From 7abaa019637e0a534969d304cae7f7f43c4ab0a6 Mon Sep 17 00:00:00 2001 From: Dongsun Lee Date: Tue, 26 May 2015 09:42:38 +0900 Subject: [PATCH 02/15] initial version Change-Id: Ibb7891bee67bdd82f34187f5da2fc3c4bbfa8fcd Signed-off-by: Dongsun Lee --- AUTHORS | 1 + CMakeLists.txt | 93 ++++ LICENSE.Apache-2.0 | 203 ++++++++ build/CMakeLists.txt | 25 + build/libwebappenc.pc.in | 11 + include/CMakeLists.txt | 4 + include/web_app_enc.h | 120 +++++ packaging/libwebappenc.manifest | 8 + packaging/libwebappenc.spec | 115 +++++ resources/CMakeLists.txt | 12 + resources/README_APP_DEK | 1 + resources/WAE_APPDEK_KEK_PrivateKey.pem | 30 ++ resources/WAE_APPDEK_KEK_PublicKey.pem | 9 + srcs/CMakeLists.txt | 67 +++ srcs/crypto_service.c | 372 ++++++++++++++ srcs/crypto_service.h | 57 +++ srcs/key_handler.c | 744 ++++++++++++++++++++++++++++ srcs/key_handler.h | 86 ++++ srcs/wae_initializer.c | 47 ++ srcs/wae_log.h | 38 ++ srcs/web_app_enc.c | 213 ++++++++ systemd/CMakeLists.txt | 8 + systemd/webappenc-initializer.service.in | 12 + tests/CMakeLists.txt | 37 ++ tests/wae_tests.c | 815 +++++++++++++++++++++++++++++++ 25 files changed, 3128 insertions(+) create mode 100644 AUTHORS create mode 100644 CMakeLists.txt create mode 100644 LICENSE.Apache-2.0 create mode 100644 build/CMakeLists.txt create mode 100644 build/libwebappenc.pc.in create mode 100644 include/CMakeLists.txt create mode 100644 include/web_app_enc.h create mode 100644 packaging/libwebappenc.manifest create mode 100644 packaging/libwebappenc.spec create mode 100644 resources/CMakeLists.txt create mode 100644 resources/README_APP_DEK create mode 100644 resources/WAE_APPDEK_KEK_PrivateKey.pem create mode 100644 resources/WAE_APPDEK_KEK_PublicKey.pem create mode 100644 srcs/CMakeLists.txt create mode 100644 srcs/crypto_service.c create mode 100644 srcs/crypto_service.h create mode 100644 srcs/key_handler.c create mode 100644 srcs/key_handler.h create mode 100644 srcs/wae_initializer.c create mode 100644 srcs/wae_log.h create mode 100644 srcs/web_app_enc.c create mode 100644 systemd/CMakeLists.txt create mode 100644 systemd/webappenc-initializer.service.in create mode 100644 tests/CMakeLists.txt create mode 100644 tests/wae_tests.c diff --git a/AUTHORS b/AUTHORS new file mode 100644 index 0000000..ab6e400 --- /dev/null +++ b/AUTHORS @@ -0,0 +1 @@ +Dongsun Lee diff --git a/CMakeLists.txt b/CMakeLists.txt new file mode 100644 index 0000000..c9fec0e --- /dev/null +++ b/CMakeLists.txt @@ -0,0 +1,93 @@ +# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author +# @brief +# + +############################# Check minimum CMake version ##################### + +CMAKE_MINIMUM_REQUIRED(VERSION 2.6) +PROJECT("webappenc") + +SET(SO_VERSION 1) +SET(VERSION "${SO_VERSION}.0.0") + +############################# cmake packages ################################## + +INCLUDE(FindPkgConfig) + +############################# compiler flags ################################## + +SET(CMAKE_C_FLAGS_PROFILING "-g -O0 -pg -Wp,-U_FORTIFY_SOURCE") +SET(CMAKE_CXX_FLAGS_PROFILING "-g -std=c++0x -O0 -pg -Wp,-U_FORTIFY_SOURCE") +SET(CMAKE_C_FLAGS_DEBUG "-g -O0 -ggdb -Wp,-U_FORTIFY_SOURCE") +SET(CMAKE_CXX_FLAGS_DEBUG "-g -std=c++0x -O0 -ggdb -Wp,-U_FORTIFY_SOURCE") +SET(CMAKE_C_FLAGS_RELEASE "-g -O2") +SET(CMAKE_CXX_FLAGS_RELEASE "-g -std=c++0x -O2") +SET(CMAKE_C_FLAGS_CCOV "-g -O2 --coverage") +SET(CMAKE_CXX_FLAGS_CCOV "-g -std=c++0x -O2 --coverage") + +# If supported for the target machine, emit position-independent code,suitable +# for dynamic linking and avoiding any limit on the size of the global offset +# table. This option makes a difference on the m68k, PowerPC and SPARC. +# (BJ: our ARM too?) +ADD_DEFINITIONS("-fPIC") + +# Set compiler warning flags +ADD_DEFINITIONS("-Werror") # Make all warnings into errors. +ADD_DEFINITIONS("-Wall") # Generate all warnings +ADD_DEFINITIONS("-Wextra") # Generate even more extra warnings + +STRING(REGEX MATCH "([^.]*)" API_VERSION "${VERSION}") +ADD_DEFINITIONS("-DAPI_VERSION=\"$(API_VERSION)\"") +ADD_DEFINITIONS("-DSMACK_ENABLED") +ADD_DEFINITIONS("-DSQLCIPHER_HAS_CODEC") + +# IF (CMAKE_BUILD_TYPE MATCHES "DEBUG") + ADD_DEFINITIONS("-DTIZEN_DEBUG_ENABLE") + ADD_DEFINITIONS("-DBUILD_TYPE_DEBUG") +# ENDIF (CMAKE_BUILD_TYPE MATCHES "DEBUG") + +################# common configurations for srcs and test ###################### +SET(DEPENDENTS "openssl dlog key-manager libtzplatform-config") +PKG_CHECK_MODULES(WEB_APP_ENC_DEPS + REQUIRED + ${DEPENDENTS} +) + + +############################ For PC file setting ################################ +SET(PC_NAME ${PROJECT_NAME}) +SET(PC_REQUIRED ${DEPENDENTS}) +SET(PC_LDFLAGS -l${PROJECT_NAME}) +#SET(PC_CFLAGS -I\${includedir}) + + +############################ Target Setting ################################ +SET(TARGET_WEBAPPENC ${PROJECT_NAME}) +SET(TARGET_WAE_INITIALIZER wae_initializer) +SET(TARGET_WAE_ENCRYPTER wae_encrypter) +SET(TARGET_WEBAPPENC_TEST wae_tests) + +############################ Add Sub Directories ################################ +ADD_SUBDIRECTORY(srcs) +ADD_SUBDIRECTORY(build) +ADD_SUBDIRECTORY(resources) +ADD_SUBDIRECTORY(include) +ADD_SUBDIRECTORY(tests) +ADD_SUBDIRECTORY(systemd) + + diff --git a/LICENSE.Apache-2.0 b/LICENSE.Apache-2.0 new file mode 100644 index 0000000..247c97d --- /dev/null +++ b/LICENSE.Apache-2.0 @@ -0,0 +1,203 @@ +Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd. All rights reserved. + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/build/CMakeLists.txt b/build/CMakeLists.txt new file mode 100644 index 0000000..338e7ce --- /dev/null +++ b/build/CMakeLists.txt @@ -0,0 +1,25 @@ +# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @brief +# + +CONFIGURE_FILE(libwebappenc.pc.in libwebappenc.pc @ONLY) + +INSTALL(FILES + ${CMAKE_BINARY_DIR}/build/libwebappenc.pc + DESTINATION + ${LIB_INSTALL_DIR}/pkgconfig + ) diff --git a/build/libwebappenc.pc.in b/build/libwebappenc.pc.in new file mode 100644 index 0000000..2af6c92 --- /dev/null +++ b/build/libwebappenc.pc.in @@ -0,0 +1,11 @@ +prefix=@PREFIX@ +libdir=@PREFIX@/lib +includedir=@PREFIX@/include + +Name: @PC_NAME@ +Description: Web application encryption and decryption service based on key-manager +Version: @VERSION@ +Requires: @PC_REQUIRED@ +Libs: @PC_LDFLAGS@ +Cflags: @PC_CFLAGS@ + diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt new file mode 100644 index 0000000..26e801c --- /dev/null +++ b/include/CMakeLists.txt @@ -0,0 +1,4 @@ +INSTALL(FILES + ${CMAKE_CURRENT_SOURCE_DIR}/web_app_enc.h + DESTINATION ${INCLUDEDIR} + ) diff --git a/include/web_app_enc.h b/include/web_app_enc.h new file mode 100644 index 0000000..2e31a3c --- /dev/null +++ b/include/web_app_enc.h @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + * + * @file web_app_enc.h + * @version 1.0 + * @brief This file contains APIs of WEB_APP_ENC module. +*/ + +#ifndef __WEB_APP_ENC__ +#define __WEB_APP_ENC__ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @addtogroup CAPI_WEB_APP_ENC_MODULE + * @{ + */ + + +typedef enum +{ + WAE_ERROR_NONE = 0x00, /**< Successful */ + WAE_ERROR_INVALID_PARAMETER = - 0x01, /**< Invalid function parameter */ + WAE_ERROR_PERMISSION_DENIED = - 0x02, /**< Permission denied */ + WAE_ERROR_NO_KEY = - 0x03, /**< No key */ + WAE_ERROR_KEY_EXISTS = - 0x04, /**< key already exists*/ + WAE_ERROR_KEY_MANAGER = - 0x05, /**< key-manager internal error */ + WAE_ERROR_CRYPTO = - 0x06, /**< failed in crypto operation */ + WAE_ERROR_MEMORY = - 0x07, /**< failed to allocate memory */ + WAE_ERROR_FILE = - 0x08, /**< failed to read or write a file*/ + WAE_ERROR_UNKNOWN = - 0x09 /** < Unknown error */ +} wae_error_e; + +/** + * @brief Encrypts web application data with internal key(APP DEK: Application Data Encryption Key). + * + * @since_tizen 3.0 + * @param[in] pPkgId The package id of an application. + * @param[in] isPreloaded True(!=0) if the application is preloaded, otherwise false(==0). + * @param[in] pData The data block to be encrypted. + * @param[in] dataLen The length of the data block. + * @param[out] ppEncryptedData The data block contaning encrypted data block. Memory allocated for ppEncryptedData. Has to be freed by free() function. + * @param[out] pEncDataLen The length of the encrypted data block. + * + * @return #WAE_ERROR_NONE on success, otherwise a negative error value + * @retval #WAE_ERROR_INVALID_PARAMETER Invalid input parameter + * @retval #WAE_ERROR_PERMISSION_DENIED Non-authenticated application request + * @retval #WAE_ERROR_NO_KEY No internal key + * @retval #WAE_ERROR_KEY_MANAGER key-manager internal error + * @retval #WAE_ERROR_CRYPTO failed in crypto operation + * @retval #WAE_ERROR_UNKNOWN Failed with unknown reason + * + * @see wae_decrypt_web_application() + */ +int wae_encrypt_web_application(const char* pPkgId, int isPreloaded, const unsigned char* pData, size_t dataLen, unsigned char** ppEncryptedData, size_t* pEncDataLen); + +/** + * @brief Encrypts web application data with internal key. + * + * @since_tizen 3.0 + * @param[in] pPkgId The package id of an application. + * @param[in] isPreloaded True(!=0) if the application is preloaded, otherwise false(==0). + * @param[in] pData The data block to be decrypted. + * @param[in] dataLen The length of the data block. + * @param[out] ppDecryptedData Data block contaning decrypted data block. Memory allocated for ppEncryptedData. Has to be freed by free() function. + * @param[out] pDecDataLen The length of the decrypted data block. + * + * @return #WAE_ERROR_NONE on success, otherwise a negative error value + * @retval #WAE_ERROR_INVALID_PARAMETER Invalid input parameter + * @retval #WAE_ERROR_PERMISSION_DENIED Non-authenticated application request + * @retval #WAE_ERROR_NO_KEY No internal key + * @retval #WAE_ERROR_KEY_MANAGER key-manager internal error + * @retval #WAE_ERROR_CRYPTO failed in crypto operation + * @retval #WAE_ERROR_UNKNOWN Failed with unknown reason + * + * @see wae_encrypt_web_application() + */ +int wae_decrypt_web_application(const char* pPkgId, int isPreloaded, const unsigned char* pData, size_t dataLen, unsigned char** ppDecryptedData, size_t* pDecDataLen); + +/** + * @brief Remove a APP DEK(Application Data Encryption Key) used for encrytpion and decryption of a web application. + * + * @since_tizen 3.0 + * @param[in] pPkgId The package id of an application. + * + * @return #WAE_ERROR_NONE on success, otherwise a negative error value + * @retval #WAE_ERROR_INVALID_PARAMETER Invalid input parameter + * @retval #WAE_ERROR_PERMISSION_DENIED Non-authenticated application request + * @retval #WAE_ERROR_NO_KEY No internal key + * @retval #WAE_ERROR_KEY_MANAGER key-manager internal error + * @retval #WAE_ERROR_UNKNOWN Failed with unknown reason + * + */ +int wae_remove_app_dek(const char* pPkgId); + + +/** + * @} + */ + +#ifdef __cplusplus +} +#endif + +#endif /* __WEB_APP_ENC__ */ + diff --git a/packaging/libwebappenc.manifest b/packaging/libwebappenc.manifest new file mode 100644 index 0000000..226aaa0 --- /dev/null +++ b/packaging/libwebappenc.manifest @@ -0,0 +1,8 @@ + + + + + + + + diff --git a/packaging/libwebappenc.spec b/packaging/libwebappenc.spec new file mode 100644 index 0000000..b3c2cbc --- /dev/null +++ b/packaging/libwebappenc.spec @@ -0,0 +1,115 @@ +Name: libwebappenc +Summary: Web application encryption service +Version: 0.1.0 +Release: 1 +Group: System/Libraries +License: Apache-2.0 +Source0: %{name}-%{version}.tar.gz +Source1001: %{name}.manifest + +Requires(post): /sbin/ldconfig +Requires(postun): /sbin/ldconfig + +BuildRequires: cmake +BuildRequires: pkgconfig(dlog) +BuildRequires: pkgconfig(openssl) +BuildRequires: pkgconfig(key-manager) +BuildRequires: pkgconfig(libtzplatform-config) +Requires: openssl +Requires: pkgconfig(libtzplatform-config) + +%description +Web application encryption and decryption service + +%package devel +Summary: Web application encryption service (development files) +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} + +%description devel +Web application encryption and decryption service (development files) + +%package test +Summary: Web application encryption service (test) +Group: Development +Requires: %{name} = %{version}-%{release} + +%description test +Web application encryption and decryption service (test) + + + +%prep +%setup -q +cp %{SOURCE1001} . + +%build +%{!?build_type:%define build_type "Release"} +%cmake . -DPREFIX=%{_prefix} \ + -DEXEC_PREFIX=%{_exec_prefix} \ + -DINCLUDEDIR=%{_includedir} \ + -DLIBDIR=%{_libdir} \ + -DBINDIR=%TZ_SYS_BIN \ + -DSYSTEMD_UNIT_DIR=%{_unitdir} \ + -DCMAKE_BUILD_TYPE=%{build_type} \ + -DTZ_SYS_BIN=%TZ_SYS_BIN \ + -DTZ_SYS_SHARE=%TZ_SYS_SHARE + +make %{?jobs:-j%jobs} + + +%install +rm -rf %{buildroot} +mkdir -p %{buildroot}%{TZ_SYS_SHARE}/license +cp LICENSE.Apache-2.0 %{buildroot}%{TZ_SYS_SHARE}/license/%{name} +%make_install +mkdir -p %{buildroot}%{_unitdir}/multi-user.target.wants +ln -s ../webappenc-initializer.service %{buildroot}%{_unitdir}/multi-user.target.wants/webappenc-initializer.service + + +%clean +rm -rf %{buildroot} + +%post +/sbin/ldconfig +systemctl daemon-reload +if [ $1 = 1 ]; then + # installation + systemctl start webappenc-initializer.service +fi + +if [ $1 = 2 ]; then + # update + systemctl restart webappenc-initializer.service +fi + +%postun +/sbin/ldconfig +if [ $1 = 0 ]; then + # uninstall + systemctl daemon-reload +fi + + +%files +%defattr(-,root,root,-) +%manifest %{name}.manifest +%{TZ_SYS_SHARE}/license/%{name} +%{_libdir}/%{name}.so.* +%{_unitdir}/webappenc-initializer.service +%{_unitdir}/multi-user.target.wants/webappenc-initializer.service +%{TZ_SYS_BIN}/wae_initializer +%{TZ_SYS_SHARE}/wae/app_dek/WAE_APPDEK_KEK_PrivateKey.pem +%{TZ_SYS_SHARE}/wae/app_dek/WAE_APPDEK_KEK_PublicKey.pem + +%files devel +%defattr(-,root,root,-) +%{_includedir}/* +%{_libdir}/pkgconfig/%{name}.pc +%{_libdir}/%{name}.so + +%files test +%defattr(-,root,root,-) +%{TZ_SYS_BIN}/wae_tests + + diff --git a/resources/CMakeLists.txt b/resources/CMakeLists.txt new file mode 100644 index 0000000..4462cee --- /dev/null +++ b/resources/CMakeLists.txt @@ -0,0 +1,12 @@ +################################################################################ +# for resource install +################################################################################ + +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/resources/WAE_APPDEK_KEK_PublicKey.pem + ${PROJECT_SOURCE_DIR}/resources/WAE_APPDEK_KEK_PrivateKey.pem + DESTINATION ${TZ_SYS_SHARE}/wae/app_dek/ + PERMISSIONS OWNER_READ + OWNER_WRITE +) + diff --git a/resources/README_APP_DEK b/resources/README_APP_DEK new file mode 100644 index 0000000..724b8c2 --- /dev/null +++ b/resources/README_APP_DEK @@ -0,0 +1 @@ +The directory, app_dek, contains APP_DEK files encrypted with APP_DEK_KEK public key. diff --git a/resources/WAE_APPDEK_KEK_PrivateKey.pem b/resources/WAE_APPDEK_KEK_PrivateKey.pem new file mode 100644 index 0000000..e27950c --- /dev/null +++ b/resources/WAE_APPDEK_KEK_PrivateKey.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,F4C783D75B0679F29398E9A3CAB4733D + +kxgW1wGX3TZZ/wtv3g4AOLlZCHoQ6uXVQ0h2ofWjnJs8tas/alR6o8UBRIqCw44t +znUvQ8HlThvzhGgxje/yDDSxCy9mqhgsi2XeTtAeUbMhFL6UArb3cs6M4a37lYoT +llZdFyYkRWJ3vRS33TDrhXDV6GjZWQ05SJ0OYdPJsmA1ENwdH+5NE/xLnqLdTtWr +O3Mn2vi6P9CVqZroCvYBzUaypGcmFhjTIbWmB6inXjoXyddzerh7PTDBDWWacBab +C7gcZC5SrK5YOt6f54ANsVQO8jnkLDx95gUSHYthX1hrQ3Da5Gb6nfYP9RNrHCum +O8RKxSOvv8zwbMlzqtld8xCOb7Nh04f8bofrzZVLZ0T92FcyFQmt1F4U6DNQqHsn +AAqxRxUWsC5k2dX9uZ6RCpEzNYWyPvNe24I/Kt01Geoh1NtCns8CVZcrxyMMtZRK +ZJnYhvNDXDQCDtMJjRBiEXXE++AdA2O6uFoGX3alKwtxAIjGI++pSRlz1GTps26x +5mmLil5wb3KGBfMN4L0R0heDOeiPQrNv7CwX8OlHtA1OKFBtViWdd/uZ2hAko1Tz +YkoYpHPQOV5LZ7dem/XNnwwel9g6AkHhLNJv5ih4Y0CQfPBSs+iiLbMHh/NaGDD9 ++kbcf5Lk4FQGVbJDW9nDAXT6jjMyliTI+hIh5fM2k22qbq6OqBkW6EbOQDMP/R2P +LhFqTgHceNt0mqpcDJdJQ0YKbxVpdkv5f1C4rW+pgUEeHDCQ7vPe4p44xQJ/Z/7Y +AtPwPKzPPJze2cfoUkZd9jXN9g2v2555xnQZU78IEm1nPVBA+hLIaqN1hu1Lkzxy +CwFNo7bMVh3FSBmZVtJlcLsyLxZ9UdoaSr+anfA0lWJPiBzE0whQljZp56l1rL1V +1K8m/dc9rLJ3uDQmYoSRmBZG5zZlVWCip+R9VAHMxRi1x29dFk1jbtQscr63dMI8 +0eOUf28Mw719WWUZVzD08b431DPqWiqrpexUKEXPW8EsrINPfIg180QYt1VUoshs +Tqi/LKM0OV6nlMGh9ieCK8WzVDW8F16krSLo6eJpIPYPZgkHE7fC7Jws1kpUrSnF +GgT6rBA97tJ0EalinuFXbip1X087Quz5USURq18f7/B6nFu0Kd4GhlICsR24j3eB +75SsTNmfUcko8s5QT4rwONEwtRffkGbbNEisCPcleJV68zHvN58mfD7Dl8W3zIO4 +Qk6B1Xy0C4EEniKFfjxIaMEaxrqntBIc+nZE6/+UoGp/Hj9r5ZdzQX2j4837IIdR +CxT4tjXiWBA6u3WaLAZUSM0W0SEORUF9NwzlId1b8A3WxA8XewhAKPaJEr677vzZ +083+neUOuXqqs597romLH1omuffxmHxBzmP+koUtemP78XxCBVWUAB1T+fBRJMz6 +9ZEgDWrMntJ1IaFoGdOWZELgwcXJ0KwWFuk+sieZ5WCCzNmFli9WPN/xSqwmdYw6 +RK9er5Vc8D9mAlmGlz2mpAmzNJHH30zYKT/d0XzBS8z6WBRthaTS3NLsiSeWdELH +b5+WEMOiKvZ19AXU2unHw/XpeVnAISOHhumAqFCwXkjVoMt8LMDawt6ra8N8G+gD +-----END RSA PRIVATE KEY----- diff --git a/resources/WAE_APPDEK_KEK_PublicKey.pem b/resources/WAE_APPDEK_KEK_PublicKey.pem new file mode 100644 index 0000000..f0dfcea --- /dev/null +++ b/resources/WAE_APPDEK_KEK_PublicKey.pem @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0kWtjpRO7Zh2KX2naVE/ +BDJdrfwK9xexfNA0MkY2VJ4J2AKMYTj1D1jntceryupCEHOvP3rum+WsFvPXduz9 ++VKnSsSqj4jcTUubtpDUGA5G79IqLEPFuSBaqI8Uwkzd08pE+s30oaJDnNazMhSq +8JkqBPoCCwtUs73ruE9VbtsBO/kTlASIAfe8nXqcJLcDQgWYhizjJw0Pi6d74oCw +S2OTvQDNvsXfFnA0ZJEEYw/rZLirj7OHoOjz+Sh5N+1uA3Up6SPPEbHuP6L12Yxq +Hdy7gnJXodLhvE/cR4SN9VW7+qmCMBjmLkBejGrEX3STS9sLI7MZHu9Y26dwuYb4 ++wIDAQAB +-----END PUBLIC KEY----- diff --git a/srcs/CMakeLists.txt b/srcs/CMakeLists.txt new file mode 100644 index 0000000..e94a7d4 --- /dev/null +++ b/srcs/CMakeLists.txt @@ -0,0 +1,67 @@ +################################################################################ +# for libwebappenc.so +################################################################################ + +SET(WEB_APP_ENC_SOURCES + ${CMAKE_CURRENT_SOURCE_DIR}/web_app_enc.c + ${CMAKE_CURRENT_SOURCE_DIR}/key_handler.c + ${CMAKE_CURRENT_SOURCE_DIR}/crypto_service.c +) + +INCLUDE_DIRECTORIES( + ${PROJECT_SOURCE_DIR}/include + ${WEB_APP_ENC_DEPS_INCLUDE_DIRS} +) + +ADD_LIBRARY(${TARGET_WEBAPPENC} SHARED ${WEB_APP_ENC_SOURCES}) + +SET_TARGET_PROPERTIES(${TARGET_WEBAPPENC} PROPERTIES + SOVERSION ${SO_VERSION} + VERSION ${VERSION} +) + +TARGET_LINK_LIBRARIES(${TARGET_WEBAPPENC} + pthread + ${WEB_APP_ENC_DEPS_LIBRARIES} +) + +INSTALL(TARGETS ${TARGET_WEBAPPENC} + DESTINATION ${LIBDIR}) + +INSTALL(FILES ${PROJECT_SOURCE_DIR}/include/web_app_enc.h + DESTINATION ${INCLUDEDIR}) + + +################################################################################ +# for wae-initializer +################################################################################ + + +SET(WAE_INITIALIZER_SOURCES + ${CMAKE_CURRENT_SOURCE_DIR}/wae_initializer.c +) + +INCLUDE_DIRECTORIES( + ${PROJECT_SOURCE_DIR}/include + ${WEB_APP_ENC_DEPS_INCLUDE_DIRS} +) + +# -fPIE and -pie flag is added for ASLR +SET_SOURCE_FILES_PROPERTIES( + ${WAE_INITIALIZER_SOURCES} + PROPERTIES + COMPILE_FLAGS "-D_GNU_SOURCE -fvisibility=hidden -fPIE") + +ADD_EXECUTABLE(${TARGET_WAE_INITIALIZER} ${WAE_INITIALIZER_SOURCES}) + + +TARGET_LINK_LIBRARIES(${TARGET_WAE_INITIALIZER} + pthread + ${WEB_APP_ENC_DEPS_LIBRARIES} + ${TARGET_WEBAPPENC} + -pie +) + +INSTALL(TARGETS ${TARGET_WAE_INITIALIZER} + DESTINATION ${BINDIR}) + diff --git a/srcs/crypto_service.c b/srcs/crypto_service.c new file mode 100644 index 0000000..eb1fc20 --- /dev/null +++ b/srcs/crypto_service.c @@ -0,0 +1,372 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + * + * + * @file crypto_service.c + * @author Dongsun Lee (ds73.lee@samsung.com) + * @version 1.0 + * @brief provides encryption and decription operations. + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "web_app_enc.h" +#include "wae_log.h" + +#define AES_256_KEY_SIZE 32 + +#define WAE_FALSE 0 +#define WAE_TRUE 1 + +static unsigned char AES_CBC_IV[16] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x08, 0x39, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F}; + +static int __initialized = WAE_FALSE; + +void _initialize() +{ + if(__initialized != WAE_TRUE) { + ERR_load_crypto_strings(); + OpenSSL_add_all_algorithms(); + __initialized = WAE_TRUE; + } +} + + + +int encrypt_app_dek(const unsigned char* rsaPublicKey, size_t pubKeyLen, + const unsigned char* dek, size_t dekLen, + unsigned char** encryptedDek, size_t* encryptedDekLen) +{ + int ret = WAE_ERROR_NONE; + EVP_PKEY *pKey = NULL; + BIO* bio = NULL; + EVP_PKEY_CTX *ctx = NULL; + unsigned char* out = NULL; + size_t outLen = 0; + + _initialize(); + + bio = BIO_new(BIO_s_mem()); + BIO_write(bio, rsaPublicKey, pubKeyLen); + pKey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL); + + if(pKey == NULL){ + BIO_reset(bio); + BIO_write(bio, rsaPublicKey, pubKeyLen); + pKey = d2i_PUBKEY_bio(bio, NULL); + } + + if(pKey == NULL) { + ret = WAE_ERROR_FILE; + WAE_SLOGE("Failt to convert to public key."); + goto error; + } + + ctx = EVP_PKEY_CTX_new(pKey, NULL); + if(ctx == NULL) { + WAE_SLOGE("Encrypt APP DEK Failed. EVP_PKEY_CTX_new failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + if (EVP_PKEY_encrypt_init(ctx) <= 0) { + WAE_SLOGE("Encrypt APP DEK Failed. EVP_PKEY_encrypt_init failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) { + WAE_SLOGE("Encrypt APP DEK Failed. EVP_PKEY_CTX_set_rsa_padding failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + /* Determine buffer length */ + if (EVP_PKEY_encrypt(ctx, NULL, &outLen, dek, dekLen) <= 0) { + WAE_SLOGE("Encrypt APP DEK Failed. EVP_PKEY_encrypt failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + out = OPENSSL_malloc(outLen); + if(out == NULL) { + WAE_SLOGE("Encrypt APP DEK Failed. OPENSSL_malloc failed"); + ret = WAE_ERROR_MEMORY; + goto error; + } + + if (EVP_PKEY_encrypt(ctx, out, &outLen, dek, dekLen) <= 0) { + WAE_SLOGE("Encrypt APP DEK Failed. EVP_PKEY_encrypt failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + *encryptedDek = out; + *encryptedDekLen = outLen; + +error: + if(bio != NULL) + BIO_free(bio); + if(pKey != NULL) + EVP_PKEY_free(pKey); + if(ctx != NULL) + EVP_PKEY_CTX_free(ctx); + if(ret != WAE_ERROR_NONE && out != NULL) + OPENSSL_free(out); + + return ret; +} + +int decrypt_app_dek(const unsigned char* rsaPrivateKey, size_t priKeyLen, + const char* priKeyPassword, + const unsigned char* encryptedDek, size_t dencryptedDekLen, + unsigned char** decryptedDek, size_t* decryptedDekLen) +{ + int ret = WAE_ERROR_NONE; + EVP_PKEY *pKey = NULL; + BIO* bio = NULL; + EVP_PKEY_CTX *ctx = NULL; + unsigned char* out = NULL; + size_t outLen = 0; + + _initialize(); + + bio = BIO_new(BIO_s_mem()); + BIO_write(bio, rsaPrivateKey, priKeyLen); + pKey = PEM_read_bio_PrivateKey(bio, NULL, NULL, (void *)priKeyPassword); + + if(pKey == NULL) { + BIO_reset(bio); + BIO_write(bio, rsaPrivateKey, priKeyLen); + pKey = d2i_PrivateKey_bio(bio, NULL); + } + + if(pKey == NULL) { + ret = WAE_ERROR_FILE; + WAE_SLOGE("Failt to convert to public key."); + goto error; + } + + ctx = EVP_PKEY_CTX_new(pKey, NULL); + if(ctx == NULL) { + WAE_SLOGE("Decrypt APP DEK Failed. EVP_PKEY_CTX_new failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + if (EVP_PKEY_decrypt_init(ctx) <= 0) { + WAE_SLOGE("Decrypt APP DEK Failed. EVP_PKEY_decrypt_init failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) { + WAE_SLOGE("Decrypt APP DEK Failed. EVP_PKEY_CTX_set_rsa_padding failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + /* Determine buffer length */ + if (EVP_PKEY_decrypt(ctx, NULL, &outLen, encryptedDek, dencryptedDekLen) <= 0) { + WAE_SLOGE("Decrypt APP DEK Failed. EVP_PKEY_decrypt failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + out = OPENSSL_malloc(outLen); + if(out == NULL) { + WAE_SLOGE("Decrypt APP DEK Failed. OPENSSL_malloc failed"); + ret = WAE_ERROR_MEMORY; + goto error; + } + + if (EVP_PKEY_decrypt(ctx, out, &outLen, encryptedDek, dencryptedDekLen) <= 0) { + WAE_SLOGE("Encrypt APP DEK Failed. EVP_PKEY_decrypt failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + *decryptedDek = out; + *decryptedDekLen = outLen; + +error: + if(bio != NULL) + BIO_free(bio); + if(pKey != NULL) + EVP_PKEY_free(pKey); + if(ctx != NULL) + EVP_PKEY_CTX_free(ctx); + if(ret != WAE_ERROR_NONE && out != NULL) + OPENSSL_free(out); + + return ret; +} + + +int encrypt_aes_cbc(const unsigned char* pKey, size_t keyLen, + const unsigned char* pData, size_t dataLen, + unsigned char** ppEncryptedData, size_t* pEncDataLen) +{ + EVP_CIPHER_CTX *ctx; + int len; + unsigned char *ciphertext = NULL; + size_t ciphertext_len; + unsigned char *iv = AES_CBC_IV; + int ret = WAE_ERROR_NONE; + + _initialize(); + + WAE_SLOGI("Encryption Started. size=%d", dataLen); + /* check input paramter */ + if( keyLen != 32 ) { + WAE_SLOGE("Encryption Failed. Invalid Key Length. keyLen=%d", keyLen); + return WAE_ERROR_INVALID_PARAMETER; + } + + // assing a enough memory for decryption. + ciphertext = (unsigned char*) malloc(dataLen + 32); + + /* Create and initialise the context */ + if(!(ctx = EVP_CIPHER_CTX_new())) { + WAE_SLOGE("Encryption Failed. EVP_CIPHER_CTX_new failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + /* Initialise the encryption operation. IMPORTANT - ensure you use a key + * and IV size appropriate for your cipher + * In this example we are using 256 bit AES (i.e. a 256 bit key). The + * IV size for *most* modes is the same as the block size. For AES this + * is 128 bits */ + if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, pKey, iv)) { + WAE_SLOGE("Encryption Failed. EVP_EncryptInit_ex failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + /* Provide the message to be encrypted, and obtain the encrypted output. + * EVP_EncryptUpdate can be called multiple times if necessary + */ + if(1 != EVP_EncryptUpdate(ctx, ciphertext, &len, pData, dataLen)) { + WAE_SLOGE("Encryption Failed. EVP_EncryptUpdate failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + ciphertext_len = len; + + /* Finalise the encryption. Further ciphertext bytes may be written at + * this stage. + */ + if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) { + WAE_SLOGE("Encryption Failed. EVP_EncryptFinal_ex failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + ciphertext_len += len; + + *ppEncryptedData = ciphertext; + *pEncDataLen = ciphertext_len; + + ret = WAE_ERROR_NONE; + WAE_SLOGI("Encryption Ended Successfully. encrypted_len", ciphertext_len); +error: + if(ctx != NULL) + EVP_CIPHER_CTX_free(ctx); + if(ret != WAE_ERROR_NONE && ciphertext != NULL) + free(ciphertext); + return ret; +} + +int decrypt_aes_cbc(const unsigned char* pKey, size_t keyLen, + const unsigned char* pData, size_t dataLen, + unsigned char** ppDecryptedData, size_t* pDecDataLen) +{ + EVP_CIPHER_CTX *ctx; + int len; + unsigned char* plaintext = NULL; + size_t plaintext_len; + unsigned char *iv = AES_CBC_IV; + int ret = WAE_ERROR_NONE; + + _initialize(); + + WAE_SLOGI("Decryption Started. size=%d", dataLen); + + /* check input paramter */ + if( keyLen != 32 ) { + WAE_SLOGE("Decryption Failed. Invalid Key Length. keyLen=%d", keyLen); + return WAE_ERROR_INVALID_PARAMETER; + } + + // assing a enough memory for decryption. + plaintext = (unsigned char*) malloc(dataLen); + + /* Create and initialise the context */ + if(!(ctx = EVP_CIPHER_CTX_new())) { + WAE_SLOGE("Decryption Failed. EVP_CIPHER_CTX_new failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + /* Initialise the decryption operation. IMPORTANT - ensure you use a key + * and IV size appropriate for your cipher + * In this example we are using 256 bit AES (i.e. a 256 bit key). The + * IV size for *most* modes is the same as the block size. For AES this + * is 128 bits */ + if(1 != EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, pKey, iv)) { + WAE_SLOGE("Decryption Failed. EVP_DecryptInit_ex failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + /* Provide the message to be decrypted, and obtain the plaintext output. + * EVP_DecryptUpdate can be called multiple times if necessary + */ + if(1 != EVP_DecryptUpdate(ctx, plaintext, &len, pData, dataLen)) { + WAE_SLOGE("Decryption Failed. EVP_DecryptUpdate failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + plaintext_len = len; + + /* Finalise the decryption. Further plaintext bytes may be written at + * this stage. + */ + if(1 != EVP_DecryptFinal_ex(ctx, plaintext + len, &len)) { + WAE_SLOGE("Decryption Failed. EVP_DecryptFinal_ex failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + plaintext_len += len; + + *ppDecryptedData = plaintext; + *pDecDataLen = plaintext_len; + + ret = WAE_ERROR_NONE; + WAE_SLOGI("Decryption Ended Successfully. decrypted_len", plaintext_len); +error: + if(ctx != NULL) + EVP_CIPHER_CTX_free(ctx); + if(ret != WAE_ERROR_NONE && plaintext != NULL) + free(plaintext); + return ret; +} + diff --git a/srcs/crypto_service.h b/srcs/crypto_service.h new file mode 100644 index 0000000..c49c34b --- /dev/null +++ b/srcs/crypto_service.h @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + * + * + * @file crypto_service.h + * @author Dongsun Lee (ds73.lee@samsung.com) + * @version 1.0 + * @brief a header for key manupulatation. + */ + + + +#ifndef __TIZEN_CORE_WAE_CRYPTO_SERVICE_H +#define __TIZEN_CORE_WAE_CRYPTO_SERVICE_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + + +int encrypt_app_dek(const unsigned char* rsaPublicKey, size_t pubKeyLen, + const unsigned char* dek, const int dekLen, + unsigned char** encryptedDek, size_t* encryptedDekLen); + +int decrypt_app_dek(const unsigned char* rsaPrivateKey, size_t priKeyLen, + const char* priKeyPassword, + const unsigned char* encryptedDek, size_t dencryptedDekLen, + unsigned char** decryptedDek, size_t* decryptedDekLen); + + +int encrypt_aes_cbc(const unsigned char* pKey, size_t keyLen, + const unsigned char* pData, size_t dataLen, + unsigned char** ppEncryptedData, size_t* pEncDataLen); + +int decrypt_aes_cbc(const unsigned char* pKey, size_t keyLen, + const unsigned char* pData, size_t dataLen, + unsigned char** ppDecryptedData, size_t* pDecDataLen); + +#ifdef __cplusplus +} +#endif +#endif /* __TIZEN_CORE_WAE_CRYPTO_SERVICE_H */ + diff --git a/srcs/key_handler.c b/srcs/key_handler.c new file mode 100644 index 0000000..4ec4e5c --- /dev/null +++ b/srcs/key_handler.c @@ -0,0 +1,744 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + * + * + * @file key_handler.c + * @author Dongsun Lee (ds73.lee@samsung.com) + * @version 1.0 + * @brief a header for key manupulatation. + */ + +#include +#include +#include +#include +#include +#include +#include "wae_log.h" +#include "web_app_enc.h" +#include "key_handler.h" +#include "crypto_service.h" + +#include + +#define APP_DEK_KEK_PRIKEY_PASSWORD "wae_appdek_kek_1q2w3e4r" + + +typedef struct _dek_cache_element{ + char pkgId[MAX_PKGID_LEN]; + unsigned char dek[DEK_LEN]; +} dek_cache_element; + +dek_cache_element APP_DEK_CACHE[MAX_CACHE_SIZE]; +int NEXT_CACHE_IDX = -1; + +void _initialize_cache() +{ + NEXT_CACHE_IDX = 0; + memset(APP_DEK_CACHE, 0, sizeof(dek_cache_element)*MAX_CACHE_SIZE); +} + +unsigned char* _get_app_dek_from_cache(const char* pkgId) +{ + int i = 0; + + if(NEXT_CACHE_IDX < 0) + _initialize_cache(); + + for(i =0; i= MAX_CACHE_SIZE) + NEXT_CACHE_IDX = 0; +} + +void _remove_app_dek_from_cache(const char* pkgId) +{ + int i = 0; + + for(i =0; idata, DEK_LEN); + + *ppDek = pDek; + *dekLen = DEK_LEN; + WAE_SLOGI("Success to get APP_DEK from key-manager. pkgId=%s", pPkgId); +error: + if(pDekBuffer != NULL) + ckmc_buffer_free(pDekBuffer); + if(ret != WAE_ERROR_NONE && pDek != NULL) + free(pDek); + + return ret; +} + +int create_app_dek(const char* pPkgId, unsigned char** ppDek, size_t* dekLen) +{ + int ret = WAE_ERROR_NONE; + unsigned char *dek= NULL; + + dek = (unsigned char*) malloc(DEK_LEN); + if(dek == NULL) { + ret = WAE_ERROR_MEMORY; + goto error; + } + + ret = _get_random(DEK_LEN, dek); + if(ret != WAE_ERROR_NONE) { + WAE_SLOGE("Fail to get random for APP_DEK. pkgId=%s, ret=%d", pPkgId, ret); + goto error; + } + + // save app_dek in key_manager + ret = _add_dek_to_key_manager(pPkgId, dek, DEK_LEN); + if(ret != WAE_ERROR_NONE) { + goto error; + } + + // store APP_DEK in cache + _add_app_dek_to_cache(pPkgId, dek); + + *ppDek = dek; + *dekLen = DEK_LEN; + + WAE_SLOGI("Success to create APP_DEK and store it in key-manager. pkgId=%s", pPkgId); +error: + if(ret != WAE_ERROR_NONE && dek != NULL) + free(dek); + + return ret; +} + +int get_preloaded_app_dek(const char* pPkgId, unsigned char** ppDek, size_t* dekLen) +{ + int ret = WAE_ERROR_NONE; + unsigned char* cached_dek= NULL; + unsigned char* dek = NULL; + + // get dek from cache + cached_dek = _get_app_dek_from_cache(pPkgId); + if(cached_dek == NULL) { + WAE_SLOGE("Fail to get APP_DEK from cache for preloaded app"); + ret = WAE_ERROR_NO_KEY; + goto error; + } + + dek = (unsigned char*) malloc(DEK_LEN); + if(dek == NULL) { + WAE_SLOGE("Fail to allocate memory for preloaded app dek"); + ret = WAE_ERROR_MEMORY; + goto error; + } + memcpy(dek, cached_dek, DEK_LEN); + + *ppDek = dek; + *dekLen = DEK_LEN; +error: + if(ret != WAE_ERROR_NONE && dek != NULL) + free(dek); + + return ret; +} + +int create_preloaded_app_dek(const char* pPkgId, unsigned char** ppDek, size_t* dekLen) +{ + int ret = WAE_ERROR_NONE; + unsigned char* dek = NULL; + unsigned char* encrypted_app_dek = NULL; + size_t encrypted_app_dek_len = 0; + unsigned char* pubKey = NULL; + size_t pubKeyLen = 0; + + // create APP_DEK + dek = (unsigned char*) malloc(DEK_LEN); + if(dek == NULL) { + ret = WAE_ERROR_MEMORY; + goto error; + } + + ret = _get_random(DEK_LEN, dek); + if(ret != WAE_ERROR_NONE) { + goto error; + } + + // encrypt APP_DEK with APP_DEK_KEK + ret = _read_from_file(_get_dek_kek_pub_key_path(), &pubKey, &pubKeyLen); + if(ret != WAE_ERROR_NONE) { + WAE_SLOGE("Fail to read APP_DEK_KEK Public Key"); + goto error; + } + + ret = encrypt_app_dek(pubKey, pubKeyLen, dek, DEK_LEN, &encrypted_app_dek, &encrypted_app_dek_len); + if(ret != WAE_ERROR_NONE) { + WAE_SLOGE("Fail to encrypt APP_DEK with APP_DEK_KEK"); + goto error; + } + + // write APP_DEK in a file + ret = _write_encrypted_app_dek_to_file(pPkgId, encrypted_app_dek, encrypted_app_dek_len); + if(ret != WAE_ERROR_NONE) { + WAE_SLOGE("Fail to write encrypted APP_DEK. pkgId=%s", pPkgId); + goto error; + } + + // store APP_DEK in cache + _add_app_dek_to_cache(pPkgId, dek); + + *ppDek = dek; + *dekLen = DEK_LEN; + WAE_SLOGI("Success to create preleaded APP_DEK and write it in initail value file. pkgId=%s", pPkgId); + +error: + if(pubKey != NULL) + free(pubKey); + if(encrypted_app_dek != NULL) + free(encrypted_app_dek); + if(ret != WAE_ERROR_NONE && dek != NULL) + free(dek); + return ret; +} + + +int _get_app_dek_kek(unsigned char** ppDekKek, size_t* kekLen) +{ + int ret = WAE_ERROR_NONE; + + ret = _read_from_file(_get_dek_kek_pri_key_path(), ppDekKek, kekLen); + if(ret != WAE_ERROR_NONE) { + WAE_SLOGE("Fail to read APP_DEK_KEK Private Key"); + return ret; + } +/* + char* password = NULL; + ckmc_raw_buffer_s *pKekBuffer = NULL; + unsigned char* pKek = NULL; + + char dek_kek_alias[MAX_ALIAS_LEN] = {0, }; + _get_dek_kek_alias(dek_kek_alias, sizeof(dek_kek_alias)); + + ret = _to_wae_error(ckmc_get_data(dek_kek_alias, password, &pKekBuffer)); + if(ret != WAE_ERROR_NONE) { + WAE_SLOGE("Fail to get APP_DEK_KEK from key-manager. alias=%s, ret=%d", APP_DEK_KEK_ALIAS, ret); + goto error; + } + + pKek = (unsigned char*) malloc(pKekBuffer->size); + if(pKek == NULL) { + WAE_SLOGE("Fail to allocate a memory"); + ret = WAE_ERROR_MEMORY; + goto error; + } + memcpy(pKek, pKekBuffer->data, pKekBuffer->size); + + *ppDekKek = pKek; + *kekLen = pKekBuffer->size; + WAE_SLOGI("Success to get APP_DEK_KEK from key-manager."); +error: + if(pKekBuffer != NULL) + ckmc_buffer_free(pKekBuffer); + if(ret != WAE_ERROR_NONE && pKek != NULL) + free(pKek); +*/ + return ret; +} + + +int _get_app_deks_loaded() +{ + int ret = WAE_ERROR_NONE; + + ckmc_raw_buffer_s *pBuffer = NULL; + char loading_done_alias[MAX_ALIAS_LEN] = {0, }; + + _get_dek_loading_done_alias(loading_done_alias, sizeof(loading_done_alias)); + + ret = _to_wae_error(ckmc_get_data(loading_done_alias, NULL, &pBuffer)); + if(ret == WAE_ERROR_NO_KEY) { + WAE_SLOGI("APP_DEK_LOADING was not done"); + } else if(ret == WAE_ERROR_NONE) { + WAE_SLOGI("APP_DEK_LOADING was already done"); + } else { + WAE_SLOGE("Fail to get information from key-manager about APP_DEK_LOADING_DONE_ALIAS. ret=%d", ret); + goto error; + } + +error: + if(pBuffer != NULL) + ckmc_buffer_free(pBuffer); + + return ret; +} + +int _set_app_deks_loaded() +{ + int ret = WAE_ERROR_NONE; + ckmc_raw_buffer_s buff; + ckmc_policy_s policy; + unsigned char dummyData[1] = {0}; + + buff.data = dummyData; + buff.size = sizeof(dummyData); + + policy.password = NULL; + policy.extractable = true; + + char loading_done_alias[MAX_ALIAS_LEN] = {0, }; + _get_dek_loading_done_alias(loading_done_alias, sizeof(loading_done_alias)); + + ret = _to_wae_error(ckmc_save_data(loading_done_alias, buff, policy)); + if(ret == WAE_ERROR_KEY_EXISTS) { + WAE_SLOGI("APP_DEK_LOADING was already done"); + ret = WAE_ERROR_NONE; + } else if(ret != WAE_ERROR_NONE) { + WAE_SLOGE("Fail to set APP_DEK_LOADING_DONE_ALIAS to key-manager. ret=%d", ret); + goto error; + } + + WAE_SLOGI("Success to set APP_DEK_LOADING_DONE_ALIAS to key-manager."); +error: + return ret; +} + +int _clear_app_deks_loaded() +{ + int ret = WAE_ERROR_NONE; + char loading_done_alias[MAX_ALIAS_LEN] = {0, }; + _get_dek_loading_done_alias(loading_done_alias, sizeof(loading_done_alias)); + + ret = _to_wae_error(ckmc_remove_alias(loading_done_alias)); + if(ret == WAE_ERROR_NO_KEY) { + WAE_SLOGI("APP_DEK_LOADING_DONE_ALIAS was not set to key-manager before."); + ret = WAE_ERROR_NONE; + }else if(ret != WAE_ERROR_NONE) { + WAE_SLOGE("Fail to clear APP_DEK_LOADING_DONE_ALIAS to key-manager. ret=%d", ret); + } + + return ret; +} + +int load_preloaded_app_deks(int reload) +{ + int ret = WAE_ERROR_NONE; + + char pkgId[MAX_PKGID_LEN] = {0, }; + + DIR *dir = NULL; + struct dirent entry; + struct dirent *result; + int error; + char file_path_buff[MAX_PATH_LEN]; + unsigned char* encrypted_app_dek = NULL; + size_t encrypted_app_dek_len = 0; + unsigned char* app_dek = NULL; + size_t app_dek_len = 0; + unsigned char* priKey = NULL; + size_t priKeyLen = 0; + + int error_during_loading = 0; + + if(reload != WAE_TRUE) { + // check if all deks were already loaded into key-manager. + ret = _get_app_deks_loaded(); + if(ret == WAE_ERROR_NONE) { + return ret; + } + } + + ret = _get_app_dek_kek(&priKey, &priKeyLen); + if(ret != WAE_ERROR_NONE) { + WAE_SLOGE("Fail to get APP_DEK_KEK Private Key"); + return ret; + } + + dir = opendir(_get_dek_store_path()); + if(dir == NULL) { + WAE_SLOGE("Fail to open dir. dir=%s", _get_dek_store_path()); + ret = WAE_ERROR_FILE; + goto error; + } + + for(;;) { + error = readdir_r(dir, &entry, &result); + if( error != 0 ) { + ret = WAE_ERROR_FILE; + goto error; + } + // readdir_r returns NULL in *result if the end + // of the directory stream is reached + if(result == NULL) + break; + + // regular file && start with KEY_MANAGER_INITIAL_VALUE_FILE_PFX + if(entry.d_type == DT_REG && strstr(entry.d_name, APP_DEK_FILE_PFX) != NULL) { + memset(file_path_buff, 0, sizeof(file_path_buff)); + sprintf(file_path_buff, "%s/%s", _get_dek_store_path(), entry.d_name); + + ret = _extract_pkg_id_from_file_name(entry.d_name, pkgId); + if(ret != WAE_ERROR_NONE) { + WAE_SLOGW("Fail to extract pkgid from file. It will be ignored. file=%s",file_path_buff); + continue; + } + + ret = _read_from_file(file_path_buff, &encrypted_app_dek, &encrypted_app_dek_len); + if(ret != WAE_ERROR_NONE || encrypted_app_dek == NULL) { + error_during_loading++; + WAE_SLOGW("Fail to read file. It will be ignored. file=%s",file_path_buff); + continue; + } + + ret = decrypt_app_dek(priKey, priKeyLen, APP_DEK_KEK_PRIKEY_PASSWORD, + encrypted_app_dek, encrypted_app_dek_len, + &app_dek, &app_dek_len); + if(ret != WAE_ERROR_NONE || app_dek == NULL) { + error_during_loading++; + WAE_SLOGW("Fail to decrypt APP DEK. It will be ignored. file=%s",file_path_buff); + continue; + } + + // save app_dek in key_manager + ret = _add_dek_to_key_manager(pkgId, app_dek, app_dek_len); + // free temp objects + free(app_dek); + free(encrypted_app_dek); + app_dek = NULL; + encrypted_app_dek = NULL; + + if(ret == WAE_ERROR_KEY_EXISTS) { + WAE_SLOGI("Key Manager already has APP_DEK. It will be ignored. file=%s",file_path_buff); + continue; + }else if(ret != WAE_ERROR_NONE) { + error_during_loading++; + WAE_SLOGW("Fail to add APP DEK to key-manager. file=%s",file_path_buff); + continue; + } + } + } + + ret = _set_app_deks_loaded(); + if(ret == WAE_ERROR_NONE) { + WAE_SLOGI("Success to load_preloaded_app_deks"); + ret = WAE_ERROR_NONE; + }else { + WAE_SLOGW("Fail to _set_app_deks_loaded to key-manager. ret=%d", ret); + } +error: + if(priKey != NULL) + free(priKey); + + return ret; +} + + +int remove_app_dek(const char* pPkgId) +{ + int ret = CKMC_ERROR_NONE; + char alias[MAX_ALIAS_LEN] = {0,}; + + _get_alias(pPkgId, alias,sizeof(alias)); + + ret = _to_wae_error(ckmc_remove_alias(alias)); + if(ret != WAE_ERROR_NONE) { + WAE_SLOGE("Fail to remove APP_DEK from key-manager. pkgId=%s, alias=%s, ret=%d", pPkgId, alias, ret); + goto error; + } + + _remove_app_dek_from_cache(pPkgId); + WAE_SLOGI("Success to remove APP_DEK from key-manager. pkgId=%s", pPkgId); +error: + return WAE_ERROR_NONE; +} diff --git a/srcs/key_handler.h b/srcs/key_handler.h new file mode 100644 index 0000000..c855241 --- /dev/null +++ b/srcs/key_handler.h @@ -0,0 +1,86 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + * + * + * @file key_handler.h + * @author Dongsun Lee (ds73.lee@samsung.com) + * @version 1.0 + * @brief a header for key manupulatation. + */ + + + +#ifndef __TIZEN_CORE_WAE_KEY_HANDLER_H +#define __TIZEN_CORE_WAE_KEY_HANDLER_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +#define APP_DEK_ALIAS_PFX "APP_DEK_" +#define APP_DEK_LOADING_DONE_ALIAS "APP_DEKS_LOADING_FINISHED" + +#define DEK_LEN 32 +#define MAX_ALIAS_LEN 256 +#define MAX_PKGID_LEN 256 +#define MAX_PATH_LEN 512 +#define MAX_CACHE_SIZE 100 + + +#define RANDOM_FILE "/dev/urandom" +#define APP_DEK_FILE_PFX "WAE_APP_DEK" +#define APP_DEK_KEK_ALIAS "WAE_APP_DEK_KEK" + +#define WAE_TRUE 1 +#define WAE_FALSE 0 + +void _initialize_cache(); +unsigned char* _get_app_dek_from_cache(const char* pkgId); +void _add_app_dek_to_cache(const char* pkgId, unsigned char* dek); +void _remove_app_dek_from_cache(const char* pkgId); +int _get_random(size_t length, unsigned char* random); +void _get_alias(const char* pPkgId, char* alias, size_t buff_len); +void _get_dek_kek_alias(char* alias, size_t buff_len); +void _get_dek_loading_done_alias(char* alias, size_t buff_len); +const char* _get_dek_kek_pub_key_path(); +const char* _get_dek_kek_pri_key_path(); +const char* _get_dek_store_path(); +int _add_dek_to_key_manager(const char* pPkgId, const unsigned char* pDek, size_t len); +int _get_preloaded_app_dek_file_path(const char* pPkgId, char *path); +int _extract_pkg_id_from_file_name(const char* fileName, char* pkgId); +int _read_encrypted_app_dek_from_file(const char* pPkgId, unsigned char** encrypted_app_dek, size_t*len); +int _write_encrypted_app_dek_to_file(const char* pPkgId, const unsigned char* encrypted_app_dek, size_t len); +int _read_from_file(const char* path, unsigned char** data, size_t* len); +int _write_to_file(const char* path, const unsigned char* data, size_t len); +int _get_app_dek_kek_from_key_manager(unsigned char** ppDekKek, size_t* kekLen); +int _get_app_deks_loaded(); +int _set_app_deks_loaded(); +int _clear_app_deks_loaded(); + +int get_app_dek(const char* pPkgId, unsigned char** ppDek, size_t *dekLen); +int create_app_dek(const char* pPkgId, unsigned char** ppDek, size_t *dekLen); +int get_preloaded_app_dek(const char* pPkgId, unsigned char** ppDek, size_t* dekLen); +int create_preloaded_app_dek(const char* pPkgId, unsigned char** ppDek, size_t *dekLen); +int load_preloaded_app_deks(int reload); +int remove_app_dek(const char* pPkgId); + + +#ifdef __cplusplus +} +#endif +#endif /* __TIZEN_CORE_WAE_KEY_HANDLER_H */ + diff --git a/srcs/wae_initializer.c b/srcs/wae_initializer.c new file mode 100644 index 0000000..011c8a0 --- /dev/null +++ b/srcs/wae_initializer.c @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + * + * + * @file wae_initializer.c + * @author Dongsun Lee (ds73.lee@samsung.com) + * @version 1.0 + * @brief tool for importing APP DEKs during booting + */ + +#include "key_handler.h" +#include "web_app_enc.h" +#include "wae_log.h" +#include + +int main(int argc, char* argv[]) +{ + int ret = WAE_ERROR_NONE; + int reload = WAE_FALSE; + + if(argc == 2 && strcmp(argv[1], "--reload")==0) { + reload = WAE_TRUE; + } + + ret = load_preloaded_app_deks(reload); + if(ret == WAE_ERROR_NONE) { + printf("WAE INITIALIZER was finished successfully.\n"); + WAE_SLOGI("WAE INITIALIZER was finished successfully."); + return 0; + }else { + printf("WAE INITIALIZER was finished with error. ret=%d\n", ret); + WAE_SLOGE("WAE INITIALIZER was finished with error. ret=%d", ret); + return -1; + } +} diff --git a/srcs/wae_log.h b/srcs/wae_log.h new file mode 100644 index 0000000..6dfe44a --- /dev/null +++ b/srcs/wae_log.h @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + * + * + * @file wae_log.h + * @author Dongsun Lee (ds73.lee@samsung.com) + * @version 1.0 + * @brief a header for loggin. + */ + +#ifndef __WAE_LOG_H__ +#define __WAE_LOG_H__ + +/* Use DLOG logging mechanism */ +#include + +#define TAG_WAE "WAE" + +#define WAE_SLOGD(format, arg...) SLOG(LOG_DEBUG, TAG_WAE, format, ##arg) +#define WAE_SLOGI(format, arg...) SLOG(LOG_INFO, TAG_WAE, format, ##arg) +#define WAE_SLOGW(format, arg...) SLOG(LOG_WARN, TAG_WAE, format, ##arg) +#define WAE_SLOGE(format, arg...) SLOG(LOG_ERROR, TAG_WAE, format, ##arg) +#define WAE_SLOGF(format, arg...) SLOG(LOG_FATAL, TAG_WAE, format, ##arg) + +#endif /* __WAE_LOG_H__*/ + diff --git a/srcs/web_app_enc.c b/srcs/web_app_enc.c new file mode 100644 index 0000000..7bc8484 --- /dev/null +++ b/srcs/web_app_enc.c @@ -0,0 +1,213 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + * + * + * @file web_app_enc.c + * @author Dongsun Lee (ds73.lee@samsung.com) + * @version 1.0 + * @brief provides fucntions for encryption and decryption of web application. + */ + +#include +#include + +#include "web_app_enc.h" +#include "key_handler.h" +#include "crypto_service.h" +#include "wae_log.h" + + +int _wae_encrypt_downloaded_web_application(const char* pPkgId, + const unsigned char* pData, size_t dataLen, + unsigned char** ppEncryptedData, size_t* pEncDataLen) +{ + int ret = WAE_ERROR_NONE; + unsigned char *pDek = NULL; + size_t dekLen = -1; + + if(pPkgId == NULL) { + WAE_SLOGE("Invalid Parameter. pPkgId is NULL"); + ret = WAE_ERROR_INVALID_PARAMETER; + goto error; + } + if(pData == NULL || dataLen <= 0) { + WAE_SLOGE("Invalid Parameter. pData is NULL or invalid dataLen(%d)", dataLen); + ret = WAE_ERROR_INVALID_PARAMETER; + goto error; + } + if(ppEncryptedData == NULL || pEncDataLen == NULL) { + WAE_SLOGE("Invalid Parameter. ppEncryptedData or pEncDataLen is NULL"); + ret = WAE_ERROR_INVALID_PARAMETER; + goto error; + } + + // get APP_DEK. + // if not exists, create APP_DEK + ret = get_app_dek(pPkgId, &pDek, &dekLen); + if(ret == WAE_ERROR_NO_KEY) { + ret = create_app_dek(pPkgId, &pDek, &dekLen); + } + if(ret != WAE_ERROR_NONE) { + goto error; + } + + // encrypt + ret = encrypt_aes_cbc(pDek, dekLen, pData, dataLen, ppEncryptedData, pEncDataLen); + if(ret != WAE_ERROR_NONE) { + goto error; + } + +error: + if(pDek != NULL) + free(pDek); + + return ret; +} + +int _wae_decrypt_downloaded_web_application(const char* pPkgId, + const unsigned char* pData, size_t dataLen, + unsigned char** ppDecryptedData, size_t* pDecDataLen) +{ + int ret = WAE_ERROR_NONE; + unsigned char *pDek = NULL; + size_t dekLen = -1; + + if(pPkgId == NULL) { + WAE_SLOGE("Invalid Parameter. pPkgId is NULL"); + ret = WAE_ERROR_INVALID_PARAMETER; + goto error; + } + if(pData == NULL || dataLen <= 0) { + WAE_SLOGE("Invalid Parameter. pData is NULL or invalid dataLen(%d)", dataLen); + ret = WAE_ERROR_INVALID_PARAMETER; + goto error; + } + if(ppDecryptedData == NULL || pDecDataLen == NULL) { + WAE_SLOGE("Invalid Parameter. ppDecryptedData or pDecDataLen is NULL"); + ret = WAE_ERROR_INVALID_PARAMETER; + goto error; + } + + ret = get_app_dek(pPkgId, &pDek, &dekLen); + if(ret != WAE_ERROR_NONE) { + goto error; + } + + // decrypt + ret = decrypt_aes_cbc(pDek, dekLen, pData, dataLen, ppDecryptedData, pDecDataLen); + if(ret != WAE_ERROR_NONE) { + goto error; + } + +error: + if(pDek != NULL) + free(pDek); + + return ret; +} + +int _wae_encrypt_preloaded_web_application(const char* pPkgId, + const unsigned char* pData, size_t dataLen, + unsigned char** ppEncryptedData, size_t* pEncDataLen) +{ + + int ret = WAE_ERROR_NONE; + unsigned char *pDek = NULL; + size_t dekLen = -1; + + if(pPkgId == NULL) { + WAE_SLOGE("Invalid Parameter. pPkgId is NULL"); + ret = WAE_ERROR_INVALID_PARAMETER; + goto error; + } + if(pData == NULL || dataLen <= 0) { + WAE_SLOGE("Invalid Parameter. pData is NULL or invalid dataLen(%d)", dataLen); + ret = WAE_ERROR_INVALID_PARAMETER; + goto error; + } + if(ppEncryptedData == NULL || pEncDataLen == NULL) { + WAE_SLOGE("Invalid Parameter. ppEncryptedData or pEncDataLen is NULL"); + ret = WAE_ERROR_INVALID_PARAMETER; + goto error; + } + + ret = get_preloaded_app_dek(pPkgId, &pDek, &dekLen); + if(ret == WAE_ERROR_NO_KEY) { + ret = create_preloaded_app_dek(pPkgId, &pDek, &dekLen); + } + if(ret != WAE_ERROR_NONE) { + goto error; + } + + // encrypt + ret = encrypt_aes_cbc(pDek, dekLen, pData, dataLen, ppEncryptedData, pEncDataLen); + if(ret != WAE_ERROR_NONE) { + goto error; + } +error: + if(pDek != NULL) + free(pDek); + + return ret; +} + +int _wae_decrypt_preloaded_web_application(const char* pPkgId, + const unsigned char* pData, size_t dataLen, + unsigned char** ppDecryptedData, size_t* pDecDataLen) +{ + // same with the decryption of downloaded web application + return _wae_decrypt_downloaded_web_application(pPkgId, pData, dataLen, ppDecryptedData, pDecDataLen); +} + +int wae_encrypt_web_application(const char* pPkgId,int isPreloaded, + const unsigned char* pData, size_t dataLen, + unsigned char** ppEncryptedData, size_t* pEncDataLen) +{ + int ret = WAE_ERROR_NONE; + + if(isPreloaded) + ret = _wae_encrypt_preloaded_web_application(pPkgId, pData, dataLen, ppEncryptedData, pEncDataLen); + else + ret = _wae_encrypt_downloaded_web_application(pPkgId, pData, dataLen, ppEncryptedData, pEncDataLen); + + WAE_SLOGI("Encrypt Web App. pkgId=%s, isPreloaded=%d, dataLen=%d, ret=%d", + pPkgId, isPreloaded, dataLen, ret); + return ret; +} + +int wae_decrypt_web_application(const char* pPkgId, int isPreloaded, + const unsigned char* pData, size_t dataLen, + unsigned char** ppDecryptedData, size_t* pDecDataLen) +{ + int ret = WAE_ERROR_NONE; + + if(isPreloaded) + ret = _wae_decrypt_preloaded_web_application(pPkgId, pData, dataLen, ppDecryptedData, pDecDataLen); + else + ret =_wae_decrypt_downloaded_web_application(pPkgId, pData, dataLen, ppDecryptedData, pDecDataLen); + + WAE_SLOGI("Decrypt Web App. pkgId=%s, isPreloaded=%d, dataLen=%d, ret=%d", + pPkgId, isPreloaded, dataLen, ret); + return ret; +} + + +int wae_remove_app_dek(const char* pPkgId) +{ + int ret = WAE_ERROR_NONE; + ret = remove_app_dek(pPkgId); + WAE_SLOGI("Remove APP DEK. pkgId=%s, ret=%d", pPkgId, ret); + return ret; +} diff --git a/systemd/CMakeLists.txt b/systemd/CMakeLists.txt new file mode 100644 index 0000000..bf7bb79 --- /dev/null +++ b/systemd/CMakeLists.txt @@ -0,0 +1,8 @@ +CONFIGURE_FILE(${CMAKE_SOURCE_DIR}/systemd/webappenc-initializer.service.in + ${CMAKE_SOURCE_DIR}/systemd/webappenc-initializer.service @ONLY) + +INSTALL(FILES + ${CMAKE_SOURCE_DIR}/systemd/webappenc-initializer.service + DESTINATION + ${SYSTEMD_UNIT_DIR} +) diff --git a/systemd/webappenc-initializer.service.in b/systemd/webappenc-initializer.service.in new file mode 100644 index 0000000..e9441d8 --- /dev/null +++ b/systemd/webappenc-initializer.service.in @@ -0,0 +1,12 @@ +[Unit] +Description=Import APP DEKs for Preloaded Web App Decryption +DefaultDependencies=no +Requires=central-key-manager.service +After=central-key-manager.service + +[Service] +Type=oneshot +ExecStart=/usr/bin/wae_initializer + +[Install] +WantedBy=multi-user.target diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt new file mode 100644 index 0000000..e1d0d6d --- /dev/null +++ b/tests/CMakeLists.txt @@ -0,0 +1,37 @@ +################################################################################ +# for wae_tests +################################################################################ + + +SET(WEB_APP_ENC_TEST_SOURCES + ${CMAKE_CURRENT_SOURCE_DIR}/wae_tests.c +) + +INCLUDE_DIRECTORIES( + ${WEB_APP_ENC_DEPS_INCLUDE_DIRS} + ${CMAKE_CURRENT_SOURCE_DIR} + ${PROJECT_SOURCE_DIR}/include + ${PROJECT_SOURCE_DIR}/srcs +) + +ADD_EXECUTABLE(${TARGET_WEBAPPENC_TEST} ${WEB_APP_ENC_TEST_SOURCES}) + + +TARGET_LINK_LIBRARIES(${TARGET_WEBAPPENC_TEST} + ${WEB_APP_ENC_DEPS_LIBRARIES} + ${TARGET_WEBAPPENC} +) + + +INSTALL(TARGETS ${TARGET_WEBAPPENC_TEST} + DESTINATION ${BINDIR} + PERMISSIONS OWNER_READ + OWNER_WRITE + OWNER_EXECUTE + GROUP_READ + GROUP_EXECUTE + WORLD_READ + WORLD_EXECUTE +) + + diff --git a/tests/wae_tests.c b/tests/wae_tests.c new file mode 100644 index 0000000..49b6b32 --- /dev/null +++ b/tests/wae_tests.c @@ -0,0 +1,815 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + * + * + * @file wae_tests.c + * @author Dongsun Lee (ds73.lee@samsung.com) + * @version 1.0 + * @brief internal test cases for libwebappenc. + */ + +#include +#include +#include +#include + +#include "web_app_enc.h" +#include "key_handler.h" +#include "crypto_service.h" + +#include + +static size_t tc_seq = 0; +static size_t tc_succ = 0; +static size_t tc_fail = 0; + +#define FPRINTF(format, args...) fprintf(stdout, format, ##args) + +static int RUNTC(int (*tc_method)(), const char* tc_name) +{ + int ret = WAE_ERROR_NONE; + FPRINTF("[%02d:%s]started...\n", tc_seq, tc_name); + ret = tc_method(); + if(ret == WAE_ERROR_NONE) { + FPRINTF("[%02d:%s]ended. SUCCESS\n\n", tc_seq, tc_name); + tc_succ++; + } else { + FPRINTF("[%02d:%s]ended. FAIL. error=%d\n\n", tc_seq, tc_name, ret); + tc_fail++; + } + tc_seq++; + return ret; +} + +static void PRINT_TC_SUMMARY() +{ + FPRINTF("\n"); + FPRINTF("===============================================\n"); + FPRINTF(" TOTAL = %d, SUCCESS = %d, FAIL = %d\n", tc_seq, tc_succ, tc_fail); + FPRINTF("===============================================\n"); +} + +void _print_binary_to_hex(const char* msg, unsigned char* bin, size_t len) +{ + size_t i = 0; + FPRINTF("%s", msg); + for(i=0; i Date: Fri, 24 Jul 2015 14:17:54 +0900 Subject: [PATCH 03/15] bug fix in test codes for 64bit build Change-Id: If64499d0636ea6a08d9a96f73f83fa7d57d858e4 Signed-off-by: Dongsun Lee --- tests/wae_tests.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/wae_tests.c b/tests/wae_tests.c index 49b6b32..18527d0 100644 --- a/tests/wae_tests.c +++ b/tests/wae_tests.c @@ -31,9 +31,9 @@ #include -static size_t tc_seq = 0; -static size_t tc_succ = 0; -static size_t tc_fail = 0; +static int tc_seq = 0; +static int tc_succ = 0; +static int tc_fail = 0; #define FPRINTF(format, args...) fprintf(stdout, format, ##args) @@ -203,7 +203,7 @@ int wae_tc_encrypt_decrypt_aes_cbc() } if(plaintextLen != decLen) { - FPRINTF("...FAIL: plaintextLen(%d) != decLen(%d)\n", plaintextLen, decLen); + FPRINTF("...FAIL: plaintextLen(%d) != decLen(%d)\n", (int) plaintextLen, (int) decLen); ret = WAE_ERROR_CRYPTO; goto error; } @@ -705,7 +705,7 @@ int wae_tc_encrypt_decrypt_web_application() } if(plaintextLen != decLen) { - FPRINTF("...FAIL: plaintextLen(%d) != decLen(%d)\n", plaintextLen, decLen); + FPRINTF("...FAIL: plaintextLen(%d) != decLen(%d)\n", (int) plaintextLen, (int) decLen); ret = WAE_ERROR_CRYPTO; goto error; } @@ -754,7 +754,7 @@ int wae_tc_encrypt_decrypt_web_application() _remove_app_dek_from_cache(pkgId2); if(plaintextLen != decLen) { - FPRINTF("...FAIL: plaintextLen(%d) != decLen(%d)\n", plaintextLen, decLen); + FPRINTF("...FAIL: plaintextLen(%d) != decLen(%d)\n", (int) plaintextLen, (int) decLen); ret = WAE_ERROR_CRYPTO; goto error; } -- 2.7.4 From 671aefceb8f5249194c2abfc1bdeddb7d16a7631 Mon Sep 17 00:00:00 2001 From: Dongsun Lee Date: Thu, 13 Aug 2015 16:35:58 +0900 Subject: [PATCH 04/15] change API signatures to support GLOBAL app and NORMAL app at the same time Change-Id: Ic9a60b295bff13bb59c1c6990dfbad569e92c267 Signed-off-by: Dongsun Lee --- include/web_app_enc.h | 26 ++++-- srcs/key_handler.c | 32 ++++--- srcs/key_handler.h | 11 +-- srcs/web_app_enc.c | 49 ++++++----- tests/wae_tests.c | 235 ++++++++++++++++++++++++++++++-------------------- 5 files changed, 213 insertions(+), 140 deletions(-) diff --git a/include/web_app_enc.h b/include/web_app_enc.h index 2e31a3c..68a1fd9 100644 --- a/include/web_app_enc.h +++ b/include/web_app_enc.h @@ -31,6 +31,10 @@ extern "C" { */ +/** + * @brief WAE Errors. + * @since_tizen 3.0 + */ typedef enum { WAE_ERROR_NONE = 0x00, /**< Successful */ @@ -46,11 +50,22 @@ typedef enum } wae_error_e; /** + * @brief Application Type. + * @since_tizen 3.0 + */ +typedef enum +{ + WAE_DOWNLOADED_NORMAL_APP = 0, /**< Downloaded Normal Application*/ + WAE_DOWNLOADED_GLOBAL_APP = 1, /**< Downloaded Global Application*/ + WAE_PRELOADED_APP = 2 /**< Preloaded Application*/ +} wae_app_type_e; + +/** * @brief Encrypts web application data with internal key(APP DEK: Application Data Encryption Key). * * @since_tizen 3.0 * @param[in] pPkgId The package id of an application. - * @param[in] isPreloaded True(!=0) if the application is preloaded, otherwise false(==0). + * @param[in] appType The application type. * @param[in] pData The data block to be encrypted. * @param[in] dataLen The length of the data block. * @param[out] ppEncryptedData The data block contaning encrypted data block. Memory allocated for ppEncryptedData. Has to be freed by free() function. @@ -66,14 +81,14 @@ typedef enum * * @see wae_decrypt_web_application() */ -int wae_encrypt_web_application(const char* pPkgId, int isPreloaded, const unsigned char* pData, size_t dataLen, unsigned char** ppEncryptedData, size_t* pEncDataLen); +int wae_encrypt_web_application(const char* pPkgId, wae_app_type_e appType, const unsigned char* pData, size_t dataLen, unsigned char** ppEncryptedData, size_t* pEncDataLen); /** * @brief Encrypts web application data with internal key. * * @since_tizen 3.0 * @param[in] pPkgId The package id of an application. - * @param[in] isPreloaded True(!=0) if the application is preloaded, otherwise false(==0). + * @param[in] appType The application type. * @param[in] pData The data block to be decrypted. * @param[in] dataLen The length of the data block. * @param[out] ppDecryptedData Data block contaning decrypted data block. Memory allocated for ppEncryptedData. Has to be freed by free() function. @@ -89,13 +104,14 @@ int wae_encrypt_web_application(const char* pPkgId, int isPreloaded, const unsig * * @see wae_encrypt_web_application() */ -int wae_decrypt_web_application(const char* pPkgId, int isPreloaded, const unsigned char* pData, size_t dataLen, unsigned char** ppDecryptedData, size_t* pDecDataLen); +int wae_decrypt_web_application(const char* pPkgId, wae_app_type_e appType, const unsigned char* pData, size_t dataLen, unsigned char** ppDecryptedData, size_t* pDecDataLen); /** * @brief Remove a APP DEK(Application Data Encryption Key) used for encrytpion and decryption of a web application. * * @since_tizen 3.0 * @param[in] pPkgId The package id of an application. + * @param[in] appType The application type. * * @return #WAE_ERROR_NONE on success, otherwise a negative error value * @retval #WAE_ERROR_INVALID_PARAMETER Invalid input parameter @@ -105,7 +121,7 @@ int wae_decrypt_web_application(const char* pPkgId, int isPreloaded, const unsig * @retval #WAE_ERROR_UNKNOWN Failed with unknown reason * */ -int wae_remove_app_dek(const char* pPkgId); +int wae_remove_app_dek(const char* pPkgId, wae_app_type_e appType); /** diff --git a/srcs/key_handler.c b/srcs/key_handler.c index 4ec4e5c..304d94b 100644 --- a/srcs/key_handler.c +++ b/srcs/key_handler.c @@ -138,13 +138,19 @@ int _get_random(size_t length, unsigned char* random) return WAE_ERROR_NONE; } -void _get_alias(const char* pPkgId, char* alias, size_t buff_len) +void _get_alias(const char* pPkgId, wae_app_type_e appType, char* alias, size_t buff_len) { - snprintf(alias, buff_len, "%s%s%s%s", + if(appType == WAE_DOWNLOADED_NORMAL_APP) { + snprintf(alias, buff_len, "%s%s", + APP_DEK_ALIAS_PFX, + pPkgId); + }else { // system alias + snprintf(alias, buff_len, "%s%s%s%s", ckmc_label_shared_owner, ckmc_label_name_separator, APP_DEK_ALIAS_PFX, pPkgId); + } } void _get_dek_kek_alias(char* alias, size_t buff_len) @@ -178,7 +184,7 @@ const char* _get_dek_store_path() return tzplatform_mkpath3(TZ_SYS_SHARE, "wae", "app_dek"); } -int _add_dek_to_key_manager(const char* pPkgId, const unsigned char* pDek, size_t len) +int _add_dek_to_key_manager(const char* pPkgId, wae_app_type_e appType, const unsigned char* pDek, size_t len) { int ret = WAE_ERROR_NONE; char alias[MAX_ALIAS_LEN] = {0,}; @@ -192,14 +198,14 @@ int _add_dek_to_key_manager(const char* pPkgId, const unsigned char* pDek, size_ policy.extractable = true; // save app_dek in key_manager - _get_alias(pPkgId, alias, sizeof(alias)); + _get_alias(pPkgId, appType, alias, sizeof(alias)); // even if it fails to remove, ignore it. ret = _to_wae_error( ckmc_remove_alias(alias)); ret = _to_wae_error(ckmc_save_data(alias, buff, policy)); if(ret != WAE_ERROR_NONE) { - WAE_SLOGE("Fail to add APP_DEK to key-manager. pkgId=%s, ret=%d", pPkgId, ret); + WAE_SLOGE("Fail to add APP_DEK to key-manager. pkgId=%s, alias=%s, ret=%d", pPkgId, alias, ret); goto error; } @@ -324,7 +330,7 @@ error: return ret; } -int get_app_dek(const char* pPkgId, unsigned char** ppDek, size_t* dekLen) +int get_app_dek(const char* pPkgId, wae_app_type_e appType, unsigned char** ppDek, size_t* dekLen) { int ret = WAE_ERROR_NONE; @@ -338,11 +344,11 @@ int get_app_dek(const char* pPkgId, unsigned char** ppDek, size_t* dekLen) cached_dek = _get_app_dek_from_cache(pPkgId); if(cached_dek == NULL) { // get APP_DEK from system database - _get_alias(pPkgId, alias, sizeof(alias)); + _get_alias(pPkgId, appType, alias, sizeof(alias)); ret = _to_wae_error(ckmc_get_data(alias, password, &pDekBuffer)); if(ret != WAE_ERROR_NONE) { - WAE_SLOGE("Fail to get APP_DEK from key-manager. alias=%s, ret=%d", alias, ret); + WAE_SLOGI("Fail to get APP_DEK from key-manager. alias=%s, ret=%d", alias, ret); goto error; } } @@ -367,7 +373,7 @@ error: return ret; } -int create_app_dek(const char* pPkgId, unsigned char** ppDek, size_t* dekLen) +int create_app_dek(const char* pPkgId, wae_app_type_e appType, unsigned char** ppDek, size_t* dekLen) { int ret = WAE_ERROR_NONE; unsigned char *dek= NULL; @@ -385,7 +391,7 @@ int create_app_dek(const char* pPkgId, unsigned char** ppDek, size_t* dekLen) } // save app_dek in key_manager - ret = _add_dek_to_key_manager(pPkgId, dek, DEK_LEN); + ret = _add_dek_to_key_manager(pPkgId, appType, dek, DEK_LEN); if(ret != WAE_ERROR_NONE) { goto error; } @@ -691,7 +697,7 @@ int load_preloaded_app_deks(int reload) } // save app_dek in key_manager - ret = _add_dek_to_key_manager(pkgId, app_dek, app_dek_len); + ret = _add_dek_to_key_manager(pkgId, WAE_PRELOADED_APP, app_dek, app_dek_len); // free temp objects free(app_dek); free(encrypted_app_dek); @@ -724,12 +730,12 @@ error: } -int remove_app_dek(const char* pPkgId) +int remove_app_dek(const char* pPkgId, wae_app_type_e appType) { int ret = CKMC_ERROR_NONE; char alias[MAX_ALIAS_LEN] = {0,}; - _get_alias(pPkgId, alias,sizeof(alias)); + _get_alias(pPkgId, appType, alias,sizeof(alias)); ret = _to_wae_error(ckmc_remove_alias(alias)); if(ret != WAE_ERROR_NONE) { diff --git a/srcs/key_handler.h b/srcs/key_handler.h index c855241..c786964 100644 --- a/srcs/key_handler.h +++ b/srcs/key_handler.h @@ -30,6 +30,7 @@ extern "C" { #endif #include +#include "web_app_enc.h" #define APP_DEK_ALIAS_PFX "APP_DEK_" #define APP_DEK_LOADING_DONE_ALIAS "APP_DEKS_LOADING_FINISHED" @@ -53,13 +54,13 @@ unsigned char* _get_app_dek_from_cache(const char* pkgId); void _add_app_dek_to_cache(const char* pkgId, unsigned char* dek); void _remove_app_dek_from_cache(const char* pkgId); int _get_random(size_t length, unsigned char* random); -void _get_alias(const char* pPkgId, char* alias, size_t buff_len); +void _get_alias(const char* pPkgId, wae_app_type_e appType, char* alias, size_t buff_len); void _get_dek_kek_alias(char* alias, size_t buff_len); void _get_dek_loading_done_alias(char* alias, size_t buff_len); const char* _get_dek_kek_pub_key_path(); const char* _get_dek_kek_pri_key_path(); const char* _get_dek_store_path(); -int _add_dek_to_key_manager(const char* pPkgId, const unsigned char* pDek, size_t len); +int _add_dek_to_key_manager(const char* pPkgId, wae_app_type_e appType, const unsigned char* pDek, size_t len); int _get_preloaded_app_dek_file_path(const char* pPkgId, char *path); int _extract_pkg_id_from_file_name(const char* fileName, char* pkgId); int _read_encrypted_app_dek_from_file(const char* pPkgId, unsigned char** encrypted_app_dek, size_t*len); @@ -71,12 +72,12 @@ int _get_app_deks_loaded(); int _set_app_deks_loaded(); int _clear_app_deks_loaded(); -int get_app_dek(const char* pPkgId, unsigned char** ppDek, size_t *dekLen); -int create_app_dek(const char* pPkgId, unsigned char** ppDek, size_t *dekLen); +int get_app_dek(const char* pPkgId, wae_app_type_e appType, unsigned char** ppDek, size_t *dekLen); +int create_app_dek(const char* pPkgId, wae_app_type_e appType, unsigned char** ppDek, size_t *dekLen); int get_preloaded_app_dek(const char* pPkgId, unsigned char** ppDek, size_t* dekLen); int create_preloaded_app_dek(const char* pPkgId, unsigned char** ppDek, size_t *dekLen); int load_preloaded_app_deks(int reload); -int remove_app_dek(const char* pPkgId); +int remove_app_dek(const char* pPkgId, wae_app_type_e appType); #ifdef __cplusplus diff --git a/srcs/web_app_enc.c b/srcs/web_app_enc.c index 7bc8484..39865bc 100644 --- a/srcs/web_app_enc.c +++ b/srcs/web_app_enc.c @@ -29,7 +29,7 @@ #include "wae_log.h" -int _wae_encrypt_downloaded_web_application(const char* pPkgId, +int _wae_encrypt_downloaded_web_application(const char* pPkgId, wae_app_type_e appType, const unsigned char* pData, size_t dataLen, unsigned char** ppEncryptedData, size_t* pEncDataLen) { @@ -55,9 +55,9 @@ int _wae_encrypt_downloaded_web_application(const char* pPkgId, // get APP_DEK. // if not exists, create APP_DEK - ret = get_app_dek(pPkgId, &pDek, &dekLen); + ret = get_app_dek(pPkgId, appType, &pDek, &dekLen); if(ret == WAE_ERROR_NO_KEY) { - ret = create_app_dek(pPkgId, &pDek, &dekLen); + ret = create_app_dek(pPkgId, appType, &pDek, &dekLen); } if(ret != WAE_ERROR_NONE) { goto error; @@ -76,7 +76,7 @@ error: return ret; } -int _wae_decrypt_downloaded_web_application(const char* pPkgId, +int _wae_decrypt_downloaded_web_application(const char* pPkgId, wae_app_type_e appType, const unsigned char* pData, size_t dataLen, unsigned char** ppDecryptedData, size_t* pDecDataLen) { @@ -100,7 +100,7 @@ int _wae_decrypt_downloaded_web_application(const char* pPkgId, goto error; } - ret = get_app_dek(pPkgId, &pDek, &dekLen); + ret = get_app_dek(pPkgId, appType, &pDek, &dekLen); if(ret != WAE_ERROR_NONE) { goto error; } @@ -163,51 +163,56 @@ error: return ret; } -int _wae_decrypt_preloaded_web_application(const char* pPkgId, +int _wae_decrypt_preloaded_web_application(const char* pPkgId, wae_app_type_e appType, const unsigned char* pData, size_t dataLen, unsigned char** ppDecryptedData, size_t* pDecDataLen) { // same with the decryption of downloaded web application - return _wae_decrypt_downloaded_web_application(pPkgId, pData, dataLen, ppDecryptedData, pDecDataLen); + return _wae_decrypt_downloaded_web_application(pPkgId, appType, + pData, dataLen, ppDecryptedData, pDecDataLen); } -int wae_encrypt_web_application(const char* pPkgId,int isPreloaded, +int wae_encrypt_web_application(const char* pPkgId, wae_app_type_e appType, const unsigned char* pData, size_t dataLen, unsigned char** ppEncryptedData, size_t* pEncDataLen) { int ret = WAE_ERROR_NONE; - if(isPreloaded) - ret = _wae_encrypt_preloaded_web_application(pPkgId, pData, dataLen, ppEncryptedData, pEncDataLen); + if(appType == WAE_PRELOADED_APP) + ret = _wae_encrypt_preloaded_web_application(pPkgId, + pData, dataLen, ppEncryptedData, pEncDataLen); else - ret = _wae_encrypt_downloaded_web_application(pPkgId, pData, dataLen, ppEncryptedData, pEncDataLen); + ret = _wae_encrypt_downloaded_web_application(pPkgId, appType, + pData, dataLen, ppEncryptedData, pEncDataLen); - WAE_SLOGI("Encrypt Web App. pkgId=%s, isPreloaded=%d, dataLen=%d, ret=%d", - pPkgId, isPreloaded, dataLen, ret); + WAE_SLOGI("Encrypt Web App. pkgId=%s, appType=%d, dataLen=%d, ret=%d", + pPkgId, appType, dataLen, ret); return ret; } -int wae_decrypt_web_application(const char* pPkgId, int isPreloaded, +int wae_decrypt_web_application(const char* pPkgId, wae_app_type_e appType, const unsigned char* pData, size_t dataLen, unsigned char** ppDecryptedData, size_t* pDecDataLen) { int ret = WAE_ERROR_NONE; - if(isPreloaded) - ret = _wae_decrypt_preloaded_web_application(pPkgId, pData, dataLen, ppDecryptedData, pDecDataLen); + if(appType == WAE_PRELOADED_APP) + ret = _wae_decrypt_preloaded_web_application(pPkgId, appType, + pData, dataLen, ppDecryptedData, pDecDataLen); else - ret =_wae_decrypt_downloaded_web_application(pPkgId, pData, dataLen, ppDecryptedData, pDecDataLen); + ret = _wae_decrypt_downloaded_web_application(pPkgId, appType, + pData, dataLen, ppDecryptedData, pDecDataLen); - WAE_SLOGI("Decrypt Web App. pkgId=%s, isPreloaded=%d, dataLen=%d, ret=%d", - pPkgId, isPreloaded, dataLen, ret); + WAE_SLOGI("Decrypt Web App. pkgId=%s, appType=%d, dataLen=%d, ret=%d", + pPkgId, appType, dataLen, ret); return ret; } -int wae_remove_app_dek(const char* pPkgId) +int wae_remove_app_dek(const char* pPkgId, wae_app_type_e appType) { int ret = WAE_ERROR_NONE; - ret = remove_app_dek(pPkgId); - WAE_SLOGI("Remove APP DEK. pkgId=%s, ret=%d", pPkgId, ret); + ret = remove_app_dek(pPkgId, appType); + WAE_SLOGI("Remove APP DEK. pkgId=%s, appType=%d, ret=%d", pPkgId, appType, ret); return ret; } diff --git a/tests/wae_tests.c b/tests/wae_tests.c index 18527d0..2710f98 100644 --- a/tests/wae_tests.c +++ b/tests/wae_tests.c @@ -334,16 +334,21 @@ int wae_tc_get_alias() int ret = WAE_ERROR_NONE; const char* pkgId = "TEST_PKG_ID"; - char sys_alias[256] = {0, }; + char alias[256] = {0, }; - _get_alias(pkgId, sys_alias, sizeof(sys_alias)); + _get_alias(pkgId, WAE_DOWNLOADED_NORMAL_APP, alias, sizeof(alias)); + FPRINTF("...pkgid=%s, alias for normal app=%s\n", pkgId, alias); - FPRINTF("...pkgid=%s, system alias=%s\n", pkgId, sys_alias); + _get_alias(pkgId, WAE_DOWNLOADED_GLOBAL_APP, alias, sizeof(alias)); + FPRINTF("...pkgid=%s, alias for global app=%s\n", pkgId, alias); + + _get_alias(pkgId, WAE_PRELOADED_APP, alias, sizeof(alias)); + FPRINTF("...pkgid=%s, alias for preloaded app=%s\n", pkgId, alias); return ret; } -int wae_tc_add_get_remove_dek() +int _wae_tc_add_get_remove_dek(wae_app_type_e appType) { int ret = WAE_ERROR_NONE; @@ -356,15 +361,15 @@ int wae_tc_add_get_remove_dek() ret = _get_random(dekLen, dek); - remove_app_dek(pkgId); + remove_app_dek(pkgId, appType); - ret = _add_dek_to_key_manager(pkgId, dek, dekLen); + ret = _add_dek_to_key_manager(pkgId, appType, dek, dekLen); if(ret != WAE_ERROR_NONE) { FPRINTF("...FAIL: _add_dek_to_key_manager. ret=%d\n", ret); goto error; } - ret = get_app_dek(pkgId, &storedDek, &storedDekLen); + ret = get_app_dek(pkgId, appType, &storedDek, &storedDekLen); if(ret != WAE_ERROR_NONE) { FPRINTF("...FAIL: get_app_dek. ret=%d\n", ret); goto error; @@ -376,13 +381,13 @@ int wae_tc_add_get_remove_dek() goto error; } - ret = remove_app_dek(pkgId); + ret = remove_app_dek(pkgId, appType); if(ret != WAE_ERROR_NONE) { FPRINTF("...FAIL: remove_app_dek. ret=%d\n", ret); goto error; } - ret = get_app_dek(pkgId, &storedDek, &storedDekLen); + ret = get_app_dek(pkgId, appType, &storedDek, &storedDekLen); if(ret == WAE_ERROR_NONE) { ret = WAE_ERROR_UNKNOWN; FPRINTF("...FAIL: APP DEK still exists in key_manager.\n"); @@ -397,6 +402,21 @@ error: return ret; } +int wae_tc_add_get_remove_dek_for_normal_app() +{ + return _wae_tc_add_get_remove_dek(WAE_DOWNLOADED_NORMAL_APP); +} + +int wae_tc_add_get_remove_dek_for_global_app() +{ + return _wae_tc_add_get_remove_dek(WAE_DOWNLOADED_GLOBAL_APP); +} + +int wae_tc_add_get_remove_dek_for_preloaded_app() +{ + return _wae_tc_add_get_remove_dek(WAE_PRELOADED_APP); +} + int wae_tc_get_preloaded_app_dek_file_path() { int ret = WAE_ERROR_NONE; @@ -404,10 +424,10 @@ int wae_tc_get_preloaded_app_dek_file_path() const char *pkgId = "test_pkg"; const char *expectedPath = tzplatform_mkpath4(TZ_SYS_SHARE, "wae", "app_dek", "WAE_APP_DEK_test_pkg.adek"); - char path[100]; + char path[256]; - ret = _get_preloaded_app_dek_file_path(pkgId, path); FPRINTF("...expected path : %s\n", expectedPath); + ret = _get_preloaded_app_dek_file_path(pkgId, path); FPRINTF("...returned path : %s\n", path); if(ret != WAE_ERROR_NONE || strncmp(expectedPath, path, strlen(expectedPath)) != 0) { @@ -473,7 +493,7 @@ error: } -int wae_tc_create_app_dek() +int _wae_tc_create_app_dek(wae_app_type_e appType) { int ret = WAE_ERROR_NONE; @@ -484,15 +504,15 @@ int wae_tc_create_app_dek() size_t storedDekLen = 0; unsigned char* storedDek = NULL; - remove_app_dek(pkgId); + remove_app_dek(pkgId, appType); - ret = create_app_dek(pkgId, &dek, &dekLen); + ret = create_app_dek(pkgId, appType, &dek, &dekLen); if(ret != WAE_ERROR_NONE) { FPRINTF("...FAIL: create_app_dek. ret=%d\n", ret); goto error; } - ret = get_app_dek(pkgId, &storedDek, &storedDekLen); + ret = get_app_dek(pkgId, appType, &storedDek, &storedDekLen); if(ret != WAE_ERROR_NONE) { ret = WAE_ERROR_KEY_MANAGER; FPRINTF("...FAIL: get_app_dek. ret=%d\n", ret); @@ -507,7 +527,7 @@ int wae_tc_create_app_dek() goto error; } - remove_app_dek(pkgId); + remove_app_dek(pkgId, appType); ret = WAE_ERROR_NONE; error: @@ -518,6 +538,21 @@ error: return ret; } +int wae_tc_create_app_dek_for_normal_app() +{ + return _wae_tc_create_app_dek(WAE_DOWNLOADED_NORMAL_APP); +} + +int wae_tc_create_app_dek_for_global_app() +{ + return _wae_tc_create_app_dek(WAE_DOWNLOADED_GLOBAL_APP); +} + +int wae_tc_create_app_dek_for_preloaded_app() +{ + return _wae_tc_create_app_dek(WAE_PRELOADED_APP); +} + int wae_tc_get_create_preloaded_app_dek() { int ret = WAE_ERROR_NONE; @@ -589,8 +624,8 @@ int wae_tc_load_preloaded_app_deks() _get_preloaded_app_dek_file_path(pkgId2, path2); // remove old test data - remove_app_dek(pkgId1); - remove_app_dek(pkgId2); + remove_app_dek(pkgId1, WAE_PRELOADED_APP); + remove_app_dek(pkgId2, WAE_PRELOADED_APP); unlink(path1); unlink(path2); @@ -615,13 +650,13 @@ int wae_tc_load_preloaded_app_deks() } // get_app_dek - ret = get_app_dek(pkgId1, &readDek1, &readDekLen1); + ret = get_app_dek(pkgId1, WAE_PRELOADED_APP, &readDek1, &readDekLen1); if(ret != WAE_ERROR_NONE) { FPRINTF("...FAIL: get_app_dek. ret=%d\n", ret); goto error; } - ret = get_app_dek(pkgId2, &readDek2, &readDekLen2); + ret = get_app_dek(pkgId2, WAE_PRELOADED_APP, &readDek2, &readDekLen2); if(ret != WAE_ERROR_NONE) { FPRINTF("...FAIL: get_app_dek. ret=%d\n", ret); goto error; @@ -644,8 +679,8 @@ int wae_tc_load_preloaded_app_deks() } // remove_app_dek - remove_app_dek(pkgId1); - remove_app_dek(pkgId2); + remove_app_dek(pkgId1, WAE_PRELOADED_APP); + remove_app_dek(pkgId2, WAE_PRELOADED_APP); ret = WAE_ERROR_NONE; error: @@ -665,13 +700,14 @@ error: return ret; } - -int wae_tc_encrypt_decrypt_web_application() +int _wae_tc_encrypt_decrypt_web_app(wae_app_type_e appType) { int ret = WAE_ERROR_NONE; - const char* pkgId1 = "testpkg_for_downloaded"; - const char* pkgId2 = "testpkg_for_preloaded"; + const char* pkgId1 = "testpkg_for_normal"; + const char* pkgId2 = "testpkg_for_global"; + const char* pkgId3 = "testpkg_for_preloaded"; + const char* pkgId = NULL; const char* plaintext= "adbdfdfdfdfdererfdfdfererfdrerfdrer"; size_t plaintextLen = strlen(plaintext); unsigned char* encrypted = NULL; @@ -680,15 +716,26 @@ int wae_tc_encrypt_decrypt_web_application() size_t decLen = 0; char decrypted_str[1024] = {0, }; - int isPreloaded = 0; // Downloaded + switch(appType) { + case WAE_DOWNLOADED_NORMAL_APP: + pkgId = pkgId1; + break; + case WAE_DOWNLOADED_GLOBAL_APP: + pkgId = pkgId2; + break; + case WAE_PRELOADED_APP: + pkgId = pkgId3; + break; + } // remove old test data - ret = wae_remove_app_dek(pkgId1); - ret = wae_remove_app_dek(pkgId2); - ret = _clear_app_deks_loaded(); + ret = wae_remove_app_dek(pkgId, appType); + if(appType == WAE_PRELOADED_APP) { + _clear_app_deks_loaded(); + } // test for downloaded web application - ret = wae_encrypt_web_application(pkgId1, isPreloaded, + ret = wae_encrypt_web_application(pkgId, appType, (const unsigned char*)plaintext, plaintextLen, &encrypted, &encLen); if(ret != WAE_ERROR_NONE){ @@ -696,63 +743,27 @@ int wae_tc_encrypt_decrypt_web_application() goto error; } - _remove_app_dek_from_cache(pkgId1); - - ret = wae_decrypt_web_application(pkgId1, isPreloaded, encrypted, encLen, &decrypted, &decLen); - if(ret != WAE_ERROR_NONE){ - FPRINTF("...FAIL: wae_decrypt_web_application. ret=%d\n", ret); - goto error; - } - - if(plaintextLen != decLen) { - FPRINTF("...FAIL: plaintextLen(%d) != decLen(%d)\n", (int) plaintextLen, (int) decLen); - ret = WAE_ERROR_CRYPTO; - goto error; - } - - memcpy(decrypted_str, decrypted, decLen); - FPRINTF("...plaintext(downloaded) = %s\n", plaintext); - FPRINTF("...decrypted(downloaded) = %s\n", decrypted_str); - if(strcmp(plaintext, decrypted_str) != 0) { - FPRINTF("...FAIL: plaintext(%s) != decrypted(%s)\n", plaintext, decrypted_str); - ret = WAE_ERROR_CRYPTO; - goto error; - } - - ret = wae_remove_app_dek(pkgId1); - if(ret != WAE_ERROR_NONE){ - FPRINTF("...FAIL: wae_remove_app_dek. ret=%d\n", ret); - goto error; - } - - - // test for preloaded web application - isPreloaded = 1; - - ret = wae_encrypt_web_application(pkgId2, isPreloaded, + // encrypt test twice + ret = wae_encrypt_web_application(pkgId, appType, (const unsigned char*)plaintext, plaintextLen, &encrypted, &encLen); if(ret != WAE_ERROR_NONE){ FPRINTF("...FAIL: wae_encrypt_web_application. ret=%d\n", ret); goto error; } - // encrypt test twice - ret = wae_encrypt_web_application(pkgId2, isPreloaded, - (const unsigned char*)plaintext, plaintextLen, - &encrypted, &encLen); - if(ret != WAE_ERROR_NONE){ - FPRINTF("...FAIL: wae_encrypt_web_application2. ret=%d\n", ret); - goto error; + + _remove_app_dek_from_cache(pkgId); + + if(appType == WAE_PRELOADED_APP) { + load_preloaded_app_deks(WAE_TRUE); } - ret = wae_decrypt_web_application(pkgId2, isPreloaded, encrypted, encLen, &decrypted, &decLen); + ret = wae_decrypt_web_application(pkgId, appType, encrypted, encLen, &decrypted, &decLen); if(ret != WAE_ERROR_NONE){ FPRINTF("...FAIL: wae_decrypt_web_application. ret=%d\n", ret); goto error; } - _remove_app_dek_from_cache(pkgId2); - if(plaintextLen != decLen) { FPRINTF("...FAIL: plaintextLen(%d) != decLen(%d)\n", (int) plaintextLen, (int) decLen); ret = WAE_ERROR_CRYPTO; @@ -760,15 +771,15 @@ int wae_tc_encrypt_decrypt_web_application() } memcpy(decrypted_str, decrypted, decLen); - FPRINTF("...plaintext(preloaded) = %s\n", plaintext); - FPRINTF("...decrypted(preloaded) = %s\n", decrypted_str); + FPRINTF("...plaintext(downloaded) = %s\n", plaintext); + FPRINTF("...decrypted(downloaded) = %s\n", decrypted_str); if(strcmp(plaintext, decrypted_str) != 0) { FPRINTF("...FAIL: plaintext(%s) != decrypted(%s)\n", plaintext, decrypted_str); ret = WAE_ERROR_CRYPTO; goto error; } - ret = wae_remove_app_dek(pkgId2); + ret = wae_remove_app_dek(pkgId, appType); if(ret != WAE_ERROR_NONE){ FPRINTF("...FAIL: wae_remove_app_dek. ret=%d\n", ret); goto error; @@ -783,33 +794,67 @@ error: return ret; } +int wae_tc_encrypt_decrypt_normal_app() +{ + return _wae_tc_encrypt_decrypt_web_app(WAE_DOWNLOADED_NORMAL_APP); +} + +int wae_tc_encrypt_decrypt_global_app() +{ + return _wae_tc_encrypt_decrypt_web_app(WAE_DOWNLOADED_GLOBAL_APP); +} + +int wae_tc_encrypt_decrypt_preloaded_app() +{ + return _wae_tc_encrypt_decrypt_web_app(WAE_PRELOADED_APP); +} + -int run_test_cases() +int run_test_cases(char* test_mode) { - RUNTC(wae_tc_encrypt_decrypt_app_dek, "wae_tc_encrypt_decrypt_app_dek"); - RUNTC(wae_tc_encrypt_decrypt_aes_cbc, "wae_tc_encrypt_decrypt_aes_cbc"); - RUNTC(wae_tc_cache, "wae_tc_cache"); - - RUNTC(wae_tc_get_random, "wae_tc_get_random"); - RUNTC(wae_tc_get_alias, "wae_tc_get_alias"); - RUNTC(wae_tc_add_get_remove_dek, "wae_tc_add_get_remove_dek"); - RUNTC(wae_tc_get_preloaded_app_dek_file_path, "wae_tc_get_preloaded_app_dek_file_path"); - RUNTC(wae_tc_extract_pkg_id_from_file_name, "wae_tc_extract_pkg_id_from_file_name"); - RUNTC(wae_tc_read_write_encrypted_app_dek, "wae_tc_read_write_encrypted_app_dek"); - RUNTC(wae_tc_create_app_dek, "wae_tc_create_app_dek"); - RUNTC(wae_tc_get_create_preloaded_app_dek, "wae_tc_get_create_preloaded_app_dek"); - RUNTC(wae_tc_load_preloaded_app_deks, "wae_tc_load_preloaded_app_deks"); - RUNTC(wae_tc_encrypt_decrypt_web_application, "wae_tc_encrypt_decrypt_web_application"); + if(strcmp(test_mode, "system") == 0) { + RUNTC(wae_tc_encrypt_decrypt_app_dek, "wae_tc_encrypt_decrypt_app_dek"); + RUNTC(wae_tc_encrypt_decrypt_aes_cbc, "wae_tc_encrypt_decrypt_aes_cbc"); + RUNTC(wae_tc_cache, "wae_tc_cache"); + + RUNTC(wae_tc_get_random, "wae_tc_get_random"); + RUNTC(wae_tc_get_alias, "wae_tc_get_alias"); + + RUNTC(wae_tc_add_get_remove_dek_for_global_app, "wae_tc_add_get_remove_dek_for_global_app"); + RUNTC(wae_tc_add_get_remove_dek_for_preloaded_app, "wae_tc_add_get_remove_dek_for_preloaded_app"); + + RUNTC(wae_tc_get_preloaded_app_dek_file_path, "wae_tc_get_preloaded_app_dek_file_path"); + RUNTC(wae_tc_extract_pkg_id_from_file_name, "wae_tc_extract_pkg_id_from_file_name"); + RUNTC(wae_tc_read_write_encrypted_app_dek, "wae_tc_read_write_encrypted_app_dek"); + + RUNTC(wae_tc_create_app_dek_for_global_app, "wae_tc_create_app_dek_for_global_app"); + RUNTC(wae_tc_create_app_dek_for_preloaded_app, "wae_tc_create_app_dek_for_preloaded_app"); + + RUNTC(wae_tc_get_create_preloaded_app_dek, "wae_tc_get_create_preloaded_app_dek"); + RUNTC(wae_tc_load_preloaded_app_deks, "wae_tc_load_preloaded_app_deks"); + + RUNTC(wae_tc_encrypt_decrypt_global_app, "wae_tc_encrypt_decrypt_global_app"); + RUNTC(wae_tc_encrypt_decrypt_preloaded_app, "wae_tc_encrypt_decrypt_preloaded_app"); + }else { + RUNTC(wae_tc_add_get_remove_dek_for_normal_app, "wae_tc_add_get_remove_dek_for_normal_app"); + RUNTC(wae_tc_create_app_dek_for_normal_app, "wae_tc_create_app_dek_for_normal_app"); + RUNTC(wae_tc_encrypt_decrypt_normal_app, "wae_tc_encrypt_decrypt_normal_app"); + } PRINT_TC_SUMMARY(); return 0; } -int main(void) +int main(int argc, char* argv[]) { int ret = 0; - ret = run_test_cases(); + if(argc != 2 || (strcmp(argv[1],"system") != 0 && strcmp(argv[1],"user")) ) { + FPRINTF("invalid command formant. command format : %s system|user\n", argv[0]); + exit(1); + } + + ret = run_test_cases(argv[1]); return ret; } -- 2.7.4 From 914fa39767fa80f9f8441be529aaa6018c4f0dd0 Mon Sep 17 00:00:00 2001 From: Dongsun Lee Date: Mon, 21 Sep 2015 19:43:09 +0900 Subject: [PATCH 05/15] Change alias because wrt-installer backend runs with owner uid Change-Id: Icee00ba20a651600bb64ed045910fddba9bf915b Signed-off-by: Dongsun Lee --- srcs/key_handler.c | 71 +++++++++++++++++++++++++++++++----------------------- srcs/key_handler.h | 2 +- tests/wae_tests.c | 11 ++++++--- 3 files changed, 49 insertions(+), 35 deletions(-) diff --git a/srcs/key_handler.c b/srcs/key_handler.c index 304d94b..6301db1 100644 --- a/srcs/key_handler.c +++ b/srcs/key_handler.c @@ -35,6 +35,7 @@ #define APP_DEK_KEK_PRIKEY_PASSWORD "wae_appdek_kek_1q2w3e4r" +#define WRT_INSTALLER_LABEL "/User" typedef struct _dek_cache_element{ char pkgId[MAX_PKGID_LEN]; @@ -138,13 +139,22 @@ int _get_random(size_t length, unsigned char* random) return WAE_ERROR_NONE; } -void _get_alias(const char* pPkgId, wae_app_type_e appType, char* alias, size_t buff_len) +void _get_alias(const char* pPkgId, wae_app_type_e appType, int forSave, char* alias, size_t buff_len) { if(appType == WAE_DOWNLOADED_NORMAL_APP) { - snprintf(alias, buff_len, "%s%s", + if(forSave == WAE_TRUE) { + snprintf(alias, buff_len, "%s%s", APP_DEK_ALIAS_PFX, pPkgId); + }else{ + snprintf(alias, buff_len, "%s%s%s%s", + WRT_INSTALLER_LABEL, + ckmc_label_name_separator, + APP_DEK_ALIAS_PFX, + pPkgId); + } }else { // system alias + (void) appType; snprintf(alias, buff_len, "%s%s%s%s", ckmc_label_shared_owner, ckmc_label_name_separator, @@ -198,24 +208,24 @@ int _add_dek_to_key_manager(const char* pPkgId, wae_app_type_e appType, const un policy.extractable = true; // save app_dek in key_manager - _get_alias(pPkgId, appType, alias, sizeof(alias)); + _get_alias(pPkgId, appType, WAE_TRUE, alias, sizeof(alias)); // even if it fails to remove, ignore it. ret = _to_wae_error( ckmc_remove_alias(alias)); ret = _to_wae_error(ckmc_save_data(alias, buff, policy)); if(ret != WAE_ERROR_NONE) { - WAE_SLOGE("Fail to add APP_DEK to key-manager. pkgId=%s, alias=%s, ret=%d", pPkgId, alias, ret); + WAE_SLOGE("WAE: Fail to add APP_DEK to key-manager. pkgId=%s, alias=%s, ret=%d", pPkgId, alias, ret); goto error; } // share app_dek for web app laucher to use app_dek ret = _to_wae_error(ckmc_set_permission(alias, pPkgId, CKMC_PERMISSION_READ)); if(ret != WAE_ERROR_NONE) { - WAE_SLOGE("Fail to set_permission to APP_DEK. pkgId=%s, ret=%d", pPkgId, ret); + WAE_SLOGE("WAE: Fail to set_permission to APP_DEK. pkgId=%s, ret=%d", pPkgId, ret); goto error; } - WAE_SLOGI("Success to add APP_DEK to key-manager. pkgId=%s", pPkgId); + WAE_SLOGI("WAE: Success to add APP_DEK to key-manager. pkgId=%s, alias=%s", pPkgId, alias); error: return ret; } @@ -231,13 +241,13 @@ int _extract_pkg_id_from_file_name(const char* fileName, char* pkgId) { char* start = strstr(fileName, APP_DEK_FILE_PFX); if(start == NULL){ - WAE_SLOGE("Fail to extract pkgid from APP_DEK file. fileName=%s", fileName); + WAE_SLOGE("WAE: Fail to extract pkgid from APP_DEK file. fileName=%s", fileName); return WAE_ERROR_FILE; } start = start + strlen(APP_DEK_FILE_PFX) + 1; char* end = strstr(fileName, ".adek"); if(start == NULL){ - WAE_SLOGE("Fail to extract pkgid from APP_DEK file. fileName=%s", fileName); + WAE_SLOGE("WAE: Fail to extract pkgid from APP_DEK file. fileName=%s", fileName); return WAE_ERROR_FILE; } strncpy(pkgId, start, end-start); @@ -270,7 +280,7 @@ int _read_from_file(const char* path, unsigned char** data, size_t* len) f = fopen(path, "r"); if( f == NULL) { - WAE_SLOGE("Fail to open a file. file=%s", path); + WAE_SLOGE("WAE: Fail to open a file. file=%s", path); ret = WAE_ERROR_FILE; goto error; } @@ -281,7 +291,7 @@ int _read_from_file(const char* path, unsigned char** data, size_t* len) file_contents = (unsigned char*) malloc(file_len); if(file_contents == NULL) { - WAE_SLOGE("Fail to allocate memory for encrypted_app_dek"); + WAE_SLOGE("WAE: Fail to allocate memory for encrypted_app_dek"); ret = WAE_ERROR_MEMORY; goto error; } @@ -312,14 +322,14 @@ int _write_to_file(const char* path, const unsigned char* data, size_t len) f = fopen(path, "w"); if( f == NULL) { - WAE_SLOGE("Fail to open a file. file=%s", path); + WAE_SLOGE("WAE: Fail to open a file. file=%s", path); ret = WAE_ERROR_FILE; goto error; } write_len = fwrite(data, 1, len, f); if(write_len != (int) len) { - WAE_SLOGE("Fail to write a file. file=%s", path); + WAE_SLOGE("WAE: Fail to write a file. file=%s", path); ret = WAE_ERROR_FILE; goto error; } @@ -344,11 +354,12 @@ int get_app_dek(const char* pPkgId, wae_app_type_e appType, unsigned char** ppDe cached_dek = _get_app_dek_from_cache(pPkgId); if(cached_dek == NULL) { // get APP_DEK from system database - _get_alias(pPkgId, appType, alias, sizeof(alias)); + _get_alias(pPkgId, appType, WAE_FALSE, alias, sizeof(alias)); ret = _to_wae_error(ckmc_get_data(alias, password, &pDekBuffer)); if(ret != WAE_ERROR_NONE) { - WAE_SLOGI("Fail to get APP_DEK from key-manager. alias=%s, ret=%d", alias, ret); + WAE_SLOGI("WAE: Fail to get APP_DEK from key-manager. pkgId=%s, alias=%s, ret=%d", + pPkgId, alias, ret); goto error; } } @@ -363,7 +374,7 @@ int get_app_dek(const char* pPkgId, wae_app_type_e appType, unsigned char** ppDe *ppDek = pDek; *dekLen = DEK_LEN; - WAE_SLOGI("Success to get APP_DEK from key-manager. pkgId=%s", pPkgId); + WAE_SLOGI("WAE: Success to get APP_DEK from key-manager. pkgId=%s, alias=%s", pPkgId, alias); error: if(pDekBuffer != NULL) ckmc_buffer_free(pDekBuffer); @@ -386,7 +397,7 @@ int create_app_dek(const char* pPkgId, wae_app_type_e appType, unsigned char** p ret = _get_random(DEK_LEN, dek); if(ret != WAE_ERROR_NONE) { - WAE_SLOGE("Fail to get random for APP_DEK. pkgId=%s, ret=%d", pPkgId, ret); + WAE_SLOGE("WAE: Fail to get random for APP_DEK. pkgId=%s, ret=%d", pPkgId, ret); goto error; } @@ -402,7 +413,7 @@ int create_app_dek(const char* pPkgId, wae_app_type_e appType, unsigned char** p *ppDek = dek; *dekLen = DEK_LEN; - WAE_SLOGI("Success to create APP_DEK and store it in key-manager. pkgId=%s", pPkgId); + WAE_SLOGI("WAE: Success to create APP_DEK and store it in key-manager. pkgId=%s", pPkgId); error: if(ret != WAE_ERROR_NONE && dek != NULL) free(dek); @@ -419,14 +430,14 @@ int get_preloaded_app_dek(const char* pPkgId, unsigned char** ppDek, size_t* dek // get dek from cache cached_dek = _get_app_dek_from_cache(pPkgId); if(cached_dek == NULL) { - WAE_SLOGE("Fail to get APP_DEK from cache for preloaded app"); + WAE_SLOGE("WAE: Fail to get APP_DEK from cache for preloaded app"); ret = WAE_ERROR_NO_KEY; goto error; } dek = (unsigned char*) malloc(DEK_LEN); if(dek == NULL) { - WAE_SLOGE("Fail to allocate memory for preloaded app dek"); + WAE_SLOGE("WAE: Fail to allocate memory for preloaded app dek"); ret = WAE_ERROR_MEMORY; goto error; } @@ -465,20 +476,20 @@ int create_preloaded_app_dek(const char* pPkgId, unsigned char** ppDek, size_t* // encrypt APP_DEK with APP_DEK_KEK ret = _read_from_file(_get_dek_kek_pub_key_path(), &pubKey, &pubKeyLen); if(ret != WAE_ERROR_NONE) { - WAE_SLOGE("Fail to read APP_DEK_KEK Public Key"); + WAE_SLOGE("WAE: Fail to read APP_DEK_KEK Public Key"); goto error; } ret = encrypt_app_dek(pubKey, pubKeyLen, dek, DEK_LEN, &encrypted_app_dek, &encrypted_app_dek_len); if(ret != WAE_ERROR_NONE) { - WAE_SLOGE("Fail to encrypt APP_DEK with APP_DEK_KEK"); + WAE_SLOGE("WAE: Fail to encrypt APP_DEK with APP_DEK_KEK"); goto error; } // write APP_DEK in a file ret = _write_encrypted_app_dek_to_file(pPkgId, encrypted_app_dek, encrypted_app_dek_len); if(ret != WAE_ERROR_NONE) { - WAE_SLOGE("Fail to write encrypted APP_DEK. pkgId=%s", pPkgId); + WAE_SLOGE("WAE: Fail to write encrypted APP_DEK. pkgId=%s", pPkgId); goto error; } @@ -487,7 +498,7 @@ int create_preloaded_app_dek(const char* pPkgId, unsigned char** ppDek, size_t* *ppDek = dek; *dekLen = DEK_LEN; - WAE_SLOGI("Success to create preleaded APP_DEK and write it in initail value file. pkgId=%s", pPkgId); + WAE_SLOGI("WAE: Success to create preleaded APP_DEK and write it in initail value file. pkgId=%s", pPkgId); error: if(pubKey != NULL) @@ -506,7 +517,7 @@ int _get_app_dek_kek(unsigned char** ppDekKek, size_t* kekLen) ret = _read_from_file(_get_dek_kek_pri_key_path(), ppDekKek, kekLen); if(ret != WAE_ERROR_NONE) { - WAE_SLOGE("Fail to read APP_DEK_KEK Private Key"); + WAE_SLOGE("WAE: Fail to read APP_DEK_KEK Private Key"); return ret; } /* @@ -555,11 +566,11 @@ int _get_app_deks_loaded() ret = _to_wae_error(ckmc_get_data(loading_done_alias, NULL, &pBuffer)); if(ret == WAE_ERROR_NO_KEY) { - WAE_SLOGI("APP_DEK_LOADING was not done"); + WAE_SLOGI("WAE: APP_DEK_LOADING was not done"); } else if(ret == WAE_ERROR_NONE) { - WAE_SLOGI("APP_DEK_LOADING was already done"); + WAE_SLOGI("WAE: APP_DEK_LOADING was already done"); } else { - WAE_SLOGE("Fail to get information from key-manager about APP_DEK_LOADING_DONE_ALIAS. ret=%d", ret); + WAE_SLOGE("WAE: Fail to get information from key-manager about APP_DEK_LOADING_DONE_ALIAS. ret=%d", ret); goto error; } @@ -588,10 +599,10 @@ int _set_app_deks_loaded() ret = _to_wae_error(ckmc_save_data(loading_done_alias, buff, policy)); if(ret == WAE_ERROR_KEY_EXISTS) { - WAE_SLOGI("APP_DEK_LOADING was already done"); + WAE_SLOGI("WAE: APP_DEK_LOADING was already done"); ret = WAE_ERROR_NONE; } else if(ret != WAE_ERROR_NONE) { - WAE_SLOGE("Fail to set APP_DEK_LOADING_DONE_ALIAS to key-manager. ret=%d", ret); + WAE_SLOGE("WAE: Fail to set APP_DEK_LOADING_DONE_ALIAS to key-manager. ret=%d", ret); goto error; } @@ -735,7 +746,7 @@ int remove_app_dek(const char* pPkgId, wae_app_type_e appType) int ret = CKMC_ERROR_NONE; char alias[MAX_ALIAS_LEN] = {0,}; - _get_alias(pPkgId, appType, alias,sizeof(alias)); + _get_alias(pPkgId, appType, WAE_TRUE, alias,sizeof(alias)); ret = _to_wae_error(ckmc_remove_alias(alias)); if(ret != WAE_ERROR_NONE) { diff --git a/srcs/key_handler.h b/srcs/key_handler.h index c786964..03de1ab 100644 --- a/srcs/key_handler.h +++ b/srcs/key_handler.h @@ -54,7 +54,7 @@ unsigned char* _get_app_dek_from_cache(const char* pkgId); void _add_app_dek_to_cache(const char* pkgId, unsigned char* dek); void _remove_app_dek_from_cache(const char* pkgId); int _get_random(size_t length, unsigned char* random); -void _get_alias(const char* pPkgId, wae_app_type_e appType, char* alias, size_t buff_len); +void _get_alias(const char* pPkgId, wae_app_type_e appType, int forSave, char* alias, size_t buff_len); void _get_dek_kek_alias(char* alias, size_t buff_len); void _get_dek_loading_done_alias(char* alias, size_t buff_len); const char* _get_dek_kek_pub_key_path(); diff --git a/tests/wae_tests.c b/tests/wae_tests.c index 2710f98..631e9ea 100644 --- a/tests/wae_tests.c +++ b/tests/wae_tests.c @@ -336,13 +336,16 @@ int wae_tc_get_alias() const char* pkgId = "TEST_PKG_ID"; char alias[256] = {0, }; - _get_alias(pkgId, WAE_DOWNLOADED_NORMAL_APP, alias, sizeof(alias)); - FPRINTF("...pkgid=%s, alias for normal app=%s\n", pkgId, alias); + _get_alias(pkgId, WAE_DOWNLOADED_NORMAL_APP, WAE_TRUE, alias, sizeof(alias)); + FPRINTF("...pkgid=%s, alias for normal for save. app=%s\n", pkgId, alias); - _get_alias(pkgId, WAE_DOWNLOADED_GLOBAL_APP, alias, sizeof(alias)); + _get_alias(pkgId, WAE_DOWNLOADED_NORMAL_APP, WAE_FALSE, alias, sizeof(alias)); + FPRINTF("...pkgid=%s, alias for normal for get. app=%s\n", pkgId, alias); + + _get_alias(pkgId, WAE_DOWNLOADED_GLOBAL_APP, WAE_TRUE, alias, sizeof(alias)); FPRINTF("...pkgid=%s, alias for global app=%s\n", pkgId, alias); - _get_alias(pkgId, WAE_PRELOADED_APP, alias, sizeof(alias)); + _get_alias(pkgId, WAE_PRELOADED_APP, WAE_TRUE, alias, sizeof(alias)); FPRINTF("...pkgid=%s, alias for preloaded app=%s\n", pkgId, alias); return ret; -- 2.7.4 From 931f886bed4ad8d1207b08d612c753e1ad814f9b Mon Sep 17 00:00:00 2001 From: Dongsun Lee Date: Tue, 22 Sep 2015 16:34:18 +0900 Subject: [PATCH 06/15] change ckmc_owner_id_system to ckmc_owner_id_system Change-Id: I80623a8502d4a443718e5ecf449818fc75e731c1 Signed-off-by: Dongsun Lee --- srcs/key_handler.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/srcs/key_handler.c b/srcs/key_handler.c index 6301db1..7c986c0 100644 --- a/srcs/key_handler.c +++ b/srcs/key_handler.c @@ -149,15 +149,15 @@ void _get_alias(const char* pPkgId, wae_app_type_e appType, int forSave, char* a }else{ snprintf(alias, buff_len, "%s%s%s%s", WRT_INSTALLER_LABEL, - ckmc_label_name_separator, + ckmc_owner_id_separator, APP_DEK_ALIAS_PFX, pPkgId); } }else { // system alias (void) appType; snprintf(alias, buff_len, "%s%s%s%s", - ckmc_label_shared_owner, - ckmc_label_name_separator, + ckmc_owner_id_system, + ckmc_owner_id_separator, APP_DEK_ALIAS_PFX, pPkgId); } @@ -166,16 +166,16 @@ void _get_alias(const char* pPkgId, wae_app_type_e appType, int forSave, char* a void _get_dek_kek_alias(char* alias, size_t buff_len) { snprintf(alias, buff_len, "%s%s%s", - ckmc_label_shared_owner, - ckmc_label_name_separator, + ckmc_owner_id_system, + ckmc_owner_id_separator, APP_DEK_KEK_ALIAS); } void _get_dek_loading_done_alias(char* alias, size_t buff_len) { snprintf(alias, buff_len, "%s%s%s", - ckmc_label_shared_owner, - ckmc_label_name_separator, + ckmc_owner_id_system, + ckmc_owner_id_separator, APP_DEK_LOADING_DONE_ALIAS); } -- 2.7.4 From f11cb7322fa9f0c8c0a640098caf9cf35baaa704 Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Mon, 14 Dec 2015 16:00:28 +0900 Subject: [PATCH 07/15] Remove tz platform config devel dependency Change-Id: I37a0eb70b2a89f5deb86d312473d31533bb8a4a2 Signed-off-by: Kyungwook Tak --- packaging/libwebappenc.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/packaging/libwebappenc.spec b/packaging/libwebappenc.spec index b3c2cbc..ec61ff1 100644 --- a/packaging/libwebappenc.spec +++ b/packaging/libwebappenc.spec @@ -15,8 +15,6 @@ BuildRequires: pkgconfig(dlog) BuildRequires: pkgconfig(openssl) BuildRequires: pkgconfig(key-manager) BuildRequires: pkgconfig(libtzplatform-config) -Requires: openssl -Requires: pkgconfig(libtzplatform-config) %description Web application encryption and decryption service -- 2.7.4 From 4ba1b26fcea5409a5b27ab24e2f8b5dfb9f497b8 Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Wed, 2 Mar 2016 20:06:36 +0900 Subject: [PATCH 08/15] Add gitignore file Change-Id: I79f9c4e40c72bcbe29fd1bb662566a7c614cb2ca Signed-off-by: Kyungwook Tak --- .gitignore | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..44d6a2d --- /dev/null +++ b/.gitignore @@ -0,0 +1,10 @@ +# cscope/ctag data # +#################### +/cscope.files +/cscope.out +/tags + +# Temporary files # +################### +*.swp +*~ -- 2.7.4 From b4ea2b8348e45f355cdf1140b666f0897fc63644 Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Wed, 2 Mar 2016 20:13:42 +0900 Subject: [PATCH 09/15] Refine spec file - Fix groups - Remove non-used definition - Use macros Change-Id: I109ebe1280138c23bbd12f7f97e7665110cdd646 Signed-off-by: Kyungwook Tak --- LICENSE.Apache-2.0 => LICENSE | 0 packaging/libwebappenc.spec | 28 +++++----------------------- 2 files changed, 5 insertions(+), 23 deletions(-) rename LICENSE.Apache-2.0 => LICENSE (100%) diff --git a/LICENSE.Apache-2.0 b/LICENSE similarity index 100% rename from LICENSE.Apache-2.0 rename to LICENSE diff --git a/packaging/libwebappenc.spec b/packaging/libwebappenc.spec index ec61ff1..342d1f3 100644 --- a/packaging/libwebappenc.spec +++ b/packaging/libwebappenc.spec @@ -2,7 +2,7 @@ Name: libwebappenc Summary: Web application encryption service Version: 0.1.0 Release: 1 -Group: System/Libraries +Group: Security/Libraries License: Apache-2.0 Source0: %{name}-%{version}.tar.gz Source1001: %{name}.manifest @@ -21,7 +21,7 @@ Web application encryption and decryption service %package devel Summary: Web application encryption service (development files) -Group: Development/Libraries +Group: Security/Development Requires: %{name} = %{version}-%{release} %description devel @@ -29,14 +29,12 @@ Web application encryption and decryption service (development files) %package test Summary: Web application encryption service (test) -Group: Development +Group: Security/Development Requires: %{name} = %{version}-%{release} %description test Web application encryption and decryption service (test) - - %prep %setup -q cp %{SOURCE1001} . @@ -50,23 +48,13 @@ cp %{SOURCE1001} . -DBINDIR=%TZ_SYS_BIN \ -DSYSTEMD_UNIT_DIR=%{_unitdir} \ -DCMAKE_BUILD_TYPE=%{build_type} \ - -DTZ_SYS_BIN=%TZ_SYS_BIN \ -DTZ_SYS_SHARE=%TZ_SYS_SHARE make %{?jobs:-j%jobs} - %install -rm -rf %{buildroot} -mkdir -p %{buildroot}%{TZ_SYS_SHARE}/license -cp LICENSE.Apache-2.0 %{buildroot}%{TZ_SYS_SHARE}/license/%{name} %make_install -mkdir -p %{buildroot}%{_unitdir}/multi-user.target.wants -ln -s ../webappenc-initializer.service %{buildroot}%{_unitdir}/multi-user.target.wants/webappenc-initializer.service - - -%clean -rm -rf %{buildroot} +%install_service multi-user.target.wants webappenc-initializer.service %post /sbin/ldconfig @@ -88,11 +76,9 @@ if [ $1 = 0 ]; then systemctl daemon-reload fi - %files -%defattr(-,root,root,-) %manifest %{name}.manifest -%{TZ_SYS_SHARE}/license/%{name} +%license LICENSE %{_libdir}/%{name}.so.* %{_unitdir}/webappenc-initializer.service %{_unitdir}/multi-user.target.wants/webappenc-initializer.service @@ -101,13 +87,9 @@ fi %{TZ_SYS_SHARE}/wae/app_dek/WAE_APPDEK_KEK_PublicKey.pem %files devel -%defattr(-,root,root,-) %{_includedir}/* %{_libdir}/pkgconfig/%{name}.pc %{_libdir}/%{name}.so %files test -%defattr(-,root,root,-) %{TZ_SYS_BIN}/wae_tests - - -- 2.7.4 From 4ac21f065674dd7c1b11a0918953fc552ec9a924 Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Wed, 2 Mar 2016 20:45:52 +0900 Subject: [PATCH 10/15] Use snprintf instead of sprintf to be safe Change-Id: I664d9f039b09b576c4ebe84c29d8a7c459bc1384 Signed-off-by: Kyungwook Tak --- srcs/key_handler.c | 23 ++++++++++++++++++----- srcs/key_handler.h | 2 +- tests/wae_tests.c | 6 +++--- 3 files changed, 22 insertions(+), 9 deletions(-) diff --git a/srcs/key_handler.c b/srcs/key_handler.c index 7c986c0..7b050d6 100644 --- a/srcs/key_handler.c +++ b/srcs/key_handler.c @@ -231,9 +231,16 @@ error: } -int _get_preloaded_app_dek_file_path(const char* pPkgId, char *path) +int _get_preloaded_app_dek_file_path(const char* pPkgId, size_t size, char *path) { - sprintf(path, "%s/%s_%s.adek", _get_dek_store_path(), APP_DEK_FILE_PFX, pPkgId); + int ret = -1; + + ret = snprintf(path, size, "%s/%s_%s.adek", + _get_dek_store_path(), APP_DEK_FILE_PFX, pPkgId); + + if (ret < 0) + return WAE_ERROR_INVALID_PARAMETER; /* buffer size too small */ + return WAE_ERROR_NONE; } @@ -258,14 +265,14 @@ int _extract_pkg_id_from_file_name(const char* fileName, char* pkgId) int _read_encrypted_app_dek_from_file(const char* pPkgId, unsigned char** encrypted_app_dek, size_t *len) { char path[MAX_PATH_LEN] = {0,}; - _get_preloaded_app_dek_file_path(pPkgId, path); + _get_preloaded_app_dek_file_path(pPkgId, sizeof(path), path); return _read_from_file(path, encrypted_app_dek, len); } int _write_encrypted_app_dek_to_file(const char* pPkgId, const unsigned char* encrypted_app_dek, size_t len) { char path[MAX_PATH_LEN] = {0,}; - _get_preloaded_app_dek_file_path(pPkgId, path); + _get_preloaded_app_dek_file_path(pPkgId, sizeof(path), path); return _write_to_file( path, encrypted_app_dek, len); } @@ -683,7 +690,13 @@ int load_preloaded_app_deks(int reload) // regular file && start with KEY_MANAGER_INITIAL_VALUE_FILE_PFX if(entry.d_type == DT_REG && strstr(entry.d_name, APP_DEK_FILE_PFX) != NULL) { memset(file_path_buff, 0, sizeof(file_path_buff)); - sprintf(file_path_buff, "%s/%s", _get_dek_store_path(), entry.d_name); + ret = snprintf(file_path_buff, sizeof(file_path_buff), "%s/%s", + _get_dek_store_path(), entry.d_name); + if(ret < 0) { + WAE_SLOGE("Failed to make file path by snprintf."); + ret = WAE_ERROR_INVALID_PARAMETER; /* buffer size too small */ + goto error; + } ret = _extract_pkg_id_from_file_name(entry.d_name, pkgId); if(ret != WAE_ERROR_NONE) { diff --git a/srcs/key_handler.h b/srcs/key_handler.h index 03de1ab..a417fdd 100644 --- a/srcs/key_handler.h +++ b/srcs/key_handler.h @@ -61,7 +61,7 @@ const char* _get_dek_kek_pub_key_path(); const char* _get_dek_kek_pri_key_path(); const char* _get_dek_store_path(); int _add_dek_to_key_manager(const char* pPkgId, wae_app_type_e appType, const unsigned char* pDek, size_t len); -int _get_preloaded_app_dek_file_path(const char* pPkgId, char *path); +int _get_preloaded_app_dek_file_path(const char* pPkgId, size_t size, char *path); int _extract_pkg_id_from_file_name(const char* fileName, char* pkgId); int _read_encrypted_app_dek_from_file(const char* pPkgId, unsigned char** encrypted_app_dek, size_t*len); int _write_encrypted_app_dek_to_file(const char* pPkgId, const unsigned char* encrypted_app_dek, size_t len); diff --git a/tests/wae_tests.c b/tests/wae_tests.c index 631e9ea..0b584e5 100644 --- a/tests/wae_tests.c +++ b/tests/wae_tests.c @@ -430,7 +430,7 @@ int wae_tc_get_preloaded_app_dek_file_path() char path[256]; FPRINTF("...expected path : %s\n", expectedPath); - ret = _get_preloaded_app_dek_file_path(pkgId, path); + ret = _get_preloaded_app_dek_file_path(pkgId, sizeof(path), path); FPRINTF("...returned path : %s\n", path); if(ret != WAE_ERROR_NONE || strncmp(expectedPath, path, strlen(expectedPath)) != 0) { @@ -623,8 +623,8 @@ int wae_tc_load_preloaded_app_deks() char path2[MAX_PATH_LEN] = {0, }; FILE *f2 = NULL; - _get_preloaded_app_dek_file_path(pkgId1, path1); - _get_preloaded_app_dek_file_path(pkgId2, path2); + _get_preloaded_app_dek_file_path(pkgId1, sizeof(path1), path1); + _get_preloaded_app_dek_file_path(pkgId2, sizeof(path2), path2); // remove old test data remove_app_dek(pkgId1, WAE_PRELOADED_APP); -- 2.7.4 From daa79b8ea309dbf39dcd47cce82cee0e3ba1e4c9 Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Fri, 11 Mar 2016 15:00:47 +0900 Subject: [PATCH 11/15] Fix SVACE defects Remove unused values in test code Handle negative return value from ftell Change-Id: I331e1335ad900ef9e5ec4523a832ec2c38dfb7f8 Signed-off-by: Kyungwook Tak --- srcs/key_handler.c | 6 ++++++ tests/wae_tests.c | 6 ------ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/srcs/key_handler.c b/srcs/key_handler.c index 7b050d6..714be0f 100644 --- a/srcs/key_handler.c +++ b/srcs/key_handler.c @@ -294,6 +294,12 @@ int _read_from_file(const char* path, unsigned char** data, size_t* len) fseek(f, 0, SEEK_END); // move to the end of a file file_len = ftell(f); + if (file_len <= 0) { + WAE_SLOGE("WAE: Failed to get file size by ftell. ret: %d", file_len); + ret = WAE_ERROR_FILE; + goto error; + } + fseek(f, 0, SEEK_SET); // move to the start of a file file_contents = (unsigned char*) malloc(file_len); diff --git a/tests/wae_tests.c b/tests/wae_tests.c index 0b584e5..a40b301 100644 --- a/tests/wae_tests.c +++ b/tests/wae_tests.c @@ -613,7 +613,6 @@ int wae_tc_load_preloaded_app_deks() unsigned char* readDek1 = NULL; size_t readDekLen1 = 0; char path1[MAX_PATH_LEN] = {0, }; - FILE *f1 = NULL; const char* pkgId2 = "TEST_PKGID_2"; unsigned char* dek2 = NULL; @@ -621,7 +620,6 @@ int wae_tc_load_preloaded_app_deks() unsigned char* readDek2 = NULL; size_t readDekLen2 = 0; char path2[MAX_PATH_LEN] = {0, }; - FILE *f2 = NULL; _get_preloaded_app_dek_file_path(pkgId1, sizeof(path1), path1); _get_preloaded_app_dek_file_path(pkgId2, sizeof(path2), path2); @@ -691,14 +689,10 @@ error: free(dek1); if(readDek1 != NULL) free(readDek1); - if(f1 != NULL) - fclose(f1); if(dek2 != NULL) free(dek2); if(readDek2 != NULL) free(readDek2); - if(f2 != NULL) - fclose(f2); return ret; } -- 2.7.4 From d1da2aa31e64a93d1e1f5b3c7586c6a4186df4f3 Mon Sep 17 00:00:00 2001 From: Dongsun Lee Date: Tue, 21 Jun 2016 13:04:32 +0900 Subject: [PATCH 12/15] change installer smack label from User to System Change-Id: I1522806cb2b7511455821134f8ae42a53a575e6e Signed-off-by: Dongsun Lee --- srcs/key_handler.c | 23 ++++++++--------------- srcs/key_handler.h | 2 +- tests/wae_tests.c | 8 ++++---- 3 files changed, 13 insertions(+), 20 deletions(-) diff --git a/srcs/key_handler.c b/srcs/key_handler.c index 714be0f..4a8ee53 100644 --- a/srcs/key_handler.c +++ b/srcs/key_handler.c @@ -35,7 +35,7 @@ #define APP_DEK_KEK_PRIKEY_PASSWORD "wae_appdek_kek_1q2w3e4r" -#define WRT_INSTALLER_LABEL "/User" +#define WRT_INSTALLER_LABEL "/System" typedef struct _dek_cache_element{ char pkgId[MAX_PKGID_LEN]; @@ -139,22 +139,15 @@ int _get_random(size_t length, unsigned char* random) return WAE_ERROR_NONE; } -void _get_alias(const char* pPkgId, wae_app_type_e appType, int forSave, char* alias, size_t buff_len) +void _get_alias(const char* pPkgId, wae_app_type_e appType, char* alias, size_t buff_len) { if(appType == WAE_DOWNLOADED_NORMAL_APP) { - if(forSave == WAE_TRUE) { - snprintf(alias, buff_len, "%s%s", - APP_DEK_ALIAS_PFX, - pPkgId); - }else{ - snprintf(alias, buff_len, "%s%s%s%s", + snprintf(alias, buff_len, "%s%s%s%s", WRT_INSTALLER_LABEL, ckmc_owner_id_separator, APP_DEK_ALIAS_PFX, pPkgId); - } }else { // system alias - (void) appType; snprintf(alias, buff_len, "%s%s%s%s", ckmc_owner_id_system, ckmc_owner_id_separator, @@ -208,7 +201,7 @@ int _add_dek_to_key_manager(const char* pPkgId, wae_app_type_e appType, const un policy.extractable = true; // save app_dek in key_manager - _get_alias(pPkgId, appType, WAE_TRUE, alias, sizeof(alias)); + _get_alias(pPkgId, appType, alias, sizeof(alias)); // even if it fails to remove, ignore it. ret = _to_wae_error( ckmc_remove_alias(alias)); @@ -367,12 +360,12 @@ int get_app_dek(const char* pPkgId, wae_app_type_e appType, unsigned char** ppDe cached_dek = _get_app_dek_from_cache(pPkgId); if(cached_dek == NULL) { // get APP_DEK from system database - _get_alias(pPkgId, appType, WAE_FALSE, alias, sizeof(alias)); + _get_alias(pPkgId, appType, alias, sizeof(alias)); ret = _to_wae_error(ckmc_get_data(alias, password, &pDekBuffer)); if(ret != WAE_ERROR_NONE) { - WAE_SLOGI("WAE: Fail to get APP_DEK from key-manager. pkgId=%s, alias=%s, ret=%d", - pPkgId, alias, ret); + WAE_SLOGI("WAE: Fail to get APP_DEK from key-manager. pkgId=%s, alias=%s, appType=%d, ret=%d", + pPkgId, alias, appType, ret); goto error; } } @@ -765,7 +758,7 @@ int remove_app_dek(const char* pPkgId, wae_app_type_e appType) int ret = CKMC_ERROR_NONE; char alias[MAX_ALIAS_LEN] = {0,}; - _get_alias(pPkgId, appType, WAE_TRUE, alias,sizeof(alias)); + _get_alias(pPkgId, appType, alias,sizeof(alias)); ret = _to_wae_error(ckmc_remove_alias(alias)); if(ret != WAE_ERROR_NONE) { diff --git a/srcs/key_handler.h b/srcs/key_handler.h index a417fdd..a8e4012 100644 --- a/srcs/key_handler.h +++ b/srcs/key_handler.h @@ -54,7 +54,7 @@ unsigned char* _get_app_dek_from_cache(const char* pkgId); void _add_app_dek_to_cache(const char* pkgId, unsigned char* dek); void _remove_app_dek_from_cache(const char* pkgId); int _get_random(size_t length, unsigned char* random); -void _get_alias(const char* pPkgId, wae_app_type_e appType, int forSave, char* alias, size_t buff_len); +void _get_alias(const char* pPkgId, wae_app_type_e appType, char* alias, size_t buff_len); void _get_dek_kek_alias(char* alias, size_t buff_len); void _get_dek_loading_done_alias(char* alias, size_t buff_len); const char* _get_dek_kek_pub_key_path(); diff --git a/tests/wae_tests.c b/tests/wae_tests.c index a40b301..eb90bdf 100644 --- a/tests/wae_tests.c +++ b/tests/wae_tests.c @@ -336,16 +336,16 @@ int wae_tc_get_alias() const char* pkgId = "TEST_PKG_ID"; char alias[256] = {0, }; - _get_alias(pkgId, WAE_DOWNLOADED_NORMAL_APP, WAE_TRUE, alias, sizeof(alias)); + _get_alias(pkgId, WAE_DOWNLOADED_NORMAL_APP, alias, sizeof(alias)); FPRINTF("...pkgid=%s, alias for normal for save. app=%s\n", pkgId, alias); - _get_alias(pkgId, WAE_DOWNLOADED_NORMAL_APP, WAE_FALSE, alias, sizeof(alias)); + _get_alias(pkgId, WAE_DOWNLOADED_NORMAL_APP, alias, sizeof(alias)); FPRINTF("...pkgid=%s, alias for normal for get. app=%s\n", pkgId, alias); - _get_alias(pkgId, WAE_DOWNLOADED_GLOBAL_APP, WAE_TRUE, alias, sizeof(alias)); + _get_alias(pkgId, WAE_DOWNLOADED_GLOBAL_APP, alias, sizeof(alias)); FPRINTF("...pkgid=%s, alias for global app=%s\n", pkgId, alias); - _get_alias(pkgId, WAE_PRELOADED_APP, WAE_TRUE, alias, sizeof(alias)); + _get_alias(pkgId, WAE_PRELOADED_APP, alias, sizeof(alias)); FPRINTF("...pkgid=%s, alias for preloaded app=%s\n", pkgId, alias); return ret; -- 2.7.4 From 6f18da83631e06509b2f14a729c7b6ac05aa4046 Mon Sep 17 00:00:00 2001 From: Dongsun Lee Date: Mon, 27 Jun 2016 10:09:00 +0900 Subject: [PATCH 13/15] Revert "change installer smack label from User to System" This reverts commit d1da2aa31e64a93d1e1f5b3c7586c6a4186df4f3. The smack labels of xxx-backend was changed into User label again. Change-Id: Ic50ef8739d9e39914d518d1e063eec9a62a7831d --- srcs/key_handler.c | 23 +++++++++++++++-------- srcs/key_handler.h | 2 +- tests/wae_tests.c | 8 ++++---- 3 files changed, 20 insertions(+), 13 deletions(-) diff --git a/srcs/key_handler.c b/srcs/key_handler.c index 4a8ee53..714be0f 100644 --- a/srcs/key_handler.c +++ b/srcs/key_handler.c @@ -35,7 +35,7 @@ #define APP_DEK_KEK_PRIKEY_PASSWORD "wae_appdek_kek_1q2w3e4r" -#define WRT_INSTALLER_LABEL "/System" +#define WRT_INSTALLER_LABEL "/User" typedef struct _dek_cache_element{ char pkgId[MAX_PKGID_LEN]; @@ -139,15 +139,22 @@ int _get_random(size_t length, unsigned char* random) return WAE_ERROR_NONE; } -void _get_alias(const char* pPkgId, wae_app_type_e appType, char* alias, size_t buff_len) +void _get_alias(const char* pPkgId, wae_app_type_e appType, int forSave, char* alias, size_t buff_len) { if(appType == WAE_DOWNLOADED_NORMAL_APP) { - snprintf(alias, buff_len, "%s%s%s%s", + if(forSave == WAE_TRUE) { + snprintf(alias, buff_len, "%s%s", + APP_DEK_ALIAS_PFX, + pPkgId); + }else{ + snprintf(alias, buff_len, "%s%s%s%s", WRT_INSTALLER_LABEL, ckmc_owner_id_separator, APP_DEK_ALIAS_PFX, pPkgId); + } }else { // system alias + (void) appType; snprintf(alias, buff_len, "%s%s%s%s", ckmc_owner_id_system, ckmc_owner_id_separator, @@ -201,7 +208,7 @@ int _add_dek_to_key_manager(const char* pPkgId, wae_app_type_e appType, const un policy.extractable = true; // save app_dek in key_manager - _get_alias(pPkgId, appType, alias, sizeof(alias)); + _get_alias(pPkgId, appType, WAE_TRUE, alias, sizeof(alias)); // even if it fails to remove, ignore it. ret = _to_wae_error( ckmc_remove_alias(alias)); @@ -360,12 +367,12 @@ int get_app_dek(const char* pPkgId, wae_app_type_e appType, unsigned char** ppDe cached_dek = _get_app_dek_from_cache(pPkgId); if(cached_dek == NULL) { // get APP_DEK from system database - _get_alias(pPkgId, appType, alias, sizeof(alias)); + _get_alias(pPkgId, appType, WAE_FALSE, alias, sizeof(alias)); ret = _to_wae_error(ckmc_get_data(alias, password, &pDekBuffer)); if(ret != WAE_ERROR_NONE) { - WAE_SLOGI("WAE: Fail to get APP_DEK from key-manager. pkgId=%s, alias=%s, appType=%d, ret=%d", - pPkgId, alias, appType, ret); + WAE_SLOGI("WAE: Fail to get APP_DEK from key-manager. pkgId=%s, alias=%s, ret=%d", + pPkgId, alias, ret); goto error; } } @@ -758,7 +765,7 @@ int remove_app_dek(const char* pPkgId, wae_app_type_e appType) int ret = CKMC_ERROR_NONE; char alias[MAX_ALIAS_LEN] = {0,}; - _get_alias(pPkgId, appType, alias,sizeof(alias)); + _get_alias(pPkgId, appType, WAE_TRUE, alias,sizeof(alias)); ret = _to_wae_error(ckmc_remove_alias(alias)); if(ret != WAE_ERROR_NONE) { diff --git a/srcs/key_handler.h b/srcs/key_handler.h index a8e4012..a417fdd 100644 --- a/srcs/key_handler.h +++ b/srcs/key_handler.h @@ -54,7 +54,7 @@ unsigned char* _get_app_dek_from_cache(const char* pkgId); void _add_app_dek_to_cache(const char* pkgId, unsigned char* dek); void _remove_app_dek_from_cache(const char* pkgId); int _get_random(size_t length, unsigned char* random); -void _get_alias(const char* pPkgId, wae_app_type_e appType, char* alias, size_t buff_len); +void _get_alias(const char* pPkgId, wae_app_type_e appType, int forSave, char* alias, size_t buff_len); void _get_dek_kek_alias(char* alias, size_t buff_len); void _get_dek_loading_done_alias(char* alias, size_t buff_len); const char* _get_dek_kek_pub_key_path(); diff --git a/tests/wae_tests.c b/tests/wae_tests.c index eb90bdf..a40b301 100644 --- a/tests/wae_tests.c +++ b/tests/wae_tests.c @@ -336,16 +336,16 @@ int wae_tc_get_alias() const char* pkgId = "TEST_PKG_ID"; char alias[256] = {0, }; - _get_alias(pkgId, WAE_DOWNLOADED_NORMAL_APP, alias, sizeof(alias)); + _get_alias(pkgId, WAE_DOWNLOADED_NORMAL_APP, WAE_TRUE, alias, sizeof(alias)); FPRINTF("...pkgid=%s, alias for normal for save. app=%s\n", pkgId, alias); - _get_alias(pkgId, WAE_DOWNLOADED_NORMAL_APP, alias, sizeof(alias)); + _get_alias(pkgId, WAE_DOWNLOADED_NORMAL_APP, WAE_FALSE, alias, sizeof(alias)); FPRINTF("...pkgid=%s, alias for normal for get. app=%s\n", pkgId, alias); - _get_alias(pkgId, WAE_DOWNLOADED_GLOBAL_APP, alias, sizeof(alias)); + _get_alias(pkgId, WAE_DOWNLOADED_GLOBAL_APP, WAE_TRUE, alias, sizeof(alias)); FPRINTF("...pkgid=%s, alias for global app=%s\n", pkgId, alias); - _get_alias(pkgId, WAE_PRELOADED_APP, alias, sizeof(alias)); + _get_alias(pkgId, WAE_PRELOADED_APP, WAE_TRUE, alias, sizeof(alias)); FPRINTF("...pkgid=%s, alias for preloaded app=%s\n", pkgId, alias); return ret; -- 2.7.4 From 4ea2f0ebe530415109e408cb96f81cc0a0b6b3f7 Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Fri, 15 Jul 2016 11:52:13 +0900 Subject: [PATCH 14/15] Use stdbool instead of macro for boolean Change-Id: I6d95a582cd8d2ec52adb314a167bd42dd386ac0b Signed-off-by: Kyungwook Tak --- CMakeLists.txt | 8 ++++---- srcs/CMakeLists.txt | 1 + srcs/crypto_service.c | 11 +++++------ srcs/crypto_service.h | 12 ++++-------- srcs/key_handler.c | 36 +++++++++++++++++++++++------------- srcs/key_handler.h | 33 ++++++++------------------------- srcs/wae_initializer.c | 5 +++-- tests/wae_tests.c | 12 ++++++------ 8 files changed, 54 insertions(+), 64 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index c9fec0e..31e000b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -31,13 +31,13 @@ INCLUDE(FindPkgConfig) ############################# compiler flags ################################## -SET(CMAKE_C_FLAGS_PROFILING "-g -O0 -pg -Wp,-U_FORTIFY_SOURCE") +SET(CMAKE_C_FLAGS_PROFILING "-g -std=c99 -O0 -pg -Wp,-U_FORTIFY_SOURCE") SET(CMAKE_CXX_FLAGS_PROFILING "-g -std=c++0x -O0 -pg -Wp,-U_FORTIFY_SOURCE") -SET(CMAKE_C_FLAGS_DEBUG "-g -O0 -ggdb -Wp,-U_FORTIFY_SOURCE") +SET(CMAKE_C_FLAGS_DEBUG "-g -std=c99 -O0 -ggdb -Wp,-U_FORTIFY_SOURCE") SET(CMAKE_CXX_FLAGS_DEBUG "-g -std=c++0x -O0 -ggdb -Wp,-U_FORTIFY_SOURCE") -SET(CMAKE_C_FLAGS_RELEASE "-g -O2") +SET(CMAKE_C_FLAGS_RELEASE "-g -std=c99 -O2") SET(CMAKE_CXX_FLAGS_RELEASE "-g -std=c++0x -O2") -SET(CMAKE_C_FLAGS_CCOV "-g -O2 --coverage") +SET(CMAKE_C_FLAGS_CCOV "-g -std=c99 -O2 --coverage") SET(CMAKE_CXX_FLAGS_CCOV "-g -std=c++0x -O2 --coverage") # If supported for the target machine, emit position-independent code,suitable diff --git a/srcs/CMakeLists.txt b/srcs/CMakeLists.txt index e94a7d4..9eb766c 100644 --- a/srcs/CMakeLists.txt +++ b/srcs/CMakeLists.txt @@ -18,6 +18,7 @@ ADD_LIBRARY(${TARGET_WEBAPPENC} SHARED ${WEB_APP_ENC_SOURCES}) SET_TARGET_PROPERTIES(${TARGET_WEBAPPENC} PROPERTIES SOVERSION ${SO_VERSION} VERSION ${VERSION} + COMPILE_FLAGS "-D_GNU_SOURCE" ) TARGET_LINK_LIBRARIES(${TARGET_WEBAPPENC} diff --git a/srcs/crypto_service.c b/srcs/crypto_service.c index eb1fc20..1c52cc5 100644 --- a/srcs/crypto_service.c +++ b/srcs/crypto_service.c @@ -19,7 +19,9 @@ * @version 1.0 * @brief provides encryption and decription operations. */ +#include "crypto_service.h" +#include #include #include #include @@ -34,20 +36,17 @@ #define AES_256_KEY_SIZE 32 -#define WAE_FALSE 0 -#define WAE_TRUE 1 - static unsigned char AES_CBC_IV[16] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x08, 0x39, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F}; -static int __initialized = WAE_FALSE; +static bool __initialized = false; void _initialize() { - if(__initialized != WAE_TRUE) { + if(!__initialized) { ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); - __initialized = WAE_TRUE; + __initialized = true; } } diff --git a/srcs/crypto_service.h b/srcs/crypto_service.h index c49c34b..fcdb0fe 100644 --- a/srcs/crypto_service.h +++ b/srcs/crypto_service.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,11 +17,8 @@ * @file crypto_service.h * @author Dongsun Lee (ds73.lee@samsung.com) * @version 1.0 - * @brief a header for key manupulatation. + * @brief provides encryption and decription operations. */ - - - #ifndef __TIZEN_CORE_WAE_CRYPTO_SERVICE_H #define __TIZEN_CORE_WAE_CRYPTO_SERVICE_H @@ -31,9 +28,8 @@ extern "C" { #include - int encrypt_app_dek(const unsigned char* rsaPublicKey, size_t pubKeyLen, - const unsigned char* dek, const int dekLen, + const unsigned char* dek, size_t dekLen, unsigned char** encryptedDek, size_t* encryptedDekLen); int decrypt_app_dek(const unsigned char* rsaPrivateKey, size_t priKeyLen, @@ -53,5 +49,5 @@ int decrypt_aes_cbc(const unsigned char* pKey, size_t keyLen, #ifdef __cplusplus } #endif -#endif /* __TIZEN_CORE_WAE_CRYPTO_SERVICE_H */ +#endif /* __TIZEN_CORE_WAE_CRYPTO_SERVICE_H */ diff --git a/srcs/key_handler.c b/srcs/key_handler.c index 714be0f..bf98c5d 100644 --- a/srcs/key_handler.c +++ b/srcs/key_handler.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,25 +17,35 @@ * @file key_handler.c * @author Dongsun Lee (ds73.lee@samsung.com) * @version 1.0 - * @brief a header for key manupulatation. + * @brief Key manupulatation. */ +#include "key_handler.h" #include #include #include #include #include + #include +#include + #include "wae_log.h" #include "web_app_enc.h" -#include "key_handler.h" #include "crypto_service.h" -#include - +#define RANDOM_FILE "/dev/urandom" +#define WRT_INSTALLER_LABEL "/User" #define APP_DEK_KEK_PRIKEY_PASSWORD "wae_appdek_kek_1q2w3e4r" +#define APP_DEK_ALIAS_PFX "APP_DEK_" +#define APP_DEK_LOADING_DONE_ALIAS "APP_DEKS_LOADING_FINISHED" +#define APP_DEK_FILE_PFX "WAE_APP_DEK" +#define APP_DEK_KEK_ALIAS "WAE_APP_DEK_KEK" -#define WRT_INSTALLER_LABEL "/User" +#define DEK_LEN 32 +#define MAX_ALIAS_LEN 256 +#define MAX_PKGID_LEN 256 +#define MAX_CACHE_SIZE 100 typedef struct _dek_cache_element{ char pkgId[MAX_PKGID_LEN]; @@ -139,10 +149,10 @@ int _get_random(size_t length, unsigned char* random) return WAE_ERROR_NONE; } -void _get_alias(const char* pPkgId, wae_app_type_e appType, int forSave, char* alias, size_t buff_len) +void _get_alias(const char* pPkgId, wae_app_type_e appType, bool forSave, char* alias, size_t buff_len) { if(appType == WAE_DOWNLOADED_NORMAL_APP) { - if(forSave == WAE_TRUE) { + if(forSave) { snprintf(alias, buff_len, "%s%s", APP_DEK_ALIAS_PFX, pPkgId); @@ -208,7 +218,7 @@ int _add_dek_to_key_manager(const char* pPkgId, wae_app_type_e appType, const un policy.extractable = true; // save app_dek in key_manager - _get_alias(pPkgId, appType, WAE_TRUE, alias, sizeof(alias)); + _get_alias(pPkgId, appType, true, alias, sizeof(alias)); // even if it fails to remove, ignore it. ret = _to_wae_error( ckmc_remove_alias(alias)); @@ -367,7 +377,7 @@ int get_app_dek(const char* pPkgId, wae_app_type_e appType, unsigned char** ppDe cached_dek = _get_app_dek_from_cache(pPkgId); if(cached_dek == NULL) { // get APP_DEK from system database - _get_alias(pPkgId, appType, WAE_FALSE, alias, sizeof(alias)); + _get_alias(pPkgId, appType, false, alias, sizeof(alias)); ret = _to_wae_error(ckmc_get_data(alias, password, &pDekBuffer)); if(ret != WAE_ERROR_NONE) { @@ -641,7 +651,7 @@ int _clear_app_deks_loaded() return ret; } -int load_preloaded_app_deks(int reload) +int load_preloaded_app_deks(bool reload) { int ret = WAE_ERROR_NONE; @@ -661,7 +671,7 @@ int load_preloaded_app_deks(int reload) int error_during_loading = 0; - if(reload != WAE_TRUE) { + if(!reload) { // check if all deks were already loaded into key-manager. ret = _get_app_deks_loaded(); if(ret == WAE_ERROR_NONE) { @@ -765,7 +775,7 @@ int remove_app_dek(const char* pPkgId, wae_app_type_e appType) int ret = CKMC_ERROR_NONE; char alias[MAX_ALIAS_LEN] = {0,}; - _get_alias(pPkgId, appType, WAE_TRUE, alias,sizeof(alias)); + _get_alias(pPkgId, appType, true, alias,sizeof(alias)); ret = _to_wae_error(ckmc_remove_alias(alias)); if(ret != WAE_ERROR_NONE) { diff --git a/srcs/key_handler.h b/srcs/key_handler.h index a417fdd..2d3af65 100644 --- a/srcs/key_handler.h +++ b/srcs/key_handler.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,11 +17,8 @@ * @file key_handler.h * @author Dongsun Lee (ds73.lee@samsung.com) * @version 1.0 - * @brief a header for key manupulatation. + * @brief Key manupulatation. */ - - - #ifndef __TIZEN_CORE_WAE_KEY_HANDLER_H #define __TIZEN_CORE_WAE_KEY_HANDLER_H @@ -29,32 +26,19 @@ extern "C" { #endif +#include #include #include "web_app_enc.h" -#define APP_DEK_ALIAS_PFX "APP_DEK_" -#define APP_DEK_LOADING_DONE_ALIAS "APP_DEKS_LOADING_FINISHED" - -#define DEK_LEN 32 -#define MAX_ALIAS_LEN 256 -#define MAX_PKGID_LEN 256 #define MAX_PATH_LEN 512 -#define MAX_CACHE_SIZE 100 - - -#define RANDOM_FILE "/dev/urandom" -#define APP_DEK_FILE_PFX "WAE_APP_DEK" -#define APP_DEK_KEK_ALIAS "WAE_APP_DEK_KEK" - -#define WAE_TRUE 1 -#define WAE_FALSE 0 +/* functions with "_" prefix are internal static functions but declared here for testing */ void _initialize_cache(); unsigned char* _get_app_dek_from_cache(const char* pkgId); void _add_app_dek_to_cache(const char* pkgId, unsigned char* dek); void _remove_app_dek_from_cache(const char* pkgId); int _get_random(size_t length, unsigned char* random); -void _get_alias(const char* pPkgId, wae_app_type_e appType, int forSave, char* alias, size_t buff_len); +void _get_alias(const char* pPkgId, wae_app_type_e appType, bool forSave, char* alias, size_t buff_len); void _get_dek_kek_alias(char* alias, size_t buff_len); void _get_dek_loading_done_alias(char* alias, size_t buff_len); const char* _get_dek_kek_pub_key_path(); @@ -67,21 +51,20 @@ int _read_encrypted_app_dek_from_file(const char* pPkgId, unsigned char** encryp int _write_encrypted_app_dek_to_file(const char* pPkgId, const unsigned char* encrypted_app_dek, size_t len); int _read_from_file(const char* path, unsigned char** data, size_t* len); int _write_to_file(const char* path, const unsigned char* data, size_t len); -int _get_app_dek_kek_from_key_manager(unsigned char** ppDekKek, size_t* kekLen); int _get_app_deks_loaded(); int _set_app_deks_loaded(); int _clear_app_deks_loaded(); +/* functions for interface */ int get_app_dek(const char* pPkgId, wae_app_type_e appType, unsigned char** ppDek, size_t *dekLen); int create_app_dek(const char* pPkgId, wae_app_type_e appType, unsigned char** ppDek, size_t *dekLen); int get_preloaded_app_dek(const char* pPkgId, unsigned char** ppDek, size_t* dekLen); int create_preloaded_app_dek(const char* pPkgId, unsigned char** ppDek, size_t *dekLen); -int load_preloaded_app_deks(int reload); +int load_preloaded_app_deks(bool reload); int remove_app_dek(const char* pPkgId, wae_app_type_e appType); - #ifdef __cplusplus } #endif -#endif /* __TIZEN_CORE_WAE_KEY_HANDLER_H */ +#endif /* __TIZEN_CORE_WAE_KEY_HANDLER_H */ diff --git a/srcs/wae_initializer.c b/srcs/wae_initializer.c index 011c8a0..4022f48 100644 --- a/srcs/wae_initializer.c +++ b/srcs/wae_initializer.c @@ -23,15 +23,16 @@ #include "key_handler.h" #include "web_app_enc.h" #include "wae_log.h" + #include int main(int argc, char* argv[]) { int ret = WAE_ERROR_NONE; - int reload = WAE_FALSE; + bool reload = false; if(argc == 2 && strcmp(argv[1], "--reload")==0) { - reload = WAE_TRUE; + reload = true; } ret = load_preloaded_app_deks(reload); diff --git a/tests/wae_tests.c b/tests/wae_tests.c index a40b301..abaf4aa 100644 --- a/tests/wae_tests.c +++ b/tests/wae_tests.c @@ -336,16 +336,16 @@ int wae_tc_get_alias() const char* pkgId = "TEST_PKG_ID"; char alias[256] = {0, }; - _get_alias(pkgId, WAE_DOWNLOADED_NORMAL_APP, WAE_TRUE, alias, sizeof(alias)); + _get_alias(pkgId, WAE_DOWNLOADED_NORMAL_APP, true, alias, sizeof(alias)); FPRINTF("...pkgid=%s, alias for normal for save. app=%s\n", pkgId, alias); - _get_alias(pkgId, WAE_DOWNLOADED_NORMAL_APP, WAE_FALSE, alias, sizeof(alias)); + _get_alias(pkgId, WAE_DOWNLOADED_NORMAL_APP, false, alias, sizeof(alias)); FPRINTF("...pkgid=%s, alias for normal for get. app=%s\n", pkgId, alias); - _get_alias(pkgId, WAE_DOWNLOADED_GLOBAL_APP, WAE_TRUE, alias, sizeof(alias)); + _get_alias(pkgId, WAE_DOWNLOADED_GLOBAL_APP, true, alias, sizeof(alias)); FPRINTF("...pkgid=%s, alias for global app=%s\n", pkgId, alias); - _get_alias(pkgId, WAE_PRELOADED_APP, WAE_TRUE, alias, sizeof(alias)); + _get_alias(pkgId, WAE_PRELOADED_APP, true, alias, sizeof(alias)); FPRINTF("...pkgid=%s, alias for preloaded app=%s\n", pkgId, alias); return ret; @@ -644,7 +644,7 @@ int wae_tc_load_preloaded_app_deks() } // load_preloaded_app_deks - ret = load_preloaded_app_deks(WAE_TRUE); + ret = load_preloaded_app_deks(true); if(ret != WAE_ERROR_NONE) { FPRINTF("...FAIL: load_preloaded_app_deks. ret=%d\n", ret); goto error; @@ -752,7 +752,7 @@ int _wae_tc_encrypt_decrypt_web_app(wae_app_type_e appType) _remove_app_dek_from_cache(pkgId); if(appType == WAE_PRELOADED_APP) { - load_preloaded_app_deks(WAE_TRUE); + load_preloaded_app_deks(true); } ret = wae_decrypt_web_application(pkgId, appType, encrypted, encLen, &decrypted, &decLen); -- 2.7.4 From 99523c9b37751cc9188dacc2d24fd775da02e180 Mon Sep 17 00:00:00 2001 From: Kyungwook Tak Date: Fri, 15 Jul 2016 13:27:01 +0900 Subject: [PATCH 15/15] Apply coding style of tizen by astyle Change-Id: I495bcdeae8705c2bb8b605762e31458919736926 Signed-off-by: Kyungwook Tak --- CMakeLists.txt | 4 +- build/libwebappenc.pc.in | 1 - include/web_app_enc.h | 48 +- srcs/crypto_service.c | 640 ++++++++++----------- srcs/crypto_service.h | 32 +- srcs/key_handler.c | 1264 +++++++++++++++++++++--------------------- srcs/key_handler.h | 50 +- srcs/wae_initializer.c | 36 +- srcs/wae_log.h | 9 +- srcs/web_app_enc.c | 333 +++++------ tests/wae_tests.c | 1374 ++++++++++++++++++++++++---------------------- 11 files changed, 1955 insertions(+), 1836 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 31e000b..4c5a1bb 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -89,5 +89,3 @@ ADD_SUBDIRECTORY(resources) ADD_SUBDIRECTORY(include) ADD_SUBDIRECTORY(tests) ADD_SUBDIRECTORY(systemd) - - diff --git a/build/libwebappenc.pc.in b/build/libwebappenc.pc.in index 2af6c92..b530dcf 100644 --- a/build/libwebappenc.pc.in +++ b/build/libwebappenc.pc.in @@ -8,4 +8,3 @@ Version: @VERSION@ Requires: @PC_REQUIRED@ Libs: @PC_LDFLAGS@ Cflags: @PC_CFLAGS@ - diff --git a/include/web_app_enc.h b/include/web_app_enc.h index 68a1fd9..7cadf7b 100644 --- a/include/web_app_enc.h +++ b/include/web_app_enc.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,9 +15,8 @@ * * @file web_app_enc.h * @version 1.0 - * @brief This file contains APIs of WEB_APP_ENC module. + * @brief APIs of WEB_APP_ENC module. */ - #ifndef __WEB_APP_ENC__ #define __WEB_APP_ENC__ @@ -25,39 +24,38 @@ extern "C" { #endif +#include + /** * @addtogroup CAPI_WEB_APP_ENC_MODULE * @{ */ - /** * @brief WAE Errors. * @since_tizen 3.0 */ -typedef enum -{ - WAE_ERROR_NONE = 0x00, /**< Successful */ - WAE_ERROR_INVALID_PARAMETER = - 0x01, /**< Invalid function parameter */ - WAE_ERROR_PERMISSION_DENIED = - 0x02, /**< Permission denied */ - WAE_ERROR_NO_KEY = - 0x03, /**< No key */ - WAE_ERROR_KEY_EXISTS = - 0x04, /**< key already exists*/ - WAE_ERROR_KEY_MANAGER = - 0x05, /**< key-manager internal error */ - WAE_ERROR_CRYPTO = - 0x06, /**< failed in crypto operation */ - WAE_ERROR_MEMORY = - 0x07, /**< failed to allocate memory */ - WAE_ERROR_FILE = - 0x08, /**< failed to read or write a file*/ - WAE_ERROR_UNKNOWN = - 0x09 /** < Unknown error */ +typedef enum { + WAE_ERROR_NONE = 0x00, /**< Successful */ + WAE_ERROR_INVALID_PARAMETER = -0x01, /**< Invalid function parameter */ + WAE_ERROR_PERMISSION_DENIED = -0x02, /**< Permission denied */ + WAE_ERROR_NO_KEY = -0x03, /**< No key */ + WAE_ERROR_KEY_EXISTS = -0x04, /**< key already exists*/ + WAE_ERROR_KEY_MANAGER = -0x05, /**< key-manager internal error */ + WAE_ERROR_CRYPTO = -0x06, /**< failed in crypto operation */ + WAE_ERROR_MEMORY = -0x07, /**< failed to allocate memory */ + WAE_ERROR_FILE = -0x08, /**< failed to read or write a file*/ + WAE_ERROR_UNKNOWN = -0x09 /** < Unknown error */ } wae_error_e; /** * @brief Application Type. * @since_tizen 3.0 */ -typedef enum -{ - WAE_DOWNLOADED_NORMAL_APP = 0, /**< Downloaded Normal Application*/ - WAE_DOWNLOADED_GLOBAL_APP = 1, /**< Downloaded Global Application*/ - WAE_PRELOADED_APP = 2 /**< Preloaded Application*/ +typedef enum { + WAE_DOWNLOADED_NORMAL_APP = 0, /**< Downloaded Normal Application*/ + WAE_DOWNLOADED_GLOBAL_APP = 1, /**< Downloaded Global Application*/ + WAE_PRELOADED_APP = 2 /**< Preloaded Application*/ } wae_app_type_e; /** @@ -81,7 +79,7 @@ typedef enum * * @see wae_decrypt_web_application() */ -int wae_encrypt_web_application(const char* pPkgId, wae_app_type_e appType, const unsigned char* pData, size_t dataLen, unsigned char** ppEncryptedData, size_t* pEncDataLen); +int wae_encrypt_web_application(const char *pPkgId, wae_app_type_e appType, const unsigned char *pData, size_t dataLen, unsigned char **ppEncryptedData, size_t *pEncDataLen); /** * @brief Encrypts web application data with internal key. @@ -104,7 +102,7 @@ int wae_encrypt_web_application(const char* pPkgId, wae_app_type_e appType, cons * * @see wae_encrypt_web_application() */ -int wae_decrypt_web_application(const char* pPkgId, wae_app_type_e appType, const unsigned char* pData, size_t dataLen, unsigned char** ppDecryptedData, size_t* pDecDataLen); +int wae_decrypt_web_application(const char *pPkgId, wae_app_type_e appType, const unsigned char *pData, size_t dataLen, unsigned char **ppDecryptedData, size_t *pDecDataLen); /** * @brief Remove a APP DEK(Application Data Encryption Key) used for encrytpion and decryption of a web application. @@ -121,8 +119,7 @@ int wae_decrypt_web_application(const char* pPkgId, wae_app_type_e appType, cons * @retval #WAE_ERROR_UNKNOWN Failed with unknown reason * */ -int wae_remove_app_dek(const char* pPkgId, wae_app_type_e appType); - +int wae_remove_app_dek(const char *pPkgId, wae_app_type_e appType); /** * @} @@ -133,4 +130,3 @@ int wae_remove_app_dek(const char* pPkgId, wae_app_type_e appType); #endif #endif /* __WEB_APP_ENC__ */ - diff --git a/srcs/crypto_service.c b/srcs/crypto_service.c index 1c52cc5..7d90190 100644 --- a/srcs/crypto_service.c +++ b/srcs/crypto_service.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -36,336 +36,358 @@ #define AES_256_KEY_SIZE 32 -static unsigned char AES_CBC_IV[16] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x08, 0x39, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F}; +static unsigned char AES_CBC_IV[16] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x08, 0x39, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F +}; static bool __initialized = false; void _initialize() { - if(!__initialized) { - ERR_load_crypto_strings(); - OpenSSL_add_all_algorithms(); - __initialized = true; - } + if (!__initialized) { + ERR_load_crypto_strings(); + OpenSSL_add_all_algorithms(); + __initialized = true; + } } - - -int encrypt_app_dek(const unsigned char* rsaPublicKey, size_t pubKeyLen, - const unsigned char* dek, size_t dekLen, - unsigned char** encryptedDek, size_t* encryptedDekLen) +int encrypt_app_dek(const unsigned char *rsaPublicKey, size_t pubKeyLen, + const unsigned char *dek, size_t dekLen, + unsigned char **encryptedDek, size_t *encryptedDekLen) { - int ret = WAE_ERROR_NONE; - EVP_PKEY *pKey = NULL; - BIO* bio = NULL; - EVP_PKEY_CTX *ctx = NULL; - unsigned char* out = NULL; - size_t outLen = 0; - - _initialize(); - - bio = BIO_new(BIO_s_mem()); - BIO_write(bio, rsaPublicKey, pubKeyLen); - pKey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL); - - if(pKey == NULL){ - BIO_reset(bio); - BIO_write(bio, rsaPublicKey, pubKeyLen); - pKey = d2i_PUBKEY_bio(bio, NULL); - } - - if(pKey == NULL) { - ret = WAE_ERROR_FILE; - WAE_SLOGE("Failt to convert to public key."); - goto error; - } - - ctx = EVP_PKEY_CTX_new(pKey, NULL); - if(ctx == NULL) { - WAE_SLOGE("Encrypt APP DEK Failed. EVP_PKEY_CTX_new failed"); - ret = WAE_ERROR_CRYPTO; - goto error; - } - - if (EVP_PKEY_encrypt_init(ctx) <= 0) { - WAE_SLOGE("Encrypt APP DEK Failed. EVP_PKEY_encrypt_init failed"); - ret = WAE_ERROR_CRYPTO; - goto error; - } - if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) { - WAE_SLOGE("Encrypt APP DEK Failed. EVP_PKEY_CTX_set_rsa_padding failed"); - ret = WAE_ERROR_CRYPTO; - goto error; - } - - /* Determine buffer length */ - if (EVP_PKEY_encrypt(ctx, NULL, &outLen, dek, dekLen) <= 0) { - WAE_SLOGE("Encrypt APP DEK Failed. EVP_PKEY_encrypt failed"); - ret = WAE_ERROR_CRYPTO; - goto error; - } - - out = OPENSSL_malloc(outLen); - if(out == NULL) { - WAE_SLOGE("Encrypt APP DEK Failed. OPENSSL_malloc failed"); - ret = WAE_ERROR_MEMORY; - goto error; - } - - if (EVP_PKEY_encrypt(ctx, out, &outLen, dek, dekLen) <= 0) { - WAE_SLOGE("Encrypt APP DEK Failed. EVP_PKEY_encrypt failed"); - ret = WAE_ERROR_CRYPTO; - goto error; - } - - *encryptedDek = out; - *encryptedDekLen = outLen; + int ret = WAE_ERROR_NONE; + EVP_PKEY *pKey = NULL; + BIO *bio = NULL; + EVP_PKEY_CTX *ctx = NULL; + unsigned char *out = NULL; + size_t outLen = 0; + + _initialize(); + + bio = BIO_new(BIO_s_mem()); + BIO_write(bio, rsaPublicKey, pubKeyLen); + pKey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL); + + if (pKey == NULL) { + BIO_reset(bio); + BIO_write(bio, rsaPublicKey, pubKeyLen); + pKey = d2i_PUBKEY_bio(bio, NULL); + } + + if (pKey == NULL) { + ret = WAE_ERROR_FILE; + WAE_SLOGE("Failt to convert to public key."); + goto error; + } + + ctx = EVP_PKEY_CTX_new(pKey, NULL); + + if (ctx == NULL) { + WAE_SLOGE("Encrypt APP DEK Failed. EVP_PKEY_CTX_new failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + if (EVP_PKEY_encrypt_init(ctx) <= 0) { + WAE_SLOGE("Encrypt APP DEK Failed. EVP_PKEY_encrypt_init failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) { + WAE_SLOGE("Encrypt APP DEK Failed. EVP_PKEY_CTX_set_rsa_padding failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + /* Determine buffer length */ + if (EVP_PKEY_encrypt(ctx, NULL, &outLen, dek, dekLen) <= 0) { + WAE_SLOGE("Encrypt APP DEK Failed. EVP_PKEY_encrypt failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + out = OPENSSL_malloc(outLen); + + if (out == NULL) { + WAE_SLOGE("Encrypt APP DEK Failed. OPENSSL_malloc failed"); + ret = WAE_ERROR_MEMORY; + goto error; + } + + if (EVP_PKEY_encrypt(ctx, out, &outLen, dek, dekLen) <= 0) { + WAE_SLOGE("Encrypt APP DEK Failed. EVP_PKEY_encrypt failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + *encryptedDek = out; + *encryptedDekLen = outLen; error: - if(bio != NULL) - BIO_free(bio); - if(pKey != NULL) - EVP_PKEY_free(pKey); - if(ctx != NULL) - EVP_PKEY_CTX_free(ctx); - if(ret != WAE_ERROR_NONE && out != NULL) - OPENSSL_free(out); - - return ret; + if (bio != NULL) + BIO_free(bio); + + if (pKey != NULL) + EVP_PKEY_free(pKey); + + if (ctx != NULL) + EVP_PKEY_CTX_free(ctx); + + if (ret != WAE_ERROR_NONE && out != NULL) + OPENSSL_free(out); + + return ret; } -int decrypt_app_dek(const unsigned char* rsaPrivateKey, size_t priKeyLen, - const char* priKeyPassword, - const unsigned char* encryptedDek, size_t dencryptedDekLen, - unsigned char** decryptedDek, size_t* decryptedDekLen) +int decrypt_app_dek(const unsigned char *rsaPrivateKey, size_t priKeyLen, + const char *priKeyPassword, + const unsigned char *encryptedDek, size_t dencryptedDekLen, + unsigned char **decryptedDek, size_t *decryptedDekLen) { - int ret = WAE_ERROR_NONE; - EVP_PKEY *pKey = NULL; - BIO* bio = NULL; - EVP_PKEY_CTX *ctx = NULL; - unsigned char* out = NULL; - size_t outLen = 0; - - _initialize(); - - bio = BIO_new(BIO_s_mem()); - BIO_write(bio, rsaPrivateKey, priKeyLen); - pKey = PEM_read_bio_PrivateKey(bio, NULL, NULL, (void *)priKeyPassword); - - if(pKey == NULL) { - BIO_reset(bio); - BIO_write(bio, rsaPrivateKey, priKeyLen); - pKey = d2i_PrivateKey_bio(bio, NULL); - } - - if(pKey == NULL) { - ret = WAE_ERROR_FILE; - WAE_SLOGE("Failt to convert to public key."); - goto error; - } - - ctx = EVP_PKEY_CTX_new(pKey, NULL); - if(ctx == NULL) { - WAE_SLOGE("Decrypt APP DEK Failed. EVP_PKEY_CTX_new failed"); - ret = WAE_ERROR_CRYPTO; - goto error; - } - - if (EVP_PKEY_decrypt_init(ctx) <= 0) { - WAE_SLOGE("Decrypt APP DEK Failed. EVP_PKEY_decrypt_init failed"); - ret = WAE_ERROR_CRYPTO; - goto error; - } - if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) { - WAE_SLOGE("Decrypt APP DEK Failed. EVP_PKEY_CTX_set_rsa_padding failed"); - ret = WAE_ERROR_CRYPTO; - goto error; - } - - /* Determine buffer length */ - if (EVP_PKEY_decrypt(ctx, NULL, &outLen, encryptedDek, dencryptedDekLen) <= 0) { - WAE_SLOGE("Decrypt APP DEK Failed. EVP_PKEY_decrypt failed"); - ret = WAE_ERROR_CRYPTO; - goto error; - } - - out = OPENSSL_malloc(outLen); - if(out == NULL) { - WAE_SLOGE("Decrypt APP DEK Failed. OPENSSL_malloc failed"); - ret = WAE_ERROR_MEMORY; - goto error; - } - - if (EVP_PKEY_decrypt(ctx, out, &outLen, encryptedDek, dencryptedDekLen) <= 0) { - WAE_SLOGE("Encrypt APP DEK Failed. EVP_PKEY_decrypt failed"); - ret = WAE_ERROR_CRYPTO; - goto error; - } - - *decryptedDek = out; - *decryptedDekLen = outLen; + int ret = WAE_ERROR_NONE; + EVP_PKEY *pKey = NULL; + BIO *bio = NULL; + EVP_PKEY_CTX *ctx = NULL; + unsigned char *out = NULL; + size_t outLen = 0; + + _initialize(); + + bio = BIO_new(BIO_s_mem()); + BIO_write(bio, rsaPrivateKey, priKeyLen); + pKey = PEM_read_bio_PrivateKey(bio, NULL, NULL, (void *)priKeyPassword); + + if (pKey == NULL) { + BIO_reset(bio); + BIO_write(bio, rsaPrivateKey, priKeyLen); + pKey = d2i_PrivateKey_bio(bio, NULL); + } + + if (pKey == NULL) { + ret = WAE_ERROR_FILE; + WAE_SLOGE("Failt to convert to public key."); + goto error; + } + + ctx = EVP_PKEY_CTX_new(pKey, NULL); + + if (ctx == NULL) { + WAE_SLOGE("Decrypt APP DEK Failed. EVP_PKEY_CTX_new failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + if (EVP_PKEY_decrypt_init(ctx) <= 0) { + WAE_SLOGE("Decrypt APP DEK Failed. EVP_PKEY_decrypt_init failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) { + WAE_SLOGE("Decrypt APP DEK Failed. EVP_PKEY_CTX_set_rsa_padding failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + /* Determine buffer length */ + if (EVP_PKEY_decrypt(ctx, NULL, &outLen, encryptedDek, dencryptedDekLen) <= 0) { + WAE_SLOGE("Decrypt APP DEK Failed. EVP_PKEY_decrypt failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + out = OPENSSL_malloc(outLen); + + if (out == NULL) { + WAE_SLOGE("Decrypt APP DEK Failed. OPENSSL_malloc failed"); + ret = WAE_ERROR_MEMORY; + goto error; + } + + if (EVP_PKEY_decrypt(ctx, out, &outLen, encryptedDek, dencryptedDekLen) <= 0) { + WAE_SLOGE("Encrypt APP DEK Failed. EVP_PKEY_decrypt failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + *decryptedDek = out; + *decryptedDekLen = outLen; error: - if(bio != NULL) - BIO_free(bio); - if(pKey != NULL) - EVP_PKEY_free(pKey); - if(ctx != NULL) - EVP_PKEY_CTX_free(ctx); - if(ret != WAE_ERROR_NONE && out != NULL) - OPENSSL_free(out); - - return ret; + if (bio != NULL) + BIO_free(bio); + + if (pKey != NULL) + EVP_PKEY_free(pKey); + + if (ctx != NULL) + EVP_PKEY_CTX_free(ctx); + + if (ret != WAE_ERROR_NONE && out != NULL) + OPENSSL_free(out); + + return ret; } -int encrypt_aes_cbc(const unsigned char* pKey, size_t keyLen, - const unsigned char* pData, size_t dataLen, - unsigned char** ppEncryptedData, size_t* pEncDataLen) +int encrypt_aes_cbc(const unsigned char *pKey, size_t keyLen, + const unsigned char *pData, size_t dataLen, + unsigned char **ppEncryptedData, size_t *pEncDataLen) { - EVP_CIPHER_CTX *ctx; - int len; - unsigned char *ciphertext = NULL; - size_t ciphertext_len; - unsigned char *iv = AES_CBC_IV; - int ret = WAE_ERROR_NONE; - - _initialize(); - - WAE_SLOGI("Encryption Started. size=%d", dataLen); - /* check input paramter */ - if( keyLen != 32 ) { - WAE_SLOGE("Encryption Failed. Invalid Key Length. keyLen=%d", keyLen); - return WAE_ERROR_INVALID_PARAMETER; - } - - // assing a enough memory for decryption. - ciphertext = (unsigned char*) malloc(dataLen + 32); - - /* Create and initialise the context */ - if(!(ctx = EVP_CIPHER_CTX_new())) { - WAE_SLOGE("Encryption Failed. EVP_CIPHER_CTX_new failed"); - ret = WAE_ERROR_CRYPTO; - goto error; - } - - /* Initialise the encryption operation. IMPORTANT - ensure you use a key - * and IV size appropriate for your cipher - * In this example we are using 256 bit AES (i.e. a 256 bit key). The - * IV size for *most* modes is the same as the block size. For AES this - * is 128 bits */ - if(1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, pKey, iv)) { - WAE_SLOGE("Encryption Failed. EVP_EncryptInit_ex failed"); - ret = WAE_ERROR_CRYPTO; - goto error; - } - - /* Provide the message to be encrypted, and obtain the encrypted output. - * EVP_EncryptUpdate can be called multiple times if necessary - */ - if(1 != EVP_EncryptUpdate(ctx, ciphertext, &len, pData, dataLen)) { - WAE_SLOGE("Encryption Failed. EVP_EncryptUpdate failed"); - ret = WAE_ERROR_CRYPTO; - goto error; - } - ciphertext_len = len; - - /* Finalise the encryption. Further ciphertext bytes may be written at - * this stage. - */ - if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) { - WAE_SLOGE("Encryption Failed. EVP_EncryptFinal_ex failed"); - ret = WAE_ERROR_CRYPTO; - goto error; - } - ciphertext_len += len; - - *ppEncryptedData = ciphertext; - *pEncDataLen = ciphertext_len; - - ret = WAE_ERROR_NONE; - WAE_SLOGI("Encryption Ended Successfully. encrypted_len", ciphertext_len); + EVP_CIPHER_CTX *ctx; + int len; + unsigned char *ciphertext = NULL; + size_t ciphertext_len; + unsigned char *iv = AES_CBC_IV; + int ret = WAE_ERROR_NONE; + + _initialize(); + + WAE_SLOGI("Encryption Started. size=%d", dataLen); + + /* check input paramter */ + if (keyLen != 32) { + WAE_SLOGE("Encryption Failed. Invalid Key Length. keyLen=%d", keyLen); + return WAE_ERROR_INVALID_PARAMETER; + } + + // assing a enough memory for decryption. + ciphertext = (unsigned char *) malloc(dataLen + 32); + + /* Create and initialise the context */ + if (!(ctx = EVP_CIPHER_CTX_new())) { + WAE_SLOGE("Encryption Failed. EVP_CIPHER_CTX_new failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + /* Initialise the encryption operation. IMPORTANT - ensure you use a key + * and IV size appropriate for your cipher + * In this example we are using 256 bit AES (i.e. a 256 bit key). The + * IV size for *most* modes is the same as the block size. For AES this + * is 128 bits */ + if (1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, pKey, iv)) { + WAE_SLOGE("Encryption Failed. EVP_EncryptInit_ex failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + /* Provide the message to be encrypted, and obtain the encrypted output. + * EVP_EncryptUpdate can be called multiple times if necessary + */ + if (1 != EVP_EncryptUpdate(ctx, ciphertext, &len, pData, dataLen)) { + WAE_SLOGE("Encryption Failed. EVP_EncryptUpdate failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + ciphertext_len = len; + + /* Finalise the encryption. Further ciphertext bytes may be written at + * this stage. + */ + if (1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) { + WAE_SLOGE("Encryption Failed. EVP_EncryptFinal_ex failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + ciphertext_len += len; + + *ppEncryptedData = ciphertext; + *pEncDataLen = ciphertext_len; + + ret = WAE_ERROR_NONE; + WAE_SLOGI("Encryption Ended Successfully. encrypted_len", ciphertext_len); + error: - if(ctx != NULL) - EVP_CIPHER_CTX_free(ctx); - if(ret != WAE_ERROR_NONE && ciphertext != NULL) - free(ciphertext); - return ret; + if (ctx != NULL) + EVP_CIPHER_CTX_free(ctx); + + if (ret != WAE_ERROR_NONE && ciphertext != NULL) + free(ciphertext); + + return ret; } -int decrypt_aes_cbc(const unsigned char* pKey, size_t keyLen, - const unsigned char* pData, size_t dataLen, - unsigned char** ppDecryptedData, size_t* pDecDataLen) +int decrypt_aes_cbc(const unsigned char *pKey, size_t keyLen, + const unsigned char *pData, size_t dataLen, + unsigned char **ppDecryptedData, size_t *pDecDataLen) { - EVP_CIPHER_CTX *ctx; - int len; - unsigned char* plaintext = NULL; - size_t plaintext_len; - unsigned char *iv = AES_CBC_IV; - int ret = WAE_ERROR_NONE; - - _initialize(); - - WAE_SLOGI("Decryption Started. size=%d", dataLen); - - /* check input paramter */ - if( keyLen != 32 ) { - WAE_SLOGE("Decryption Failed. Invalid Key Length. keyLen=%d", keyLen); - return WAE_ERROR_INVALID_PARAMETER; - } - - // assing a enough memory for decryption. - plaintext = (unsigned char*) malloc(dataLen); - - /* Create and initialise the context */ - if(!(ctx = EVP_CIPHER_CTX_new())) { - WAE_SLOGE("Decryption Failed. EVP_CIPHER_CTX_new failed"); - ret = WAE_ERROR_CRYPTO; - goto error; - } - - /* Initialise the decryption operation. IMPORTANT - ensure you use a key - * and IV size appropriate for your cipher - * In this example we are using 256 bit AES (i.e. a 256 bit key). The - * IV size for *most* modes is the same as the block size. For AES this - * is 128 bits */ - if(1 != EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, pKey, iv)) { - WAE_SLOGE("Decryption Failed. EVP_DecryptInit_ex failed"); - ret = WAE_ERROR_CRYPTO; - goto error; - } - - /* Provide the message to be decrypted, and obtain the plaintext output. - * EVP_DecryptUpdate can be called multiple times if necessary - */ - if(1 != EVP_DecryptUpdate(ctx, plaintext, &len, pData, dataLen)) { - WAE_SLOGE("Decryption Failed. EVP_DecryptUpdate failed"); - ret = WAE_ERROR_CRYPTO; - goto error; - } - plaintext_len = len; - - /* Finalise the decryption. Further plaintext bytes may be written at - * this stage. - */ - if(1 != EVP_DecryptFinal_ex(ctx, plaintext + len, &len)) { - WAE_SLOGE("Decryption Failed. EVP_DecryptFinal_ex failed"); - ret = WAE_ERROR_CRYPTO; - goto error; - } - plaintext_len += len; - - *ppDecryptedData = plaintext; - *pDecDataLen = plaintext_len; - - ret = WAE_ERROR_NONE; - WAE_SLOGI("Decryption Ended Successfully. decrypted_len", plaintext_len); + EVP_CIPHER_CTX *ctx; + int len; + unsigned char *plaintext = NULL; + size_t plaintext_len; + unsigned char *iv = AES_CBC_IV; + int ret = WAE_ERROR_NONE; + + _initialize(); + + WAE_SLOGI("Decryption Started. size=%d", dataLen); + + /* check input paramter */ + if (keyLen != 32) { + WAE_SLOGE("Decryption Failed. Invalid Key Length. keyLen=%d", keyLen); + return WAE_ERROR_INVALID_PARAMETER; + } + + // assing a enough memory for decryption. + plaintext = (unsigned char *) malloc(dataLen); + + /* Create and initialise the context */ + if (!(ctx = EVP_CIPHER_CTX_new())) { + WAE_SLOGE("Decryption Failed. EVP_CIPHER_CTX_new failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + /* Initialise the decryption operation. IMPORTANT - ensure you use a key + * and IV size appropriate for your cipher + * In this example we are using 256 bit AES (i.e. a 256 bit key). The + * IV size for *most* modes is the same as the block size. For AES this + * is 128 bits */ + if (1 != EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, pKey, iv)) { + WAE_SLOGE("Decryption Failed. EVP_DecryptInit_ex failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + /* Provide the message to be decrypted, and obtain the plaintext output. + * EVP_DecryptUpdate can be called multiple times if necessary + */ + if (1 != EVP_DecryptUpdate(ctx, plaintext, &len, pData, dataLen)) { + WAE_SLOGE("Decryption Failed. EVP_DecryptUpdate failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + plaintext_len = len; + + /* Finalise the decryption. Further plaintext bytes may be written at + * this stage. + */ + if (1 != EVP_DecryptFinal_ex(ctx, plaintext + len, &len)) { + WAE_SLOGE("Decryption Failed. EVP_DecryptFinal_ex failed"); + ret = WAE_ERROR_CRYPTO; + goto error; + } + + plaintext_len += len; + + *ppDecryptedData = plaintext; + *pDecDataLen = plaintext_len; + + ret = WAE_ERROR_NONE; + WAE_SLOGI("Decryption Ended Successfully. decrypted_len", plaintext_len); + error: - if(ctx != NULL) - EVP_CIPHER_CTX_free(ctx); - if(ret != WAE_ERROR_NONE && plaintext != NULL) - free(plaintext); - return ret; -} + if (ctx != NULL) + EVP_CIPHER_CTX_free(ctx); + if (ret != WAE_ERROR_NONE && plaintext != NULL) + free(plaintext); + + return ret; +} diff --git a/srcs/crypto_service.h b/srcs/crypto_service.h index fcdb0fe..61f4d0b 100644 --- a/srcs/crypto_service.h +++ b/srcs/crypto_service.h @@ -19,8 +19,8 @@ * @version 1.0 * @brief provides encryption and decription operations. */ -#ifndef __TIZEN_CORE_WAE_CRYPTO_SERVICE_H -#define __TIZEN_CORE_WAE_CRYPTO_SERVICE_H +#ifndef __WAE_CRYPTO_SERVICE_H +#define __WAE_CRYPTO_SERVICE_H #ifdef __cplusplus extern "C" { @@ -28,26 +28,26 @@ extern "C" { #include -int encrypt_app_dek(const unsigned char* rsaPublicKey, size_t pubKeyLen, - const unsigned char* dek, size_t dekLen, - unsigned char** encryptedDek, size_t* encryptedDekLen); +int encrypt_app_dek(const unsigned char *rsaPublicKey, size_t pubKeyLen, + const unsigned char *dek, size_t dekLen, + unsigned char **encryptedDek, size_t *encryptedDekLen); -int decrypt_app_dek(const unsigned char* rsaPrivateKey, size_t priKeyLen, - const char* priKeyPassword, - const unsigned char* encryptedDek, size_t dencryptedDekLen, - unsigned char** decryptedDek, size_t* decryptedDekLen); +int decrypt_app_dek(const unsigned char *rsaPrivateKey, size_t priKeyLen, + const char *priKeyPassword, + const unsigned char *encryptedDek, size_t dencryptedDekLen, + unsigned char **decryptedDek, size_t *decryptedDekLen); -int encrypt_aes_cbc(const unsigned char* pKey, size_t keyLen, - const unsigned char* pData, size_t dataLen, - unsigned char** ppEncryptedData, size_t* pEncDataLen); +int encrypt_aes_cbc(const unsigned char *pKey, size_t keyLen, + const unsigned char *pData, size_t dataLen, + unsigned char **ppEncryptedData, size_t *pEncDataLen); -int decrypt_aes_cbc(const unsigned char* pKey, size_t keyLen, - const unsigned char* pData, size_t dataLen, - unsigned char** ppDecryptedData, size_t* pDecDataLen); +int decrypt_aes_cbc(const unsigned char *pKey, size_t keyLen, + const unsigned char *pData, size_t dataLen, + unsigned char **ppDecryptedData, size_t *pDecDataLen); #ifdef __cplusplus } #endif -#endif /* __TIZEN_CORE_WAE_CRYPTO_SERVICE_H */ +#endif /* __WAE_CRYPTO_SERVICE_H */ diff --git a/srcs/key_handler.c b/srcs/key_handler.c index bf98c5d..929d282 100644 --- a/srcs/key_handler.c +++ b/srcs/key_handler.c @@ -47,9 +47,9 @@ #define MAX_PKGID_LEN 256 #define MAX_CACHE_SIZE 100 -typedef struct _dek_cache_element{ - char pkgId[MAX_PKGID_LEN]; - unsigned char dek[DEK_LEN]; +typedef struct _dek_cache_element { + char pkgId[MAX_PKGID_LEN]; + unsigned char dek[DEK_LEN]; } dek_cache_element; dek_cache_element APP_DEK_CACHE[MAX_CACHE_SIZE]; @@ -57,734 +57,762 @@ int NEXT_CACHE_IDX = -1; void _initialize_cache() { - NEXT_CACHE_IDX = 0; - memset(APP_DEK_CACHE, 0, sizeof(dek_cache_element)*MAX_CACHE_SIZE); + NEXT_CACHE_IDX = 0; + memset(APP_DEK_CACHE, 0, sizeof(dek_cache_element)*MAX_CACHE_SIZE); } -unsigned char* _get_app_dek_from_cache(const char* pkgId) +unsigned char *_get_app_dek_from_cache(const char *pkgId) { - int i = 0; - - if(NEXT_CACHE_IDX < 0) - _initialize_cache(); - - for(i =0; i= MAX_CACHE_SIZE) - NEXT_CACHE_IDX = 0; + if (NEXT_CACHE_IDX < 0) + _initialize_cache(); + + // if existing one has the same pkgid + for (int i = 0; i < MAX_CACHE_SIZE; i++) { + if (strlen(APP_DEK_CACHE[i].pkgId) == strlen(pkgId) && + strncmp(pkgId, APP_DEK_CACHE[i].pkgId, strlen(pkgId)) == 0) { + memcpy(APP_DEK_CACHE[i].dek, dek, DEK_LEN); + return; + } + } + + // for new pkgid + strncpy(APP_DEK_CACHE[NEXT_CACHE_IDX].pkgId, pkgId, strlen(pkgId)); + memcpy(APP_DEK_CACHE[NEXT_CACHE_IDX].dek, dek, DEK_LEN); + + NEXT_CACHE_IDX++; + + if (NEXT_CACHE_IDX >= MAX_CACHE_SIZE) + NEXT_CACHE_IDX = 0; } -void _remove_app_dek_from_cache(const char* pkgId) +void _remove_app_dek_from_cache(const char *pkgId) { - int i = 0; - - for(i =0; idata, DEK_LEN); - - *ppDek = pDek; - *dekLen = DEK_LEN; - WAE_SLOGI("WAE: Success to get APP_DEK from key-manager. pkgId=%s, alias=%s", pPkgId, alias); + int ret = WAE_ERROR_NONE; + + char *password = NULL; + ckmc_raw_buffer_s *pDekBuffer = NULL; + char alias[MAX_ALIAS_LEN] = {0,}; + unsigned char *pDek = NULL; + + unsigned char *cached_dek = _get_app_dek_from_cache(pPkgId); + + if (cached_dek == NULL) { + // get APP_DEK from system database + _get_alias(pPkgId, appType, false, alias, sizeof(alias)); + + ret = _to_wae_error(ckmc_get_data(alias, password, &pDekBuffer)); + + if (ret != WAE_ERROR_NONE) { + WAE_SLOGI("WAE: Fail to get APP_DEK from key-manager. pkgId=%s, alias=%s, ret=%d", + pPkgId, alias, ret); + goto error; + } + } + + pDek = (unsigned char *) malloc(DEK_LEN); + + if (pDek == NULL) { + WAE_SLOGE("Fail to allocate a memory"); + ret = WAE_ERROR_MEMORY; + goto error; + } + + memcpy(pDek, (cached_dek != NULL) ? cached_dek : pDekBuffer->data, DEK_LEN); + + *ppDek = pDek; + *dekLen = DEK_LEN; + WAE_SLOGI("WAE: Success to get APP_DEK from key-manager. pkgId=%s, alias=%s", pPkgId, alias); + error: - if(pDekBuffer != NULL) - ckmc_buffer_free(pDekBuffer); - if(ret != WAE_ERROR_NONE && pDek != NULL) - free(pDek); + if (pDekBuffer != NULL) + ckmc_buffer_free(pDekBuffer); + + if (ret != WAE_ERROR_NONE && pDek != NULL) + free(pDek); - return ret; + return ret; } -int create_app_dek(const char* pPkgId, wae_app_type_e appType, unsigned char** ppDek, size_t* dekLen) +int create_app_dek(const char *pPkgId, wae_app_type_e appType, unsigned char **ppDek, size_t *dekLen) { - int ret = WAE_ERROR_NONE; - unsigned char *dek= NULL; - - dek = (unsigned char*) malloc(DEK_LEN); - if(dek == NULL) { - ret = WAE_ERROR_MEMORY; - goto error; - } - - ret = _get_random(DEK_LEN, dek); - if(ret != WAE_ERROR_NONE) { - WAE_SLOGE("WAE: Fail to get random for APP_DEK. pkgId=%s, ret=%d", pPkgId, ret); - goto error; - } - - // save app_dek in key_manager - ret = _add_dek_to_key_manager(pPkgId, appType, dek, DEK_LEN); - if(ret != WAE_ERROR_NONE) { - goto error; - } - - // store APP_DEK in cache - _add_app_dek_to_cache(pPkgId, dek); - - *ppDek = dek; - *dekLen = DEK_LEN; - - WAE_SLOGI("WAE: Success to create APP_DEK and store it in key-manager. pkgId=%s", pPkgId); + unsigned char *dek = (unsigned char *) malloc(DEK_LEN); + + if (dek == NULL) + return WAE_ERROR_MEMORY; + + int ret = _get_random(DEK_LEN, dek); + + if (ret != WAE_ERROR_NONE) { + WAE_SLOGE("WAE: Fail to get random for APP_DEK. pkgId=%s, ret=%d", pPkgId, ret); + goto error; + } + + // save app_dek in key_manager + ret = _add_dek_to_key_manager(pPkgId, appType, dek, DEK_LEN); + + if (ret != WAE_ERROR_NONE) { + goto error; + } + + // store APP_DEK in cache + _add_app_dek_to_cache(pPkgId, dek); + + *ppDek = dek; + *dekLen = DEK_LEN; + + WAE_SLOGI("WAE: Success to create APP_DEK and store it in key-manager. pkgId=%s", pPkgId); + error: - if(ret != WAE_ERROR_NONE && dek != NULL) - free(dek); + if (ret != WAE_ERROR_NONE && dek != NULL) + free(dek); - return ret; + return ret; } -int get_preloaded_app_dek(const char* pPkgId, unsigned char** ppDek, size_t* dekLen) +int get_preloaded_app_dek(const char *pPkgId, unsigned char **ppDek, size_t *dekLen) { - int ret = WAE_ERROR_NONE; - unsigned char* cached_dek= NULL; - unsigned char* dek = NULL; - - // get dek from cache - cached_dek = _get_app_dek_from_cache(pPkgId); - if(cached_dek == NULL) { - WAE_SLOGE("WAE: Fail to get APP_DEK from cache for preloaded app"); - ret = WAE_ERROR_NO_KEY; - goto error; - } - - dek = (unsigned char*) malloc(DEK_LEN); - if(dek == NULL) { - WAE_SLOGE("WAE: Fail to allocate memory for preloaded app dek"); - ret = WAE_ERROR_MEMORY; - goto error; - } - memcpy(dek, cached_dek, DEK_LEN); - - *ppDek = dek; - *dekLen = DEK_LEN; + int ret = WAE_ERROR_NONE; + + unsigned char *cached_dek = _get_app_dek_from_cache(pPkgId); + + if (cached_dek == NULL) { + WAE_SLOGE("WAE: Fail to get APP_DEK from cache for preloaded app"); + return WAE_ERROR_NO_KEY; + } + + unsigned char *dek = (unsigned char *) malloc(DEK_LEN); + + if (dek == NULL) { + WAE_SLOGE("WAE: Fail to allocate memory for preloaded app dek"); + ret = WAE_ERROR_MEMORY; + goto error; + } + + memcpy(dek, cached_dek, DEK_LEN); + + *ppDek = dek; + *dekLen = DEK_LEN; + error: - if(ret != WAE_ERROR_NONE && dek != NULL) - free(dek); + if (ret != WAE_ERROR_NONE && dek != NULL) + free(dek); - return ret; + return ret; } -int create_preloaded_app_dek(const char* pPkgId, unsigned char** ppDek, size_t* dekLen) +int create_preloaded_app_dek(const char *pPkgId, unsigned char **ppDek, size_t *dekLen) { - int ret = WAE_ERROR_NONE; - unsigned char* dek = NULL; - unsigned char* encrypted_app_dek = NULL; - size_t encrypted_app_dek_len = 0; - unsigned char* pubKey = NULL; - size_t pubKeyLen = 0; - - // create APP_DEK - dek = (unsigned char*) malloc(DEK_LEN); - if(dek == NULL) { - ret = WAE_ERROR_MEMORY; - goto error; - } - - ret = _get_random(DEK_LEN, dek); - if(ret != WAE_ERROR_NONE) { - goto error; - } - - // encrypt APP_DEK with APP_DEK_KEK - ret = _read_from_file(_get_dek_kek_pub_key_path(), &pubKey, &pubKeyLen); - if(ret != WAE_ERROR_NONE) { - WAE_SLOGE("WAE: Fail to read APP_DEK_KEK Public Key"); - goto error; - } - - ret = encrypt_app_dek(pubKey, pubKeyLen, dek, DEK_LEN, &encrypted_app_dek, &encrypted_app_dek_len); - if(ret != WAE_ERROR_NONE) { - WAE_SLOGE("WAE: Fail to encrypt APP_DEK with APP_DEK_KEK"); - goto error; - } - - // write APP_DEK in a file - ret = _write_encrypted_app_dek_to_file(pPkgId, encrypted_app_dek, encrypted_app_dek_len); - if(ret != WAE_ERROR_NONE) { - WAE_SLOGE("WAE: Fail to write encrypted APP_DEK. pkgId=%s", pPkgId); - goto error; - } - - // store APP_DEK in cache - _add_app_dek_to_cache(pPkgId, dek); - - *ppDek = dek; - *dekLen = DEK_LEN; - WAE_SLOGI("WAE: Success to create preleaded APP_DEK and write it in initail value file. pkgId=%s", pPkgId); + unsigned char *encrypted_app_dek = NULL; + size_t encrypted_app_dek_len = 0; + unsigned char *pubKey = NULL; + size_t pubKeyLen = 0; -error: - if(pubKey != NULL) - free(pubKey); - if(encrypted_app_dek != NULL) - free(encrypted_app_dek); - if(ret != WAE_ERROR_NONE && dek != NULL) - free(dek); - return ret; -} + // create APP_DEK + unsigned char *dek = (unsigned char *)malloc(DEK_LEN); + if (dek == NULL) + return WAE_ERROR_MEMORY; -int _get_app_dek_kek(unsigned char** ppDekKek, size_t* kekLen) -{ - int ret = WAE_ERROR_NONE; + int ret = _get_random(DEK_LEN, dek); + + if (ret != WAE_ERROR_NONE) + goto error; + + // encrypt APP_DEK with APP_DEK_KEK + ret = _read_from_file(_get_dek_kek_pub_key_path(), &pubKey, &pubKeyLen); + + if (ret != WAE_ERROR_NONE) { + WAE_SLOGE("WAE: Fail to read APP_DEK_KEK Public Key"); + goto error; + } + + ret = encrypt_app_dek(pubKey, pubKeyLen, dek, DEK_LEN, &encrypted_app_dek, &encrypted_app_dek_len); + + if (ret != WAE_ERROR_NONE) { + WAE_SLOGE("WAE: Fail to encrypt APP_DEK with APP_DEK_KEK"); + goto error; + } + + // write APP_DEK in a file + ret = _write_encrypted_app_dek_to_file(pPkgId, encrypted_app_dek, encrypted_app_dek_len); + + if (ret != WAE_ERROR_NONE) { + WAE_SLOGE("WAE: Fail to write encrypted APP_DEK. pkgId=%s", pPkgId); + goto error; + } + + // store APP_DEK in cache + _add_app_dek_to_cache(pPkgId, dek); + + *ppDek = dek; + *dekLen = DEK_LEN; + WAE_SLOGI("WAE: Success to create preleaded APP_DEK and write it in initail value file. pkgId=%s", pPkgId); - ret = _read_from_file(_get_dek_kek_pri_key_path(), ppDekKek, kekLen); - if(ret != WAE_ERROR_NONE) { - WAE_SLOGE("WAE: Fail to read APP_DEK_KEK Private Key"); - return ret; - } -/* - char* password = NULL; - ckmc_raw_buffer_s *pKekBuffer = NULL; - unsigned char* pKek = NULL; - - char dek_kek_alias[MAX_ALIAS_LEN] = {0, }; - _get_dek_kek_alias(dek_kek_alias, sizeof(dek_kek_alias)); - - ret = _to_wae_error(ckmc_get_data(dek_kek_alias, password, &pKekBuffer)); - if(ret != WAE_ERROR_NONE) { - WAE_SLOGE("Fail to get APP_DEK_KEK from key-manager. alias=%s, ret=%d", APP_DEK_KEK_ALIAS, ret); - goto error; - } - - pKek = (unsigned char*) malloc(pKekBuffer->size); - if(pKek == NULL) { - WAE_SLOGE("Fail to allocate a memory"); - ret = WAE_ERROR_MEMORY; - goto error; - } - memcpy(pKek, pKekBuffer->data, pKekBuffer->size); - - *ppDekKek = pKek; - *kekLen = pKekBuffer->size; - WAE_SLOGI("Success to get APP_DEK_KEK from key-manager."); error: - if(pKekBuffer != NULL) - ckmc_buffer_free(pKekBuffer); - if(ret != WAE_ERROR_NONE && pKek != NULL) - free(pKek); -*/ - return ret; + if (pubKey != NULL) + free(pubKey); + + if (encrypted_app_dek != NULL) + free(encrypted_app_dek); + + if (ret != WAE_ERROR_NONE && dek != NULL) + free(dek); + + return ret; } +int _get_app_dek_kek(unsigned char **ppDekKek, size_t *kekLen) +{ + int ret = _read_from_file(_get_dek_kek_pri_key_path(), ppDekKek, kekLen); + + if (ret != WAE_ERROR_NONE) { + WAE_SLOGE("WAE: Fail to read APP_DEK_KEK Private Key"); + return ret; + } + + /* + char* password = NULL; + ckmc_raw_buffer_s *pKekBuffer = NULL; + unsigned char* pKek = NULL; + + char dek_kek_alias[MAX_ALIAS_LEN] = {0, }; + _get_dek_kek_alias(dek_kek_alias, sizeof(dek_kek_alias)); + + ret = _to_wae_error(ckmc_get_data(dek_kek_alias, password, &pKekBuffer)); + if(ret != WAE_ERROR_NONE) { + WAE_SLOGE("Fail to get APP_DEK_KEK from key-manager. alias=%s, ret=%d", APP_DEK_KEK_ALIAS, ret); + goto error; + } + + pKek = (unsigned char*) malloc(pKekBuffer->size); + if(pKek == NULL) { + WAE_SLOGE("Fail to allocate a memory"); + ret = WAE_ERROR_MEMORY; + goto error; + } + memcpy(pKek, pKekBuffer->data, pKekBuffer->size); + + *ppDekKek = pKek; + *kekLen = pKekBuffer->size; + WAE_SLOGI("Success to get APP_DEK_KEK from key-manager."); + error: + if(pKekBuffer != NULL) + ckmc_buffer_free(pKekBuffer); + if(ret != WAE_ERROR_NONE && pKek != NULL) + free(pKek); + */ + return ret; +} int _get_app_deks_loaded() { - int ret = WAE_ERROR_NONE; - - ckmc_raw_buffer_s *pBuffer = NULL; - char loading_done_alias[MAX_ALIAS_LEN] = {0, }; + char loading_done_alias[MAX_ALIAS_LEN] = {0, }; + _get_dek_loading_done_alias(loading_done_alias, sizeof(loading_done_alias)); - _get_dek_loading_done_alias(loading_done_alias, sizeof(loading_done_alias)); + ckmc_raw_buffer_s *pBuffer = NULL; + int ret = _to_wae_error(ckmc_get_data(loading_done_alias, NULL, &pBuffer)); - ret = _to_wae_error(ckmc_get_data(loading_done_alias, NULL, &pBuffer)); - if(ret == WAE_ERROR_NO_KEY) { - WAE_SLOGI("WAE: APP_DEK_LOADING was not done"); - } else if(ret == WAE_ERROR_NONE) { - WAE_SLOGI("WAE: APP_DEK_LOADING was already done"); - } else { - WAE_SLOGE("WAE: Fail to get information from key-manager about APP_DEK_LOADING_DONE_ALIAS. ret=%d", ret); - goto error; - } + if (ret == WAE_ERROR_NO_KEY) + WAE_SLOGI("WAE: APP_DEK_LOADING was not done"); + else if (ret == WAE_ERROR_NONE) + WAE_SLOGI("WAE: APP_DEK_LOADING was already done"); + else + WAE_SLOGE("WAE: Fail to get information from key-manager about APP_DEK_LOADING_DONE_ALIAS. ret=%d", ret); -error: - if(pBuffer != NULL) - ckmc_buffer_free(pBuffer); + if (pBuffer != NULL) + ckmc_buffer_free(pBuffer); - return ret; + return ret; } int _set_app_deks_loaded() { - int ret = WAE_ERROR_NONE; - ckmc_raw_buffer_s buff; - ckmc_policy_s policy; - unsigned char dummyData[1] = {0}; - - buff.data = dummyData; - buff.size = sizeof(dummyData); - - policy.password = NULL; - policy.extractable = true; - - char loading_done_alias[MAX_ALIAS_LEN] = {0, }; - _get_dek_loading_done_alias(loading_done_alias, sizeof(loading_done_alias)); - - ret = _to_wae_error(ckmc_save_data(loading_done_alias, buff, policy)); - if(ret == WAE_ERROR_KEY_EXISTS) { - WAE_SLOGI("WAE: APP_DEK_LOADING was already done"); - ret = WAE_ERROR_NONE; - } else if(ret != WAE_ERROR_NONE) { - WAE_SLOGE("WAE: Fail to set APP_DEK_LOADING_DONE_ALIAS to key-manager. ret=%d", ret); - goto error; - } - - WAE_SLOGI("Success to set APP_DEK_LOADING_DONE_ALIAS to key-manager."); -error: - return ret; + ckmc_raw_buffer_s buff; + ckmc_policy_s policy; + unsigned char dummyData[1] = {0}; + + buff.data = dummyData; + buff.size = sizeof(dummyData); + + policy.password = NULL; + policy.extractable = true; + + char loading_done_alias[MAX_ALIAS_LEN] = {0, }; + _get_dek_loading_done_alias(loading_done_alias, sizeof(loading_done_alias)); + + int ret = _to_wae_error(ckmc_save_data(loading_done_alias, buff, policy)); + + if (ret == WAE_ERROR_KEY_EXISTS) { + WAE_SLOGI("WAE: APP_DEK_LOADING was already done"); + ret = WAE_ERROR_NONE; + } else if (ret == WAE_ERROR_NONE) { + WAE_SLOGI("Success to set APP_DEK_LOADING_DONE_ALIAS to key-manager."); + } else { + WAE_SLOGE("WAE: Fail to set APP_DEK_LOADING_DONE_ALIAS to key-manager. ret=%d", ret); + } + + return ret; } int _clear_app_deks_loaded() { - int ret = WAE_ERROR_NONE; - char loading_done_alias[MAX_ALIAS_LEN] = {0, }; - _get_dek_loading_done_alias(loading_done_alias, sizeof(loading_done_alias)); - - ret = _to_wae_error(ckmc_remove_alias(loading_done_alias)); - if(ret == WAE_ERROR_NO_KEY) { - WAE_SLOGI("APP_DEK_LOADING_DONE_ALIAS was not set to key-manager before."); - ret = WAE_ERROR_NONE; - }else if(ret != WAE_ERROR_NONE) { - WAE_SLOGE("Fail to clear APP_DEK_LOADING_DONE_ALIAS to key-manager. ret=%d", ret); - } - - return ret; + char loading_done_alias[MAX_ALIAS_LEN] = {0, }; + _get_dek_loading_done_alias(loading_done_alias, sizeof(loading_done_alias)); + + int ret = _to_wae_error(ckmc_remove_alias(loading_done_alias)); + + if (ret == WAE_ERROR_NO_KEY) { + WAE_SLOGI("APP_DEK_LOADING_DONE_ALIAS was not set to key-manager before."); + ret = WAE_ERROR_NONE; + } else if (ret == WAE_ERROR_NONE) { + WAE_SLOGI("Success to clear app deks loaded"); + } else { + WAE_SLOGE("Fail to clear APP_DEK_LOADING_DONE_ALIAS to key-manager. ret=%d", ret); + } + + return ret; } int load_preloaded_app_deks(bool reload) { - int ret = WAE_ERROR_NONE; - - char pkgId[MAX_PKGID_LEN] = {0, }; - - DIR *dir = NULL; - struct dirent entry; - struct dirent *result; - int error; - char file_path_buff[MAX_PATH_LEN]; - unsigned char* encrypted_app_dek = NULL; - size_t encrypted_app_dek_len = 0; - unsigned char* app_dek = NULL; - size_t app_dek_len = 0; - unsigned char* priKey = NULL; - size_t priKeyLen = 0; - - int error_during_loading = 0; - - if(!reload) { - // check if all deks were already loaded into key-manager. - ret = _get_app_deks_loaded(); - if(ret == WAE_ERROR_NONE) { - return ret; - } - } - - ret = _get_app_dek_kek(&priKey, &priKeyLen); - if(ret != WAE_ERROR_NONE) { - WAE_SLOGE("Fail to get APP_DEK_KEK Private Key"); - return ret; - } - - dir = opendir(_get_dek_store_path()); - if(dir == NULL) { - WAE_SLOGE("Fail to open dir. dir=%s", _get_dek_store_path()); - ret = WAE_ERROR_FILE; - goto error; - } - - for(;;) { - error = readdir_r(dir, &entry, &result); - if( error != 0 ) { - ret = WAE_ERROR_FILE; - goto error; - } - // readdir_r returns NULL in *result if the end - // of the directory stream is reached - if(result == NULL) - break; - - // regular file && start with KEY_MANAGER_INITIAL_VALUE_FILE_PFX - if(entry.d_type == DT_REG && strstr(entry.d_name, APP_DEK_FILE_PFX) != NULL) { - memset(file_path_buff, 0, sizeof(file_path_buff)); - ret = snprintf(file_path_buff, sizeof(file_path_buff), "%s/%s", - _get_dek_store_path(), entry.d_name); - if(ret < 0) { - WAE_SLOGE("Failed to make file path by snprintf."); - ret = WAE_ERROR_INVALID_PARAMETER; /* buffer size too small */ - goto error; - } - - ret = _extract_pkg_id_from_file_name(entry.d_name, pkgId); - if(ret != WAE_ERROR_NONE) { - WAE_SLOGW("Fail to extract pkgid from file. It will be ignored. file=%s",file_path_buff); - continue; - } - - ret = _read_from_file(file_path_buff, &encrypted_app_dek, &encrypted_app_dek_len); - if(ret != WAE_ERROR_NONE || encrypted_app_dek == NULL) { - error_during_loading++; - WAE_SLOGW("Fail to read file. It will be ignored. file=%s",file_path_buff); - continue; - } - - ret = decrypt_app_dek(priKey, priKeyLen, APP_DEK_KEK_PRIKEY_PASSWORD, - encrypted_app_dek, encrypted_app_dek_len, - &app_dek, &app_dek_len); - if(ret != WAE_ERROR_NONE || app_dek == NULL) { - error_during_loading++; - WAE_SLOGW("Fail to decrypt APP DEK. It will be ignored. file=%s",file_path_buff); - continue; - } - - // save app_dek in key_manager - ret = _add_dek_to_key_manager(pkgId, WAE_PRELOADED_APP, app_dek, app_dek_len); - // free temp objects - free(app_dek); - free(encrypted_app_dek); - app_dek = NULL; - encrypted_app_dek = NULL; - - if(ret == WAE_ERROR_KEY_EXISTS) { - WAE_SLOGI("Key Manager already has APP_DEK. It will be ignored. file=%s",file_path_buff); - continue; - }else if(ret != WAE_ERROR_NONE) { - error_during_loading++; - WAE_SLOGW("Fail to add APP DEK to key-manager. file=%s",file_path_buff); - continue; - } - } - } - - ret = _set_app_deks_loaded(); - if(ret == WAE_ERROR_NONE) { - WAE_SLOGI("Success to load_preloaded_app_deks"); - ret = WAE_ERROR_NONE; - }else { - WAE_SLOGW("Fail to _set_app_deks_loaded to key-manager. ret=%d", ret); - } + int ret = WAE_ERROR_NONE; + + char pkgId[MAX_PKGID_LEN] = {0, }; + + DIR *dir = NULL; + struct dirent entry; + struct dirent *result; + int error; + char file_path_buff[MAX_PATH_LEN]; + unsigned char *encrypted_app_dek = NULL; + size_t encrypted_app_dek_len = 0; + unsigned char *app_dek = NULL; + size_t app_dek_len = 0; + unsigned char *priKey = NULL; + size_t priKeyLen = 0; + + int error_during_loading = 0; + + if (!reload) { + // check if all deks were already loaded into key-manager. + ret = _get_app_deks_loaded(); + + if (ret == WAE_ERROR_NONE) + return ret; + } + + ret = _get_app_dek_kek(&priKey, &priKeyLen); + + if (ret != WAE_ERROR_NONE) { + WAE_SLOGE("Fail to get APP_DEK_KEK Private Key"); + return ret; + } + + dir = opendir(_get_dek_store_path()); + + if (dir == NULL) { + WAE_SLOGE("Fail to open dir. dir=%s", _get_dek_store_path()); + ret = WAE_ERROR_FILE; + goto error; + } + + while (true) { + error = readdir_r(dir, &entry, &result); + + if (error != 0) { + ret = WAE_ERROR_FILE; + goto error; + } + + // readdir_r returns NULL in *result if the end + // of the directory stream is reached + if (result == NULL) + break; + + // regular file && start with KEY_MANAGER_INITIAL_VALUE_FILE_PFX + if (entry.d_type == DT_REG && strstr(entry.d_name, APP_DEK_FILE_PFX) != NULL) { + memset(file_path_buff, 0, sizeof(file_path_buff)); + ret = snprintf(file_path_buff, sizeof(file_path_buff), "%s/%s", + _get_dek_store_path(), entry.d_name); + + if (ret < 0) { + WAE_SLOGE("Failed to make file path by snprintf."); + ret = WAE_ERROR_INVALID_PARAMETER; /* buffer size too small */ + goto error; + } + + ret = _extract_pkg_id_from_file_name(entry.d_name, pkgId); + + if (ret != WAE_ERROR_NONE) { + WAE_SLOGW("Fail to extract pkgid from file. It will be ignored. file=%s", file_path_buff); + continue; + } + + ret = _read_from_file(file_path_buff, &encrypted_app_dek, &encrypted_app_dek_len); + + if (ret != WAE_ERROR_NONE || encrypted_app_dek == NULL) { + error_during_loading++; + WAE_SLOGW("Fail to read file. It will be ignored. file=%s", file_path_buff); + continue; + } + + ret = decrypt_app_dek(priKey, priKeyLen, APP_DEK_KEK_PRIKEY_PASSWORD, + encrypted_app_dek, encrypted_app_dek_len, + &app_dek, &app_dek_len); + + if (ret != WAE_ERROR_NONE || app_dek == NULL) { + error_during_loading++; + WAE_SLOGW("Fail to decrypt APP DEK. It will be ignored. file=%s", file_path_buff); + continue; + } + + // save app_dek in key_manager + ret = _add_dek_to_key_manager(pkgId, WAE_PRELOADED_APP, app_dek, app_dek_len); + // free temp objects + free(app_dek); + free(encrypted_app_dek); + app_dek = NULL; + encrypted_app_dek = NULL; + + if (ret == WAE_ERROR_KEY_EXISTS) { + WAE_SLOGI("Key Manager already has APP_DEK. It will be ignored. file=%s", file_path_buff); + continue; + } else if (ret != WAE_ERROR_NONE) { + error_during_loading++; + WAE_SLOGW("Fail to add APP DEK to key-manager. file=%s", file_path_buff); + continue; + } + } + } + + ret = _set_app_deks_loaded(); + + if (ret == WAE_ERROR_NONE) { + WAE_SLOGI("Success to load_preloaded_app_deks"); + ret = WAE_ERROR_NONE; + } else { + WAE_SLOGW("Fail to _set_app_deks_loaded to key-manager. ret=%d", ret); + } + error: - if(priKey != NULL) - free(priKey); + if (priKey != NULL) + free(priKey); - return ret; + return ret; } - -int remove_app_dek(const char* pPkgId, wae_app_type_e appType) +int remove_app_dek(const char *pPkgId, wae_app_type_e appType) { - int ret = CKMC_ERROR_NONE; - char alias[MAX_ALIAS_LEN] = {0,}; + char alias[MAX_ALIAS_LEN] = {0,}; - _get_alias(pPkgId, appType, true, alias,sizeof(alias)); + _get_alias(pPkgId, appType, true, alias, sizeof(alias)); - ret = _to_wae_error(ckmc_remove_alias(alias)); - if(ret != WAE_ERROR_NONE) { - WAE_SLOGE("Fail to remove APP_DEK from key-manager. pkgId=%s, alias=%s, ret=%d", pPkgId, alias, ret); - goto error; - } + int ret = _to_wae_error(ckmc_remove_alias(alias)); - _remove_app_dek_from_cache(pPkgId); - WAE_SLOGI("Success to remove APP_DEK from key-manager. pkgId=%s", pPkgId); -error: - return WAE_ERROR_NONE; + if (ret != WAE_ERROR_NONE) { + WAE_SLOGE("Fail to remove APP_DEK from key-manager. pkgId=%s, alias=%s, ret=%d", pPkgId, alias, ret); + return ret; + } + + _remove_app_dek_from_cache(pPkgId); + WAE_SLOGI("Success to remove APP_DEK from key-manager. pkgId=%s", pPkgId); + + return WAE_ERROR_NONE; } diff --git a/srcs/key_handler.h b/srcs/key_handler.h index 2d3af65..e1ad727 100644 --- a/srcs/key_handler.h +++ b/srcs/key_handler.h @@ -19,8 +19,8 @@ * @version 1.0 * @brief Key manupulatation. */ -#ifndef __TIZEN_CORE_WAE_KEY_HANDLER_H -#define __TIZEN_CORE_WAE_KEY_HANDLER_H +#ifndef __WAE_KEY_HANDLER_H +#define __WAE_KEY_HANDLER_H #ifdef __cplusplus extern "C" { @@ -34,37 +34,37 @@ extern "C" { /* functions with "_" prefix are internal static functions but declared here for testing */ void _initialize_cache(); -unsigned char* _get_app_dek_from_cache(const char* pkgId); -void _add_app_dek_to_cache(const char* pkgId, unsigned char* dek); -void _remove_app_dek_from_cache(const char* pkgId); -int _get_random(size_t length, unsigned char* random); -void _get_alias(const char* pPkgId, wae_app_type_e appType, bool forSave, char* alias, size_t buff_len); -void _get_dek_kek_alias(char* alias, size_t buff_len); -void _get_dek_loading_done_alias(char* alias, size_t buff_len); -const char* _get_dek_kek_pub_key_path(); -const char* _get_dek_kek_pri_key_path(); -const char* _get_dek_store_path(); -int _add_dek_to_key_manager(const char* pPkgId, wae_app_type_e appType, const unsigned char* pDek, size_t len); -int _get_preloaded_app_dek_file_path(const char* pPkgId, size_t size, char *path); -int _extract_pkg_id_from_file_name(const char* fileName, char* pkgId); -int _read_encrypted_app_dek_from_file(const char* pPkgId, unsigned char** encrypted_app_dek, size_t*len); -int _write_encrypted_app_dek_to_file(const char* pPkgId, const unsigned char* encrypted_app_dek, size_t len); -int _read_from_file(const char* path, unsigned char** data, size_t* len); -int _write_to_file(const char* path, const unsigned char* data, size_t len); +unsigned char *_get_app_dek_from_cache(const char *pkgId); +void _add_app_dek_to_cache(const char *pkgId, unsigned char *dek); +void _remove_app_dek_from_cache(const char *pkgId); +int _get_random(size_t length, unsigned char *random); +void _get_alias(const char *pPkgId, wae_app_type_e appType, bool forSave, char *alias, size_t buff_len); +void _get_dek_kek_alias(char *alias, size_t buff_len); +void _get_dek_loading_done_alias(char *alias, size_t buff_len); +const char *_get_dek_kek_pub_key_path(); +const char *_get_dek_kek_pri_key_path(); +const char *_get_dek_store_path(); +int _add_dek_to_key_manager(const char *pPkgId, wae_app_type_e appType, const unsigned char *pDek, size_t len); +int _get_preloaded_app_dek_file_path(const char *pPkgId, size_t size, char *path); +int _extract_pkg_id_from_file_name(const char *fileName, char *pkgId); +int _read_encrypted_app_dek_from_file(const char *pPkgId, unsigned char **encrypted_app_dek, size_t *len); +int _write_encrypted_app_dek_to_file(const char *pPkgId, const unsigned char *encrypted_app_dek, size_t len); +int _read_from_file(const char *path, unsigned char **data, size_t *len); +int _write_to_file(const char *path, const unsigned char *data, size_t len); int _get_app_deks_loaded(); int _set_app_deks_loaded(); int _clear_app_deks_loaded(); /* functions for interface */ -int get_app_dek(const char* pPkgId, wae_app_type_e appType, unsigned char** ppDek, size_t *dekLen); -int create_app_dek(const char* pPkgId, wae_app_type_e appType, unsigned char** ppDek, size_t *dekLen); -int get_preloaded_app_dek(const char* pPkgId, unsigned char** ppDek, size_t* dekLen); -int create_preloaded_app_dek(const char* pPkgId, unsigned char** ppDek, size_t *dekLen); +int get_app_dek(const char *pPkgId, wae_app_type_e appType, unsigned char **ppDek, size_t *dekLen); +int create_app_dek(const char *pPkgId, wae_app_type_e appType, unsigned char **ppDek, size_t *dekLen); +int get_preloaded_app_dek(const char *pPkgId, unsigned char **ppDek, size_t *dekLen); +int create_preloaded_app_dek(const char *pPkgId, unsigned char **ppDek, size_t *dekLen); int load_preloaded_app_deks(bool reload); -int remove_app_dek(const char* pPkgId, wae_app_type_e appType); +int remove_app_dek(const char *pPkgId, wae_app_type_e appType); #ifdef __cplusplus } #endif -#endif /* __TIZEN_CORE_WAE_KEY_HANDLER_H */ +#endif /* __WAE_KEY_HANDLER_H */ diff --git a/srcs/wae_initializer.c b/srcs/wae_initializer.c index 4022f48..b9d7ce8 100644 --- a/srcs/wae_initializer.c +++ b/srcs/wae_initializer.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,30 +19,30 @@ * @version 1.0 * @brief tool for importing APP DEKs during booting */ - #include "key_handler.h" #include "web_app_enc.h" #include "wae_log.h" #include -int main(int argc, char* argv[]) +int main(int argc, char *argv[]) { - int ret = WAE_ERROR_NONE; - bool reload = false; + int ret = WAE_ERROR_NONE; + bool reload = false; + + if (argc == 2 && strcmp(argv[1], "--reload") == 0) { + reload = true; + } - if(argc == 2 && strcmp(argv[1], "--reload")==0) { - reload = true; - } + ret = load_preloaded_app_deks(reload); - ret = load_preloaded_app_deks(reload); - if(ret == WAE_ERROR_NONE) { - printf("WAE INITIALIZER was finished successfully.\n"); - WAE_SLOGI("WAE INITIALIZER was finished successfully."); - return 0; - }else { - printf("WAE INITIALIZER was finished with error. ret=%d\n", ret); - WAE_SLOGE("WAE INITIALIZER was finished with error. ret=%d", ret); - return -1; - } + if (ret == WAE_ERROR_NONE) { + printf("WAE INITIALIZER was finished successfully.\n"); + WAE_SLOGI("WAE INITIALIZER was finished successfully."); + return 0; + } else { + printf("WAE INITIALIZER was finished with error. ret=%d\n", ret); + WAE_SLOGE("WAE INITIALIZER was finished with error. ret=%d", ret); + return -1; + } } diff --git a/srcs/wae_log.h b/srcs/wae_log.h index 6dfe44a..732557f 100644 --- a/srcs/wae_log.h +++ b/srcs/wae_log.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,16 +17,14 @@ * @file wae_log.h * @author Dongsun Lee (ds73.lee@samsung.com) * @version 1.0 - * @brief a header for loggin. + * @brief logging. */ - #ifndef __WAE_LOG_H__ #define __WAE_LOG_H__ -/* Use DLOG logging mechanism */ #include -#define TAG_WAE "WAE" +#define TAG_WAE "WAE" #define WAE_SLOGD(format, arg...) SLOG(LOG_DEBUG, TAG_WAE, format, ##arg) #define WAE_SLOGI(format, arg...) SLOG(LOG_INFO, TAG_WAE, format, ##arg) @@ -35,4 +33,3 @@ #define WAE_SLOGF(format, arg...) SLOG(LOG_FATAL, TAG_WAE, format, ##arg) #endif /* __WAE_LOG_H__*/ - diff --git a/srcs/web_app_enc.c b/srcs/web_app_enc.c index 39865bc..0e31c30 100644 --- a/srcs/web_app_enc.c +++ b/srcs/web_app_enc.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,200 +19,213 @@ * @version 1.0 * @brief provides fucntions for encryption and decryption of web application. */ +#include "web_app_enc.h" #include #include -#include "web_app_enc.h" #include "key_handler.h" #include "crypto_service.h" #include "wae_log.h" - -int _wae_encrypt_downloaded_web_application(const char* pPkgId, wae_app_type_e appType, - const unsigned char* pData, size_t dataLen, - unsigned char** ppEncryptedData, size_t* pEncDataLen) +int _wae_encrypt_downloaded_web_application(const char *pPkgId, wae_app_type_e appType, + const unsigned char *pData, size_t dataLen, + unsigned char **ppEncryptedData, size_t *pEncDataLen) { - int ret = WAE_ERROR_NONE; - unsigned char *pDek = NULL; - size_t dekLen = -1; - - if(pPkgId == NULL) { - WAE_SLOGE("Invalid Parameter. pPkgId is NULL"); - ret = WAE_ERROR_INVALID_PARAMETER; - goto error; - } - if(pData == NULL || dataLen <= 0) { - WAE_SLOGE("Invalid Parameter. pData is NULL or invalid dataLen(%d)", dataLen); - ret = WAE_ERROR_INVALID_PARAMETER; - goto error; - } - if(ppEncryptedData == NULL || pEncDataLen == NULL) { - WAE_SLOGE("Invalid Parameter. ppEncryptedData or pEncDataLen is NULL"); - ret = WAE_ERROR_INVALID_PARAMETER; - goto error; - } - - // get APP_DEK. - // if not exists, create APP_DEK - ret = get_app_dek(pPkgId, appType, &pDek, &dekLen); - if(ret == WAE_ERROR_NO_KEY) { - ret = create_app_dek(pPkgId, appType, &pDek, &dekLen); - } - if(ret != WAE_ERROR_NONE) { - goto error; - } - - // encrypt - ret = encrypt_aes_cbc(pDek, dekLen, pData, dataLen, ppEncryptedData, pEncDataLen); - if(ret != WAE_ERROR_NONE) { - goto error; - } + int ret = WAE_ERROR_NONE; + unsigned char *pDek = NULL; + size_t dekLen = -1; + + if (pPkgId == NULL) { + WAE_SLOGE("Invalid Parameter. pPkgId is NULL"); + ret = WAE_ERROR_INVALID_PARAMETER; + goto error; + } + + if (pData == NULL || dataLen <= 0) { + WAE_SLOGE("Invalid Parameter. pData is NULL or invalid dataLen(%d)", dataLen); + ret = WAE_ERROR_INVALID_PARAMETER; + goto error; + } + + if (ppEncryptedData == NULL || pEncDataLen == NULL) { + WAE_SLOGE("Invalid Parameter. ppEncryptedData or pEncDataLen is NULL"); + ret = WAE_ERROR_INVALID_PARAMETER; + goto error; + } + + // get APP_DEK. + // if not exists, create APP_DEK + ret = get_app_dek(pPkgId, appType, &pDek, &dekLen); + + if (ret == WAE_ERROR_NO_KEY) { + ret = create_app_dek(pPkgId, appType, &pDek, &dekLen); + } + + if (ret != WAE_ERROR_NONE) { + goto error; + } + + // encrypt + ret = encrypt_aes_cbc(pDek, dekLen, pData, dataLen, ppEncryptedData, pEncDataLen); + + if (ret != WAE_ERROR_NONE) { + goto error; + } error: - if(pDek != NULL) - free(pDek); + if (pDek != NULL) + free(pDek); - return ret; + return ret; } -int _wae_decrypt_downloaded_web_application(const char* pPkgId, wae_app_type_e appType, - const unsigned char* pData, size_t dataLen, - unsigned char** ppDecryptedData, size_t* pDecDataLen) +int _wae_decrypt_downloaded_web_application(const char *pPkgId, wae_app_type_e appType, + const unsigned char *pData, size_t dataLen, + unsigned char **ppDecryptedData, size_t *pDecDataLen) { - int ret = WAE_ERROR_NONE; - unsigned char *pDek = NULL; - size_t dekLen = -1; - - if(pPkgId == NULL) { - WAE_SLOGE("Invalid Parameter. pPkgId is NULL"); - ret = WAE_ERROR_INVALID_PARAMETER; - goto error; - } - if(pData == NULL || dataLen <= 0) { - WAE_SLOGE("Invalid Parameter. pData is NULL or invalid dataLen(%d)", dataLen); - ret = WAE_ERROR_INVALID_PARAMETER; - goto error; - } - if(ppDecryptedData == NULL || pDecDataLen == NULL) { - WAE_SLOGE("Invalid Parameter. ppDecryptedData or pDecDataLen is NULL"); - ret = WAE_ERROR_INVALID_PARAMETER; - goto error; - } - - ret = get_app_dek(pPkgId, appType, &pDek, &dekLen); - if(ret != WAE_ERROR_NONE) { - goto error; - } - - // decrypt - ret = decrypt_aes_cbc(pDek, dekLen, pData, dataLen, ppDecryptedData, pDecDataLen); - if(ret != WAE_ERROR_NONE) { - goto error; - } + int ret = WAE_ERROR_NONE; + unsigned char *pDek = NULL; + size_t dekLen = -1; + + if (pPkgId == NULL) { + WAE_SLOGE("Invalid Parameter. pPkgId is NULL"); + ret = WAE_ERROR_INVALID_PARAMETER; + goto error; + } + + if (pData == NULL || dataLen <= 0) { + WAE_SLOGE("Invalid Parameter. pData is NULL or invalid dataLen(%d)", dataLen); + ret = WAE_ERROR_INVALID_PARAMETER; + goto error; + } + + if (ppDecryptedData == NULL || pDecDataLen == NULL) { + WAE_SLOGE("Invalid Parameter. ppDecryptedData or pDecDataLen is NULL"); + ret = WAE_ERROR_INVALID_PARAMETER; + goto error; + } + + ret = get_app_dek(pPkgId, appType, &pDek, &dekLen); + + if (ret != WAE_ERROR_NONE) { + goto error; + } + + // decrypt + ret = decrypt_aes_cbc(pDek, dekLen, pData, dataLen, ppDecryptedData, pDecDataLen); + + if (ret != WAE_ERROR_NONE) { + goto error; + } error: - if(pDek != NULL) - free(pDek); + if (pDek != NULL) + free(pDek); - return ret; + return ret; } -int _wae_encrypt_preloaded_web_application(const char* pPkgId, - const unsigned char* pData, size_t dataLen, - unsigned char** ppEncryptedData, size_t* pEncDataLen) +int _wae_encrypt_preloaded_web_application(const char *pPkgId, + const unsigned char *pData, size_t dataLen, + unsigned char **ppEncryptedData, size_t *pEncDataLen) { - int ret = WAE_ERROR_NONE; - unsigned char *pDek = NULL; - size_t dekLen = -1; - - if(pPkgId == NULL) { - WAE_SLOGE("Invalid Parameter. pPkgId is NULL"); - ret = WAE_ERROR_INVALID_PARAMETER; - goto error; - } - if(pData == NULL || dataLen <= 0) { - WAE_SLOGE("Invalid Parameter. pData is NULL or invalid dataLen(%d)", dataLen); - ret = WAE_ERROR_INVALID_PARAMETER; - goto error; - } - if(ppEncryptedData == NULL || pEncDataLen == NULL) { - WAE_SLOGE("Invalid Parameter. ppEncryptedData or pEncDataLen is NULL"); - ret = WAE_ERROR_INVALID_PARAMETER; - goto error; - } - - ret = get_preloaded_app_dek(pPkgId, &pDek, &dekLen); - if(ret == WAE_ERROR_NO_KEY) { - ret = create_preloaded_app_dek(pPkgId, &pDek, &dekLen); - } - if(ret != WAE_ERROR_NONE) { - goto error; - } - - // encrypt - ret = encrypt_aes_cbc(pDek, dekLen, pData, dataLen, ppEncryptedData, pEncDataLen); - if(ret != WAE_ERROR_NONE) { - goto error; - } + int ret = WAE_ERROR_NONE; + unsigned char *pDek = NULL; + size_t dekLen = -1; + + if (pPkgId == NULL) { + WAE_SLOGE("Invalid Parameter. pPkgId is NULL"); + ret = WAE_ERROR_INVALID_PARAMETER; + goto error; + } + + if (pData == NULL || dataLen <= 0) { + WAE_SLOGE("Invalid Parameter. pData is NULL or invalid dataLen(%d)", dataLen); + ret = WAE_ERROR_INVALID_PARAMETER; + goto error; + } + + if (ppEncryptedData == NULL || pEncDataLen == NULL) { + WAE_SLOGE("Invalid Parameter. ppEncryptedData or pEncDataLen is NULL"); + ret = WAE_ERROR_INVALID_PARAMETER; + goto error; + } + + ret = get_preloaded_app_dek(pPkgId, &pDek, &dekLen); + + if (ret == WAE_ERROR_NO_KEY) { + ret = create_preloaded_app_dek(pPkgId, &pDek, &dekLen); + } + + if (ret != WAE_ERROR_NONE) { + goto error; + } + + // encrypt + ret = encrypt_aes_cbc(pDek, dekLen, pData, dataLen, ppEncryptedData, pEncDataLen); + + if (ret != WAE_ERROR_NONE) { + goto error; + } + error: - if(pDek != NULL) - free(pDek); + if (pDek != NULL) + free(pDek); - return ret; + return ret; } -int _wae_decrypt_preloaded_web_application(const char* pPkgId, wae_app_type_e appType, - const unsigned char* pData, size_t dataLen, - unsigned char** ppDecryptedData, size_t* pDecDataLen) +int _wae_decrypt_preloaded_web_application(const char *pPkgId, wae_app_type_e appType, + const unsigned char *pData, size_t dataLen, + unsigned char **ppDecryptedData, size_t *pDecDataLen) { - // same with the decryption of downloaded web application - return _wae_decrypt_downloaded_web_application(pPkgId, appType, - pData, dataLen, ppDecryptedData, pDecDataLen); + // same with the decryption of downloaded web application + return _wae_decrypt_downloaded_web_application(pPkgId, appType, + pData, dataLen, ppDecryptedData, pDecDataLen); } -int wae_encrypt_web_application(const char* pPkgId, wae_app_type_e appType, - const unsigned char* pData, size_t dataLen, - unsigned char** ppEncryptedData, size_t* pEncDataLen) +int wae_encrypt_web_application(const char *pPkgId, wae_app_type_e appType, + const unsigned char *pData, size_t dataLen, + unsigned char **ppEncryptedData, size_t *pEncDataLen) { - int ret = WAE_ERROR_NONE; - - if(appType == WAE_PRELOADED_APP) - ret = _wae_encrypt_preloaded_web_application(pPkgId, - pData, dataLen, ppEncryptedData, pEncDataLen); - else - ret = _wae_encrypt_downloaded_web_application(pPkgId, appType, - pData, dataLen, ppEncryptedData, pEncDataLen); - - WAE_SLOGI("Encrypt Web App. pkgId=%s, appType=%d, dataLen=%d, ret=%d", - pPkgId, appType, dataLen, ret); - return ret; + int ret = WAE_ERROR_NONE; + + if (appType == WAE_PRELOADED_APP) + ret = _wae_encrypt_preloaded_web_application(pPkgId, + pData, dataLen, ppEncryptedData, pEncDataLen); + else + ret = _wae_encrypt_downloaded_web_application(pPkgId, appType, + pData, dataLen, ppEncryptedData, pEncDataLen); + + WAE_SLOGI("Encrypt Web App. pkgId=%s, appType=%d, dataLen=%d, ret=%d", + pPkgId, appType, dataLen, ret); + return ret; } -int wae_decrypt_web_application(const char* pPkgId, wae_app_type_e appType, - const unsigned char* pData, size_t dataLen, - unsigned char** ppDecryptedData, size_t* pDecDataLen) +int wae_decrypt_web_application(const char *pPkgId, wae_app_type_e appType, + const unsigned char *pData, size_t dataLen, + unsigned char **ppDecryptedData, size_t *pDecDataLen) { - int ret = WAE_ERROR_NONE; - - if(appType == WAE_PRELOADED_APP) - ret = _wae_decrypt_preloaded_web_application(pPkgId, appType, - pData, dataLen, ppDecryptedData, pDecDataLen); - else - ret = _wae_decrypt_downloaded_web_application(pPkgId, appType, - pData, dataLen, ppDecryptedData, pDecDataLen); - - WAE_SLOGI("Decrypt Web App. pkgId=%s, appType=%d, dataLen=%d, ret=%d", - pPkgId, appType, dataLen, ret); - return ret; + int ret = WAE_ERROR_NONE; + + if (appType == WAE_PRELOADED_APP) + ret = _wae_decrypt_preloaded_web_application(pPkgId, appType, + pData, dataLen, ppDecryptedData, pDecDataLen); + else + ret = _wae_decrypt_downloaded_web_application(pPkgId, appType, + pData, dataLen, ppDecryptedData, pDecDataLen); + + WAE_SLOGI("Decrypt Web App. pkgId=%s, appType=%d, dataLen=%d, ret=%d", + pPkgId, appType, dataLen, ret); + return ret; } -int wae_remove_app_dek(const char* pPkgId, wae_app_type_e appType) +int wae_remove_app_dek(const char *pPkgId, wae_app_type_e appType) { - int ret = WAE_ERROR_NONE; - ret = remove_app_dek(pPkgId, appType); - WAE_SLOGI("Remove APP DEK. pkgId=%s, appType=%d, ret=%d", pPkgId, appType, ret); - return ret; + int ret = remove_app_dek(pPkgId, appType); + WAE_SLOGI("Remove APP DEK. pkgId=%s, appType=%d, ret=%d", pPkgId, appType, ret); + return ret; } diff --git a/tests/wae_tests.c b/tests/wae_tests.c index abaf4aa..c724d21 100644 --- a/tests/wae_tests.c +++ b/tests/wae_tests.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -37,193 +37,206 @@ static int tc_fail = 0; #define FPRINTF(format, args...) fprintf(stdout, format, ##args) -static int RUNTC(int (*tc_method)(), const char* tc_name) +static int RUNTC(int (*tc_method)(), const char *tc_name) { - int ret = WAE_ERROR_NONE; - FPRINTF("[%02d:%s]started...\n", tc_seq, tc_name); - ret = tc_method(); - if(ret == WAE_ERROR_NONE) { - FPRINTF("[%02d:%s]ended. SUCCESS\n\n", tc_seq, tc_name); - tc_succ++; - } else { - FPRINTF("[%02d:%s]ended. FAIL. error=%d\n\n", tc_seq, tc_name, ret); - tc_fail++; - } - tc_seq++; - return ret; + int ret = WAE_ERROR_NONE; + FPRINTF("[%02d:%s]started...\n", tc_seq, tc_name); + ret = tc_method(); + + if (ret == WAE_ERROR_NONE) { + FPRINTF("[%02d:%s]ended. SUCCESS\n\n", tc_seq, tc_name); + tc_succ++; + } else { + FPRINTF("[%02d:%s]ended. FAIL. error=%d\n\n", tc_seq, tc_name, ret); + tc_fail++; + } + + tc_seq++; + return ret; } static void PRINT_TC_SUMMARY() { - FPRINTF("\n"); - FPRINTF("===============================================\n"); - FPRINTF(" TOTAL = %d, SUCCESS = %d, FAIL = %d\n", tc_seq, tc_succ, tc_fail); - FPRINTF("===============================================\n"); + FPRINTF("\n"); + FPRINTF("===============================================\n"); + FPRINTF(" TOTAL = %d, SUCCESS = %d, FAIL = %d\n", tc_seq, tc_succ, tc_fail); + FPRINTF("===============================================\n"); } -void _print_binary_to_hex(const char* msg, unsigned char* bin, size_t len) +void _print_binary_to_hex(const char *msg, unsigned char *bin, size_t len) { - size_t i = 0; - FPRINTF("%s", msg); - for(i=0; i