From 807b066980d24c3bd5874493895fff9aee74efb0 Mon Sep 17 00:00:00 2001 From: Soyoung Kim Date: Thu, 20 Dec 2012 20:02:29 +0900 Subject: [PATCH] Modify get encryption/decryption key from device unique key [Issue#] N/A [Problem] N/A [Cause] N/A [Solution] Modify get encryption key from osp app-fw. The key is made from device unique key and hashed. [SCMRequest] N/A --- build/encryption/CMakeLists.txt | 1 + .../dpl/encryption/resource_decryption.h | 2 +- .../encryption/src/resource_decryption.cpp | 63 +++++++++++------- .../encryption/src/resource_encryption.cpp | 66 ++++++++----------- packaging/wrt-commons.spec | 5 ++ 5 files changed, 73 insertions(+), 64 deletions(-) diff --git a/build/encryption/CMakeLists.txt b/build/encryption/CMakeLists.txt index 710ada6..99b7a35 100644 --- a/build/encryption/CMakeLists.txt +++ b/build/encryption/CMakeLists.txt @@ -23,6 +23,7 @@ INCLUDE(FindPkgConfig) PKG_CHECK_MODULES(SYS_ENCRYPTION dlog openssl + osp-appfw REQUIRED ) diff --git a/modules/encryption/include/dpl/encryption/resource_decryption.h b/modules/encryption/include/dpl/encryption/resource_decryption.h index c22b1d2..eaf8ad8 100644 --- a/modules/encryption/include/dpl/encryption/resource_decryption.h +++ b/modules/encryption/include/dpl/encryption/resource_decryption.h @@ -50,7 +50,7 @@ class ResourceDecryptor private: AES_KEY* GetDecryptionKey(); - AES_KEY *m_decKey; + AES_KEY m_decKey; }; } //namespace WRTDecryptor diff --git a/modules/encryption/src/resource_decryption.cpp b/modules/encryption/src/resource_decryption.cpp index db45f81..6b9f8e8 100644 --- a/modules/encryption/src/resource_decryption.cpp +++ b/modules/encryption/src/resource_decryption.cpp @@ -21,6 +21,11 @@ */ #include #include +#ifdef Try +#undef Try +#endif +#include +#include #include #include @@ -28,19 +33,17 @@ #include namespace { -inline std::string GetDefaultEncryptKeyPath() { - return "/opt/share/widget/data/"; -} +#define BITS_SIZE 128 +#define KEY_SIZE 16 } + namespace WRTDecryptor{ -ResourceDecryptor::ResourceDecryptor() : - m_decKey(NULL) +ResourceDecryptor::ResourceDecryptor() { LogDebug("Started Decryption"); } -ResourceDecryptor::ResourceDecryptor(std::string userKey) : - m_decKey(NULL) +ResourceDecryptor::ResourceDecryptor(std::string userKey) { LogDebug("Finished Decryption"); SetDecryptionKey(userKey); @@ -48,47 +51,57 @@ ResourceDecryptor::ResourceDecryptor(std::string userKey) : ResourceDecryptor::~ResourceDecryptor() { - delete m_decKey; } void ResourceDecryptor::SetDecryptionKey(std::string userKey) { - /* TODO : get key from secure storage */ - std::string keyPath = GetDefaultEncryptKeyPath() + userKey + "_dec"; - LogDebug("Description Key path : " << keyPath); + if (userKey.empty()) { + return; + } + using namespace Tizen; + using namespace Tizen::Base; - FILE* fp = fopen(keyPath.c_str(), "rb"); - if (fp == NULL) { - ThrowMsg(ResourceDecryptor::Exception::GetDecKeyFailed, - "Failed to get decryption key"); + Tizen::Base::String appId; + appId.Format(userKey.size(), L"%s", userKey.c_str()); + Tizen::Security::ISecretKey* pSecretKey = + Tizen::Security::_DeviceKeyGenerator::GenerateDeviceKeyN(appId, KEY_SIZE); + + Tizen::Base::ByteBuffer* bf = pSecretKey->GetEncodedN(); + unsigned char *key = new unsigned char[KEY_SIZE+1]; + + int i=0; + while(bf->HasRemaining()) { + byte b; + bf->GetByte(b); + key[i] = b; + i++; } + key[KEY_SIZE] = '\n'; - m_decKey = new AES_KEY; - size_t resultSize =fread(m_decKey, 1, sizeof(AES_KEY),fp); - if (resultSize!= sizeof(AES_KEY)) + if ( 0 > AES_set_decrypt_key(key, BITS_SIZE, &m_decKey)) { + delete key; ThrowMsg(ResourceDecryptor::Exception::GetDecKeyFailed, - "Failed to get AES key"); - - fclose(fp); + "Failed to create decryption key"); + } + delete key; } AES_KEY* ResourceDecryptor::GetDecryptionKey() { - return m_decKey; + return &m_decKey; } void ResourceDecryptor::GetDecryptedChunk(unsigned char* inBuf, unsigned char* decBuf, size_t inBufSize) { Assert(decBuf); - Assert(m_decKey); - if (decBuf == NULL || m_decKey == NULL) { + if (decBuf == NULL) { ThrowMsg(ResourceDecryptor::Exception::EncryptionFailed, "Failed to Get Decryption Chunk"); } unsigned char ivec[16] = {0, }; - AES_cbc_encrypt(inBuf, decBuf, inBufSize, m_decKey, ivec, AES_DECRYPT); + AES_cbc_encrypt(inBuf, decBuf, inBufSize, &m_decKey, ivec, AES_DECRYPT); LogDebug("Success decryption"); } diff --git a/modules/encryption/src/resource_encryption.cpp b/modules/encryption/src/resource_encryption.cpp index e89940e..9110b7f 100644 --- a/modules/encryption/src/resource_encryption.cpp +++ b/modules/encryption/src/resource_encryption.cpp @@ -22,18 +22,20 @@ #include #include +#ifdef Try +#undef Try +#endif +#include +#include + #include #include namespace { #define BITS_SIZE 128 -const char* ENCRYPTION_FILE = "_enc"; -const char* DECRYPTION_FILE = "_dec"; - -inline std::string GetDefaultEncryptKeyPath() { - return "/opt/share/widget/data"; -} +#define KEY_SIZE 16 } + namespace WRTEncryptor{ ResourceEncryptor::ResourceEncryptor() { @@ -59,44 +61,32 @@ void ResourceEncryptor::CreateEncryptionKey(std::string userKey) return; } - AES_KEY decKey; - const unsigned char* key = reinterpret_cast( - const_cast(userKey.c_str())); + using namespace Tizen; + using namespace Tizen::Base; + Tizen::Base::String appId; + appId.Format(userKey.size(), L"%s", userKey.c_str()); + Tizen::Security::ISecretKey* pSecretKey = + Tizen::Security::_DeviceKeyGenerator::GenerateDeviceKeyN(appId, KEY_SIZE); + + Tizen::Base::ByteBuffer* bf = pSecretKey->GetEncodedN(); + unsigned char *key = new unsigned char[KEY_SIZE+1]; + + int i=0; + while(bf->HasRemaining()) { + byte b; + bf->GetByte(b); + key[i] = b; + i++; + } + key[KEY_SIZE] = '\n'; if ( 0 > AES_set_encrypt_key(key, BITS_SIZE, &m_encKey)) { + delete key; ThrowMsg(ResourceEncryptor::Exception::CreateEncKeyFailed, "Failed to create encryption key"); } - if ( 0 > AES_set_decrypt_key(key, BITS_SIZE, &decKey)) { - ThrowMsg(ResourceEncryptor::Exception::CreateDecKeyFailed, - "Failed to create decryption key"); - } - - std::string encPath, decPath; - - encPath = GetDefaultEncryptKeyPath() + "/" + userKey + ENCRYPTION_FILE; - decPath = GetDefaultEncryptKeyPath() + "/" + userKey + DECRYPTION_FILE; - - /* TODO : save keys to secure storage */ - LogDebug("Encryption Key path " << encPath); - LogDebug("Decryption Key path " << decPath); - - FILE* encFp = fopen(encPath.c_str(), "wb"); - if (encFp == NULL) { - ThrowMsg(ResourceEncryptor::Exception::CreateEncKeyFileFailed, - "Failed to save encryption key"); - } - fwrite(&m_encKey, 1, sizeof(m_encKey), encFp); - fclose(encFp); - - FILE* decFp = fopen(decPath.c_str(), "wb"); - if (decFp == NULL) { - ThrowMsg(ResourceEncryptor::Exception::CreateDecKeyFileFailed, - "Failed to save decryption key"); - } + delete key; - fwrite(&decKey, 1, sizeof(decKey), decFp); - fclose(decFp); LogDebug("Success to create ecryption and decryption key"); } diff --git a/packaging/wrt-commons.spec b/packaging/wrt-commons.spec index f6743e4..84f14ef 100644 --- a/packaging/wrt-commons.spec +++ b/packaging/wrt-commons.spec @@ -23,6 +23,11 @@ BuildRequires: pkgconfig(libxml-2.0) BuildRequires: pkgconfig(openssl) BuildRequires: pkgconfig(libiri) BuildRequires: pkgconfig(libidn) +BuildRequires: pkgconfig(osp-appfw) +BuildRequires: osp-appfw-internal-devel + +# runtime requires +Requires: osp-appfw %description Wrt common library -- 2.34.1