 @@ #include #include +#include + #include #include #include #include +#include #include #include #include #include -#include "FSec_DeviceKeyGenerator.h" #include "FSec_PrivilegeInfo.h" using namespace Tizen::App; @@ -189,7 +191,7 @@ _PrivilegeInfo::Construct(const AppId& appId, const String& encryptedPrivileges, r = cipherDec.Construct(L"CBC/128/PKCS7PADDING", CIPHER_DECRYPT); SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred."); - pKey.reset(_DeviceKeyGenerator::GenerateDeviceKeyN(_KEY_LEN)); + pKey.reset(GetDeviceUniqueKeyN()); SysTryReturnResult(NID_SEC, pKey != null, E_SYSTEM, "An unexpected system error occurred."); r = cipherDec.SetKey(*pKey.get()); @@ -356,7 +358,7 @@ _PrivilegeInfo::GetEncryptedBitwise(String& encryptedPrivileges) const r = cipherEnc.Construct(L"CBC/128/PKCS7PADDING", CIPHER_ENCRYPT); SysTryReturnResult(NID_SEC, r == E_SUCCESS, E_SYSTEM, "An unexpected system error occurred."); - pKey.reset(_DeviceKeyGenerator::GenerateDeviceKeyN(_KEY_LEN)); + pKey.reset(GetDeviceUniqueKeyN()); SysTryReturnResult(NID_SEC, pKey != null, E_SYSTEM, "An unexpected system error occurred."); r = cipherEnc.SetKey(*(pKey.get())); @@ -405,7 +407,7 @@ _PrivilegeInfo::GetChecksum(String& checksum) const pHmac.reset(new (std::nothrow) Sha1Hmac()); SysTryReturnResult(NID_SEC, pHmac != null, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Memory allocation is failed."); - pKey.reset(_DeviceKeyGenerator::GenerateDeviceKeyN(_KEY_LEN)); + pKey.reset(GetDeviceUniqueKeyN()); SysTryReturnResult(NID_SEC, pKey != null, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred."); r = pHmac->SetKey(*(pKey.get())); @@ -612,7 +614,7 @@ _PrivilegeInfo::VerifyIntegrityEx(const AppId& appId, const byte* targetBitwiseP pHmac.reset(new (std::nothrow) Sha1Hmac()); SysTryReturnResult(NID_SEC, pHmac != null, E_OUT_OF_MEMORY, "Memory allocation is failed."); - pKey.reset(_DeviceKeyGenerator::GenerateDeviceKeyN(_KEY_LEN)); + pKey.reset(GetDeviceUniqueKeyN()); SysTryReturnResult(NID_SEC, pKey != null, E_SYSTEM, "An unexpected system error occurred."); r = pHmac->SetKey(*(pKey.get())); @@ -681,7 +683,7 @@ _PrivilegeInfo::VerifyIntegrity(const AppId& appId, const byte* targetBitwisePri pHmac.reset(new (std::nothrow) Sha1Hmac()); SysTryReturnResult(NID_SEC, pHmac != null, E_OUT_OF_MEMORY, "Memory allocation is failed."); - pKey.reset(_DeviceKeyGenerator::GenerateDeviceKeyN(_KEY_LEN)); + pKey.reset(GetDeviceUniqueKeyN()); SysTryReturnResult(NID_SEC, pKey != null, E_SYSTEM, "An unexpected system error occurred."); r = pHmac->SetKey(*(pKey.get())); @@ -714,4 +716,57 @@ _PrivilegeInfo::VerifyIntegrity(const AppId& appId, const byte* targetBitwisePri return r; } +ISecretKey* +_PrivilegeInfo::GetDeviceUniqueKeyN(void) +{ + result r = E_SUCCESS; + ByteBuffer* pTempValue = null; + ISecretKey* pKey = null; + + char uniqueInfo[_INFO_LEN] = + { + 0x09, 0x25, 0x19, 0x87, 0xBF, 0x02, 0x14, 0x19, + 0x88, 0xDD, 0x12, 0x30, 0x19, 0x86, 0xAD, 0xED + }; + + char* pUniqueKey = null; + pUniqueKey = GetDeviceUniqueKey(uniqueInfo, _INFO_LEN, _KEY_LEN); + SysTryCatch(NID_SEC, pUniqueKey != null, , E_SYSTEM, "[E_SYSTEM] Failed to generate the unique key."); + + pTempValue = new (std::nothrow) ByteBuffer(); + SysTryCatch(NID_SEC, pTempValue != null, , E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory."); + + r = pTempValue->Construct(_KEY_LEN); + SysTryCatch(NID_SEC, r == E_SUCCESS, , r, "[%s] Failed to generate device unique key.", GetErrorMessage(r)); + + r = pTempValue->SetArray(reinterpret_cast (pUniqueKey), 0, _KEY_LEN); + SysTryCatch(NID_SEC, r == E_SUCCESS, , r, "[%s] Failed to generate device unique key.", GetErrorMessage(r)); + + pTempValue->Flip(); + + pKey = new (std::nothrow) SecretKey(); + SysTryCatch(NID_SEC, pKey != null, , E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory."); + + r = pKey->SetKey(*pTempValue); + SysTryCatch(NID_SEC, r == E_SUCCESS, , r, "[%s] Failed to generate device unique key.", GetErrorMessage(r)); + + if (pUniqueKey != null) + { + free(pUniqueKey); + } + delete pTempValue; + + return pKey; + +CATCH: + if (pUniqueKey != null) + { + free(pUniqueKey); + } + delete pTempValue; + delete pKey; + + return null; +} + }} //Tizen::Security diff --git a/src/security/FSec_PrivilegeInfo.h b/src/security/FSec_PrivilegeInfo.h index 87c6738..d7fd311 100644 --- a/src/security/FSec_PrivilegeInfo.h +++ b/src/security/FSec_PrivilegeInfo.h @@ -29,6 +29,8 @@ namespace Tizen { namespace Security { +class ISecretKey; + /** * @class _PrivilegeInfo * @brief This class provides a basic information of privilege manager. @@ -194,6 +196,8 @@ private: result VerifyIntegrity(const Tizen::App::AppId& appId, const byte* targetBitwisePrivilege, const Tizen::Base::String& storedChecksum, int length, int visibility, const Tizen::Base::String& storedVisibilityChecksum); result VerifyIntegrityEx(const Tizen::App::AppId& appId, const byte* targetBitwisePrivilege, const Tizen::Base::String& storedChecksum, int length); + static ISecretKey* GetDeviceUniqueKeyN(void); + _PrivilegeInfo(const _PrivilegeInfo& rhs); _PrivilegeInfo& operator =(const _PrivilegeInfo& rhs); diff --git a/src/security/inc/FSec_AccessControlTypes.h b/src/security/inc/FSec_AccessControlTypes.h index 4ae9369..5b5a65a 100644 --- a/src/security/inc/FSec_AccessControlTypes.h +++ b/src/security/inc/FSec_AccessControlTypes.h @@ -721,6 +721,7 @@ const int MAX_ACTIVE_CACHE_SIZE = 5; const int _KEY_LEN = 16; const int _IV_LEN = 16; +const int _INFO_LEN = 16; const int _BITS_IN_BYTE = 8; }; diff --git a/src/server/CMakeLists.txt b/src/server/CMakeLists.txt index 065bfdf..9ad13bb 100644 --- a/src/server/CMakeLists.txt +++ b/src/server/CMakeLists.txt @@ -33,6 +33,8 @@ SET(CMAKE_CXX_FLAGS "${OSP_DEBUG_FLAGS} ${OSP_OPT_FLAGS} ${CMAKE_CXX_FLAGS} ${EX ADD_LIBRARY (${this_target} SHARED ${${this_target}_SOURCE_FILES}) TARGET_LINK_LIBRARIES(${this_target} osp-appfw) +TARGET_LINK_LIBRARIES(${this_target} "-ldukgenerator" ) +TARGET_LINK_LIBRARIES(${this_target} "-lcryptsvc" ) SET_TARGET_PROPERTIES(${this_target} PROPERTIES diff --git a/src/server/inc/FSec_PrivilegeManagerServer.h b/src/server/inc/FSec_PrivilegeManagerServer.h index 71961b0..7422e4e 100644 --- a/src/server/inc/FSec_PrivilegeManagerServer.h +++ b/src/server/inc/FSec_PrivilegeManagerServer.h @@ -66,6 +66,7 @@ private: private: + static ISecretKey* GetDeviceUniqueKeyN(void); friend class ::PrivilegeService; }; // _PrivilegeManagerServer diff --git a/src/server/security/FSec_PrivilegeManagerServer.cpp b/src/server/security/FSec_PrivilegeManagerServer.cpp index 03a3c3c..4fcfd45 100644 --- a/src/server/security/FSec_PrivilegeManagerServer.cpp +++ b/src/server/security/FSec_PrivilegeManagerServer.cpp @@ -22,17 +22,20 @@ #include #include #include +#include + #include #include #include #include #include #include +#include #include #include #include #include -#include + #include "FSec_PrivilegeManagerServer.h" using namespace Tizen::App; @@ -155,7 +158,7 @@ _PrivilegeManagerServer::GetEncryptedVisibility(int visibility, String& encrypte r = cipherEnc.Construct(L"CBC/128/PKCS7PADDING", CIPHER_ENCRYPT); SysTryCatch(NID_SEC, r == E_SUCCESS, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred."); - pKey = _DeviceKeyGenerator::GenerateDeviceKeyN(_KEY_LEN); + pKey = GetDeviceUniqueKeyN(); SysTryCatch(NID_SEC, pKey != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred."); r = cipherEnc.SetKey(*pKey); @@ -214,7 +217,7 @@ _PrivilegeManagerServer::GetChecksum(AppId appId, int visibility, String& checks pHmac = new (std::nothrow) Sha1Hmac(); SysTryCatch(NID_SEC, pHmac != null, r = E_OUT_OF_MEMORY, E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Memory allocation is failed."); - pKey = _DeviceKeyGenerator::GenerateDeviceKeyN(_KEY_LEN); + pKey = GetDeviceUniqueKeyN(); SysTryCatch(NID_SEC, pKey != null, r = E_SYSTEM, E_SYSTEM, "[E_SYSTEM] An unexpected system error occurred."); r = pHmac->SetKey(*pKey); @@ -237,5 +240,57 @@ CATCH: return r; } +ISecretKey* +_PrivilegeManagerServer::GetDeviceUniqueKeyN(void) +{ + result r = E_SUCCESS; + ByteBuffer* pTempValue = null; + ISecretKey* pKey = null; + + char uniqueInfo[_INFO_LEN] = + { + 0x09, 0x25, 0x19, 0x87, 0xBF, 0x02, 0x14, 0x19, + 0x88, 0xDD, 0x12, 0x30, 0x19, 0x86, 0xAD, 0xED + }; + + char* pUniqueKey = null; + pUniqueKey = GetDeviceUniqueKey(uniqueInfo, _INFO_LEN, _KEY_LEN); + SysTryCatch(NID_SEC, pUniqueKey != null, , E_SYSTEM, "[E_SYSTEM] Failed to generate the unique key."); + + pTempValue = new (std::nothrow) ByteBuffer(); + SysTryCatch(NID_SEC, pTempValue != null, , E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory."); + + r = pTempValue->Construct(_KEY_LEN); + SysTryCatch(NID_SEC, r == E_SUCCESS, , r, "[%s] Failed to generate device unique key.", GetErrorMessage(r)); + + r = pTempValue->SetArray(reinterpret_cast (pUniqueKey), 0, _KEY_LEN); + SysTryCatch(NID_SEC, r == E_SUCCESS, , r, "[%s] Failed to generate device unique key.", GetErrorMessage(r)); + + pTempValue->Flip(); + + pKey = new (std::nothrow) SecretKey(); + SysTryCatch(NID_SEC, pKey != null, , E_OUT_OF_MEMORY, "[E_OUT_OF_MEMORY] Failed to allocate memory."); + + r = pKey->SetKey(*pTempValue); + SysTryCatch(NID_SEC, r == E_SUCCESS, , r, "[%s] Failed to generate device unique key.", GetErrorMessage(r)); + + if (pUniqueKey != null) + { + free(pUniqueKey); + } + delete pTempValue; + + return pKey; + +CATCH: + if (pUniqueKey != null) + { + free(pUniqueKey); + } + delete pTempValue; + delete pKey; + + return null; +} }} //Tizen::Security -- 2.7.4