From ea896bbce6b7f21772de779faf0f0c29de845a24 Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Fri, 11 Sep 2015 12:01:42 +0900 Subject: [PATCH] Disable optional password protection temporary couldn't remove data which is protected by optional password Change-Id: I0a0e67ddcf40bd0d0f90585d58469a950317a6f0 Signed-off-by: Kyungwook Tak --- CMakeLists.txt | 7 +++++++ packaging/key-manager.spec | 6 ++++++ src/manager/service/crypto-logic.cpp | 6 ++++++ 3 files changed, 19 insertions(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index ab1548c..f67001e 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -65,6 +65,13 @@ ELSE (DEFINED SECURITY_MDFPP_STATE_ENABLE) MESSAGE("SECURITY_MDFPP_STATE_ENABLE DISABLED !") ENDIF (DEFINED SECURITY_MDFPP_STATE_ENABLE) +IF (DEFINED OPTIONAL_PASSWORD_ENABLE) + MESSAGE("OPTIONAL_PASSWORD_ENABLE ON") + ADD_DEFINITIONS("-DOPTIONAL_PASSWORD_ENABLE") +ELSE (DEFINED OPTIONAL_PASSWORD_ENABLE) + MESSAGE("OPTIONAL_PASSWORD_ENABLE OFF") +ENDIF (DEFINED OPTIONAL_PASSWORD_ENABLE) + IF (DEFINED SYSTEMD_ENV_FILE) ADD_DEFINITIONS(-DSYSTEMD_ENV_FILE="${SYSTEMD_ENV_FILE}") ENDIF (DEFINED SYSTEMD_ENV_FILE) diff --git a/packaging/key-manager.spec b/packaging/key-manager.spec index 3634305..ba3b79d 100644 --- a/packaging/key-manager.spec +++ b/packaging/key-manager.spec @@ -105,6 +105,9 @@ cp -a %{SOURCE1002} . cp -a %{SOURCE1003} . cp -a %{SOURCE1004} . +# optional password disabled temporary for milestone release +%define ckm_optional_password_enable 0 + %build %if 0%{?sec_build_binary_debug_enable} export CFLAGS="$CFLAGS -DTIZEN_DEBUG_ENABLE" @@ -121,6 +124,9 @@ export LDFLAGS+="-Wl,--rpath=%{_libdir},-Bsymbolic-functions " %if "%{sec_product_feature_security_mdfpp_enable}" == "1" -DSECURITY_MDFPP_STATE_ENABLE=1 \ %endif +%if 0%{?ckm_optional_password_enable} + -DOPTIONAL_PASSWORD_ENABLE=1 \ +%endif -DSYSTEMD_UNIT_DIR=%{_unitdir} \ -DSYSTEMD_ENV_FILE="/etc/sysconfig/central-key-manager" \ -DMOCKUP_SM=%{?mockup_sm:%mockup_sm}%{!?mockup_sm:OFF} diff --git a/src/manager/service/crypto-logic.cpp b/src/manager/service/crypto-logic.cpp index 75c9b40..b51e6c4 100644 --- a/src/manager/service/crypto-logic.cpp +++ b/src/manager/service/crypto-logic.cpp @@ -152,12 +152,16 @@ void CryptoLogic::encryptRow(const Password &password, DB::Row &row) crow.tag = dataPair.second; +#ifdef OPTIONAL_PASSWORD_ENABLE if (!password.empty()) { key = passwordToKey(password, crow.iv, AES_CBC_KEY_SIZE); crow.data = Crypto::SW::Internals::encryptDataAes(AlgoType::AES_CBC, key, crow.data, crow.iv); crow.encryptionScheme |= ENCR_PASSWORD; } +#else + (void)password; +#endif encBase64(crow.data); crow.encryptionScheme |= ENCR_BASE64; @@ -198,10 +202,12 @@ void CryptoLogic::decryptRow(const Password &password, DB::Row &row) decBase64(crow.data); } +#ifdef OPTIONAL_PASSWORD_ENABLE if (crow.encryptionScheme & ENCR_PASSWORD) { key = passwordToKey(password, crow.iv, AES_CBC_KEY_SIZE); crow.data = Crypto::SW::Internals::decryptDataAes(AlgoType::AES_CBC, key, crow.data, crow.iv); } +#endif if (crow.encryptionScheme & ENCR_APPKEY) { key = m_keyMap[crow.ownerLabel]; -- 2.7.4