diff options
| author | jk7744.park <jk7744.park@samsung.com> | 2015-10-24 17:02:19 +0900 |
|---|---|---|
| committer | jk7744.park <jk7744.park@samsung.com> | 2015-10-24 17:02:19 +0900 |
| commit | 02691f1cc2c4bc6c12a0bd2ffd63f3323161812d (patch) | |
| tree | 2700fd5ccfb482254983574ebc4422c0a3988c74 | |
| parent | 84196f7d180a9937aee675f79534022830169121 (diff) | |
| download | secure-storage-accepted/tizen_2.4_mobile.tar.gz secure-storage-accepted/tizen_2.4_mobile.tar.bz2 secure-storage-accepted/tizen_2.4_mobile.zip | |
tizen 2.4 releasetizen_2.4_mobile_releasesubmit/tizen_2.4/20151028.064553accepted/tizen/2.4/mobile/20151029.032026tizen_2.4accepted/tizen_2.4_mobile
67 files changed, 3218 insertions, 4904 deletions
diff --git a/.gitignore b/.gitignore index 1bc8ceb..1bc8ceb 100755..100644 --- a/.gitignore +++ b/.gitignore diff --git a/CMakeLists.txt b/CMakeLists.txt index 4a0c906..469b7e4 100755..100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,79 +1,39 @@ CMAKE_MINIMUM_REQUIRED(VERSION 2.6) PROJECT(secure-storage C) -SET(PREFIX ${CMAKE_INSTALL_PREFIX}) -SET(EXEC_PREFIX "\${prefix}") -SET(LIBDIR "\${prefix}/lib") -SET(INCLUDEDIR "\${prefix}/include") -SET(VERSION_MAJOR 1) -SET(VERSION ${VERSION_MAJOR}.0.0) - -INCLUDE_DIRECTORIES( - ${CMAKE_SOURCE_DIR}/include - /usr/include - ) - INCLUDE(FindPkgConfig) -pkg_check_modules(pkgs REQUIRED openssl dlog vconf dukgenerator capi-base-common) - -FOREACH(flag ${pkgs_CFLAGS}) - SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}") -ENDFOREACH(flag) - -SET(ss_dir "./") -SET(ss_include_dir "./include") -SET(ss_client_dir "./client/non-tz/src") -SET(ss_client_include_dir "./client/non-tz/include") -SET(ss_server_dir "./server/non-tz/src") -SET(ss_server_include_dir "./server/non-tz/include") -SET(ss_prng_dir "./prng/src") -SET(ss_prng_include_dir "./prng/include") -SET(ss_test_dir "./testcases") - -## About debug -SET(debug_type "-DSS_DLOG_USE") # for debug - use dlog -SET(use_key "-DUSE_KEY_FILE") # for private key - use key file -SET(smack_groupid "-DSMACK_GROUP_ID") # for group id sharing with smack label - -SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} -fvisibility=hidden") -SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS}") +SET(VERSION_MAJOR 1) +SET(VERSION ${VERSION_MAJOR}.0.0) -################################################################################################### -## for libss-client.so (library) -SET(libss-client_SOURCES ${ss_client_dir}/ss_client_intf.c ${ss_client_dir}/ss_client_ipc.c ${ss_client_dir}/ss_manager.c) -SET(libss-client_LDFLAGS " -module -avoid-version ${OPENSSL_LIBS}") -SET(libss-client_CFLAGS " ${CFLAGS} -fPIC -I${ss_client_include_dir} -I${ss_include_dir} ${OPENSSL_CFLAGS} ${debug_type}") -#SET(libss-client_LIBADD " ${OPENSSL_LIBS} ") +IF(CMAKE_BUILD_TYPE MATCHES "DEBUG") +ADD_DEFINITIONS("-DTIZEN_DEBUG_ENABLE") +ADD_DEFINITIONS("-DBUILD_TYPE_DEBUG") +#ADD_DEFINITIONS("-DPRINT_DEBUG_DATA") # for printing raw datas +ENDIF(CMAKE_BUILD_TYPE MATCHES "DEBUG") -ADD_LIBRARY(ss-client SHARED ${libss-client_SOURCES}) -TARGET_LINK_LIBRARIES(ss-client ${pkgs_LDFLAGS}) -SET_TARGET_PROPERTIES(ss-client PROPERTIES SOVERSION ${VERSION_MAJOR}) -SET_TARGET_PROPERTIES(ss-client PROPERTIES VERSION ${VERSION}) -SET_TARGET_PROPERTIES(ss-client PROPERTIES COMPILE_FLAGS "${libss-client_CFLAGS}") -################################################################################################### +#ADD_DEFINITIONS("-DUSE_KEY_FILE") # for private key - use key file +#ADD_DEFINITIONS("-DSMACK_GROUP_ID") # for group id sharing with smack label -################################################################################################### -## for ss-server (binary) -SET(ss-server_SOURCES ${ss_server_dir}/ss_server_ipc.c ${ss_server_dir}/ss_server_main.c ${ss_prng_dir}/ss_prng.c) -SET(ss-server_CFLAGS " -I. -I${ss_include_dir} -I${ss_server_include_dir} -I${ss_prng_include_dir} ${debug_type} ${use_key} ${OPENSSL_CFLAGS} ${smack_groupid} -D_GNU_SOURCE -D_TRUST_ZONE_ -fPIE") -SET(ss-server_LDFLAGS ${pkgs_LDFLAGS}) +#ADD_DEFINITIONS("-Werror") +#ADD_DEFINITIONS("-Wall") +#ADD_DEFINITIONS("-Wextra") -#ADD PKG_CHECK_MODULES -PKG_CHECK_MODULES(server_pkg REQUIRED libsystemd-daemon cryptsvc) +SET(TARGET_SS_SERVER ss-server) +SET(TARGET_SS_CLIENT ss-client) +SET(TARGET_SS_CLIENT_TEST ss-client-tests-ss-manager) -ADD_EXECUTABLE(ss-server ${ss-server_SOURCES}) -TARGET_LINK_LIBRARIES(ss-server ${pkgs_LDFLAGS} ${server_pkg_LIBRARIES} -lsecurity-server-client -ldl -pie) +CONFIGURE_FILE(secure-storage.pc.in secure-storage.pc @ONLY) -SET_TARGET_PROPERTIES(ss-server PROPERTIES COMPILE_FLAGS "${ss-server_CFLAGS}") -#################################################################################################### +# install interfaces +INSTALL(FILES ${PROJECT_SOURCE_DIR}/secure-storage.pc DESTINATION lib/pkgconfig) +INSTALL(FILES ${PROJECT_SOURCE_DIR}/include/ss_manager.h DESTINATION include) -CONFIGURE_FILE(secure-storage.pc.in secure-storage.pc @ONLY) -CONFIGURE_FILE(config.in config @ONLY) +ADD_SUBDIRECTORY(src/client) +ADD_SUBDIRECTORY(src/server) +ADD_SUBDIRECTORY(res) +ADD_SUBDIRECTORY(systemd) -INSTALL(TARGETS ss-client DESTINATION lib) -INSTALL(PROGRAMS ${CMAKE_BINARY_DIR}/ss-server DESTINATION bin) -INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/secure-storage.pc DESTINATION lib/pkgconfig) -INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/res/salt DESTINATION ../opt/share/secure-storage/salt/) -INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/config DESTINATION share/secure-storage/) -INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/include/ss_manager.h DESTINATION include) +IF (DEFINED SECURE_STORAGE_BUILD_TEST) +ADD_SUBDIRECTORY(testcases) +ENDIF (DEFINED SECURE_STORAGE_BUILD_TEST) diff --git a/LICENSE.Apache-2.0 b/LICENSE index 9f19478..9f19478 100644 --- a/LICENSE.Apache-2.0 +++ b/LICENSE diff --git a/TC/_export_env.sh b/TC/_export_env.sh deleted file mode 100755 index 7a317f8..0000000 --- a/TC/_export_env.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - -source ./config - -export TET_INSTALL_PATH=$TET_INSTALL_HOST_PATH # tetware root path -#export TET_TARGET_PATH=$TET_INSTALL_PATH/tetware-simulator # tetware target path -export TET_TARGET_PATH=$TET_INSTALL_PATH/tetware-target # tetware target path -export PATH=$TET_TARGET_PATH/bin:$PATH -export LD_LIBRARY_PATH=$TET_TARGET_PATH/lib/tet3:$LD_LIBRARY_PATH -export TET_ROOT=$TET_TARGET_PATH diff --git a/TC/_export_target_env.sh b/TC/_export_target_env.sh deleted file mode 100755 index 3fd8e3f..0000000 --- a/TC/_export_target_env.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh -. ./config - -export TET_INSTALL_PATH=$TET_INSTALL_TARGET_PATH # path to path -#export TET_TARGET_PATH=$TET_INSTALL_PATH/tetware-simulator -export TET_TARGET_PATH=$TET_INSTALL_PATH/tetware-target -export PATH=$TET_TARGET_PATH/bin:$PATH -export LD_LIBRARY_PATH=$TET_TARGET_PATH/lib/tet3:$LD_LIBRARY_PATH -export TET_ROOT=$TET_TARGET_PATH diff --git a/TC/build.sh b/TC/build.sh deleted file mode 100755 index 72aad6c..0000000 --- a/TC/build.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -. ./_export_env.sh # setting environment variables - -export TET_SUITE_ROOT=`pwd` -FILE_NAME_EXTENSION=`date +%s` - -RESULT_DIR=results -HTML_RESULT=$RESULT_DIR/build-tar-result-$FILE_NAME_EXTENSION.html -JOURNAL_RESULT=$RESULT_DIR/build-tar-result-$FILE_NAME_EXTENSION.journal - -mkdir -p $RESULT_DIR - -tcc -c -p ./ -tcc -b -j $JOURNAL_RESULT -p ./ -grw -c 7 -f chtml -o $HTML_RESULT $JOURNAL_RESULT diff --git a/TC/clean.sh b/TC/clean.sh deleted file mode 100755 index 29743e0..0000000 --- a/TC/clean.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh - -. ./_export_env.sh # setting environment variables - -export TET_SUITE_ROOT=`pwd` -RESULT_DIR=results - -tcc -c -p ./ # executing tcc, with clean option (-c) -rm -r $RESULT_DIR -rm -r tet_tmp_dir -rm testcase/tet_captured diff --git a/TC/push.sh b/TC/push.sh deleted file mode 100755 index 5eb9510..0000000 --- a/TC/push.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh - -. ./config - -TC_PATH=/opt/home/$PKG_NAME - -echo $TC_PATH - -sdb shell "mkdir -p $TC_PATH" - -sdb push . $TC_PATH - - diff --git a/TC/run.sh b/TC/run.sh deleted file mode 100755 index cec5778..0000000 --- a/TC/run.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - -source ./_export_target_env.sh - -export TET_SUITE_ROOT=`pwd` -FILE_NAME_EXTENSION=`date +%s` - -RESULT_DIR=results -HTML_RESULT=$RESULT_DIR/exec-tar-result-$FILE_NAME_EXTENSION.html -JOURNAL_RESULT=$RESULT_DIR/exec-tar-result-$FILE_NAME_EXTENSION.journal - -mkdir -p $RESULT_DIR - -tcc -e -j $JOURNAL_RESULT -p ./ -grw -c 7 -f chtml -o $HTML_RESULT $JOURNAL_RESULT diff --git a/TC/testcase/tslist b/TC/testcase/tslist deleted file mode 100755 index 0d96058..0000000 --- a/TC/testcase/tslist +++ /dev/null @@ -1,2 +0,0 @@ -/testcase/utc_secure_storage - diff --git a/TC/testcase/utc_secure_storage b/TC/testcase/utc_secure_storage Binary files differdeleted file mode 100755 index 205852a..0000000 --- a/TC/testcase/utc_secure_storage +++ /dev/null diff --git a/TC/testcase/utc_secure_storage.c b/TC/testcase/utc_secure_storage.c deleted file mode 100644 index 3ddce19..0000000 --- a/TC/testcase/utc_secure_storage.c +++ /dev/null @@ -1,399 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the License); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an AS IS BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - - -#include <tet_api.h> -#include <ss_manager.h> -#include <stdlib.h> - -#define MAX_DATA_NAME 256 -#define MAX_BUFFER_LEN 4096 -#define MAX_GROUP_ID_LEN 32 -#define MAX_PASSWORD_LEN 32 - -#define SSA_TEST_RESULT_SUCCESS 0 -enum { - POSITIVE_TC_IDX = 0x01, - NEGATIVE_TC_IDX, -}; - -static void startup(void); -static void cleanup(void); - -void (*tet_startup)(void) = startup; -void (*tet_cleanup)(void) = cleanup; - -// positive -static void utc_secure_stroage_ssa_put_p01(void); -static void utc_secure_stroage_ssa_put_p02(void); -static void utc_secure_stroage_ssa_put_p03(void); -static void utc_secure_stroage_ssa_put_p04(void); -static void utc_secure_stroage_ssa_put_p05(void); -static void utc_secure_stroage_ssa_get_p01(void); -static void utc_secure_stroage_ssa_delete_p01(void); -static void utc_secure_stroage_ssa_encrypt_p01(void); -static void utc_secure_stroage_ssa_encrypt_p02(void); -static void utc_secure_stroage_ssa_decrypt_p01(void); -// negative -static void utc_secure_stroage_ssa_put_n01(void); -static void utc_secure_stroage_ssa_get_n01(void); -static void utc_secure_stroage_ssa_encrypt_n01(void); -static void utc_secure_stroage_ssa_decrypt_n01(void); -static void utc_secure_stroage_ssa_delete_n01(void); - -struct tet_testlist tet_testlist[] = { - { utc_secure_stroage_ssa_put_p01, POSITIVE_TC_IDX }, - { utc_secure_stroage_ssa_put_p02, POSITIVE_TC_IDX }, - { utc_secure_stroage_ssa_put_p03, POSITIVE_TC_IDX }, - { utc_secure_stroage_ssa_put_p04, POSITIVE_TC_IDX }, - { utc_secure_stroage_ssa_put_p05, POSITIVE_TC_IDX }, -// { utc_secure_stroage_ssa_get_p01, POSITIVE_TC_IDX }, - { utc_secure_stroage_ssa_delete_p01, POSITIVE_TC_IDX }, - { utc_secure_stroage_ssa_encrypt_p01, POSITIVE_TC_IDX }, - { utc_secure_stroage_ssa_encrypt_p02, POSITIVE_TC_IDX }, -// { utc_secure_stroage_ssa_decrypt_p01, POSITIVE_TC_IDX }, - - { utc_secure_stroage_ssa_put_n01, NEGATIVE_TC_IDX }, -// { utc_secure_stroage_ssa_get_n01, NEGATIVE_TC_IDX }, - { utc_secure_stroage_ssa_encrypt_n01, NEGATIVE_TC_IDX }, - { utc_secure_stroage_ssa_decrypt_n01, NEGATIVE_TC_IDX }, - { utc_secure_stroage_ssa_delete_n01, NEGATIVE_TC_IDX }, - { NULL, 0 }, -}; - -static void startup(void) -{ - /* start of TC */ - tet_printf("\n Secure Storage Agnet TC start"); -} - - -static void cleanup(void) -{ - /* end of TC */ - tet_printf("\n Secure Storage Agent TC end"); -} - - -static void MakeLongBuffer(char* buffer, int length) -{ - int i = 0; - for(i=0; i<length; i++) - { - (buffer[i]) = (char)('a' + i % 26); - } -} - -int SsaCheckPut(const char* data_name, const char* group_id, const char *password, const char* orig_buffer) -{ - char* read_buffer = NULL; - - int len = ssa_get(data_name, &read_buffer, group_id, password); - dts_check_gt("ssa_get", len, 0, "Failed to get data_name : %s , err : %d", data_name, len); - dts_check_ne("ssa_get", read_buffer, NULL, "Failed to get data"); - - if(orig_buffer) - { - int res = strncmp(orig_buffer, read_buffer, len); - dts_check_eq("ssa_get", res, 0, "Failed to get data"); - } - - free(read_buffer); - - return len; -} - -int SsaCheckEncrypt(const char* data, int data_len, const char *password, const char* orig_buffer) -{ - char* decrypted_buffer = NULL; - - int len = ssa_decrypt(data, data_len, &decrypted_buffer, password); - dts_check_gt("ssa_decrypt", len, 0, "Failed to decrypt data"); - dts_check_ne("ssa_decrypt", decrypted_buffer, NULL, "Failed to decrypt data"); - - if(orig_buffer) - { - int res = strncmp(orig_buffer, decrypted_buffer, len); - dts_check_eq("ssa_decrypt", res, 0, "Failed to decrypt data"); - } - - free(decrypted_buffer); - - return len; -} - -// Positive -static void utc_secure_stroage_ssa_put_p01(void) -{ - const char* test_buffer = "this is test buffer for ssa_put.\n 1234567890 \n abcdefghijklmni \n !@#$%^&*()_+|"; - const char* data_name = "test"; - const char* group_id = NULL; - const char* password = "1234"; - - int len = ssa_put(data_name, test_buffer, strlen(test_buffer), group_id, password); - dts_check_gt("ssa_put", len, 0, "Failed to put data_name : %s , err : %d", data_name, len); - - int res = SsaCheckPut(data_name, group_id, password, test_buffer); - dts_check_gt("ssa_put", res, 0, "Failed to get data after put :%d", res); -} - - -static void utc_secure_stroage_ssa_put_p02(void) -{ - const char* test_buffer = "this is test buffer for ssa_put with group_id.\n group_id is secure-storage::test"; - const char* data_name = "group_id_test"; - const char* group_id = NULL; - const char* password = "qwer"; - - int len = ssa_put(data_name, test_buffer, strlen(test_buffer), group_id, password); - dts_check_gt("ssa_put", len, 0, "Failed to put data_name : %s , err : %d", data_name, len); - - int res = SsaCheckPut(data_name, group_id, password, test_buffer); - dts_check_gt("ssa_put", res, 0, "Failed to get data after put :%d", res); -} - - -static void utc_secure_stroage_ssa_put_p03(void) -{ - const char* test_buffer = "this is test buffer for ssa_put with max data name."; - char data_name[MAX_DATA_NAME+1] = {0,}; - const char* group_id = NULL; - const char* password = "qwer1234"; - - MakeLongBuffer(data_name, MAX_DATA_NAME); - int len = ssa_put(data_name, test_buffer, strlen(test_buffer), group_id, password); - dts_check_gt("ssa_put", len, 0, "Failed to put data_name : %s , err : %d", data_name, len); - - int res = SsaCheckPut(data_name, group_id, password, test_buffer); - dts_check_gt("ssa_put", res, 0, "Failed to get data after put :%d", res); -} - - -/** - * @brief Positive test case of sim_get_mcc() - */ -static void utc_secure_stroage_ssa_put_p04(void) -{ - char test_buffer[MAX_BUFFER_LEN] = {0,}; - const char* data_name = "max_buffer_test"; - const char* group_id = NULL; - const char* password = "qwer"; - - MakeLongBuffer(test_buffer, MAX_BUFFER_LEN); - - int len = ssa_put(data_name, test_buffer, MAX_BUFFER_LEN, group_id, password); - dts_check_gt("ssa_put", len, 0, "Failed to put data_name : %s , err : %d", data_name, len); - - int res = SsaCheckPut(data_name, group_id, password, test_buffer); - dts_check_gt("ssa_put", res, 0, "Failed to get data after put :%d", res); -} - - -static void utc_secure_stroage_ssa_put_p05(void) -{ - const char* test_buffer = "this is test buffer for ssa_put with max password"; - const char* data_name = "max_buffer_test"; - const char* group_id = NULL; - char password[MAX_PASSWORD_LEN+1] = {0,}; - - MakeLongBuffer(password, MAX_PASSWORD_LEN); - - int len = ssa_put(data_name, test_buffer, strlen(test_buffer), group_id, password); - dts_check_gt("ssa_put", len, 0, "Failed to put data_name : %s , err : %d", data_name, len); - - int res = SsaCheckPut(data_name, group_id, password, test_buffer); - dts_check_gt("ssa_put", res, 0, "Failed to get data after put :%d", res); -} - - -static void utc_secure_stroage_ssa_get_p01(void) -{ -} - - -static void utc_secure_stroage_ssa_delete_p01(void) -{ - const char* test_buffer = "this is test buffer for ssa_put.\n 1234567890 \n abcdefghijklmni \n !@#$%^&*()_+|"; - const char* data_name = "delete_test"; - const char* group_id = NULL; - const char* password = "1234"; - - // NULL group_id - int len = ssa_put(data_name, test_buffer, strlen(test_buffer), NULL, password); - dts_check_gt("ssa_delete", len, 0, "Failed to put data_name : %s , err : %d", data_name, len); - - int res = SsaCheckPut(data_name, NULL, password, test_buffer); - dts_check_gt("ssa_delete", res, 0, "Failed to get data after put :%d", res); - - int check = ssa_delete(data_name, NULL); - dts_check_gt("ssa_delete", check, 0, "Failed to ssa_delete :%d", check); - - - // with group_id - len = ssa_put(data_name, test_buffer, strlen(test_buffer), group_id, password); - dts_check_gt("ssa_delete", len, 0, "Failed to put data_name : %s , err : %d", data_name, len); - - res = SsaCheckPut(data_name, group_id, password, test_buffer); - dts_check_gt("ssa_delete", res, 0, "Failed to get data after put :%d", res); - - check = ssa_delete(data_name, group_id); - dts_check_gt("ssa_delete", check, 0, "Failed to ssa_delete :%d", check); -} - - -static void utc_secure_stroage_ssa_encrypt_p01(void) -{ - const char* test_buffer = "this is test buffer for ssa_put.\n 1234567890 \n abcdefghijklmni \n !@#$%^&*()_+|"; - const char* password = "1234"; - char* encrypted_buffer = NULL; - - int len = ssa_encrypt(test_buffer, strlen(test_buffer), &encrypted_buffer, password); - dts_check_gt("ssa_encrypt", len, 0, "Failed to encrypt err : %d", len); - - if(len > 0 && encrypted_buffer != NULL) - { - int res = SsaCheckEncrypt(encrypted_buffer, len, password, test_buffer); - dts_check_gt("ssa_encrypt", res, 0, "Failed to verifying ssa_encrypt err : %d", res); - free(encrypted_buffer); - } -} - - -static void utc_secure_stroage_ssa_encrypt_p02(void) -{ - char test_buffer[MAX_BUFFER_LEN] = {0,}; - const char* password = "1234"; - char* encrypted_buffer = NULL; - - MakeLongBuffer(test_buffer, MAX_BUFFER_LEN-60); - int len = ssa_encrypt(test_buffer, strlen(test_buffer), &encrypted_buffer, password); - dts_check_gt("ssa_encrypt", len, 0, "Failed to encrypt err : %d", len); - - if(len > 0 && encrypted_buffer != NULL) - { - int res = SsaCheckEncrypt(encrypted_buffer, len, password, test_buffer); - dts_check_gt("ssa_encrypt", res, 0, "Failed to verifying ssa_encrypt err : %d", res); - free(encrypted_buffer); - } -} - - -static void utc_secure_stroage_ssa_decrypt_p01(void) -{ -} - -// Negative - -static void utc_secure_stroage_ssa_put_n01(void) -{ - const char* test_buffer = "this is nagative ssa_put test buffer.\n"; - const char* data_name = "nagative_test_data_name"; - const char* group_id = "test"; - const char* password = "qwer"; - - // NULL data name - int len = ssa_put(NULL, test_buffer, strlen(test_buffer), NULL, NULL); - dts_check_lt("ssa_put Negative", len, 0, "Failed to test NULL data name data_name : %s , err : %d", data_name, len); - - // NULL data buffer - len = ssa_put(data_name, NULL, strlen(test_buffer), NULL, NULL); - dts_check_lt("ssa_put Negative", len, 0, "Failed to test NULL data buffer data_name : %s , err : %d", data_name, len); - - // zero data length - len = ssa_put(data_name, test_buffer, 0, NULL, NULL); - dts_check_lt("ssa_put Negative", len, 0, "Failed to test 0 data length put data_name : %s , err : %d", data_name, len); - - // ununiformed group_id - len = ssa_put(data_name, test_buffer, strlen(test_buffer), "ununiformaed group_id", NULL); - dts_check_lt("ssa_put Negative", len, 0, "Failed to test group_id data_name : %s , err : %d", data_name, len); - - // invalid password. ss password : 32, sss MAX_PW_LEN : 64 - char invalidPassword[128] = {0,}; - MakeLongBuffer(invalidPassword, 128); - len = ssa_put(data_name, test_buffer, strlen(test_buffer), NULL, invalidPassword); - dts_check_lt("ssa_put Negative", len, 0, "Failed to test invalid password data_name : %s , err : %d", data_name, len); -} - -static void utc_secure_stroage_ssa_get_n01(void) -{ -} - -static void utc_secure_stroage_ssa_encrypt_n01(void) -{ - const char* test_buffer = "this is test buffer for ssa_put.\n 1234567890 \n abcdefghijklmni \n !@#$%^&*()_+|"; - const char* password = "1234"; - char* encrypted_buffer = NULL; - - // null input buffer - int len = ssa_encrypt(NULL, strlen(test_buffer), &encrypted_buffer, password); - dts_check_lt("ssa_encrypt Negative", len, 0, "Failed to test null buffer err : %d",len); - dts_check_gt("ssa_encrypt Negative", encrypted_buffer, NULL, "Failed to encrypt err : %d", len); - - // zero buffer length - len = ssa_encrypt(test_buffer, 0, &encrypted_buffer, password); - dts_check_lt("ssa_encrypt Negative", len, 0, "Failed to test zero length err : %d",len); - - // over size of input buffer - char max_buffer[5500] = {0,}; - MakeLongBuffer(max_buffer, 5500); - len = ssa_encrypt(max_buffer, strlen(max_buffer), &encrypted_buffer, password); - dts_check_lt("ssa_encrypt Negative", len, 0, "Failed to test over size buffer err : %d", len); - - // over size of password - char max_passwd[80] = {0,}; - MakeLongBuffer(max_passwd, 80); - len = ssa_encrypt(test_buffer, strlen(test_buffer), &encrypted_buffer, max_passwd); - dts_check_lt("ssa_encrypt Negative", len, 0, "Failed to test invalid password err : %d", len); -} - - -static void utc_secure_stroage_ssa_decrypt_n01(void) -{ - const char* test_buffer = "this is test buffer for ssa_put.\n 1234567890 \n abcdefghijklmni \n !@#$%^&*()_+|"; - const char* password = "1234"; - char* encrypted_buffer = NULL; - - int len = ssa_encrypt(test_buffer, strlen(test_buffer), &encrypted_buffer, password); - dts_check_gt("ssa_decrypt Negative", len, 0, "Failed to encrypt err : %d", len); - dts_check_gt("ssa_decrypt Negative", encrypted_buffer, NULL, "Failed to encrypt err : %d", len); - - char* decrypted_buffer = NULL; - // NULL input buffer - len = ssa_decrypt(NULL, len, &decrypted_buffer, NULL); - dts_check_lt("ssa_decrypt Negative", len, 0, "Failed to test NULL input buffer err : %d", len); - free(decrypted_buffer); - - // zero length - len = ssa_decrypt(encrypted_buffer, 0, &decrypted_buffer, NULL); - dts_check_lt("ssa_decrypt Negative", len, 0, "Failed to test NULL zero length err : %d", len); - free(encrypted_buffer); -} - -static void utc_secure_stroage_ssa_delete_n01(void) -{ - const char* test_buffer = "this is test buffer for ssa_put.\n 1234567890 \n abcdefghijklmni \n !@#$%^&*()_+|"; - const char* data_name = "nagative_delete_test"; - const char* group_id = NULL; - const char* password = "1234"; - - // no data_name - int check = ssa_delete(data_name, NULL); - dts_check_lt("ssa_delete Negative", check, 0, "Failed to test invalid data name data_name : %s , err : %d", data_name, check); - - // NULL data name - check = ssa_delete(NULL, group_id); - dts_check_lt("ssa_delete Negative", check, 0, "Failed to test NULL data name data_name : %s , err : %d", data_name, check); -} diff --git a/TC/tet_scen b/TC/tet_scen deleted file mode 100644 index 03f029a..0000000 --- a/TC/tet_scen +++ /dev/null @@ -1,7 +0,0 @@ -all - ^TEST -##### Scenarios for TEST ##### - -# Test scenario -TEST - :include:/testcase/tslist diff --git a/TC/tetbuild.cfg b/TC/tetbuild.cfg deleted file mode 100644 index f7eda55..0000000 --- a/TC/tetbuild.cfg +++ /dev/null @@ -1,5 +0,0 @@ -TET_OUTPUT_CAPTURE=True # capture option for build operation checking -TET_BUILD_TOOL=make # build with using make command -TET_BUILD_FILE=-f Makefile # execution file (Makefile) for build -TET_API_COMPLIANT=True # use TET API in Test Case ? -TET_PASS_TC_NAME=True # report passed TC name in Journal file? diff --git a/TC/tetclean.cfg b/TC/tetclean.cfg deleted file mode 100644 index 02d7030..0000000 --- a/TC/tetclean.cfg +++ /dev/null @@ -1,5 +0,0 @@ -TET_OUTPUT_CAPTURE=True # capture option -TET_CLEAN_TOOL= make clean # clean tool -TET_CLEAN_FILE= Makefile # file for clean -TET_API_COMPLIANT=True # TET API useage -TET_PASS_TC_NAME=True # showing name , passed TC diff --git a/TC/tetexec.cfg b/TC/tetexec.cfg deleted file mode 100644 index ef3e452..0000000 --- a/TC/tetexec.cfg +++ /dev/null @@ -1,5 +0,0 @@ -TET_OUTPUT_CAPTURE=True # capturing execution or not -TET_EXEC_TOOL= # ex) exec : execution tool set up/ Optional -TET_EXEC_FILE= # ex) exectool : execution file/ Optional -TET_API_COMPLIANT=True # Test case or Tool usesTET API? -TET_PASS_TC_NAME=True # showing Passed TC name ? diff --git a/client/non-tz/include/ss_client_intf.h b/client/non-tz/include/ss_client_intf.h deleted file mode 100755 index f59d448..0000000 --- a/client/non-tz/include/ss_client_intf.h +++ /dev/null @@ -1,78 +0,0 @@ -/* - * secure storage - * - * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Kidong Kim <kd0228.kim@samsung.com> - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef __SS_MANAGER__ -#include "ss_manager.h" -#endif - -/* - * Declare new function - * - * @name: SsClientDataStore - * @parameter - * - filepath: [in] - * - flag: [in] - * @return type: int - * - 1: success - * - <1: error - */ -int SsClientDataStoreFromFile(const char* filepath, ssm_flag flag, const char* group_id); -int SsClientDataStoreFromBuffer(char* writebuffer, size_t bufLen, const char* filename, ssm_flag flag, const char* group_id); - -/* - * Declare new function - * - * @name: SsClientDataRead - * @parameter - * - filepath: [in] - * - pRetBuf: [out] - * - bufLen: [in] - * - readLen: [out] - * @return type: int - * - 1: success - * - <1: error - */ -int SsClientDataRead(const char* filepath, char* pRetBuf, size_t bufLen, size_t *readLen, ssm_flag flag, const char* group_id); - -/* - * Declare new function - * - * @name: SsClientGetInfo - * @parameter - * - filepath: [in] - * - sfi: [out] - * @return type: int - * - 1: success - * - <1: error - */ -int SsClientGetInfo(const char* filepath, ssm_file_info_t* sfi, ssm_flag flag, const char* group_id); - -int SsClientDeleteFile(const char* pFilePath, ssm_flag flag, const char* group_id); - -int SsClientEncryptApplication(const char* pAppId, int idLen, const char* pBuffer, int bufLen, char** pEncryptedBuffer, int* pEncryptedBufLen); - -int SsClientDecryptApplication(const char* pBuffer, int bufLen, char** pDecryptedBuffer, int* pDecryptedBufLen); - -int SsClientEncryptPreloadedApplication(const char* pBuffer, int bufLen, char** ppEncryptedBuffer, int* pEncryptedBufLen); - -int SsClientDecryptPreloadedApplication(const char* pBuffer, int bufLen, char** ppDecryptedBuffer, int* pEncryptedBufLen); - -int DoCipher(const char* pInputBuf, int inputLen, char** ppOutBuf, int* pOutBufLen, char* pKey, int encryption); diff --git a/client/non-tz/src/ss_client_intf.c b/client/non-tz/src/ss_client_intf.c deleted file mode 100755 index 6464a0d..0000000 --- a/client/non-tz/src/ss_client_intf.c +++ /dev/null @@ -1,576 +0,0 @@ -/* - * secure storage - * - * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Kidong Kim <kd0228.kim@samsung.com> - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> -#include <openssl/evp.h> -#include <openssl/crypto.h> - -#include "secure_storage.h" -#include "ss_client_intf.h" -#include "ss_client_ipc.h" -#include "ss_manager.h" - -int SsClientDataStoreFromFile(const char* filepath, ssm_flag flag, const char* group_id) -{ - ReqData_t* send_data = NULL; - RspData_t recv_data; - int temp_len = 0; - - if(!filepath) - { - SLOGE("Parameter error in SsClientDataStoreFromFile..\n"); - recv_data.rsp_type = SS_PARAM_ERROR; - goto Error; - } - - send_data = (ReqData_t*)malloc(sizeof(ReqData_t)); - - if(!send_data) - { - SLOGE("Memory allocation fail in SsClientDataStoreFromFile..\n"); - recv_data.rsp_type = SS_MEMORY_ERROR; - goto Error; - } - - send_data->req_type = 1; // file store - send_data->enc_type = 1; // initial type - send_data->count = 0; - send_data->flag = flag; // flag - temp_len = strlen(filepath); - if(temp_len <= MAX_FILENAME_SIZE) - { - strncpy(send_data->data_infilepath, filepath, MAX_FILENAME_SIZE); - send_data->data_infilepath[temp_len] = '\0'; - } - else - { - SLOGE("filepath is too long.\n"); - recv_data.rsp_type = SS_PARAM_ERROR; - goto Free_and_Error; - } - memset(send_data->group_id, 0x00, MAX_GROUP_ID_SIZE+1); - if(group_id) - strncpy(send_data->group_id, group_id, MAX_GROUP_ID_SIZE); - else - strncpy(send_data->group_id, "NOTUSED", MAX_GROUP_ID_SIZE); - - memset(send_data->buffer, 0x00, MAX_SEND_DATA_SIZE + 1); - recv_data = SsClientComm(send_data); - -Free_and_Error: - free(send_data); -Error: - return recv_data.rsp_type; -} - -int SsClientDataStoreFromBuffer(char* writebuffer, size_t bufLen, const char* filename, ssm_flag flag, const char* group_id) -{ - ReqData_t* send_data = NULL; - RspData_t recv_data; - int temp_len = 0; - - if(!writebuffer || !filename) - { - SLOGE("Parameter error in SsClientDataStoreFromBuffer..\n"); - recv_data.rsp_type = SS_PARAM_ERROR; - goto Error; - } - - send_data = (ReqData_t*)malloc(sizeof(ReqData_t)); - if(!send_data) - { - SLOGE("Memory allocation fail in SsClientDataStoreFromBuffer..\n"); - recv_data.rsp_type = SS_MEMORY_ERROR; - goto Error; - } - - send_data->req_type = 2; // buffer store - send_data->enc_type = 1; - send_data->count = bufLen; - send_data->flag = flag; - temp_len = strlen(filename); - if(temp_len <= MAX_FILENAME_SIZE) - { - strncpy(send_data->data_infilepath, filename, MAX_FILENAME_SIZE); - send_data->data_infilepath[temp_len] = '\0'; - } - else - { - SLOGE("filepath is too long.\n"); - recv_data.rsp_type = SS_PARAM_ERROR; - goto Free_and_Error; - } - memset(send_data->group_id, 0x00, MAX_GROUP_ID_SIZE+1); - if(group_id) - strncpy(send_data->group_id, group_id, MAX_GROUP_ID_SIZE); - else - strncpy(send_data->group_id, "NOTUSED", MAX_GROUP_ID_SIZE); - - memcpy(send_data->buffer, writebuffer, bufLen); - recv_data = SsClientComm(send_data); - -Free_and_Error: - free(send_data); -Error: - return recv_data.rsp_type; -} - -int SsClientDataRead(const char* filepath, char* pRetBuf, size_t bufLen, size_t *readLen, ssm_flag flag, const char* group_id) -{ - unsigned int count = (unsigned int)(bufLen / MAX_RECV_DATA_SIZE + 1); - unsigned int rest = (unsigned int)(bufLen % MAX_RECV_DATA_SIZE); - char* buffer; - ReqData_t* send_data = NULL; - RspData_t recv_data; - int temp_len = 0; - - if(!filepath) - { - SLOGE("filepath Parameter error in SsClientDataRead..\n"); - recv_data.rsp_type = SS_PARAM_ERROR; - goto Error; - } - if(!readLen) - { - SLOGE("readLen Parameter error in SsClientDataRead..\n"); - recv_data.rsp_type = SS_PARAM_ERROR; - goto Error; - } - - *readLen = 0; - buffer = pRetBuf; - - send_data = (ReqData_t*)malloc(sizeof(ReqData_t)); - - if(!send_data) - { - SLOGE("Memory allocation fail in SsClientDataRead..\n"); - recv_data.rsp_type = SS_MEMORY_ERROR; - goto Error; - } - - // fill send_data - send_data->req_type = 3; // read data from storage - send_data->enc_type = 1; // initial type - send_data->count = 0; - send_data->flag = flag & 0x000000ff; //flag; - temp_len = strlen(filepath); - if(temp_len <= MAX_FILENAME_SIZE) - { - strncpy(send_data->data_infilepath, filepath, MAX_FILENAME_SIZE); - send_data->data_infilepath[temp_len] = '\0'; - } - else - { - SLOGE("filepath is too long.\n"); - recv_data.rsp_type = SS_PARAM_ERROR; - goto Free_and_Error; - } - memset(send_data->group_id, 0x00, MAX_GROUP_ID_SIZE+1); - if(group_id) - strncpy(send_data->group_id, group_id, MAX_GROUP_ID_SIZE); - else - strncpy(send_data->group_id, "NOTUSED", MAX_GROUP_ID_SIZE); - memset(send_data->buffer, 0x00, MAX_SEND_DATA_SIZE+1); - - // Call Server per 4KB data (count from 0 to ~) - for ( ; send_data->count < count; send_data->count++) - { - //receive data from server - recv_data = SsClientComm(send_data); - - // check response type - if(recv_data.rsp_type != 1) - { - SLOGE("data read error from server...\n"); - goto Free_and_Error; - } - // copy the last data (last count) - if(send_data->count == (count - 1)) - { - memcpy(buffer, recv_data.buffer, rest); - *readLen += (size_t)rest; - goto Last; - //break; - } - - memcpy(buffer, recv_data.buffer, MAX_RECV_DATA_SIZE); - *readLen += (size_t)recv_data.readLen; - buffer += recv_data.readLen; - } -Last : - if(bufLen != *readLen) - { - SLOGE("Decrypted abnormally\n"); - recv_data.rsp_type = SS_DECRYPTION_ERROR; - goto Free_and_Error; - } - - SECURE_SLOGE("Decrypted file name : %s\n", recv_data.data_filepath); -Free_and_Error: - free(send_data); -Error: - return recv_data.rsp_type; -} - -int SsClientGetInfo(const char* filepath, ssm_file_info_t* sfi, ssm_flag flag, const char* group_id) -{ - - ReqData_t* send_data = NULL; - RspData_t recv_data; - ssm_file_info_convert_t sfic; - int temp_len = 0; - - if(!filepath || !sfi) - { - SLOGE("Parameter error in SsClientGetInfo..\n"); - recv_data.rsp_type = SS_PARAM_ERROR; - goto Error; - } - - send_data = (ReqData_t*)malloc(sizeof(ReqData_t)); - - if(!send_data) - { - SLOGE("Memory allocation fail in SsClientGetInfo..\n"); - recv_data.rsp_type = SS_MEMORY_ERROR; - goto Error; - } - - // fill send_data - send_data->req_type = 4; // get info type - send_data->enc_type = 1; // initial type - send_data->count = 0; - send_data->flag = flag & 0x000000ff; //flag; - temp_len = strlen(filepath); - if(temp_len <= MAX_FILENAME_SIZE) - { - strncpy(send_data->data_infilepath, filepath, MAX_FILENAME_SIZE); - send_data->data_infilepath[temp_len] = '\0'; - } - else - { - SLOGE("filepath is too long.\n"); - recv_data.rsp_type = SS_PARAM_ERROR; - goto Free_and_Error; - } - memset(send_data->group_id, 0x00, MAX_GROUP_ID_SIZE + 1); - if(group_id) - strncpy(send_data->group_id, group_id, MAX_GROUP_ID_SIZE); - else - strncpy(send_data->group_id, "NOTUSED", MAX_GROUP_ID_SIZE); - memset(send_data->buffer, 0x00, MAX_SEND_DATA_SIZE + 1); - - recv_data = SsClientComm(send_data); - - memcpy(sfic.fInfoArray, recv_data.buffer, sizeof(ssm_file_info_t)); - sfi->originSize = sfic.fInfoStruct.originSize; - sfi->storedSize = sfic.fInfoStruct.storedSize; - memcpy(sfi->reserved, sfic.fInfoStruct.reserved, 8); - -Free_and_Error: - free(send_data); -Error: - return recv_data.rsp_type; -} - -int SsClientDeleteFile(const char *pFilePath, ssm_flag flag, const char* group_id) -{ - ReqData_t* send_data = NULL; - RspData_t recv_data; - int temp_len = 0; - - if(!pFilePath) - { - SLOGE("Parameter error in SsClientDeleteFile..\n"); - recv_data.rsp_type = SS_PARAM_ERROR; - goto Error; - } - - send_data = (ReqData_t*)malloc(sizeof(ReqData_t)); - - if(!send_data) - { - SLOGE("Memory allocation fail in SsClientDeleteFile..\n"); - recv_data.rsp_type = SS_MEMORY_ERROR; - goto Error; - } - - send_data->req_type = 10; // delete file - send_data->enc_type = 1; // initial type - send_data->count = 0; - send_data->flag = flag; // flag - temp_len = strlen(pFilePath); - if(temp_len <= MAX_FILENAME_SIZE) - { - strncpy(send_data->data_infilepath, pFilePath, MAX_FILENAME_SIZE); - send_data->data_infilepath[temp_len] = '\0'; - } - else - { - SLOGE("filepath is too long.\n"); - recv_data.rsp_type = SS_PARAM_ERROR; - goto Free_and_Error; - } - memset(send_data->group_id, 0x00, MAX_GROUP_ID_SIZE+1); - if(group_id) - strncpy(send_data->group_id, group_id, MAX_GROUP_ID_SIZE); - else - strncpy(send_data->group_id, "NOTUSED", MAX_GROUP_ID_SIZE); - memset(send_data->buffer, 0x00, MAX_SEND_DATA_SIZE+1); - - recv_data = SsClientComm(send_data); - -Free_and_Error: - free(send_data); - - SECURE_SLOGE("Deleted file name: %s\n", recv_data.data_filepath); - -Error: - return recv_data.rsp_type; -} - - -////////////////////////////// -__attribute__((visibility("hidden"))) -int DoCipher(const char* pInputBuf, int inputLen, char** ppOutBuf, int* pOutBufLen, char* pKey, int encryption) -{ - static const unsigned char iv[16] = {0xbd, 0xc3, 0xc5, 0xa5, 0xb8, 0xae, 0xc6, 0xbc, 0x20, 0xb3, 0xeb, 0xb0, 0xe6, 0xbf, 0xec, 0x20}; - struct evp_cipher_st* pCipherAlgorithm = NULL; - EVP_CIPHER_CTX cipherCtx; - int tempLen = 0; - int result = 0; - int finalLen = 0; - - pCipherAlgorithm = EVP_aes_256_cbc(); - tempLen = (int)((inputLen / pCipherAlgorithm->block_size + 1) * pCipherAlgorithm->block_size); - - *ppOutBuf = (char*)calloc(tempLen, 1); - EVP_CIPHER_CTX_init(&cipherCtx); - - result = EVP_CipherInit(&cipherCtx, pCipherAlgorithm, (const unsigned char*)pKey, iv, encryption); - if(result != 1) - { - SLOGE("[%d] EVP_CipherInit failed", result); - goto Error; - } - - result = EVP_CIPHER_CTX_set_padding(&cipherCtx, 1); - if(result != 1) - { - SLOGE("[%d] EVP_CIPHER_CTX_set_padding failed", result); - goto Error; - } - - //cipher update operation - result = EVP_CipherUpdate(&cipherCtx, (unsigned char*)*ppOutBuf, pOutBufLen, (const unsigned char*)pInputBuf, inputLen); - if(result != 1) - { - SLOGE("[%d] EVP_CipherUpdate failed", result); - goto Error; - } - - //cipher final operation - result = EVP_CipherFinal(&cipherCtx, (unsigned char*)*ppOutBuf + *pOutBufLen, &finalLen); - if(result != 1) - { - SLOGE("[%d] EVP_CipherFinal failed", result); - goto Error; - } - *pOutBufLen = *pOutBufLen + finalLen; - goto Last; -Error: - result = SS_ENCRYPTION_ERROR; - free(*ppOutBuf); - -Last: - EVP_CIPHER_CTX_cleanup(&cipherCtx); - if((result != 1) && (encryption != 1)) - result = SS_DECRYPTION_ERROR; - - return result; -} - -int SsClientEncryptApplication(const char* pAppId, int idLen, const char* pBuffer, int bufLen, char** ppEncryptedBuffer, int* pEncryptedBufLen) -{ - ReqData_t* send_data = NULL; - RspData_t recv_data; - static char duk[32]; - static int dukExist = 0; - - if(!pBuffer || bufLen ==0) - { - SLOGE("Parameter error"); - recv_data.rsp_type = SS_PARAM_ERROR; - goto Error; - } - - if(!dukExist) - { - send_data = (ReqData_t*)malloc(sizeof(ReqData_t)); - if(!send_data) - { - SLOGE("Memory allocation fail"); - recv_data.rsp_type = SS_MEMORY_ERROR; - goto Error; - } - - send_data->req_type = 5; //request key - send_data->enc_type = 0; - send_data->count = 0; - send_data->flag = 1; - memset(send_data->group_id, 0, MAX_GROUP_ID_SIZE+1); - memcpy(send_data->group_id, pAppId, idLen); - - recv_data = SsClientComm(send_data); - - if(recv_data.rsp_type != 1) - { - SLOGE("failed to get data from server"); - recv_data.rsp_type = SS_TZ_ERROR; - goto Free_and_Error; - } - memcpy(duk, recv_data.buffer, 32); - dukExist = 1; - } - - if(DoCipher(pBuffer, bufLen, ppEncryptedBuffer, pEncryptedBufLen, duk, 1) != 1) - { - SLOGE("failed to encrypt data"); - recv_data.rsp_type = SS_ENCRYPTION_ERROR; - goto Free_and_Error; - } - - recv_data.rsp_type = 1; - -Free_and_Error: - free(send_data); -Error: - return recv_data.rsp_type; -} - -int SsClientDecryptApplication(const char* pBuffer, int bufLen, char** ppDecryptedBuffer, int* pDecryptedBufLen) -{ - ReqData_t* send_data = NULL; - RspData_t recv_data; - static char duk[32]; - static int dukExist = 0; - - if(!pBuffer || bufLen ==0) - { - SLOGE("Parameter error"); - recv_data.rsp_type = SS_PARAM_ERROR; - goto Error; - } - - if(!dukExist) - { - send_data = (ReqData_t*)malloc(sizeof(ReqData_t)); - if(!send_data) - { - SLOGE("Memory allocation fail"); - recv_data.rsp_type = SS_MEMORY_ERROR; - goto Error; - } - - send_data->req_type = 5; //request key - send_data->enc_type = 0; - send_data->count = 0; - send_data->flag = 0; - - recv_data = SsClientComm(send_data); - - if(recv_data.rsp_type != 1) - { - SLOGE("Failed to get data from server"); - recv_data.rsp_type = SS_TZ_ERROR; - goto Free_and_Error; - } - memcpy(duk, recv_data.buffer, 32); - dukExist = 1; - } - - if(DoCipher(pBuffer, bufLen, ppDecryptedBuffer, pDecryptedBufLen, duk, 0) != 1) - { - SLOGE("failed to decrypt data"); - recv_data.rsp_type = SS_DECRYPTION_ERROR; - goto Free_and_Error; - } - recv_data.rsp_type = 1; - -Free_and_Error: - free(send_data); -Error: - return recv_data.rsp_type; -} - -int SsClientEncryptPreloadedApplication(const char* pBuffer, int bufLen, char** ppEncryptedBuffer, int* pEncryptedBufLen) -{ - int result = 0; - char duk[36] = {0,}; - - if(!pBuffer || bufLen ==0) - { - SLOGE("Parameter error"); - result = SS_PARAM_ERROR; - goto Final; - } - - if(DoCipher(pBuffer, bufLen, ppEncryptedBuffer, pEncryptedBufLen, duk, 1) != 1) - { - SLOGE("failed to decrypt data"); - result = SS_ENCRYPTION_ERROR; - goto Final; - } - - result = 1; - -Final: - return result; -} - -int SsClientDecryptPreloadedApplication(const char* pBuffer, int bufLen, char** ppDecryptedBuffer, int* pDecryptedBufLen) -{ - int result = 0; - char duk[36] = {0,}; - - if(!pBuffer || bufLen ==0) - { - SLOGE("Parameter error"); - result = SS_PARAM_ERROR; - goto Final; - } - - if(DoCipher(pBuffer, bufLen, ppDecryptedBuffer, pDecryptedBufLen, duk, 0) != 1) - { - SLOGE("failed to decrypt data"); - result = SS_DECRYPTION_ERROR; - goto Final; - } - - result = 1; - -Final: - return result; -} diff --git a/client/non-tz/src/ss_client_ipc.c b/client/non-tz/src/ss_client_ipc.c deleted file mode 100644 index b986274..0000000 --- a/client/non-tz/src/ss_client_ipc.c +++ /dev/null @@ -1,102 +0,0 @@ -/* - * secure storage - * - * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Kidong Kim <kd0228.kim@samsung.com> - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> -#include <sys/stat.h> -#include <sys/un.h> -#include <sys/types.h> -#include <sys/socket.h> -#include <errno.h> - -#include "ss_client_ipc.h" -#include "secure_storage.h" - -RspData_t SsClientComm(ReqData_t* client_data) -{ - int sockfd = 0; - int client_len = 0; - struct sockaddr_un clientaddr; - ReqData_t send_data = {0, }; - RspData_t recv_data = {0, }; - int temp_len_in = 0; - int temp_len_sock = 0; - int read_len = 0; - - send_data.req_type = client_data->req_type; - send_data.enc_type = client_data->enc_type; - send_data.count = client_data->count; - send_data.flag = client_data->flag; - - temp_len_in = strlen(client_data->data_infilepath); - - strncpy(send_data.data_infilepath, client_data->data_infilepath, MAX_FILENAME_SIZE); - send_data.data_infilepath[temp_len_in] = '\0'; - - strncpy(send_data.group_id, client_data->group_id, MAX_GROUP_ID_SIZE); - - memcpy(send_data.buffer, client_data->buffer, MAX_SEND_DATA_SIZE); - - if((sockfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) - { - SLOGE("Error in function socket()..\n"); - recv_data.rsp_type = SS_SOCKET_ERROR; // ipc error - goto Error_exit; - } - - temp_len_sock = strlen(SS_SOCK_PATH); - - bzero(&clientaddr, sizeof(clientaddr)); - clientaddr.sun_family = AF_UNIX; - strncpy(clientaddr.sun_path, SS_SOCK_PATH, temp_len_sock); - clientaddr.sun_path[temp_len_sock] = '\0'; - client_len = sizeof(clientaddr); - - if(connect(sockfd, (struct sockaddr*)&clientaddr, client_len) < 0) - { - SLOGE("Error in function connect()..\n"); - recv_data.rsp_type = SS_SOCKET_ERROR; // ipc error - goto Error_close_exit; - } - - if(write(sockfd, (char*)&send_data, sizeof(send_data)) < 0) - { - SLOGE("Error in function write()..\n"); - recv_data.rsp_type = SS_SOCKET_ERROR; // ipc error - goto Error_close_exit; - } - - read_len = read(sockfd, (char*)&recv_data, sizeof(recv_data)); - if(read_len < 0) - { - SLOGE("Error in function read()..\n"); - recv_data.rsp_type = SS_SOCKET_ERROR; // ipc error - goto Error_close_exit; - } - -Error_close_exit: - close(sockfd); - -Error_exit: - return recv_data; -} diff --git a/client/non-tz/src/ss_manager.c b/client/non-tz/src/ss_manager.c deleted file mode 100755 index 46662f2..0000000 --- a/client/non-tz/src/ss_manager.c +++ /dev/null @@ -1,592 +0,0 @@ -/* - * secure storage - * - * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Kidong Kim <kd0228.kim@samsung.com> - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> - -#include "secure_storage.h" -#include "ss_client_intf.h" - -#ifndef SS_API -#define SS_API __attribute__((visibility("default"))) -#endif - -/***************************************************************************** - * Internal Functions - *****************************************************************************/ -SS_API -int ssm_getinfo(const char* pFilePath, ssm_file_info_t *sfi, ssm_flag flag, const char* group_id) -{ - int ret = 0; - - if(!pFilePath || !sfi) - { - SLOGE("Parameter error in ssm_getinfo()..\n"); - ret = SS_PARAM_ERROR; - goto Error; - } - - ret = SsClientGetInfo(pFilePath, sfi, flag, group_id); - - if(ret == 1) - { - SLOGI("Getinfo Success.\n"); - ret = 0; // return true - } - else - SLOGE("Getinfo Fail.\n"); - -Error: - return ret; -} - -/***************************************************************************** - * Manager APIs - *****************************************************************************/ -SS_API -int ssm_write_file(const char* pFilePath, ssm_flag flag, const char* group_id) -{ - int ret = 0; - - if(!pFilePath) - { - SLOGE("Parameter error in ssm_write_file()..\n"); - ret = SS_PARAM_ERROR; - goto Error; - } - - if(flag <= SSM_FLAG_NONE || flag >= SSM_FLAG_MAX) - { - SLOGE("Parameter error in ssm_write_file()..\n"); - ret = SS_PARAM_ERROR; - goto Error; - } - - ret = SsClientDataStoreFromFile(pFilePath, flag, group_id); - if(ret == 1) - { - if(unlink(pFilePath) != 0) // if fail - { - SLOGE("unlink fail. [%s]\n", pFilePath); - return -1; // return false - } - SLOGI("Write file Success.\n"); - return 0; // return true - } - else - SLOGE("Write file Fail.\n"); - -Error: - return ret; -} - -SS_API -int ssm_write_buffer(char* pWriteBuffer, size_t bufLen, const char* pFileName, ssm_flag flag, const char* group_id) -{ - int ret = 0; - - if(!pWriteBuffer || !pFileName) - { - SLOGE("Parameter error in ssm_write_buffer()..\n"); - ret = SS_PARAM_ERROR; - goto Error; - } - if(bufLen <= 0 || bufLen > 4096) - { - SLOGE("Parameter error in ssm_write_buffer()..\n"); - ret = SS_PARAM_ERROR; - goto Error; - } - if(flag <= SSM_FLAG_NONE || flag >= SSM_FLAG_MAX) - { - SLOGE("Parameter error in ssm_write_buffer()..\n"); - ret = SS_PARAM_ERROR; - goto Error; - } - - ret = SsClientDataStoreFromBuffer(pWriteBuffer, bufLen, pFileName, flag, group_id); - if(ret == 1) - { - SLOGI("Write buffer Success.\n"); - return 0; // return true - } - else - SLOGE("Write buffer Fail.\n"); - -Error: - return ret; -} - -SS_API -int ssm_read(const char* pFilePath, char* pRetBuf, size_t bufLen, size_t *readLen, ssm_flag flag, const char* group_id) -{ - int ret = 0; - ssm_file_info_t sfi; - - if(!pFilePath || !pRetBuf) - { - SLOGE("Parameter error in ssm_read()..\n"); - ret = SS_PARAM_ERROR; - goto Error; - } - if(!readLen) - { - SLOGE("Parameter error in ssm_read()...\n"); - ret = SS_PARAM_ERROR; - goto Error; - } - - // get info - ret = ssm_getinfo(pFilePath, &sfi, flag, group_id); - if(ret != 0) // ret != true? - { - SLOGE("getinfo error in ssm_read()..\n"); - goto Error; - } - // in case of flag mismatch... - // check flag... - // To do : - if((bufLen > sfi.originSize) || (sfi.reserved[0] != (flag & 0x000000ff))) - { - SLOGE("Flag mismatch or buffer length error in ssm_read()..\n"); - ret = SS_PARAM_ERROR; - goto Error; - } - - ret = SsClientDataRead(pFilePath, pRetBuf, sfi.originSize, readLen, flag, group_id); - - if(ret == 1) - { - SLOGI("Read Success.\n"); - return 0; // return true - } - else - SLOGE("Read Fail.\n"); - -Error: - return ret; -} - -SS_API -int ssm_delete_file(const char *pFilePath, ssm_flag flag, const char* group_id) -{ - int ret = 0; - - if(!pFilePath) - { - SLOGE("Parameter error in ssm_delete_file()..\n"); - ret = SS_PARAM_ERROR; - goto Error; - } - - ret = SsClientDeleteFile(pFilePath, flag, group_id); - - if(ret == 1) // success - { - SLOGI("Delete file Success.\n"); - return 0; - } - else // fail - SLOGE("Delete file Fail.\n"); - -Error: - return ret; -} - -SS_API -int ssm_encrypt_application(const char* pAppId, int idLen, const char* pBuffer, int bufLen, char** pEncryptedBuffer, int* pEncryptedBufLen) -{ - int ret = 0; - - if(!pBuffer || bufLen ==0 || !pAppId || idLen == 0 || idLen+1 > MAX_GROUP_ID_SIZE) - { - SLOGE("Parameter error.\n"); - ret = SS_PARAM_ERROR; - goto Error; - } - - ret = SsClientEncryptApplication(pAppId, idLen, pBuffer, bufLen, pEncryptedBuffer, pEncryptedBufLen); - - if(ret == 1) // success - { - SLOGI("Application encryption succeeded.\n"); - return 0; - } - else // fail - SLOGE("Application encryption failed.\n"); - -Error: - return ret; -} - -SS_API -int ssm_decrypt_application(const char* pBuffer, int bufLen, char** pDecryptedBuffer, int* pDecryptedBufLen) -{ - int ret = 0; - - if(!pBuffer || bufLen ==0) - { - SLOGE("Parameter error.\n"); - ret = SS_PARAM_ERROR; - goto Error; - } - - ret = SsClientDecryptApplication(pBuffer, bufLen, pDecryptedBuffer, pDecryptedBufLen); - - if(ret == 1) // success - { - SLOGI("Application decryption succeeded.\n"); - return 0; - } - else // fail - SLOGE("Application decryption failed.\n"); - -Error: - return ret; -} - -SS_API -int ssm_encrypt_preloaded_application(const char* pBuffer, int bufLen, char** ppEncryptedBuffer, int* pEncryptedBufLen) -{ - int ret = 0; - - if(!pBuffer || bufLen ==0) - { - SLOGE("Parameter error.\n"); - ret = SS_PARAM_ERROR; - goto Error; - } - - ret = SsClientEncryptPreloadedApplication(pBuffer, bufLen, ppEncryptedBuffer, pEncryptedBufLen); - if(ret == 1) // success - { - SLOGI("Application decryption succeeded.\n"); - return 0; - } - else // fail - SLOGE("Application decryption failed.\n"); - -Error: - return ret; -} - -SS_API -int ssm_decrypt_preloaded_application(const char* pBuffer, int bufLen, char** ppDecryptedBuffer, int* pDecryptedBufLen) -{ - int ret = 0; - - if(!pBuffer || bufLen ==0) - { - SLOGE("Parameter error.\n"); - ret = SS_PARAM_ERROR; - goto Error; - } - - ret = SsClientDecryptPreloadedApplication(pBuffer, bufLen, ppDecryptedBuffer, pDecryptedBufLen); - if(ret == 1) // success - { - SLOGI("Application decryption succeeded.\n"); - return 0; - } - else // fail - SLOGE("Application decryption failed.\n"); - -Error: - return ret; -} - - -////////////// -//agent -///////////// -// -// - -int ConvertErrorCode(int error) -{ - int convertedError = 0; - - switch(error) - { - case SS_FILE_OPEN_ERROR: - case SS_PARAM_ERROR: - convertedError = SSA_PARAM_ERROR; - break; - case SS_FILE_TYPE_ERROR: - case SS_FILE_READ_ERROR: - case SS_FILE_WRITE_ERROR: - convertedError = SSA_IO_ERROR; - break; - case SS_MEMORY_ERROR: - convertedError = SSA_UNKNOWN_ERROR; - break; - case SS_SOCKET_ERROR: - convertedError = SSA_SOCKET_ERROR; - break; - case SS_ENCRYPTION_ERROR: - case SS_DECRYPTION_ERROR: - convertedError = SSA_CIPHER_ERROR; - break; - case SS_SIZE_ERROR: - convertedError = SSA_UNKNOWN_ERROR; - break; - case SS_SECURE_STORAGE_ERROR: - convertedError = SSA_TZ_ERROR; - break; - case SS_PERMISSION_DENIED: - convertedError = SSA_PERMISSION_ERROR; - break; - case SS_TZ_ERROR: - convertedError = SSA_TZ_ERROR; - break; - default: - convertedError = SSA_UNKNOWN_ERROR; - break; - } - - SLOGE("error code = %d", convertedError); - - return convertedError; -} - - -SS_API -int ssa_put(const char* pDataName, const char* pDataBlock, size_t inDataBlockLen, const char* pGroupId, const char* pPassword) -{ - int ret = 0; - - if(pPassword && (strlen(pPassword) > MAX_PASSWORD_SIZE)) - { - SLOGE("Invalid input argument."); - return SSA_PARAM_ERROR; - } - - if(!pDataName || !pDataBlock) - { - SLOGE("Invalid input argument."); - return SSA_PARAM_ERROR; - } - - if(inDataBlockLen <= 0 || inDataBlockLen > MAX_SEND_DATA_SIZE) - { - SLOGE("Invalid input argument."); - return SSA_PARAM_ERROR; - } - - ret = ssm_write_buffer(pDataBlock, inDataBlockLen, pDataName, SSM_FLAG_SECRET_OPERATION, pGroupId); - - if(ret != 0) - { - ret = ConvertErrorCode(ret); - return ret; - } - - return inDataBlockLen; -} - -SS_API -int ssa_get(const char* pDataName, char** ppOutDataBlock, const char* pGroupId, const char* pPassword) -{ - ssm_file_info_t info; - size_t readLen = 0; - int ret = 0; - - if(pPassword && (strlen(pPassword) > MAX_PASSWORD_SIZE)) - { - SLOGE("Invalid input argument."); - return SSA_PARAM_ERROR; - } - - if(!pDataName) - { - SLOGE("Invalid input argument."); - return SSA_PARAM_ERROR; - } - - ret = ssm_getinfo(pDataName, &info, SSM_FLAG_SECRET_OPERATION, pGroupId); - if(ret != 0) - { - ret = ConvertErrorCode(ret); - return ret; - } - - *ppOutDataBlock = (char*)malloc(sizeof(char)*(info.originSize+1)); - if(ppOutDataBlock == NULL) - { - SLOGE("Fail to allocate memory"); - return SS_MEMORY_ERROR; - } - - memset(*ppOutDataBlock, 0, info.originSize+1); - - ret = ssm_read(pDataName, *ppOutDataBlock, info.originSize, &readLen, SSM_FLAG_SECRET_OPERATION, pGroupId); - if(ret != 0) - { - ret = ConvertErrorCode(ret); - free(*ppOutDataBlock); - return ret; - } - - return (int)readLen; -} - - -SS_API -int ssa_delete(const char* pDataName, const char* pGroupId) -{ - int ret = 0; - - if(!pDataName) - { - SLOGE("Invalid input argument."); - return SSA_PARAM_ERROR; - } - - ret = ssm_delete_file(pDataName, SSM_FLAG_SECRET_OPERATION, pGroupId); - if(ret != 0) - { - ret = ConvertErrorCode(ret); - } - - return ret; -} - -SS_API -int ssa_encrypt(const char* pInDataBlock, size_t inDataBlockLen, char** ppOutDataBlock, const char* pPassword) -{ - int ret = 0; - int outLen = 0; - char* pKey = "0123456789abcdef0123456789abcdef"; - - if(pPassword && (strlen(pPassword) > MAX_PASSWORD_SIZE)) - { - SLOGE("Invalid input argument."); - return SSA_PARAM_ERROR; - } - - if(!pInDataBlock || inDataBlockLen == 0 || inDataBlockLen > MAX_SEND_DATA_SIZE) - { - SLOGE("Invalid input argument."); - return SSA_PARAM_ERROR; - } - - ret = DoCipher(pInDataBlock, inDataBlockLen, ppOutDataBlock, &outLen, pKey, 1); - if(ret != 1) - { - return SSA_CIPHER_ERROR; - } - - return outLen; -} - - -SS_API -int ssa_decrypt(const char* pInDataBlock, size_t inDataBlockLen, char** ppOutDataBlock, const char* pPassword) -{ - int ret = 0; - int outLen = 0; - char* pKey = "0123456789abcdef0123456789abcdef"; - - if(pPassword && (strlen(pPassword) > MAX_PASSWORD_SIZE)) - { - SLOGE("Invalid input argument."); - return SSA_PARAM_ERROR; - } - - if(!pInDataBlock || inDataBlockLen == 0) - { - SLOGE("Invalid input argument."); - return SSA_PARAM_ERROR; - } - - ret = DoCipher(pInDataBlock, inDataBlockLen, ppOutDataBlock, &outLen, pKey, 0); - if(ret != 1) - { - return SSA_CIPHER_ERROR; - } - - return outLen; -} - -SS_API -int ssa_encrypt_web_application(const char* pAppId, int idLen, const char* pData, int dataLen, char** ppEncryptedData, int isPreloaded) -{ - int ret = 0; - int outLen = 0; - - if(isPreloaded) - { - ret = ssm_encrypt_preloaded_application(pData, dataLen, ppEncryptedData, &outLen); - if(ret != 0) - { - ret = ConvertErrorCode(ret); - return ret; - } - - return outLen; - } - - else - { - ret = ssm_encrypt_application(pAppId, idLen, pData, dataLen, ppEncryptedData, &outLen); - if(ret != 0) - { - ret = ConvertErrorCode(ret); - return ret; - } - - return outLen; - } -} - - -SS_API -int ssa_decrypt_web_application(const char* pData, int dataLen, char** ppDecryptedData, int isPreloaded) -{ - int ret = 0; - int outLen = 0; - - if(isPreloaded) - { - ret = ssm_decrypt_preloaded_application(pData, dataLen, ppDecryptedData, &outLen); - if(ret != 0) - { - ret = ConvertErrorCode(ret); - return ret; - } - - return outLen; - } - - else - { - ret = ssm_decrypt_application(pData, dataLen, ppDecryptedData, &outLen); - if(ret != 0) - { - ret = ConvertErrorCode(ret); - return ret; - } - - return outLen; - } -} diff --git a/debian/changelog b/debian/changelog deleted file mode 100644 index a91caad..0000000 --- a/debian/changelog +++ /dev/null @@ -1,363 +0,0 @@ -secure-storage (0.12.7-18) unstable; urgency=low - - * randomize initial vector of AES_cbc cryptographic algorithm - * Tag: secure-storage_0.12.7-18 - - -- Kidong Kim <kd0228.kim@samsung.com> Mon, 14 May 2012 12:00:40 +0900 - -secure-storage (0.12.7-17) unstable; urgency=low - - * flush and sync encrypted file - * Tag: secure-storage_0.12.7-17 - - -- Kidong Kim <kd0228.kim@samsung.com> Tue, 08 May 2012 17:24:23 +0900 - -secure-storage (0.12.7-16) unstable; urgency=low - - * sync encrypted file in order to prepare unexpected power down - * Tag: secure-storage_0.12.7-16 - - -- Kidong Kim <kd0228.kim@samsung.com> Mon, 23 Apr 2012 16:55:36 +0900 - -secure-storage (0.12.7-15) unstable; urgency=low - - * change starting order of ss-server - * Tag: secure-storage_0.12.7-15 - - -- Kidong Kim <kd0228.kim@samsung.com> Thu, 19 Jan 2012 16:06:30 +0900 - -secure-storage (0.12.7-14) unstable; urgency=low - - * 11/12/20 - * - remove systemd dependency - * Tag: secure-storage_0.12.7-14 - - -- Kidong Kim <kd0228.kim@samsung.com> Tue, 20 Dec 2011 15:03:23 +0900 - -secure-storage (0.12.7-13) unstable; urgency=low - - * 11/12/07 - * - add boiler-plate on testcases - * Tag: secure-storage_0.12.7-13 - - -- Kidong Kim <kd0228.kim@samsung.com> Wed, 07 Dec 2011 09:55:30 +0900 - -secure-storage (0.12.7-12) unstable; urgency=low - - * 11/12/02 - * - change license : LGPL -> apache - * Tag: secure-storage_0.12.7-12 - - -- Kidong Kim <kd0228.kim@samsung.com> Fri, 02 Dec 2011 17:02:00 +0900 - -secure-storage (0.12.7-11) unstable; urgency=low - - * fix install file - * Tag: secure-storage_0.12.7-11 - - -- Kidong Kim <kd0228.kim@samsung.com> Mon, 17 Oct 2011 13:58:06 +0900 - -secure-storage (0.12.7-10) unstable; urgency=low - - * add testcases - * Tag: secure-storage_0.12.7-10 - - -- Kidong Kim <kd0228.kim@samsung.com> Fri, 14 Oct 2011 14:10:04 +0900 - -secure-storage (0.12.7-9) unstable; urgency=low - - * fix boiler-plate - * Tag: secure-storage_0.12.7-9 - - -- Kidong Kim <kd0228.kim@samsung.com> Wed, 13 Jul 2011 10:23:26 +0900 - -secure-storage (0.12.7-8) unstable; urgency=low - - * fix strncpy problem - * Tag: secure-storage_0.12.7-8 - - -- Kidong Kim <kd0228.kim@samsung.com> Wed, 16 Feb 2011 10:07:00 +0900 - -secure-storage (0.12.7-7) unstable; urgency=low - - * fix prevent bugs - * Tag: secure-storage_0.12.7-7 - - -- Kidong Kim <kd0228.kim@samsung.com> Thu, 20 Jan 2011 16:52:02 +0900 - -secure-storage (0.12.7-6) unstable; urgency=low - - * fix double free and strtoul problem - * Tag: secure-storage_0.12.7-6 - - -- Kidong Kim <kd0228.kim@samsung.com> Tue, 04 Jan 2011 15:09:08 +0900 - -secure-storage (0.12.7-5) unstable; urgency=low - - * fix postinst script - * Tag: secure-storage_0.12.7-5 - - -- Kidong Kim <kd0228.kim@samsung.com> Wed, 15 Dec 2010 10:15:03 +0900 - -secure-storage (0.12.7-4) unstable; urgency=low - - * fix strip problem - * Tag: secure-storage_0.12.7-4 - - -- Kidong Kim <kd0228.kim@samsung.com> Wed, 01 Dec 2010 10:34:18 +0900 - -secure-storage (0.12.7-3) unstable; urgency=low - - * add boilerplate in test codes - * Tag: secure-storage_0.12.7-3 - - -- Kidong Kim <kd0228.kim@samsung.com> Fri, 26 Nov 2010 15:32:47 +0900 - -secure-storage (0.12.7-2) unstable; urgency=low - - * add new testcases - * Tag: secure-storage_0.12.7-2 - - -- Kidong Kim <kd0228.kim@samsung.com> Wed, 24 Nov 2010 15:48:28 +0900 - -secure-storage (0.12.7-1) unstable; urgency=low - - * fix doxygen and add new configuration file - * Tag: secure-storage_0.12.7-1 - - -- Kidong Kim <kd0228.kim@samsung.com> Fri, 12 Nov 2010 18:33:40 +0900 - -secure-storage (0.12.6-1) unstable; urgency=low - - * modify APIs - add new parameter 'group_id' - * Tag: secure-storage_0.12.6-1 - - -- Kidong Kim <kd0228.kim@samsung.com> Wed, 03 Nov 2010 09:20:55 +0900 - -secure-storage (0.12.5-11) unstable; urgency=low - - * fix doxygen - * Tag: secure-storage_0.12.5-11 - - -- Kidong Kim <kd0228.kim@samsung.com> Wed, 27 Oct 2010 15:01:16 +0900 - -secure-storage (0.12.5-10) unstable; urgency=low - - * fix bug - * Tag: secure-storage_0.12.5-10 - - -- Kidong Kim <kd0228.kim@samsung.com> Fri, 22 Oct 2010 18:52:59 +0900 - -secure-storage (0.12.5-9) unstable; urgency=low - - * add new boiler-plate - * Tag: secure-storage_0.12.5-9 - - -- Kidong Kim <kd0228.kim@samsung.com> Fri, 22 Oct 2010 17:49:33 +0900 - -secure-storage (0.12.5-8) unstable; urgency=low - - * make another symbolic link - * Tag: secure-storage_0.12.5-8 - - -- Kidong Kim <kd0228.kim@samsung.com> Mon, 18 Oct 2010 14:15:03 +0900 - -secure-storage (0.12.5-7) unstable; urgency=low - - * delete some useless APIs - * Tag: secure-storage_0.12.5-7 - - -- Kidong Kim <kd0228.kim@samsung.com> Fri, 15 Oct 2010 16:58:32 +0900 - -secure-storage (0.12.5-6) unstable; urgency=low - - * modify doxygen group - * Tag: secure-storage_0.12.5-6 - - -- Kidong Kim <kd0228.kim@samsung.com> Mon, 27 Sep 2010 18:01:20 +0900 - -secure-storage (0.12.5-5) unstable; urgency=low - - * change copyright context - * Tag: secure-storage_0.12.5-5 - - -- Kidong Kim <kd0228.kim@samsung.com> Tue, 31 Aug 2010 14:14:00 +0900 - -secure-storage (0.12.5-4) unstable; urgency=low - - * add new API - ssm_delete_file - * Tag: secure-storage_0.12.5-4 - - -- Kidong Kim <kd0228.kim@samsung.com> Sat, 12 Jun 2010 14:44:21 +0900 - -secure-storage (0.12.5-3) unstable; urgency=low - - * delete deprecated values - * Tag: secure-storage_0.12.5-3 - - -- Kidong Kim <kd0228.kim@samsung.com> Sat, 05 Jun 2010 13:38:31 +0900 - -secure-storage (0.12.5-2) unstable; urgency=low - - * modify deprecated method - * Tag: secure-storage_0.12.5-2 - - -- Kidong Kim <kd0228.kim@samsung.com> Mon, 24 May 2010 20:41:56 +0900 - -secure-storage (0.12.5-1) unstable; urgency=low - - * change API names and data structure names - * Tag: secure-storage_0.12.5-1 - - -- Kidong Kim <kd0228.kim@samsung.com> Mon, 24 May 2010 18:13:20 +0900 - -secure-storage (0.12.4-6) unstable; urgency=low - - * fix uploader info - * Tag: secure-storage_0.12.4-6 - - -- Kidong Kim <kd0228.kim@samsung.com> Wed, 19 May 2010 13:58:43 +0900 - -secure-storage (0.12.4-5) unstable; urgency=low - - * give a 777permission to socket - * Tag: secure-storage_0.12.4-5 - - -- root <kd0228.kim@samsung.com> Wed, 19 May 2010 11:43:59 +0900 - -secure-storage (0.12.4-4) unstable; urgency=low - - * fix tagging problem - * Tag: secure-storage_0.12.4-4 - - -- Kidong Kim <kd0228.kim@samsung.com> Mon, 19 Apr 2010 18:24:05 +0900 - -secure-storage (0.12.4-3) unstable; urgency=low - - * fix tagging problem - * Tag: secure-storage_0.12.4-3 - - -- Kidong Kim <kd0228.kim@samsung.com> Sat, 17 Apr 2010 17:44:39 +0900 - -secure-storage (0.12.4-2) unstable; urgency=low - - * add postinst scripts - * Tag: secure-storage_0.12.4-2 - - -- Kidong Kim <kd0228.kim@samsung.com> Fri, 16 Apr 2010 19:33:40 +0900 - -secure-storage (0.12.4-1) unstable; urgency=low - - * fix problem regarding version - * Tag: secure-storage_0.12.4-1 - - -- Kidong Kim <kd0228.kim@samsung.com> Mon, 12 Apr 2010 21:35:23 +0900 - -secure-storage (0.12.3-1) unstable; urgency=low - - * fix problem regarding version - - -- Kidong Kim <kd0228.kim@samsung.com> Mon, 12 Apr 2010 21:21:08 +0900 - -secure-storage (0.12.2-3) unstable; urgency=low - - * Revert to version 0.12.2-1 - - -- Kidong Kim <kd0228.kim@samsung.com> Mon, 12 Apr 2010 21:09:24 +0900 - -secure-storage (0.12.2-2) unstable; urgency=low - - * Make [pkgname].postinst in order to change file permission and owner - - -- Kidong Kim <kd0228.kim@samsung.com> Mon, 12 Apr 2010 20:33:37 +0900 - -secure-storage (0.12.2-1) unstable; urgency=low - - * add flag 'TEST_TARGET' - - -- Kidong Kim <kd0228.kim@samsung.com> Mon, 12 Apr 2010 17:35:17 +0900 - -secure-storage (0.12.1-1) unstable; urgency=low - - * re-make version - - -- Kidong Kim <kd0228.kim@samsung.com> Thu, 08 Apr 2010 16:37:10 +0900 - -secure-storage (0.2.1-1) unstable; urgency=low - - * case of inhouse package - * Tag: secure-storage_0.2.1-1 - - -- Kidong Kim <kd0228.kim@samsung.com> Thu, 08 Apr 2010 12:07:01 +0900 - -secure-storage (0.11) unstable; urgency=low - - * Add new API - for Widget encryption / decrpytion - - -- Kidong Kim <kd0228.kim@samsung.com> Tue, 23 Mar 2010 16:17:46 +0900 - -secure-storage (0.10) unstable; urgency=low - - * In case of parameter which must not be modified, change char* to const char* - - -- Kidong Kim <kd0228.kim@samsung.com> Thu, 18 Mar 2010 15:30:04 +0900 - -secure-storage (0.9) unstable; urgency=low - - * Remove 'SLP' and 'slp' prefix - - -- Kidong Kim <kd0228.kim@samsung.com> Tue, 26 Jan 2010 16:42:27 +0900 - -secure-storage (0.8) unstable; urgency=low - - * Add internal flag - - -- Kidong Kim <kd0228.kim@samsung.com> Sat, 23 Jan 2010 17:17:25 +0900 - -secure-storage (0.7) unstable; urgency=low - - * Modify link name - - -- Kidong Kim <kd0228.kim@samsung.com> Thu, 21 Jan 2010 10:35:18 +0900 - -secure-storage (0.6) unstable; urgency=low - - * Remove dev dependency of binary package. - - -- Kidong Kim <kd0228.kim@samsung.com> Thu, 14 Jan 2010 15:06:32 +0900 - -secure-storage (0.5) unstable; urgency=low - - * export one more function - - -- Kidong Kim <kd0228.kim@samsung.com> Tue, 12 Jan 2010 08:43:44 +0900 - -secure-storage (0.4) unstable; urgency=low - - * Modify ss-server auto-activation code. - - -- Kidong Kim <kd0228.kim@samsung.com> Mon, 11 Jan 2010 15:20:25 +0900 - -secure-storage (0.3) unstable; urgency=low - - * Add prefix SLPAPI - can use APIs of secure storage - - -- Kidong Kim <kd0228.kim@samsung.com> Mon, 11 Jan 2010 11:20:12 +0900 - -secure-storage (0.2) unstable; urgency=low - - * Resolve dependency problem. - - -- Kidong Kim <kd0228.kim@samsung.com> Tue, 05 Jan 2010 19:34:26 +0900 - -secure-storage (0.1) unstable; urgency=low - - * Make CMakeLists.txt and Initial Release. - - -- Kidong Kim <kd0228.kim@samsung.com> Thu, 17 Dec 2009 16:37:03 +0900 - -secure-storage (0) unstable; urgency=low - - * Initial Release. - - -- Ki Dong Kim <kd0228.kim@samsung.com> Wed, 09 Dec 2009 09:55:06 +0900 diff --git a/debian/compat b/debian/compat deleted file mode 100644 index 7ed6ff8..0000000 --- a/debian/compat +++ /dev/null @@ -1 +0,0 @@ -5 diff --git a/debian/control b/debian/control deleted file mode 100644 index b66dfd1..0000000 --- a/debian/control +++ /dev/null @@ -1,30 +0,0 @@ -Source: secure-storage -Priority: extra -Maintainer: Kidong Kim <kd0228.kim@samsung.com> -Build-Depends: debhelper (>= 5), autotools-dev, libssl-dev, openssl, dlog-dev -Standards-Version: 3.7.2 -Section: base - -Package: libss-client-dev -Section: libs -Architecture: any -Depends: ${misc:Depends}, libssl-dev, libss-client-0 (= ${Source-Version}), dlog-dev -Description: secure storage client library develpoment package - -Package: libss-client-0 -Section: libs -Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends} -Description: secure storage client library package - -Package: ss-server -Section: base -Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, libss-client-0 (= ${Source-Version}), libdlog-0 -Description: secure storage server - -Package: ss-server-dbg -Section: debug -Architecture: any -Depends: ss-server (= ${Source-Version}) -Description: debug package of secure storage source package diff --git a/debian/docs b/debian/docs deleted file mode 100644 index e69de29..0000000 --- a/debian/docs +++ /dev/null diff --git a/debian/libss-client-0.install.in b/debian/libss-client-0.install.in deleted file mode 100644 index 8db61c4..0000000 --- a/debian/libss-client-0.install.in +++ /dev/null @@ -1 +0,0 @@ -usr/lib/libss-client.so* diff --git a/debian/libss-client-0.postinst b/debian/libss-client-0.postinst deleted file mode 100755 index 8fb2afe..0000000 --- a/debian/libss-client-0.postinst +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -#if [ ${USER} == "root" ] -#then -# chown root:root /usr/lib/libss-client.so -#fi - -#chmod 644 /usr/lib/libss-client.so diff --git a/debian/libss-client-dev.install.in b/debian/libss-client-dev.install.in deleted file mode 100644 index 7e38b28..0000000 --- a/debian/libss-client-dev.install.in +++ /dev/null @@ -1,2 +0,0 @@ -usr/include/ss_manager.h -usr/lib/pkgconfig/secure-storage.pc diff --git a/debian/rules b/debian/rules deleted file mode 100755 index 67da1e8..0000000 --- a/debian/rules +++ /dev/null @@ -1,128 +0,0 @@ -#!/usr/bin/make -f -# -*- makefile -*- -# Sample debian/rules that uses debhelper. -# This file was originally written by Joey Hess and Craig Small. -# As a special exception, when this file is copied by dh-make into a -# dh-make output file, you may use that output file without restriction. -# This special exception was added by Craig Small in version 0.37 of dh-make. - -# Uncomment this to turn on verbose mode. -#export DH_VERBOSE=1 - -CFLAGS ?= -Wall -g -CXXFLAGS ?= -Wall -g -LDFLAGS ?= -PREFIX ?= /usr -DATADIR ?= /opt - -ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) - CFLAGS += -O0 - CXXFLAGS += -O0 -else - CFLAGS += -O2 - CXXFLAGS += -O2 -endif - -LDFLAGS += -Wl,--rpath=$(PREFIX)/lib -Wl,--as-needed - -configure: configure-stamp -configure-stamp: - dh_testdir - # Add here commands to configure the package. - CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" cmake . -DCMAKE_INSTALL_PREFIX=$(PREFIX) - - touch configure-stamp - -build: build-stamp - -build-stamp: configure-stamp - dh_testdir - - # Add here commands to compile the package. - $(MAKE) - #docbook-to-man debian/wavplayer.sgml > wavplayer.1 - - for f in `find $(CURDIR)/debian/ -name "*.in"`; do \ - cat $$f > $${f%.in}; \ - sed -i -e "s#@PREFIX@#$(PREFIX)#g" $${f%.in}; \ - sed -i -e "s#@DATADIR@#$(DATADIR)#g" $${f%.in}; \ - done - - - touch $@ - -clean: - dh_testdir - dh_testroot - rm -f build-stamp configure-stamp - - # Add here commands to clean up after the build process. - -$(MAKE) clean - rm -rf CMakeCache.txt - rm -rf CMakeFiles - rm -rf cmake_install.cmake - rm -rf Makefile - rm -rf install_manifest.txt - rm -rf *.so - rm -rf *.pc - rm -rf config - - for f in `find $(CURDIR)/debian/ -name "*.in"`; do \ - rm -f $${f%.in}; \ - done - - dh_clean - -install: build - dh_testdir - dh_testroot - dh_clean -k - dh_installdirs - - # Add here commands to install the package into debian/wavplayer. - $(MAKE) DESTDIR=$(CURDIR)/debian/tmp install - mkdir -p $(CURDIR)/debian/tmp/etc/rc.d/rc3.d/ - mkdir -p $(CURDIR)/debian/tmp/etc/rc.d/rc5.d/ - ln -s ../init.d/ss-serverd $(CURDIR)/debian/tmp/etc/rc.d/rc3.d/S26ss-server - ln -s ../init.d/ss-serverd $(CURDIR)/debian/tmp/etc/rc.d/rc5.d/S26ss-server - - -# Build architecture-independent files here. -binary-indep: build install -# We have nothing to do by default. - -# Build architecture-dependent files here. -binary-arch: build install - dh_testdir - dh_testroot - dh_installchangelogs - dh_installdocs - dh_installexamples - dh_install --sourcedir=debian/tmp -# dh_installmenu -# dh_installdebconf -# dh_installlogrotate -# dh_installemacsen -# dh_installpam -# dh_installmime -# dh_python -# dh_installinit -# dh_installcron -# dh_installinfo - dh_installman - dh_link -# dh_strip -# dh_strip --dbg-package=secure-storage-dbg - dh_strip --dbg-package=ss-server-dbg - dh_compress - dh_fixperms -# dh_perl - dh_makeshlibs - dh_installdeb - dh_shlibdeps - dh_gencontrol - dh_md5sums - dh_builddeb - -binary: binary-indep binary-arch -.PHONY: build clean binary-indep binary-arch binary install configure diff --git a/debian/ss-server.install.in b/debian/ss-server.install.in deleted file mode 100644 index 8a02822..0000000 --- a/debian/ss-server.install.in +++ /dev/null @@ -1,5 +0,0 @@ -usr/share/secure-storage/config -usr/bin/ss-server -etc/rc.d/rc3.d/S26ss-server -etc/rc.d/rc5.d/S26ss-server -etc/rc.d/init.d/ss-serverd diff --git a/debian/ss-server.postinst b/debian/ss-server.postinst deleted file mode 100755 index 673fd19..0000000 --- a/debian/ss-server.postinst +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - -if [ ${USER} = "root" ] -then -# chown root:root /usr/bin/ss-server - chown root:root /etc/rc.d/init.d/ss-serverd -fi - -#chmod 700 /usr/bin/ss-server -chmod 755 /etc/rc.d/init.d/ss-serverd diff --git a/doc/secure_storage_doc.h b/doc/secure_storage_doc.h deleted file mode 100644 index 7945567..0000000 --- a/doc/secure_storage_doc.h +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the License); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an AS IS BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef __TIZEN_CORE_LIB_SECURE_STORAGE_DOC_H__ -#define __TIZEN_CORE_LIB_SECURE_STORAGE_DOC_H__ -/** - * @ingroup StorageFW - * @defgroup CAPI_SECURE_STORAGE_MODULE Secure Storage - * @brief The Secure Storage API provides functions for encryption, decryption and putting, getting application data to secure storage - * @section CAPI_SECURE_STORAGE_MODULE_HEADER Required Header - * \#include <ss_manager.h> - * @section CAPI_SECURE_STORAGE_MODULE_OVERVIEW Overview - * It provides functions for putting/getting (ssa_put(), ssa_get()) and encrypting/decrypting(ssa_encrypt()/ssa_decrypt()) application data. - */ - -#endif diff --git a/image/SLP_secure-storage_PG_image001.png b/image/SLP_secure-storage_PG_image001.png Binary files differdeleted file mode 100755 index 325dc70..0000000 --- a/image/SLP_secure-storage_PG_image001.png +++ /dev/null diff --git a/image/SLP_secure-storage_PG_image002.png b/image/SLP_secure-storage_PG_image002.png Binary files differdeleted file mode 100755 index 245ddcd..0000000 --- a/image/SLP_secure-storage_PG_image002.png +++ /dev/null diff --git a/include/SLP_secure-storage_PG.h b/include/SLP_secure-storage_PG.h deleted file mode 100755 index 8a54815..0000000 --- a/include/SLP_secure-storage_PG.h +++ /dev/null @@ -1,520 +0,0 @@ -/** - * - * @ingroup SLP_PG - * @defgroup SecureStorage_PG Secure Storage -@{ - -<h1 class="pg">Introduction</h1> - -<h2 class="pg">Goal</h2> -The purpose of the document is to explain the method to use <i>Secure Storage</i> for developing SLP. - -<h2 class="pg">Scope</h2> -This document can be referenced by SCM engineers and SLP developers. - -<h2 class="pg">Introduction</h2> -Secure storage is a kind of technology to store data securely, implemented by using cryptographic techniques. Distributed Secure storage Manager provides APIs so that other applications can tighten up security by using Secure storage Engine. -When user wants to store data, he(or she) can store data securely by using APIs provided by Secure storage. - -<h2 class="pg">Requirements</h2> -OpenSSL -- Cryptographic APIs of Secure storage refer to the OpenSSL libraries, the OpenSSL module MUST be prepared before building Secure storage module. - - # apt-get install openssl -- OpenSSL module is included in the SDK basically. In general, you don't care about that. - -<h2 class="pg">Abbreviations</h2> -<table> - <tr> - <td>SLP</td><td>Samsung Linux Platform</td> - </tr> - <tr> - <td> </td><td> </td> - </tr> - <tr> - <td> </td><td> </td> - </tr> -</table> - - -<h1 class="pg">Architecture</h1> -The Secure storage module is implemented by C language. - -<h2 class="pg">System Architecture</h2> -@image html SLP_secure-storage_PG_image001.png -The figure shown above is the architecture of Secure Storage which now implemented in SLP. The Secure Storage is implemented as a Server/Client model, using Unix Socket communication between the Server and Client. The user application utilizes Secure Storage operation by using APIs provided by the Manager. - -<h2 class="pg">File Structure</h2> -@image html SLP_secure-storage_PG_image002.png -The figure shown above is the structure of a file stored in Secure Storage. The file's metadata is added in a header before the actual data and is extendable. - -<h2 class="pg">Source code Architecture</h2> -- Server - - ss_server_ipc.c : processing communication of server - - ss_server_main.c : actual cryptographic function (encrypt / decrypt) -- Client - - ss_client_ipc : processing communication of client - - ss_client_intf : processing request and reply of server - - ss_manager : the high-ranked APIs which are used by other applications - -<h2 class="pg">Result of Build</h2> -If build of Secure storage module is success, results of build are as below: -- libss-client.so : shared library for providing manager APIs (/usr/lib) -- ss-server : executable for operating Secure storage Server (/usr/bin) -- ss_manager.h : header file for providing APIs and data structures (/usr/include - - -<h1 class="pg">APIs</h1> -The APIs are classified by three categories - Store, Read and get information. - -<h2 class="pg">Data Store</h2> -- Data Store 1 -<table> - <tr> - <td>API Name</td><td colspan="2">ssm_write_file()</td> - </tr> - <tr> - <td rowspan="3">Input Param</td><td>char* pFilePath</td><td>path of file to be stored in Secure Storage</td> - </tr> - <tr> - <td>ssm_flag flag</td><td>type of file to be stored</td> - </tr> - <tr> - <td>const char* group_id</td><td>group name to be shared, if not, NULL</td> - </tr> - <tr> - <td>Output Param</td><td colspan="2">None</td> - </tr> - <tr> - <td>Include File</td><td colspan="2">ss_manager.h</td> - </tr> - <tr> - <td>Return Value</td><td colspan="2">Return Type : INT<br>If 0, Success<br>If <0, Fail<br></td> - </tr> -</table> - - Store file in the Secure Storage. The original file will be deleted after storing. The 'pFilePath' is written in absolute path. To use data type, refer to 'Type Definition 1'. - -- Data Store 2 -<table> - <tr> - <td>API Name</td><td colspan="2">ssm_write_buffer()</td> - </tr> - <tr> - <td rowspan="5">Input Param</td><td>char* pWriteBuffer</td><td>buffer pointer of data to be stored in Secure storage</td> - </tr> - <tr> - <td>size_t bufLen</td><td>size of buffer</td> - </tr> - <tr> - <td>char* pFileName</td><td>file name to be used in Secure Storage</td> - </tr> - <tr> - <td>ssm_flag flag</td><td>type of file to be stored</td> - </tr> - <tr> - <td>const char* group_id</td><td>group name to be shared, if not, NULL</td> - </tr> - <tr> - <td>Output Param</td><td colspan="2">None</td> - </tr> - <tr> - <td>Include File</td><td colspan="2">ss_manager.h</td> - </tr> - <tr> - <td>Return Value</td><td colspan="2">Return Type : INT<br>If 0, Success<br>If <0, Fail</td> - </tr> -</table> - - Encrypt buffer content and store that in the Secure Storage in the file form. The 'pFileName' is real file name which be stored in the Secure Storage and is not absolute path but single file name. For example, that is not 'mydata/abc.txt', but 'abc.txt'. The 'bufLen' has length from 0 to 4KB(4096). To use data type, refer to chapter 'Type Definition 1'. - -<h2 class="pg">Data Information</h2> -- Data Information -<table> - <tr> - <td>API Name</td><td colspan="2">ssm_getinfo()</td> - </tr> - <tr> - <td rowspan="4">Input Param</td><td>char* pFilePath</td><td>file name or path to be stored in secure storage</td> - </tr> - <tr> - <td>ssm_flag flag</td><td>type of file to be stored</td> - </tr> - <tr> - <td>ssm_file_info_t* sfi</td><td>data structure or information of the file</td> - </tr> - <tr> - <td>const char* group_id</td><td>group name to be shared, if not, NULL</td> - </tr> - <tr> - <td>Output Param</td><td colspan="2">None</td> - </tr> - <tr> - <td>Include File</td><td colspan="2">ss_manager.h</td> - </tr> - <tr> - <td>Return Value</td><td colspan="2">Return Type : INT<br>If 0, Success<br>If <0, Fail</td> - </tr> -</table> - - Get information about file that you want to read. You can use 'originSize' of 'ssm_file_info_t' data structure to parameter 'bufLen' of SSM_Read() function. To use data type, refer to 'Type Definition 1'. - -<h2 class="pg">Data Read</h2> -<table> - <tr> - <td>API Name</td><td colspan="2">ssm_read()</td> - </tr> - <tr> - <td rowspan="4">Input Param</td><td>char* pFilePath</td><td>file name or path to be read in secure storage</td> - </tr> - <tr> - <td> size_t bufLen</td><td>length of data to be read</td> - </tr> - <tr> - <td>ssm_flag flag</td><td>data type to be read</td> - </tr> - <tr> - <td>const char* group_id</td><td>group name to be shared, if not, NULL</td> - </tr> - <tr> - <td rowspan="2">Output Param</td><td>char* pRetBuf</td><td>buffer for decrypted data</td> - </tr> - <tr> - <td>size_t* readLen</td><td>length of data that this function read</td> - </tr> - <tr> - <td>Include File</td><td colspan="2">ss_manager.h</td> - </tr> - <tr> - <td>Return Value</td><td colspan="2">Return Type : INT<br>If 0, Success<br>If <0, Fail</td> - </tr> -</table> - - Read contents of file stored in Secure Storage to buffer. When coding, please note the following. - -# The 'flag' of required data MUST be same as the 'flag' of stored data. - -# The 'pFilePath' is absolute path or file name. In case of ssm_write_file(), use the absolute path, and in case of ssm_write_buffer(), use a file name. - -# The 'pRetBuf' should be a pointer of already allocated memory. (Secure Storage does not allocate memory itself.) - -# When using 'pRetBuf', do not use "string function" but "memory function". (It may include NULL bytes.) - string function : strcpy, strlen, strcat, fputs, fgets, ... - memory function : memcpy, memset, fwrite, fread, ... -@code -int ret; -size_t bufLen, readLen; -ssm_file_info_t sfi; -char* buffer = NULL; -... -ssm_getinfo("/abc/def/ghi", &sfi, SSM_FLAG_DATA); -... -buffer = (char*)malloc(sfi.originSize + 1); -bufLen = sfi.originSize; -... -ret = ssm_read("/abc/def/ghi", buffer, bufLen, &readLen, SSM_FLAG_DATA); -... -@endcode - -<h2 class="pg">Delete File</h2> -- Delete encrypted file -<table> - <tr> - <td>API Name</td><td colspan="2">ssm_delete_file()</td> - </tr> - <tr> - <td rowspan="3">Input Param</td><td>char* pFilePath</td><td>path of file to be deleted from Secure Storage</td> - </tr> - <tr> - <td>ssm_flag flag</td><td>type of file to be deleted</td> - </tr> - <tr> - <td>const char* group_id</td><td>group name to be shared, if not, NULL</td> - </tr> - <tr> - <td>Output Param</td><td colspan="2">None</td> - </tr> - <tr> - <td>Include File</td><td colspan="2">ss_manager.h</td> - </tr> - <tr> - <td>Return Value</td><td colspan="2">Return Type : INT<br>If 0, Success<br>If <0, Fail</td> - </tr> -</table> - - Use when user want to delete file in Secure-storage. If you use the function ssm_write_file( ) or ssm_write_buffer( ) when storing in Secure-storage, you should use this function in order to delete those files. The flag MUST be identical with one which was used when storing. - -<h2 class="pg">Type Definition</h2> -- Type Definition 1 -<table> - <tr> - <td>Type Name</td><td>ssm_flag</td> - </tr> - <tr> - <td>Members</td> - <td> - typedef enum {<br> - SSM_FLAG_NONE = 0x00,<br> - SSM_FLAG_DATA,<br> - SSM_FLAG_SECRET_PRESERVE,<br> - SSM_FLAG_SECRET_OPERATION,<br> - SSM_FLAG_MAX<br> - } SSM_FLAG - </td> - </tr> - <tr> - <td>Include File</td><td>ss_manager.h</td> - </tr> -</table> - - The flag for separating contents of file to be stored in Secure Storage. Secure storage API requires the flag information. - -# <b>SSM_FLAG_DATA</b> : general data for user. (picture, movie, memo, etc.) - -# <b>SSM_FLAG_SECRET_PRESERVE</b> : the secret data for preservation. - -# <b>SSM_FLAG_SECRET_OPERATION</b> : the secret data to be renewed. - -- Type Definition 2 -<table> - <tr> - <td>Type Name</td><td>ssm_file_info_t</td> - </tr> - <tr> - <td>Members</td> - <td> - typedef struct {<br> - unsigned int originSize;<br> - insigned int storedSize;<br> - char reserved[8];<br> - } ssm_file_info_t<br> - </td> - </tr> - <tr> - <td>Include File</td><td>ss_manager.h</td> - </tr> -</table> - - The data structure for storing metadata of file to be stored in Secure Storage. After encrypting, file size will be increased because of cryptographic block size. Therefore store before and after file size. 1bytes of reserved 8bytes is used for storing flag information. - -<h2 class="pg">Error Definition</h2> -- Error Definition -<table> - <tr> - <td rowspan="2">Error Name</td><td colspan="2">Value</td> - </tr> - <tr> - <td>Hex</td><td>Decimal</td> - </tr> - <tr> - <td>SS_PARAM_ERROR</td><td>0x00000002</td><td>2</td> - </tr> - <tr> - <td>SS_FILE_TYPE_ERROR</td><td>0x00000003</td><td>3</td> - </tr> - <tr> - <td>SS_FILE_OPEN_ERROR</td><td>0x00000004</td><td>4</td> - </tr> - <tr> - <td>SS_FILE_READ_ERROR</td><td>0x00000005</td><td>5</td> - </tr> - <tr> - <td>SS_FILE_WRITE_ERROR</td><td>0x00000006</td><td>6</td> - </tr> - <tr> - <td>SS_MEMORY_ERROR</td><td>0x00000007</td><td>7</td> - </tr> - <tr> - <td>SS_SOCKET_ERROR</td><td>0x00000008</td><td>8</td> - </tr> - <tr> - <td>SS_ENCRYPTION_ERROR</td><td>0x00000009</td><td>9</td> - </tr> - <tr> - <td>SS_DECRYPTION_ERROR</td><td>0x0000000a</td><td>10</td> - </tr> - <tr> - <td>SS_SIZE_ERROR</td><td>0x0000000b</td><td>11</td> - </tr> - <tr> - <td>SS_SECURE_STORAGE_ERROR</td><td>0x0000000c</td><td>12</td> - </tr> - <tr> - <td>SS_PERMISSION_ERROR</td><td>0x0000000d</td><td>13</td> - </tr> -</table> - - The error codes are defined in ss_manager.h. The actual return value of Secure Storage API is the negative form of the defined value. - -<h2 class="pg">File System Synchronization (Recommended)</h2> -- When writing a file to Secure Storage using ssm_write_file() or ssm_write_buffer(), if it powers down unexpectedly, the data will not be recorded properly in the filesystem. To prevent this from happening, your application should call the <b>sync()</b> function. -<table> - <tr> - <td> - <b>POSIX Programmer's manual</b><br> - <br> - <b>NAME</b></br> - sync - schedule file system updates<br> - <br> - <b>SYNOPSIS</b> - #include <unistd.h><br> - <br> - void sync(void);<br> - <br> - <b>DESCRIPTION</b><br> - The sync() function shall cause all information in memory that updates file systems to be scheduled for writing out to all file systems.<br> - <br> - The writing, although scheduled, is not necessarily complete upon return from sync().<br> - <br> - <b>RETURN VALUE</b><br> - The sync() function shall not return a value.<br> - <br> - <b>ERRORS</b><br> - No errors are defined.<br> - <br> - The following sections are informative.<br> - <br> - <b>EXAMPLES</b><br> - None<br> - <br> - <b>APPLICATION USAGE</b><br> - None<br> - <br> - <b>RATIONALE</b><br> - None<br> - <br> - <b>FUTURE DIRECTIONS</b><br> - None<br> - <br> - <b>SEE ALSO</b><br> - fsync() , the Base Definitions volume of IEEE Std 1003.1-2001, <unistd.h><br> - <br> - <b>COPYRIGHT</b><br> - Portions of this text are reprinted and reproduced in electronic form from IEEE Std 1003.1, 2003 Edition, Standard for Information Technology -- Portable Operating System Interface (POSIX), The Open Group Base Specifications Issue 6, Copyright (C) 2001-2003 by the Institute of Electrical and Electronics Engineers, Inc and The Open Group. In the event of any discrepancy between this version and the original IEEE and The Open Group Standard, the original IEEE and The Open Group Standard is the referee document. The original Standard can be obtained online at http://www.open-group.org/unix/online.html.<br> - </td> - </tr> -</table> - - -<h1 class="pg">Implementation Guide</h1> -<h2 class="pg">A note of caution when implementing</h2> -- General particular - - The 'group_id' parameter is very important portion in Secure Storage module. - - In general cases, when an application stores some file in Secure Storage, he(or she) NEVER want to expose that file to other applications. - - Therefore, all applications should have their independent storage in Secure Storage. - - But in some cases, two or more applications should share same encrypted file. (e.g. DRM master secret key) - - The 'group_id' works in two diffrent ways - <b>'designated group name'</b> or <b>'NULL'</b> - - Use designated group name - - Use when two or more applications want to share same encrypted file. - - You should ask the security part to make the proper group_id. - - The storage is made in /opt/share/secure-storage/, and the directory name is group_id. (/opt/share/secure-storage/[GROUP_ID]) - - If an application wants to read the encrypted file in some specific storage, that application MUST have privilege to access the file in the storage. - - Use NULL - - In the most cases, an application writes file into it's own storage, and the privilege is given to ifself. - - The storage is made in /opt/share/secure-storage/, and the directory name is the hash value of execution path of that application. - - Each applications have it's own storage. - - Each applications CANNOT access to other's storage. (the hash value of execution path is unique.) -- Usage of tags. In Secure Storage, we have some tags, which is used to determine the kind of encrypted data. - - SSM_FLAG_DATA - - The general data. The most files are included, BUT you cannot use this flag in case of buffer encryption. - - The encrypted content will be stored in /opt/share/secure-storage/~~/. - - SSM_FLAG_SECRET_OPERATION - - If you want to encrypt buffer content, you can use this flag. The file can be encrypted, too. - - The encrypted content will be stored in /opt/share/secure-storage/~~/. - - SSM_FLAG_SECRET_PRESERVE - - This flag is reserved for special contents. The encrypted file by this flag will not be deleted regardless of any changes of binary. - - The encrypted content will be stored in directory which be specified in configuration file. - - The configuration file is /usr/share/secure-storage/config. - -<h2 class="pg">Encrypt file content and store into secure-storage</h2> -@code -#include <stdio.h> -#include <ss_manager.h> - -int main(void) -{ - int ret = -1; // if return is 0, success - char* filepath = "/opt/secure-storage/test/input.txt"; // this file will be encrypted. MUST use absolute path. - ssm_flag flag = SSM_FLAG_DATA; // in case of file encryption, SSM_FLAG_DATA is recommended. - char* group_id = NULL; // if some applications want to share encrypted file, 'group_id' will have a value, otherwise, NULL. - - ret = ssm_write_file(filepath, flag, group_id); - // - if success, return 0. otherwise, return negative value. each value has specific meaning. see Error Definition. - // - encrypted file will be stored in /opt/share/secure-storage/[HASH_VALUE_OF_CALLER]/{ORIGINAL_FILE_NAME}_{HASH_OF_NAME}.{EXTENSION}.e - // if you use specific 'group_id', directory name is that instead of {HASH_VALUE_OF_CALLER}. - // - the original file is deleted after encrypting. - - printf("ret: [%d]\n", ret); - return 0; -} -@endcode - -<h2 class="pg">Encrypt buffer content and store into secure-storage</h2> -@code -#include <stdio.h> -#include <ss_manager.h> - -int main(void) -{ - int ret = -1; // if return is 0, success - char buf[32]; // this buffer content will be encrypted. - ssm_flag flag = SSM_FLAG_SECRET_OPERATION; // in case of buffer encryption, SSM_FLAG_SECRET_OPERATION is recommended. - char* group_id = NULL; // if some applications want to share encrypted file, 'group_id' will have a value, otherwise, NULL. - char* filename = "write_buf_res.txt"; // file name of encrypted buffer content. this file will be stored in secure-storage. - int buflen = 0; // length of the original buffer content - - memset(buf, 0x00, 32); - strncpy(buf, "abcdefghij", 10); - - buflen = strlen(buf); - - ret = ssm_write_buf(buf, buflen, filename, flag, group_id); - // - if success, return 0. otherwise, return negative value. each value has specific meaning. see Error Definition. - // - encrypted file will be stored in /opt/share/secure-storage/[HASH_VALUE_OF_CALLER]/write_buf_res.txt - // file name is what you use as parameter. - // same as above, if you use specific 'group_id', directory name will be changed. - - printf("ret: [%d]\n", ret); - return 0; -} - -@endcode - -<h2 class="pg">Read encrypted content</h2> -@code -#include <stdio.h> -#include <ss_manager.h> - -int main(void) -{ - int ret = -1; // if return is 0, success - char* filepath = "/opt/secure-storage/test/input.txt"; - // this 'filepath' MUST be same with the one which be used when encrypting. - // in case of buffer encryption, type JUST file name. - char* retbuf = NULL; // decrypted content is stored in this buffer. - ssm_file_info_t sfi; // information of encrypted file. this information is used in order to know original file size. - int readlen = 0; // length of reading content - ssm_flag flag = SSM_FLAG_DATA; // this 'flag' MUST be same with the one which be used when encrypting. - char* group_id = NULL; // if some applications want to share encrypted file, 'group_id' will have a value, otherwise, NULL. - - ssm_get_info(filepath, &sfi, flag, group_id); // get information of encrypted file, that information will be stored in 'sfi'. - retbuf = (char*)malloc(sizeof(char) * (sfi.originSize + 1)); // memory allocation for decrypted data - memset(retbuf, 0x00, (sfi.originSize + 1)); - - ret = ssm_read(filepath, retbuf, sfi.originSize, &readlen, flag, group_id); - // - if success, return 0. otherwise, return negative value. each value has specific meaning. see Error Definition. - // - if no error occured, decrypted data is stored in 'refbuf' buffer. - - printf("ret: [%d]\n", ret); - printf("decrypted data: [%s]\n", retbuf); - return 0; -} -@endcode - - -<h1 class="pg">Test & Etc.</h1> -- Test - - Unit test - not supported yet. - - Integration test - not supported yet. - -- Server Action - - When testing, server program and test executable are running at the same time. Therefore two terminals are executed simultaneously. To doing this, execute server when booting. - - In /etc/rc.d/rc.sysinit script, there is code which starts secure storage (Already reflected) - -- Physical Secure storage - - The location of certificate file which be used OMA DRM is '/csa/'. But other files are stored in '/opt/share/secure-storage/'. If you want to check the file storing path, refer to 'ss_manager.h'. - - #define SSM_STORAGE_DEFAULT_PATH - -- Source code Download - - If you want to get source codes, there are two ways, - - # apt-get source libss-client-0 - -*/ - -/** - * @} - */ diff --git a/include/secure_storage.h b/include/secure_storage.h index def8fe0..9ca8ad2 100644 --- a/include/secure_storage.h +++ b/include/secure_storage.h @@ -24,81 +24,59 @@ #define SS_SOCK_PATH "/tmp/SsSocket" -#define MAX_FILENAME_SIZE 256 // for absolute path +#define MAX_FILENAME_SIZE SSA_MAX_DATA_NAME_SIZE #define MAX_RECV_DATA_SIZE 4096 // internal buffer = 4KB #define MAX_SEND_DATA_SIZE 4096 // internal buffer = 4KB -#define MAX_GROUP_ID_SIZE 32 - -#define SS_STORAGE_DEFAULT_PATH "/opt/share/secure-storage/" +#define MAX_GROUP_ID_SIZE SSA_MAX_GROUP_ID_SIZE +#define SS_STORAGE_DEFAULT_PATH "/opt/share/secure-storage" #define MAX_APPID_SIZE 32 -#define MAX_PASSWORD_SIZE 32 +#define MAX_PASSWORD_SIZE SSA_MAX_PASSWORD_SIZE #define KEY_SIZE 16 #define SALT_SIZE 400 #define SALT_NAME "salt" #define HASH_SIZE 20 #define DUK_NAME "duk" -#define SALT_PATH "/opt/share/secure-storage/salt/salt" +#define SALT_PATH "/opt/share/secure-storage/salt" #define DELIMITER "::" #define DELIMITER_SIZE 2 #define PRE_GROUP_ID "secure-storage::" +#define PRIVATE_GROUP_ID "NOTUSED" -/* using dlog */ -#ifdef SS_DLOG_USE - +#ifdef LOG_TAG +#undef LOG_TAG +#endif #define LOG_TAG "SECURE_STORAGE" #include <dlog.h> -#elif SS_CONSOLE_USE // debug msg will be printed in console - -#define SLOGD(FMT, ARG ...) fprintf(stderr, FMT, ##ARG) -#define SLOGV(FMT, ARG ...) fprintf(stderr, FMT, ##ARG) -#define SLOGI(FMT, ARG ...) fprintf(stderr, FMT, ##ARG) -#define SLOGW(FMT, ARG ...) fprintf(stderr, FMT, ##ARG) -#define SLOGE(FMT, ARG ...) fprintf(stderr, FMT, ##ARG) -#define SLOGF(FMT, ARG ...) fprintf(stderr, FMT, ##ARG) - -#else // don't use logging - -#define SLOGD(FMT, ARG ...) {} -#define SLOGV(FMT, ARG ...) {} -#define SLOGI(FMT, ARG ...) {} -#define SLOGW(FMT, ARG ...) {} -#define SLOGE(FMT, ARG ...) {} -#define SLOGF(FMT, ARG ...) {} - -#endif - #define SS_FILE_POSTFIX ".e" +typedef enum { + PUT_DATA, + GET_DATA, + DELETE_DATA, + ENCRYPT_DATA, + DECRYPT_DATA, + GET_SALT, + GET_DUK, +} RequestType; -typedef struct { - unsigned int originSize; - unsigned int storedSize; - char reserved[8]; -}ssm_file_info_t; - -typedef union { - ssm_file_info_t fInfoStruct; - char fInfoArray[16]; -}ssm_file_info_convert_t; typedef struct { - int req_type; - int enc_type; - unsigned int count; // 1 count = 4KB - unsigned int flag; - char data_infilepath[MAX_FILENAME_SIZE+1]; // string - char buffer[MAX_SEND_DATA_SIZE+1]; - char group_id[MAX_GROUP_ID_SIZE+1]; // string -} ReqData_t; + RequestType reqType; + char dataName[MAX_FILENAME_SIZE * 2 + 1]; // for absolute path + char dataBlock[MAX_SEND_DATA_SIZE]; + int dataBlockLen; + char groupId[MAX_GROUP_ID_SIZE+1]; // string + char password[MAX_PASSWORD_SIZE+1]; // string + int enablePassword; + int encryptionMode; +} RequestData; typedef struct { - int rsp_type; - unsigned int readLen; - char data_filepath[MAX_FILENAME_SIZE+1]; // string - char buffer[MAX_RECV_DATA_SIZE]; -} RspData_t; - + int result; + char dataBlock[MAX_RECV_DATA_SIZE]; + int dataBlockLen; +} ResponseData; #endif // __SECURE_STORAGE__ diff --git a/include/ss_manager.h b/include/ss_manager.h index 4fc6066..9363deb 100755..100644 --- a/include/ss_manager.h +++ b/include/ss_manager.h @@ -22,114 +22,23 @@ #include <tizen.h> - /** * @addtogroup CAPI_SECURE_STORAGE_MODULE * @{ */ - /** - * @brief Secure Storage default path - * @remark This path is deprecated. + * @brief Maximum length if data name */ -#define SSM_STORAGE_DEFAULT_PATH "/opt/share/secure-storage/" - -#define DEPRECATED __attribute__((deprecated)) - +#define SSA_MAX_DATA_NAME_SIZE 256 /** - * @brief Enumeration for SSM data type - * @remark This enumeration is deprecated. - */ -typedef enum { - SSM_FLAG_NONE = 0x00, /**< for initial purrpose */ - SSM_FLAG_DATA, /**< normal data for user (ex> picture, video, memo, etc.) */ - SSM_FLAG_SECRET_PRESERVE, /**< for preserved operation */ - SSM_FLAG_SECRET_OPERATION, /**< for oma drm , wifi addr, divx and bt addr */ - SSM_FLAG_WIDGET, /**< for wiget encryption/decryption */ - SSM_FLAG_WEB_APP, /**< for web application encryption/decryption */ - SSM_FLAG_PRELOADED_WEB_APP, /**< for preloaded application encryption/decryption */ - SSM_FLAG_MAX -} ssm_flag; - -/* - * @brief Enumeration for SSM data type - * @remark This enumeration is deprecated. + * @brief Maximum length of group id */ -typedef enum { - SSM_FLAG_WEB_APP_, /**< for web application */ - SSM_FLAG_PRELOADED_WEB_APP_ /**< for preloaded web application */ -} WebFlag; - - +#define SSA_MAX_GROUP_ID_SIZE 32 /** - * @brief Parameter error - * @remark This Error code is deprecated. + * @brief Maximum length of password */ -#define SS_PARAM_ERROR 0x00000002 -/** - * @brief File type error - * @remark This Error code is deprecated. - */ -#define SS_FILE_TYPE_ERROR 0x00000003 -/** - * @brief File open error - * @remark This Error code is deprecated. - */ -#define SS_FILE_OPEN_ERROR 0x00000004 -/** - * @brief File read error - * @remark This Error code is deprecated. - */ -#define SS_FILE_READ_ERROR 0x00000005 - -/** - * @brief File write error - * @remark This Error code is deprecated. - */ -#define SS_FILE_WRITE_ERROR 0x00000006 -/** - * @brief Out of memory - * @remark This Error code is deprecated. - */ -#define SS_MEMORY_ERROR 0x00000007 -/** - * @brief Socket error - * @remark This Error code is deprecated. - */ -#define SS_SOCKET_ERROR 0x00000008 -/** - * @brief Encryption error - * @remark This Error code is deprecated. - */ -#define SS_ENCRYPTION_ERROR 0x00000009 -/** - * @brief Decryption error - * @remark This Error code is deprecated. - */ -#define SS_DECRYPTION_ERROR 0x0000000a -/** - * @brief Data block size error - * @remark This Error code is deprecated. - */ -#define SS_SIZE_ERROR 0x0000000b -/** - * @brief Secure Storage access error - * @remark This Error code is deprecated. - */ -#define SS_SECURE_STORAGE_ERROR 0x0000000c -/** - * @brief Permission denied from security server - * @remark This Error code is deprecated. - */ -#define SS_PERMISSION_DENIED 0x0000000d -/** - * @brief Trust Zone error - * @remark This Error code is deprecated. - */ -#define SS_TZ_ERROR 0x0000000e - - +#define SSA_MAX_PASSWORD_SIZE 32 #ifdef __cplusplus extern "C" { @@ -150,17 +59,18 @@ typedef enum } ssa_error_e; /** - * @brief Put application data to Secure Storage by given name. - * @remark Input parameters pInDataName, pInDataBlock, pGroupId, pPassword must be static / allocated by user. Maximum used length of user password and group id are 32. + * @internal + * @brief Puts application data to Secure Storage by given name. + * @remark Input parameters pInDataName, pInDataBlock, pGroupId, pPassword must be static / allocated by user. Maximum lengths of user password and group id are 32. * * @since_tizen 2.3 - * @param[in] pDataName Data name to be identify. - * @param[in] pInDataBlock Data block to be stored. - * @param[in] pInDataBlockLen Length of data to be put. + * @param[in] pDataName The data name to be identify. + * @param[in] pInDataBlock The data block to be stored. + * @param[in] pInDataBlockLen The length of the data to be put. * @param[in] pGroupId Sharing group id. (NULL if not used) - * @param[in] pPassword User password to use for encryption. (NULL if not used) + * @param[in] pPassword The user password to use for encryption. (NULL if not used) * - * @return Length of stored data block on success or an error code otherwise. + * @return The length of stored data block on success or an error code otherwise. * @retval #SSA_PARAM_ERROR Invalid input parameter * @retval #SSA_AUTHENTICATION_ERROR Non-authenticated application request * @retval #SSA_TZ_ERROR Trust zone error @@ -186,15 +96,15 @@ typedef enum * unsigned char password[32]; * unsigned char* pGroupId; * - * // Put data name to array dataName - * // Put data block to pDataBlock and put its length to dataLen - * // Put user password to array password - * // Put group id to pGroupId if want share the data + * // Put the data name to the dataName array + * // Put the data block to pDataBlock and put its length to dataLen + * // Put the user password to the password array + * // Put the group id to pGroupId if want share the data * * outLen = ssa_put(dataName, pDataBlock, dataLen, pGroupId, password); * if(outLen < 0) * { - * // Error handling + * // Error handling * } * // Use dataName to read data block afterwards * @@ -206,16 +116,17 @@ int ssa_put(const char* pDataName, const char* pInDataBlock, size_t inDataBlockL /** - * @brief Get application data from Secure Storage by given name. - * @remark Input parameters pOutataName, pGroupId, pPassword must be static / allocated by user. Maximum used length of user password and group id are 32 + * @internal + * @brief Gets application data from Secure Storage by given name. + * @remark Input parameters pOutataName, pGroupId, pPassword must be static / allocated by user. Maximum length of user password and group id are 32. * * @since_tizen 2.3 - * @param[in] pDataName Data name to read. - * @param[out] ppOutDataBlock Containing data get from secure storage. Memory allocated for ppOutDataBlock. So must be freed by the user of this function. - * @param[in] pGroupId Sharing group id. (NULL if not used) - * @param[in] pPassword User password to use for encryption. (NULL if not used) + * @param[in] pDataName The data name to read. + * @param[out] ppOutDataBlock Containing data get from the secure storage. Memory allocated for ppOutDataBlock. So must be freed by the user of this function. + * @param[in] pGroupId Sharing group id. (NULL if not used) + * @param[in] pPassword The user password to use for encryption. (NULL if not used) * - * @return Length of read data block on success or an error code otherwise. + * @return The length of read data block on success or an error code otherwise. * @retval #SSA_PARAM_ERROR Invalid input parameter or no such data by given data name * @retval #SSA_AUTHENTICATION_ERROR Non-authenticated application request * @retval #SSA_TZ_ERROR Trust zone error @@ -238,14 +149,14 @@ int ssa_put(const char* pDataName, const char* pInDataBlock, size_t inDataBlockL * unsigned char password[32]; * unsigned char* pGroupId; * - * // Put data name to array dataName - * // Put user password to array password - * // Put group id to pGroupId if want share the data + * // Put the data name to the dataName array + * // Put the user password to the password array + * // Put the group id to pGroupId if want share the data * * outLen = ssa_get(dataName, &pOutDataBlock, pGroupId, password); * if(outLen < 0) * { - * // Error handling + * // Error handling * } * * free(pOutDataName); @@ -258,14 +169,15 @@ int ssa_get(const char* pDataName, char** ppOutDataBlock, const char* pGroupId, /** - * @brief Delete application data from Secure Storage by given name. - * @remark Input parameters pDataName, pGroupId must be static / allocated by caller. Maximum used length of group id is 32 + * @internal + * @brief Deletes application data from Secure Storage by given name. + * @remark Input parameters pDataName, pGroupId must be static / allocated by caller. Maximum length of group id is 32. * * @since_tizen 2.3 - * @param[in] pDataName Data name to delete + * @param[in] pDataName The data name to delete * @param[in] pGroupId Sharing group id. (NULL if not used) * - * @return Length of data block on success or an error code otherwise. + * @return The length of data block on success or an error code otherwise. * @retval #SSA_PARAM_ERROR Invalid input parameter or no such data by given data name * @retval #SSA_AUTHENTICATION_ERROR Non-authenticated application request * @retval #SSA_TZ_ERROR Trust zone error @@ -286,13 +198,13 @@ int ssa_get(const char* pDataName, char** ppOutDataBlock, const char* pGroupId, * unsigned char dataName[32]; * unsigned char* pGroupId; * - * // Put data name to array dataName - * // Put group id to pGroupId if want share the data + * // Put the data name to the dataName array + * // Put the group id to pGroupId if want share the data * * ret = ssa_delete(dataName, pGroupId); * if(ret < 0) * { - * // Error handling + * // Error handling * } * * return; @@ -304,16 +216,17 @@ int ssa_delete(const char* pDataName, const char* pGroupId); /** - * @brief Encrypt application data using Secure Storage. - * @remark Input parameters pInDataBlock, pPassword must be static / allocated by caller. Maximum used length of password is 32 + * @internal + * @brief Encrypts application data using Secure Storage. + * @remark Input parameters pInDataBlock, pPassword must be static / allocated by caller. Maximum length of password is 32. * * @since_tizen 2.3 - * @param[in] pInDataBlock Data block to be encrypted. - * @param[in] inDataBlockLen Length of data block to be encrypted. - * @param[out] ppOutDataBlock Data block contaning encrypted data block. Memory allocated for ppOutDataBlock. So must be freed user of this function. - * @param[in] pPassword User password to use for encryption. (NULL if not used) + * @param[in] pInDataBlock The data block to be encrypted. + * @param[in] inDataBlockLen The length of the data block to be encrypted. + * @param[out] ppOutDataBlock The data block contaning encrypted data block. Memory allocated for ppOutDataBlock. Has to be freed by free() function. + * @param[in] pPassword The user password to use for encryption. (NULL if not used) * - * @return Length of encrypted data block on success or an error code otherwise. + * @return The length of encrypted data block on success or an error code otherwise. * @retval #SSA_PARAM_ERROR Invalid input parameter * @retval #SSA_AUTHENTICATION_ERROR Non-authenticated application request * @retval #SSA_TZ_ERROR Trust zone error @@ -334,13 +247,13 @@ int ssa_delete(const char* pDataName, const char* pGroupId); * unsigned char* pOutDataBlock; * unsigned char pPassword[32]; * - * // Put data block to pDataBlock and put its length to dataBlockLen - * // Put user password to array pPassword + * // Put the data block to pDataBlock and put its length to dataBlockLen + * // Put the user password to the pPassword array * * len = ssa_encrypt(pDataBlock, dataBlockLen, &pOutDataBlock, pPassword); * if(len < 0) * { - * // Error handling + * // Error handling * } * * ... @@ -352,16 +265,17 @@ int ssa_encrypt(const char* pInDataBlock, size_t inDataBlockLen, char** ppOutDat /** - * @brief Decrypt application data using Secure Storage. - * @remark Input parameters pInDataBlock, pPassword must be static / allocated by caller. Maximum used length of password is 32 + * @internal + * @brief Decrypts application data using Secure Storage. + * @remark Input parameters pInDataBlock, pPassword must be static / allocated by caller. Maximum length of password is 32. * * @since_tizen 2.3 - * @param[in] pInDataBlock Data block contained encrypted data from ssa_encrypt. - * @param[in] inDataBlockLen Length of data block to be decrypted. - * @param[out] ppOutDataBlock Data block contaning decrypted data block. Memory allocated for ppOutDataBlock. So must be freed user of this function. - * @param[in] pPassword User password to use for decryption. (NULL if not used) + * @param[in] pInDataBlock The data block contained encrypted data from ssa_encrypt. + * @param[in] inDataBlockLen The length of the data block to be decrypted. + * @param[out] ppOutDataBlock The data block contaning decrypted data block. Memory allocated for ppOutDataBlock. Has to be freed by free() function. + * @param[in] pPassword The user password to use for decryption. (NULL if not used) * - * @return Length of decrypted data block on success or an error code otherwise. + * @return Length of decrypted data block on success, otherwise an error code. * @retval #SSA_PARAM_ERROR Invalid input parameter * @retval #SSA_AUTHENTICATION_ERROR Non-authenticated application request * @retval #SSA_TZ_ERROR Trust zone error @@ -382,13 +296,13 @@ int ssa_encrypt(const char* pInDataBlock, size_t inDataBlockLen, char** ppOutDat * unsigned char* pOutDataBlock; * unsigned char pPassword[32]; * - * // Put data block to pDataBlock and put its length to dataBlockLen - * // Put user password to array pPassword + * // Put the data block to pDataBlock and put its length to dataBlockLen + * // Put the user password to the pPassword array * * len = ssa_decrypt(pDataBlock, dataBlockLen, &pOutDataBlock, pPassword); * if(len < 0) * { - * // Error handling + * // Error handling * } * * ... @@ -400,17 +314,18 @@ int ssa_decrypt(const char* pInDataBlock, size_t inDataBlockLen, char** ppOutDat /** - * @brief Encrypt web application data using Secure Storage. + * @internal + * @brief Encrypts web application data using Secure Storage. * * @since_tizen 2.3 * @param[in] pAppId The application id. - * @param[in] idLen Length of application id. - * @param[in] pData Data block to be encrypted. - * @param[in] dataLen Length of data block. - * @param[out] ppEncryptedData Data block contaning encrypted data block. Memory allocated for ppEncryptedData. So must be freed user of this function. - * @param[in] isPreloaded True if the application is preloaded else false. + * @param[in] idLen The length of the application id. + * @param[in] pData The data block to be encrypted. + * @param[in] dataLen The length of the data block. + * @param[out] ppEncryptedData The data block contaning encrypted data block. Memory allocated for ppEncryptedData. Has to be freed by free() function. + * @param[in] isPreloaded True if the application is preloaded, otherwise false. * - * @return Length of encrypted data block on success or an error code otherwise. + * @return The length of encrypted data block on success, otherwise an error code. * @retval #SSA_PARAM_ERROR Invalid input parameter * @retval #SSA_AUTHENTICATION_ERROR Non-authenticated application request * @retval #SSA_TZ_ERROR Trust zone error @@ -424,17 +339,18 @@ int ssa_encrypt_web_application(const char* pAppId, int idLen, const char* pData /** - * @brief Encrypt web application data using Secure Storage. + * @internal + * @brief Encrypts web application data using Secure Storage. * * @since_tizen 2.3 * @param[in] pAppId The application id. - * @param[in] idLen Length of application id. - * @param[in] pData Data block to be encrypted. - * @param[in] dataLen Length of data block. - * @param[out] ppEncryptedData Data block contaning encrypted data block. Memory allocated for ppEncryptedData. So must be freed user of this function. - * @param[in] isPreloaded True if the application is preloaded else false. + * @param[in] idLen The length of the application id. + * @param[in] pData The data block to be encrypted. + * @param[in] dataLen The length of the data block. + * @param[out] ppEncryptedData Data block contaning encrypted data block. Memory allocated for ppEncryptedData. Has to be freed by free() function. + * @param[in] isPreloaded True if the application is preloaded, otherwise false. * - * @return Length of encrypted data block on success or an error code otherwise. + * @return Length of encrypted data block on success, otherwise an error code. * @retval #SSA_PARAM_ERROR Invalid input parameter * @retval #SSA_AUTHENTICATION_ERROR Non-authenticated application request * @retval #SSA_TZ_ERROR Trust zone error diff --git a/libss-client.manifest b/packaging/libss-client.manifest index 81ace0c..81ace0c 100644 --- a/libss-client.manifest +++ b/packaging/libss-client.manifest diff --git a/packaging/non-tz-secure-storage.service b/packaging/non-tz-secure-storage.service deleted file mode 100755 index 066f423..0000000 --- a/packaging/non-tz-secure-storage.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Start the Secure Storage server -After=csa.mount -Requires=security-server.socket - -[Service] -ExecStart=/usr/bin/ss-server -Restart=always -RestartSec=0 - -[Install] -WantedBy=multi-user.target diff --git a/packaging/secure-storage.spec b/packaging/secure-storage.spec index c70c5d9..4cee978 100755..100644 --- a/packaging/secure-storage.spec +++ b/packaging/secure-storage.spec @@ -1,38 +1,52 @@ +%define secure_storage_build_test 0 + Name: secure-storage Summary: Secure storage -Version: 0.12.12 +Version: 0.12.13 Release: 1 Group: System/Security License: Apache-2.0 Source0: secure-storage-%{version}.tar.gz -Source1: non-tz-secure-storage.service -Source2: ss-server.socket -BuildRequires: pkgconfig(openssl) -BuildRequires: pkgconfig(dlog) -BuildRequires: pkgconfig(libsystemd-daemon) -BuildRequires: pkgconfig(security-server) -BuildRequires: cmake -BuildRequires: libcryptsvc-devel -BuildRequires: pkgconfig(dukgenerator) -BuildRequires: pkgconfig(db-util) -BuildRequires: pkgconfig(sqlite3) -BuildRequires: pkgconfig(vconf) -BuildRequires: pkgconfig(glib-2.0) -BuildRequires: pkgconfig(capi-base-common) +Source1001: ss-server.manifest +Source1002: libss-client.manifest +Source1003: ss-client-tests.manifest +BuildRequires: cmake +BuildRequires: pkgconfig(openssl) +BuildRequires: pkgconfig(dlog) +BuildRequires: pkgconfig(capi-base-common) +BuildRequires: pkgconfig(libsystemd-daemon) +BuildRequires: pkgconfig(security-server) +BuildRequires: pkgconfig(db-util) +BuildRequires: pkgconfig(sqlite3) %description Secure storage package + +%package -n ss-server +Summary: Secure storage (ss-server) +Group: Development/Libraries +Requires(preun): /usr/bin/systemctl +Requires(post): /usr/bin/systemctl +Requires(postun): /usr/bin/systemctl +Requires: systemd + +%description -n ss-server +Secure storage package (ss-server) + + %package -n libss-client Summary: Secure storage (client) Group: Development/Libraries Provides: libss-client.so Requires(post): /sbin/ldconfig Requires(postun): /sbin/ldconfig +Requires: ss-server %description -n libss-client Secure storage package (client) + %package -n libss-client-devel Summary: Secure storage (client-devel) Group: Development/Libraries @@ -41,52 +55,51 @@ Requires: libss-client = %{version}-%{release} %description -n libss-client-devel Secure storage package (client-devel) -%package -n ss-server -Summary: Secure storage (ss-server) -Group: Development/Libraries -Requires(preun): /usr/bin/systemctl -Requires(post): /usr/bin/systemctl -Requires(postun): /usr/bin/systemctl -Requires: systemd -Requires: libss-client = %{version}-%{release} -Requires: libcryptsvc -%description -n ss-server -Secure storage package (ss-server) +%package -n ss-client-tests +Summary: Internal test for ss-client +Group: Development +Requires: libss-client = %{version}-%{release} + +%description -n ss-client-tests + %prep %setup -q +cp -a %{SOURCE1001} . +cp -a %{SOURCE1002} . +cp -a %{SOURCE1003} . %build - export CFLAGS="$CFLAGS -DTIZEN_DEBUG_ENABLE" export CXXFLAGS="$CXXFLAGS -DTIZEN_DEBUG_ENABLE" export FFLAGS="$FFLAGS -DTIZEN_DEBUG_ENABLE" -export CFLAGS="$CFLAGS -DSECURE_STORAGE_DEBUG_ENABLE" -export CXXFLAGS="$CXXFLAGS -DSECURE_STORAGE_DEBUG_ENABLE" -export FFLAGS="$FFLAGS -DSECURE_STORAGE_DEBUG_ENABLE" -cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix} +%define build_type DEBUG + +cmake . -DVERSION=%{version} \ + -DCMAKE_INSTALL_PREFIX=%{_prefix} \ + -DCMAKE_BUILD_TYPE=%{?build_type:%build_type}%{!?build_type:RELEASE} \ +%if 0%{?secure_storage_build_test} + -DSECURE_STORAGE_BUILD_TEST=1 \ +%endif + -DSYSTEMD_UNIT_DIR=%{_unitdir} make %{?jobs:-j%jobs} %install rm -rf %{buildroot} -%make_install +mkdir -p %{buildroot}%{_datadir}/license +cp LICENSE %{buildroot}%{_datadir}/license/ss-server +cp LICENSE %{buildroot}%{_datadir}/license/libss-client -mkdir -p %{buildroot}%{_libdir}/systemd/system/multi-user.target.wants -mkdir -p %{buildroot}%{_libdir}/systemd/system/sockets.target.wants - -install -m 0644 %{SOURCE1} %{buildroot}%{_libdir}/systemd/system/secure-storage.service -install -m 0644 %{SOURCE2} %{buildroot}%{_libdir}/systemd/system/ -ln -s ../secure-storage.service %{buildroot}%{_libdir}/systemd/system/multi-user.target.wants/ -ln -s ../ss-server.socket %{buildroot}%{_libdir}/systemd/system/sockets.target.wants/ - -mkdir -p %{buildroot}/usr/share/license -cp LICENSE.Apache-2.0 %{buildroot}/usr/share/license/ss-server -cp LICENSE.Apache-2.0 %{buildroot}/usr/share/license/libss-client +%make_install +mkdir -p %{buildroot}%{_unitdir}/multi-user.target.wants +mkdir -p %{buildroot}%{_unitdir}/sockets.target.wants +ln -s ../secure-storage.service %{buildroot}%{_unitdir}/multi-user.target.wants/ +ln -s ../ss-server.socket %{buildroot}%{_unitdir}/sockets.target.wants/ %preun -n ss-server if [ $1 == 0 ]; then @@ -104,29 +117,37 @@ systemctl daemon-reload %post -n libss-client -p /sbin/ldconfig + %postun -n libss-client -p /sbin/ldconfig %files -n ss-server %manifest ss-server.manifest -%defattr(-,root,root,-) -%{_bindir}/ss-server -%{_libdir}/systemd/system/secure-storage.service -%{_libdir}/systemd/system/ss-server.socket -%{_libdir}/systemd/system/multi-user.target.wants/secure-storage.service -%{_libdir}/systemd/system/sockets.target.wants/ss-server.socket +%caps(cap_chown,cap_dac_override,cap_lease=eip) %{_bindir}/ss-server +%defattr(-,system,system,-) +%{_unitdir}/secure-storage.service +%{_unitdir}/ss-server.socket +%{_unitdir}/multi-user.target.wants/secure-storage.service +%{_unitdir}/sockets.target.wants/ss-server.socket %{_datadir}/secure-storage/config -/usr/share/license/ss-server +%{_datadir}/license/ss-server +%dir /opt/share/secure-storage +/opt/share/secure-storage/salt %files -n libss-client %manifest libss-client.manifest -%defattr(-,root,root) +%defattr(-,system,system,-) %{_libdir}/libss-client.so.* -/usr/share/license/libss-client -/opt/share/secure-storage/salt/* +%{_datadir}/license/libss-client %files -n libss-client-devel -%defattr(-,root,root,-) +%defattr(-,system,system,-) %{_includedir}/ss_manager.h %{_libdir}/pkgconfig/secure-storage.pc %{_libdir}/libss-client.so +%if 0%{?secure_storage_build_test} +%files -n ss-client-tests +%defattr(-,system,system,-) +%manifest ss-client-tests.manifest +%{_bindir}/ss-client-tests-ss-manager +%endif diff --git a/packaging/ss-client-tests.manifest b/packaging/ss-client-tests.manifest new file mode 100644 index 0000000..d21d7d6 --- /dev/null +++ b/packaging/ss-client-tests.manifest @@ -0,0 +1,13 @@ +<manifest> + <define> + <domain name="ss-client-tests"/> + <provide> + </provide> + <request> + <smack request="test_group" type="rw"/> + </request> + </define> + <request> + <domain name="ss-client-tests"/> + </request> +</manifest> diff --git a/ss-server.manifest b/packaging/ss-server.manifest index 4c304bc..b4c84fb 100644 --- a/ss-server.manifest +++ b/packaging/ss-server.manifest @@ -2,8 +2,6 @@ <define> <domain name="secure-storage"/> <provide> - <label name="secure-storage::mdm-limit-call"/> - <label name="secure-storage::mdm-limit-sms"/> <label name="secure-storage::tethering"/> <label name="secure-storage::activesync"/> <label name="secure-storage::pkcs12"/> @@ -13,15 +11,22 @@ <label name="secure-storage::facebook"/> <label name="secure-storage::telephony_sim"/> <label name="secure-storage::email-service"/> - <label name="secure-storage::key-storage"/> - <label name="secure-storage::mdm-status"/> <label name="secure-storage::fus"/> <label name="secure-storage::magazine"/> + <label name="secure-storage::rulog"/> </provide> <request> <smack request="security-server::api-privilege-by-pid" type="w"/> + <smack request="device::app_logging" type="rw"/> + <smack request="device::sys_logging" type="rw"/> </request> + <permit> + <smack permit="org.tizen.setting" type="w"/> + </permit> </define> + <assign> + <filesystem path="/opt/share/secure-storage" label="secure-storage" type="transmutable" /> + </assign> <request> <domain name="secure-storage"/> </request> diff --git a/res/CMakeLists.txt b/res/CMakeLists.txt new file mode 100644 index 0000000..3b37024 --- /dev/null +++ b/res/CMakeLists.txt @@ -0,0 +1,6 @@ +CONFIGURE_FILE(config.in config @ONLY) + +INSTALL(FILES ${PROJECT_SOURCE_DIR}/res/config + DESTINATION share/secure-storage/) +INSTALL(FILES ${PROJECT_SOURCE_DIR}/res/salt + DESTINATION ../opt/share/secure-storage/) diff --git a/config.in b/res/config.in Binary files differindex 8005cca..8005cca 100644 --- a/config.in +++ b/res/config.in diff --git a/secure-storage.pc.in b/secure-storage.pc.in index ae27633..08d1899 100644 --- a/secure-storage.pc.in +++ b/secure-storage.pc.in @@ -1,11 +1,11 @@ -prefix=@PREFIX@ -exec_prefix=@EXEC_PREFIX@ -libdir=@LIBDIR@ -includedir=@INCLUDEDIR@ +prefix=@CMAKE_INSTALL_PREFIX@ +exec_prefix=${prefix} +libdir=${prefix}/lib +includedir=${prefix}/include Name: secure-storage Description: Secure Storage Package Version: @VERSION@ -Requires: openssl +Requires: openssl capi-base-common Libs: -L${libdir} -lss-client -Cflags: -I${includedir}/secure-storage +Cflags: -I${includedir}/secure-storage diff --git a/server/non-tz/include/ss_server_main.h b/server/non-tz/include/ss_server_main.h deleted file mode 100755 index 49cc7b7..0000000 --- a/server/non-tz/include/ss_server_main.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - * secure storage - * - * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Kidong Kim <kd0228.kim@samsung.com> - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include "ss_manager.h" - -int SsServerDataStoreFromFile(int sender_pid, const char* filepath, ssm_flag flag, int sockfd, const char* group_id); -int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen, const char* filename, ssm_flag flag, int sockfd, const char* group_id); -int SsServerDataRead(int sender_pid, const char* filepath, char* pRetBuf, unsigned int count, unsigned int* readLen, ssm_flag flag, int sockfd, const char* group_id); -int SsServerGetInfo(int sender_pid, const char* filepath, char* file_info, ssm_flag flag, int sockfd, const char* group_id); -int SsServerDeleteFile(int sender_pid, const char* filepath, ssm_flag flag, int sockfd, const char* group_id); - - -int SsServerGetDuk(int client_sockfd, char* pBuffer, unsigned int* pBufferLen, char* pAppId, unsigned int flag); diff --git a/server/non-tz/src/ss_server_ipc.c b/server/non-tz/src/ss_server_ipc.c deleted file mode 100755 index 0e680de..0000000 --- a/server/non-tz/src/ss_server_ipc.c +++ /dev/null @@ -1,567 +0,0 @@ -/* - * secure storage - * - * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Kidong Kim <kd0228.kim@samsung.com> - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <signal.h> -#include <unistd.h> -#include <sys/un.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <sys/socket.h> -#include <errno.h> -#include <dirent.h> -#include <sys/ioctl.h> -#include <fcntl.h> -#include <systemd/sd-daemon.h> -#include <pthread.h> -#include <vconf.h> -#include <glib.h> -#include <dlfcn.h> - -#include "secure_storage.h" -#include "ss_server_ipc.h" -#include "ss_server_main.h" - -#define CONF_FILE_PATH "/usr/share/secure-storage/config" -#define KEY_SIZE 16 -#define VCONF_SMACK_UPDATE_FILE_PATH_KEY_NODE "db/smack/spd_policy_filepath" -#define VCONF_UPDATE_RESULT_KEY_NODE "db/smack/spd_update_result" -#define VCONF_UPDATE_RESULT_KEY_NODE_FOR_APP "db/smack/spd_update_result2" - -static GMainLoop *event_loop; - -char* get_key_file_path() -{ - FILE* fp_conf = NULL; - char buf[128]; - char* retbuf = NULL; - char seps[] = " :\n\r\t"; - char* token = NULL; - - retbuf = (char*)malloc(sizeof(char) * 128); - if(!retbuf) - { - SLOGE("fail to allocate memory.\n"); - return NULL; - } - memset(buf, 0x00, 128); - memset(retbuf, 0x00, 128); - - if(!(fp_conf = fopen(CONF_FILE_PATH, "r"))) - { - SLOGE("Configuration file is not exist\n"); - free(retbuf); - return NULL; - } - - while(fgets(buf, 128, fp_conf)) - { - token = strtok(buf, seps); - if(token != NULL) - { - if(!strncmp(token, "MASTER_KEY_PATH", 15)) // master key path - { - token = strtok(NULL, seps); // real path - break; - } - } - token = NULL; - } - fclose(fp_conf); - - if(token) - strncpy(retbuf, token, 127); - else { - if(retbuf != NULL) - free(retbuf); - return NULL; - } - - return retbuf; -} - -int check_key_file() -{ - FILE* fp_key = NULL; - char* key_path = NULL; - - key_path = get_key_file_path(); - if(key_path == NULL) - { - SLOGE("Configuration file is not exist\n"); - return 0; - } - - if(!(fp_key = fopen(key_path, "r"))) - { - SLOGE("Secret key file is not exist, [%s]\n", key_path); - free(key_path); - return 0; - } - - free(key_path); - fclose(fp_key); - return 1; -} - -int make_key_file() -{ - FILE* fp_key = NULL; - int random_dev = -1; - int i = 0; - char tmp_key[1]; - char key[33]; - char* key_path = NULL; - int read_len = 0; - - memset(key, 0x00, 33); - - key_path = get_key_file_path(); - if(key_path == NULL) - { - SLOGE("Configuration file is not exist\n"); - return 0; - } - - if((random_dev = open("/dev/urandom", O_RDONLY)) < 0) - { - SLOGE("Random device Open error\n"); - free(key_path); - return 0; - } - - while(i < 32) - { - read_len = read(random_dev, tmp_key, 1); - if(read_len < 0) - { - SLOGE("read error from random file"); - break; - } - - if((tmp_key[0] >= '!') && (tmp_key[0] <= '~')) { - key[i] = tmp_key[0]; - i++; - } - } - - if(!(fp_key = fopen(key_path, "w"))) - { - SECURE_SLOGE("Secret key file Open error, [%s]\n", key_path); - free(key_path); - close(random_dev); - return 0; - } - - fprintf(fp_key, "%s", key); - - if(chmod(key_path, 0600)!=0) - { - SLOGE("Secret key file chmod error, [%s]\n", strerror(errno)); - free(key_path); - close(random_dev); - fclose(fp_key); - return 0; - } - - free(key_path); - fclose(fp_key); - close(random_dev); - return 1; -} - -/* for executing coverage tool (2009-04-03) */ -void SigHandler(int signo) -{ - SLOGI("Got Signal %d\n", signo); - exit(1); -} -/* end */ - - -int GetSocketFromSystemd(int* pSockfd) -{ - int n = sd_listen_fds(0); - int fd; - - for(fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START+n; ++fd) { - if (0 < sd_is_socket_unix(fd, SOCK_STREAM, 1, - SS_SOCK_PATH, 0)) - { - *pSockfd = fd; - return 1; - } - } - return 0; -} - -int CreateNewSocket(int* pSockfd) -{ - int server_sockfd = 0; - int temp_len_sock = 0; - struct sockaddr_un serveraddr; - - if((server_sockfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) - { - SLOGE("Error in function socket()..\n"); - return 0; - } - - temp_len_sock = strlen(SS_SOCK_PATH); - - bzero(&serveraddr, sizeof(serveraddr)); - serveraddr.sun_family = AF_UNIX; - strncpy(serveraddr.sun_path, SS_SOCK_PATH, temp_len_sock); - serveraddr.sun_path[temp_len_sock] = '\0'; - - if((bind(server_sockfd, (struct sockaddr*)&serveraddr, sizeof(serveraddr))) < 0) - { - unlink("/tmp/SsSocket"); - if((bind(server_sockfd, (struct sockaddr*)&serveraddr, sizeof(serveraddr))) < 0) - { - SLOGE("Error in function bind()..\n"); - close(server_sockfd); - return 0; // ipc error - } - } - - if(chmod(SS_SOCK_PATH, S_IRWXU | S_IRWXG | S_IRWXO) != 0) - { - close(server_sockfd); - return 0; - } - - *pSockfd = server_sockfd; - return 1; -} - - -void SsServerComm(void) -{ - int server_sockfd, client_sockfd; - int client_len; - struct sockaddr_un clientaddr, serveraddr; - - struct ucred cr; // for test client pid. 2009-03-24 - int cl = sizeof(cr); // - int temp_len_sock = 0; - int temp_len_in = 0; - - ReqData_t recv_data = {0, }; - RspData_t send_data = {0, }; - - - server_sockfd = client_sockfd = -1; - - if(!GetSocketFromSystemd(&server_sockfd)) - { - SLOGE("Failed to get sockfd from systemd"); - if(!CreateNewSocket(&server_sockfd)) - { - SLOGE("Failed to create socket"); - send_data.rsp_type = SS_SOCKET_ERROR; // ipc error - goto Error_exit; - } - if((listen(server_sockfd, 5)) < 0) - { - SLOGE("Error in function listen()..\n"); - send_data.rsp_type = SS_SOCKET_ERROR; // ipc error - goto Error_close_exit; - } - } - else - { - SLOGD("Get socket from systemd"); - } - - client_len = sizeof(clientaddr); - - signal(SIGINT, (void*)SigHandler); - - while(1) - { - errno = 0; - - if((client_sockfd = accept(server_sockfd, (struct sockaddr*)&clientaddr, (socklen_t*)&client_len)) < 0) - { - SLOGE("Error in function accept()..[%d, %d]\n", client_sockfd, errno); - send_data.rsp_type = SS_SOCKET_ERROR; // ipc error - goto Error_close_exit; - } - - // for test client pid. 2009-03-24 - if(getsockopt(client_sockfd, SOL_SOCKET, SO_PEERCRED, &cr, (socklen_t*)&cl) != 0) - { - SLOGE("getsockopt() fail\n"); - } - // end - - if(read(client_sockfd, (char*)&recv_data, sizeof(recv_data)) < 0) - { - SLOGE("Error in function read()..\n"); - send_data.rsp_type = SS_SOCKET_ERROR; // ipc error - goto Error_close_exit; - } - - temp_len_in = strlen(recv_data.data_infilepath); - - switch(recv_data.req_type) - { - case 1: - send_data.rsp_type = SsServerDataStoreFromFile(cr.pid, recv_data.data_infilepath, recv_data.flag, client_sockfd, recv_data.group_id); - - if(send_data.rsp_type == 1) - { - strncpy(send_data.data_filepath, recv_data.data_infilepath, MAX_FILENAME_SIZE); - send_data.data_filepath[temp_len_in] = '\0'; - } - else - { - strncpy(send_data.data_filepath, "Error Occured..", MAX_FILENAME_SIZE); - send_data.data_filepath[15] = '\0'; - } - - write(client_sockfd, (char*)&send_data, sizeof(send_data)); - break; - case 2: - send_data.rsp_type = SsServerDataStoreFromBuffer(cr.pid, recv_data.buffer, recv_data.count, recv_data.data_infilepath, recv_data.flag, client_sockfd, recv_data.group_id); - - if(send_data.rsp_type == 1) - { - strncpy(send_data.data_filepath, recv_data.data_infilepath, MAX_FILENAME_SIZE); - send_data.data_filepath[temp_len_in] = '\0'; - } - else - { - strncpy(send_data.data_filepath, "Error Occured..", MAX_FILENAME_SIZE); - send_data.data_filepath[15] = '\0'; - } - - write(client_sockfd, (char*)&send_data, sizeof(send_data)); - break; - case 3: - send_data.rsp_type = SsServerDataRead(cr.pid, recv_data.data_infilepath, send_data.buffer, recv_data.count, &(send_data.readLen), recv_data.flag, client_sockfd, recv_data.group_id); - - if(send_data.rsp_type == 1) - { - strncpy(send_data.data_filepath, recv_data.data_infilepath, MAX_FILENAME_SIZE); - send_data.data_filepath[temp_len_in] = '\0'; - } - else - { - strncpy(send_data.data_filepath, "Error Occured..", MAX_FILENAME_SIZE); - send_data.data_filepath[15] = '\0'; - } - - write(client_sockfd, (char*)&send_data, sizeof(send_data)); - break; - case 4: - send_data.rsp_type = SsServerGetInfo(cr.pid, recv_data.data_infilepath, send_data.buffer, recv_data.flag, client_sockfd /*recv_data.cookie*/, recv_data.group_id); - - if(send_data.rsp_type == 1) - { - strncpy(send_data.data_filepath, recv_data.data_infilepath, MAX_FILENAME_SIZE); - send_data.data_filepath[temp_len_in] = '\0'; - } - else - { - strncpy(send_data.data_filepath, "Error Occured..", MAX_FILENAME_SIZE); - send_data.data_filepath[15] = '\0'; - } - - write(client_sockfd, (char*)&send_data, sizeof(send_data)); - break; - case 5: - send_data.rsp_type = SsServerGetDuk(client_sockfd, send_data.buffer, &(send_data.readLen), recv_data.group_id, recv_data.flag); - write(client_sockfd, (char*)&send_data, sizeof(send_data)); - break; - case 10: - send_data.rsp_type = SsServerDeleteFile(cr.pid, recv_data.data_infilepath, recv_data.flag, client_sockfd, recv_data.group_id); - - if(send_data.rsp_type == 1) - { - strncpy(send_data.data_filepath, recv_data.data_infilepath, MAX_FILENAME_SIZE); - send_data.data_filepath[temp_len_in] = '\0'; - } - else - { - strncpy(send_data.data_filepath, "Error Occured..", MAX_FILENAME_SIZE); - send_data.data_filepath[15] = '\0'; - } - - write(client_sockfd, (char*)&send_data, sizeof(send_data)); - break; - - default: - SLOGE("Input error..Please check request type\n"); - break; - } - close(client_sockfd); - } - -Error_close_exit: - close(server_sockfd); - -Error_exit: - strncpy(send_data.data_filepath, "error", MAX_FILENAME_SIZE); - send_data.data_filepath[5] = '\0'; - - if(client_sockfd >= 0) - { - write(client_sockfd, (char*)&send_data, sizeof(send_data)); - close(client_sockfd); - } - else - SLOGE("cannot connect to client socket.\n"); -} - -int SsServerUpdateSmackPolicy() -{ - typedef int (*SmackPolicyUpdateFuncPointer)(); - SmackPolicyUpdateFuncPointer pSmackPolicyUpdateFuncPointer = NULL; - int errCode = -1; - - void* dlHandle = dlopen("/usr/lib/libsmack-update-service.so", RTLD_LAZY); - - if (!dlHandle) - { - SLOGE("Failed to open so with reason : %s", dlerror()); - return errCode; - } - - pSmackPolicyUpdateFuncPointer = (SmackPolicyUpdateFuncPointer)dlsym(dlHandle, "spd_smack_policy_update"); - if (dlerror() != NULL) - { - SLOGE("Failed to find spd_smack_policy_update symbol : %s", dlerror()); - goto free_data; - } - - errCode = pSmackPolicyUpdateFuncPointer(); - - free_data: - - if(dlHandle){ - dlclose(dlHandle); - } - - return errCode; -} - -void vconf_smack_update_cb(keynode_t *key, void* data) -{ - SLOGD("Callback received"); - int errorCode; - - switch(vconf_keynode_get_type(key)) - { - case VCONF_TYPE_INT: - printf("key = %s, value = %d(int)\n", - vconf_keynode_get_name(key), vconf_keynode_get_int(key)); - break; - case VCONF_TYPE_STRING: - { - printf("key = %s, value = %s(string)\n", - vconf_keynode_get_name(key), vconf_keynode_get_str(key)); - if (vconf_keynode_get_str(key)) - { - errorCode = SsServerUpdateSmackPolicy(); - LOGD("set the updation status with value %d", errorCode); - // set the update result for fota team - int ret = vconf_set_int(VCONF_UPDATE_RESULT_KEY_NODE, errorCode); - if (ret != VCONF_OK) - { - LOGD("failed to set the updation status for fota"); - } - - // set the update result for the app control - ret = vconf_set_int(VCONF_UPDATE_RESULT_KEY_NODE_FOR_APP, errorCode); - if (ret != VCONF_OK) - { - LOGD("failed to set the updation status for app control"); - } - } - - else - { - LOGD("file path is invalid"); - } - } - break; - fprintf(stderr, "Unknown Type(%d)\n", vconf_keynode_get_type(key)); - break; - } - - printf("%s Notification OK", (char *)data); - return; -} - -int vconf_smack_update(void* pData) -{ - vconf_notify_key_changed(VCONF_SMACK_UPDATE_FILE_PATH_KEY_NODE, vconf_smack_update_cb, NULL); - - event_loop = g_main_loop_new(NULL, FALSE); - g_main_loop_run(event_loop); - return 0; -} - - -int main(void) -{ - SLOGI("Secure Storage Server Start..\n"); - - int exist_ret = -1; - int make_ret = -1; - DIR* dp = NULL; // make default directory(if not exist) - pthread_t main_thread; - - pthread_create(&main_thread, NULL, vconf_smack_update, NULL); - if((dp = opendir(SS_STORAGE_DEFAULT_PATH)) == NULL) - { - SLOGI("directory [%s] is not exist, making now.\n", SS_STORAGE_DEFAULT_PATH); - if(mkdir(SS_STORAGE_DEFAULT_PATH, 0700) < 0) - { - int err_tmp = errno; - SLOGE("Failed while making [%s] directory. Errno: %s\n", SS_STORAGE_DEFAULT_PATH, strerror(err_tmp)); - return 0; - } - } - else - closedir(dp); - - exist_ret = check_key_file(); // if 0, there is not key file. Or 1, exist. - - if(exist_ret == 0) - { - make_ret = make_key_file(); - - if(make_ret == 0) - { - SLOGE("Making key file fail. ss-server will be terminated..\n"); - return 0; - } - } - - SsServerComm(); - - return 0; -} diff --git a/server/non-tz/src/ss_server_main.c b/server/non-tz/src/ss_server_main.c deleted file mode 100755 index a304bae..0000000 --- a/server/non-tz/src/ss_server_main.c +++ /dev/null @@ -1,987 +0,0 @@ -/* - * secure storage - * - * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Kidong Kim <kd0228.kim@samsung.com> - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -/* encrypted file format - * - * total file size = metadata (8 bytes) + realdata (...) - * ----------------------------------------------------------- - * | metadata | realdata | - * ----------------------------------------------------------- - * 0 16 EOF - * metadata -> ssm_file_info_t - */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <math.h> -#include <fcntl.h> -#include <sys/stat.h> -#include <sys/types.h> -#include <sys/time.h> -#include <unistd.h> -#include <dirent.h> -#include <errno.h> -#include <openssl/hmac.h> - -#include <openssl/aes.h> -#include <openssl/sha.h> - -#include "secure_storage.h" -#include "ss_server_main.h" -#include "ss_server_ipc.h" -#include <security-server/security-server.h> -#include "SecTzSvc.h" - -#define CONF_FILE_PATH "/usr/share/secure-storage/config" - -#define ENCRYPT_SIZE 1024 - -/* skey : need to help from hardware */ -char skey[KEY_SIZE+1] = "thisisasecretkey"; - -/*************************************************************************** - * Internal functions - **************************************************************************/ - -char* get_preserved_dir() -{ - FILE* fp_conf = NULL; - char buf[128]; - char* retbuf = NULL; - char seps[] = " :\n\r\t"; - char* token = NULL; - char* strtok_ptr = NULL; - - retbuf = (char*)malloc(sizeof(char) * 128); - if(retbuf == NULL) - { - SLOGE("malloc return NULL\n"); - return NULL; - } - memset(buf, 0x00, 128); - memset(retbuf, 0x00, 128); - - if(!(fp_conf = fopen(CONF_FILE_PATH, "r"))) - { - SLOGE("Configuration file is not exist\n"); - free(retbuf); - return NULL; - } - - while(fgets(buf, 128, fp_conf)) - { - token = strtok_r(buf, seps, strtok_ptr); - if(token != NULL) - { - if(!strncmp(token, "PRESERVE_DIR", 12)) // preserve directory? - { - token = strtok_r(NULL, seps, strtok_ptr); // real path - break; - } - } - token = NULL; - } - fclose(fp_conf); - - if(token) - strncpy(retbuf, token, 127); - else { - free(retbuf); - return NULL; - } - - return retbuf; -} - -int IsSmackEnabled() -{ - FILE *file = NULL; - if(file = fopen("/smack/load2", "r")) - { - fclose(file); - return 1; - } - return 0; -} - -/* get key from hardware( ex. OMAP e-fuse random key ) */ -void GetKey(char* key, unsigned char* iv) -{ - FILE* fp_key = NULL; - char buf[33]; - char* key_path = NULL; - - memset(buf, 0x00, 33); - - key_path = get_key_file_path(); - if(key_path == NULL) - { - SLOGE("Configuration file is not exist\n"); - memcpy(buf, skey, KEY_SIZE); - } - else - { - if(!(fp_key = fopen(key_path, "r"))) - { - SLOGE("Secret key file opening error\n"); - memcpy(buf, skey, KEY_SIZE); - } - else - { - if(!fgets(buf, 33, fp_key)) - { - SLOGE("Secret key file reading error\n"); - memcpy(buf, skey, KEY_SIZE); // if fail to get key, set to default value. - } - } - } - - if(key) - strncpy(key, buf, KEY_SIZE); - if(iv) - strncpy(iv, buf+KEY_SIZE, KEY_SIZE); - - if(key_path) - free(key_path); - if(fp_key) - fclose(fp_key); -} - -unsigned short GetHashCode(const unsigned char* pString) -{ - unsigned short hash = 5381; - int len = SHA_DIGEST_LENGTH; - int i; - - for(i = 0; i < len; i++) - { - hash = ((hash << 5) + hash) + (unsigned short)pString[i]; // hash * 33 + ch - } - - return hash; -} - -int IsDirExist(char* dirpath) -{ - DIR* dp = NULL; - - if((dp = opendir(dirpath)) == NULL) // dir is not exist - { - SECURE_SLOGE("directory [%s] is not exist.\n", dirpath); - return 0; // return value '0' represents dir is not exist - } - else - { - closedir(dp); - return 1; - } - - return -1; -} - -int check_privilege_by_sockfd(int sockfd, const char* object, const char* access_rights) -{ - if(!IsSmackEnabled()) - return 0; - - int ret = security_server_check_privilege_by_sockfd(sockfd, object, access_rights); - SECURE_SLOGD("object : %s, access_rights : %s, ret : %d", object, access_rights, ret); - return ret; -} - -/* convert normal file path to secure storage file path */ -int ConvertFileName(int sender_pid, char* dest, const char* src, ssm_flag flag, const char* group_id) -{ - char s[33+1]; - const char* dir = group_id; - char* preserved_dir = NULL; - int is_dir_exist = -1; - - if(!dest || !src) - { - SLOGE("Parameter error in ConvertFileName()...\n"); - return SS_FILE_OPEN_ERROR; // file related error - } - - if(CreateStorageDir(SS_STORAGE_DEFAULT_PATH) < 0) - { - return SS_FILE_OPEN_ERROR; - } - // TBD - strncpy(dest, SS_STORAGE_DEFAULT_PATH, strlen(SS_STORAGE_DEFAULT_PATH)); - dest[strlen(SS_STORAGE_DEFAULT_PATH)] = 0; - - strncat(dest, dir, (strlen(dir))); // add top-dir + dir(label) - strncat(dest, "/", 1); - - if(CreateStorageDir(dest) < 0) - { - return SS_FILE_OPEN_ERROR; - } - - strncat(dest, "_", 1); // /top-dir/label/_ - - GetPathHash(src, s); - strncat(dest, s, strlen(s)); // /top-dir/label/_hash - strncat(dest, SS_FILE_POSTFIX, strlen(SS_FILE_POSTFIX)); // /top-dir/label/_hash.e - - SECURE_SLOGD("final dest : %s", dest); - - return 1; -} - -int GetProcessExecPath(int pid, char* buffer) -{ - char tmp_cmd[32] = {0,}; - FILE *fp_proc = NULL; - snprintf(tmp_cmd, 32, "/proc/%d/cmdline", pid); - - if(!(fp_proc = fopen(tmp_cmd, "r"))) - { - SLOGE("file open error: [%s]", tmp_cmd); - return SS_FILE_OPEN_ERROR; - } - - fgets((char*)buffer, 256, fp_proc); - fclose(fp_proc); - - return 0; -} - -int GetProcessSmackLabel(int sockfd, char* proc_smack_label) -{ - char* smack_label = security_server_get_smacklabel_sockfd(sockfd); - if(smack_label && strlen(smack_label) < MAX_GROUP_ID_SIZE) - { - strncpy(proc_smack_label, smack_label, MAX_GROUP_ID_SIZE); - free(smack_label); - } - else - { - SLOGE("failed to get smack label"); - if(smack_label) - free(smack_label); - return -1; // SS_SECURITY_SERVER_ERROR? - } - SECURE_SLOGD("defined smack label : %s", proc_smack_label); - return 0; -} - -int GetPathHash(const char *src, char *output) -{ - unsigned short h_code = 0; - unsigned char path_hash[SHA_DIGEST_LENGTH + 1]; - - SHA1((unsigned char*)src, (size_t)strlen(src), path_hash); - h_code = GetHashCode(path_hash); - memset(output, 0x00, 34); - snprintf(output, 34, "%u", h_code); - - SLOGD("hashing src : %s to output : %s", src, output); - - return 0; -} - - -int CreateStorageDir(const char* path) -{ - int is_dir_exist = IsDirExist(path); - - if (is_dir_exist == 0) // path directory is not exist - { - SLOGI("directory [%s] is making now.\n", path); - if(mkdir(path, 0700) < 0) // fail to make directory - { - SLOGE("[%s] cannot be made\n", SS_STORAGE_DEFAULT_PATH); - return SS_SECURE_STORAGE_ERROR; - } - } - - return 0; -} - -/* - * if group_id is given, use group_id - * - * if NULL group_id is given - * smack enable : use process smack label - * smack disable : use process exec path - * - */ -int GetProcessStorageDir(int sockfd, int sender_pid, const char* group_id, char* output) -{ - char *object = group_id; - char proc_smack_label[MAX_GROUP_ID_SIZE+1] = {0,}; - char hash_buf[10] = {0, }; - int is_shared = strncmp(group_id, "NOTUSED", 7) ? 1 : 0; - -#ifdef SMACK_GROUP_ID - if(IsSmackEnabled()) - { - if(!is_shared) // don't share, use process smack label - { - if(GetProcessSmackLabel(sockfd, proc_smack_label) != 0) - { - return -SS_SECURE_STORAGE_ERROR; - } - object = proc_smack_label; - } - } - else{ -#endif - char exe_path[256] = {0,}; - int h_code2 = 0; - - if(!is_shared) // don't share - { - if(GetProcessExecPath(sender_pid, exe_path) != 0) - { - return -SS_SECURE_STORAGE_ERROR; - } - h_code2 = GetHashCode(exe_path); - snprintf(hash_buf, 10, "%u", h_code2); - object = hash_buf; - } -#ifdef SMACK_GROUP_ID - } -#endif - strncpy(output, object, MAX_GROUP_ID_SIZE); - return 0; -} - -void SetMetaData(ssm_file_info_convert_t* sfic, unsigned int orig_size, unsigned int stored_size, int flag) -{ - sfic->fInfoStruct.originSize = (unsigned int)orig_size; - sfic->fInfoStruct.storedSize = (unsigned int)stored_size; - sfic->fInfoStruct.reserved[0] = flag & 0x000000ff; -} - -/* aes crypto function wrapper - p_text : plain text, c_text : cipher text, aes_key : from GetKey, mode : ENCRYPT/DECRYPT, size : data size */ -unsigned char* AES_Crypto(unsigned char* p_text, unsigned char* c_text, char* aes_key, unsigned char* iv, int mode, unsigned long size) -{ - AES_KEY e_key, d_key; - - AES_set_encrypt_key((unsigned char*)aes_key, 128, &e_key); - AES_set_decrypt_key((unsigned char*)aes_key, 128, &d_key); - - if(mode == 1) - { - AES_cbc_encrypt(p_text, c_text, size, &e_key, iv, AES_ENCRYPT); - return c_text; - } - else - { - AES_cbc_encrypt(c_text, p_text, size, &d_key, iv, AES_DECRYPT); - return p_text; - } -} - - -/*************************************************************************** - * Function Definition - **************************************************************************/ -#ifndef SMACK_GROUP_ID -int SsServerDataStoreFromFile(int sender_pid, const char* data_filepath, ssm_flag flag, const char* cookie, const char* group_id) -#else -int SsServerDataStoreFromFile(int sender_pid, const char* data_filepath, ssm_flag flag, int sockfd, const char* group_id) -#endif -{ - char key[KEY_SIZE] = {0, }; - unsigned char iv[KEY_SIZE] = {0, }; - const char* in_filepath = data_filepath; - char out_filepath[MAX_FILENAME_SIZE] = {0, }; - FILE* fd_in = NULL; - FILE* fd_out = NULL; - struct stat file_info; - ssm_file_info_convert_t sfic; - int res = -1; - - unsigned char p_text[ENCRYPT_SIZE]= {0, }; - unsigned char e_text[ENCRYPT_SIZE]= {0, }; - - size_t read = 0, rest = 0; - - //0. get directory name and privilege check to access - char dir[MAX_GROUP_ID_SIZE+1] = {0,}; - if(GetProcessStorageDir(sockfd, sender_pid, group_id, dir) < 0) - { - SLOGE("Failed to get storage dir\n"); - return SS_SECURE_STORAGE_ERROR; - } - -#ifdef SMACK_GROUP_ID - if(check_privilege_by_sockfd(sockfd, dir, "w") < 0) - { - SLOGE("Permission denied\n"); - return SS_PERMISSION_DENIED; - } -#endif - - // 1. create out file name - ConvertFileName(sender_pid, out_filepath, in_filepath, flag, dir); - - // 2. file open - if(!(fd_in = fopen(in_filepath, "rb"))) - { - SECURE_SLOGE("File open error:(in_filepath) %s\n", in_filepath); - return SS_FILE_OPEN_ERROR; // file related error - } - - if(!(fd_out = fopen(out_filepath, "wb"))) - { - SECURE_SLOGE("File open error:(out_filepath) %s\n", out_filepath); - fclose(fd_in); - return SS_FILE_OPEN_ERROR; // file related error - } - if(chmod(out_filepath, 0600) < 0) - { - int err_tmp = errno; - SLOGE("chmod error: %d\n", err_tmp); - fclose(fd_in); - fclose(fd_out); - return SS_FILE_OPEN_ERROR; // file related error - } - - // 3. write metadata - if(!stat(in_filepath, &file_info)) - { - SetMetaData(&sfic, file_info.st_size, (file_info.st_size/AES_BLOCK_SIZE + 1) * AES_BLOCK_SIZE, flag); - } - else - { - SLOGE("the function stat() fail.\n"); - fclose(fd_in); - fclose(fd_out); - return SS_FILE_READ_ERROR; - } - - fwrite(sfic.fInfoArray, 1, sizeof(ssm_file_info_t), fd_out); - - // 4. encrypt real data - read = fread(p_text, 1, ENCRYPT_SIZE, fd_in); - GetKey(key, iv); - - while(read == ENCRYPT_SIZE) - { - AES_Crypto(p_text, e_text, key, iv, 1, ENCRYPT_SIZE); - - fwrite(e_text, 1, ENCRYPT_SIZE, fd_out); - - memset(e_text, 0x00, ENCRYPT_SIZE); - memset(p_text, 0x00, ENCRYPT_SIZE); - read = fread( p_text, 1, ENCRYPT_SIZE, fd_in ); - } - - rest = AES_BLOCK_SIZE - (read % AES_BLOCK_SIZE); - AES_Crypto(p_text, e_text, key, iv, 1, read+rest); - fwrite(e_text, 1, read + rest, fd_out); - - if((res = fflush(fd_out)) != 0) { - SLOGE("fail to execute fflush().\n"); - fclose(fd_in); - fclose(fd_out); - return SS_FILE_WRITE_ERROR; - } - else { - SLOGI("success to execute fflush().\n"); - if((res = fsync(fd_out->_fileno)) == -1) { - SLOGE("fail to execute fsync().\n"); - fclose(fd_in); - fclose(fd_out); - return SS_FILE_WRITE_ERROR; - } - else - SLOGI("success to execute fsync(). read=[%d], rest=[%d]\n", read, rest); - } - - fclose(fd_in); - fclose(fd_out); - - return 1; -} - -#ifndef SMACK_GROUP_ID -int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen, const char* filename, ssm_flag flag, const char* cookie, const char* group_id) -#else -int SsServerDataStoreFromBuffer(int sender_pid, char* writebuffer, size_t bufLen, const char* filename, ssm_flag flag, int sockfd, const char* group_id) -#endif -{ - char key[KEY_SIZE] = {0, }; - unsigned char iv[KEY_SIZE] = {0, }; - char out_filepath[MAX_FILENAME_SIZE+1] = {0, }; - char *buffer = NULL; - unsigned int writeLen = 0, loop, rest, count; - FILE *fd_out = NULL; - ssm_file_info_convert_t sfic; - unsigned char p_text[ENCRYPT_SIZE]= {0, }; - unsigned char e_text[ENCRYPT_SIZE]= {0, }; - int res = -1; - - writeLen = (unsigned int)(bufLen / AES_BLOCK_SIZE + 1) * AES_BLOCK_SIZE; - buffer = (char*)malloc(writeLen + 1); - if(!buffer) - { - SLOGE("Memory Allocation Fail in SsServerDataStoreFromBuffer()..\n"); - return SS_MEMORY_ERROR; - } - memset(buffer, 0x00, writeLen); - memcpy(buffer, writebuffer, bufLen); - - //0. get directory name and privilege check - char dir[MAX_GROUP_ID_SIZE+1] = {0,}; - if(GetProcessStorageDir(sockfd, sender_pid, group_id, dir) < 0) - { - SLOGE("Failed to get storage dir\n"); - free(buffer); - return SS_SECURE_STORAGE_ERROR; - } - -#ifdef SMACK_GROUP_ID - if(check_privilege_by_sockfd(sockfd, dir, "w") < 0) - { - SLOGE("Permission denied\n"); - free(buffer); - return SS_PERMISSION_DENIED; - } -#endif - - // create file path from filename - ConvertFileName(sender_pid, out_filepath, filename, flag, dir); - - // open a file with write mode - if(!(fd_out = fopen(out_filepath, "wb"))) - { - SECURE_SLOGE("File open error:(out_filepath) %s\n", out_filepath); - free(buffer); - return SS_FILE_OPEN_ERROR; // file related error - } - if(chmod(out_filepath, 0600) < 0) - { - int err_tmp = errno; - SLOGE("chmod error: %d\n", err_tmp); - free(buffer); - fclose(fd_out); - return SS_FILE_OPEN_ERROR; // file related error - } - - // write metadata - SetMetaData(&sfic, bufLen, writeLen, flag); - - fwrite(sfic.fInfoArray, 1, sizeof(ssm_file_info_t), fd_out); - - // encrypt buffer - loop = writeLen / ENCRYPT_SIZE; - rest = writeLen % ENCRYPT_SIZE; - GetKey(key, iv); - - for(count = 0; count < loop; count++) - { - memcpy(p_text, buffer+count*ENCRYPT_SIZE, ENCRYPT_SIZE); - AES_Crypto( p_text, e_text, key, iv, 1, ENCRYPT_SIZE); - fwrite(e_text, 1, ENCRYPT_SIZE, fd_out); - memset(e_text, 0x00, ENCRYPT_SIZE); - memset(p_text, 0x00, ENCRYPT_SIZE); - } - - memcpy(p_text, buffer + loop*ENCRYPT_SIZE, rest); - AES_Crypto(p_text, e_text, key, iv, 1, rest); - fwrite(e_text, 1, rest, fd_out); - - if((res = fflush(fd_out)) != 0) { - SLOGE("fail to execute fflush().\n"); - fclose(fd_out); - free(buffer); - return SS_FILE_WRITE_ERROR; - } - else { - SLOGI("success to execute fflush().\n"); - if((res = fsync(fd_out->_fileno)) == -1) { - SLOGE("fail to execute fsync().\n"); - fclose(fd_out); - free(buffer); - return SS_FILE_WRITE_ERROR; - } - else - SLOGI("success to execute fsync(). loop=[%d], rest=[%d]\n", loop, rest); - } - - fclose(fd_out); - free(buffer); - - return 1; -} - -#ifndef SMACK_GROUP_ID -int SsServerDataRead(int sender_pid, const char* data_filepath, char* pRetBuf, unsigned int count, unsigned int* readLen, ssm_flag flag, const char* cookie, const char* group_id) -#else -int SsServerDataRead(int sender_pid, const char* data_filepath, char* pRetBuf, unsigned int count, unsigned int* readLen, ssm_flag flag, int sockfd, const char* group_id) -#endif -{ - unsigned int offset = count * MAX_RECV_DATA_SIZE; - char key[KEY_SIZE] = {0, }; - static unsigned char iv[KEY_SIZE] = {0, }; - unsigned char temp_iv[KEY_SIZE] = {0, }; - char in_filepath[MAX_FILENAME_SIZE] = {0, }; - FILE* fd_in = NULL; - char *out_data = pRetBuf; - unsigned char p_text[ENCRYPT_SIZE]= {0, }; - unsigned char e_text[ENCRYPT_SIZE]= {0, }; - size_t read = 0; - - *readLen = 0; - - //0. get directory name and privilege check - char dir[MAX_GROUP_ID_SIZE+1] = {0,}; - if(GetProcessStorageDir(sockfd, sender_pid, group_id, dir) < 0) - { - SLOGE("Failed to get storage dir\n"); - return SS_SECURE_STORAGE_ERROR; - } - -#ifdef SMACK_GROUP_ID - if(check_privilege_by_sockfd(sockfd, dir, "r") < 0) - { - SLOGE("Permission denied\n"); - return SS_PERMISSION_DENIED; - } -#endif - - // 1. create in file name : convert file name in order to access secure storage - if(flag == SSM_FLAG_WIDGET) - strncpy(in_filepath, data_filepath, MAX_FILENAME_SIZE - 1); - else - ConvertFileName(sender_pid, in_filepath, data_filepath, flag, dir); - - // 2. open file - if(!(fd_in = fopen(in_filepath, "rb"))) - { - SECURE_SLOGE("File open error:(in_filepath) %s\n", in_filepath); - return SS_FILE_OPEN_ERROR; // file related error - } - - // 3. skip to offset - if(fseek(fd_in, (long)offset + sizeof(ssm_file_info_t), SEEK_SET) < 0) - { - int err_tmp = errno; - SECURE_SLOGE("Fseek error: %d in %s\n", err_tmp, in_filepath); - fclose(fd_in); - return SS_FILE_OPEN_ERROR; // file related error - } - - // 4. decrypt data - GetKey(key, temp_iv); - if(count == 0) - memcpy(iv, temp_iv, KEY_SIZE); - - read = fread(e_text, 1, ENCRYPT_SIZE, fd_in); - - while((read == ENCRYPT_SIZE)) - { - AES_Crypto(p_text, e_text, key, iv, 0, ENCRYPT_SIZE) ; - - memcpy(out_data, p_text, ENCRYPT_SIZE); - out_data += ENCRYPT_SIZE; - *readLen += ENCRYPT_SIZE; - - if(*readLen == MAX_RECV_DATA_SIZE) - goto Last; - - memset(p_text, 0x00, ENCRYPT_SIZE); - memset(e_text, 0x00, ENCRYPT_SIZE); - - read = fread(e_text, 1, ENCRYPT_SIZE, fd_in); - } - - AES_Crypto(p_text, e_text, key, iv, 0, read) ; - - memcpy(out_data, p_text, read); - out_data += read; - *readLen += read; -Last: - *out_data = '\0'; - - fclose(fd_in); - - return 1; -} - -#ifndef SMACK_GROUP_ID -int SsServerDeleteFile(int sender_pid, const char* data_filepath, ssm_flag flag, const char* cookie, const char* group_id) -#else -int SsServerDeleteFile(int sender_pid, const char* data_filepath, ssm_flag flag, int sockfd, const char* group_id) -#endif -{ - const char* in_filepath = data_filepath; - char out_filepath[MAX_FILENAME_SIZE] = {0, }; - - //0. get directory name and privilege check - char dir[MAX_GROUP_ID_SIZE+1] = {0,}; - if(GetProcessStorageDir(sockfd, sender_pid, group_id, dir) < 0) - { - SLOGE("Failed to get storage dir\n"); - return SS_SECURE_STORAGE_ERROR; - } - -#ifdef SMACK_GROUP_ID - if(check_privilege_by_sockfd(sockfd, dir, "w") < 0) - { - SLOGE("Permission denied\n"); - return SS_PERMISSION_DENIED; - } -#endif - - // create file path from filename - ConvertFileName(sender_pid, out_filepath, in_filepath, flag, dir); - - // 2. delete designated file - if(unlink(out_filepath) != 0) // unlink fail? - { - SLOGE("error occured while deleting file\n"); - return SS_FILE_WRITE_ERROR; - } - - return 1; -} - -#ifndef SMACK_GROUP_ID -int SsServerGetInfo(int sender_pid, const char* data_filepath, char* file_info, ssm_flag flag, const char* cookie, const char* group_id) -#else -int SsServerGetInfo(int sender_pid, const char* data_filepath, char* file_info, ssm_flag flag, int sockfd, const char* group_id) -#endif -{ - size_t read = 0; - FILE *fd_in = NULL; - char in_filepath[MAX_FILENAME_SIZE] = {0, }; - - //0. get directory name and privilege check - char dir[MAX_GROUP_ID_SIZE+1] = {0,}; - if(GetProcessStorageDir(sockfd, sender_pid, group_id, dir) < 0) - { - SLOGE("Failed to get storage dir\n"); - return SS_SECURE_STORAGE_ERROR; - } - -#ifdef SMACK_GROUP_ID - if(check_privilege_by_sockfd(sockfd, dir, "r") < 0) - { - SLOGE("Permission denied\n"); - return SS_PERMISSION_DENIED; - } -#endif - - // 1. create in file name : convert file name in order to access secure storage - if(flag == SSM_FLAG_WIDGET) - strncpy(in_filepath, data_filepath, MAX_FILENAME_SIZE - 1); - else - ConvertFileName(sender_pid, in_filepath, data_filepath, flag, dir); - - // 1. open file - if(!(fd_in = fopen( in_filepath, "rb"))) - { - SECURE_SLOGE("File open error:(in_filepath) [%s], [%s]\n", data_filepath, in_filepath ); - return SS_FILE_OPEN_ERROR; // file related error - } - - // 2. read metadata field - first 8 bytes - read = fread(file_info, 1, sizeof(ssm_file_info_t), fd_in); - - if(read != sizeof(ssm_file_info_t)) - { - fclose(fd_in); - return SS_FILE_READ_ERROR; - } - - fclose(fd_in); - return 1; -} - -/* -__attribute__((visibility("hidden"))) -int GetWrapKey(char** ppWrapKey, int* wrapKeyLen) -{ - FILE* fp_read_key = NULL; - char* duk_path = "/csa/.ssduk"; - int keyLen = 0; - int test = 0; - - keyLen = SecGetCipherLen(32); - if(keyLen == 0) - { - SLOGE("failed to get key length"); - return SS_TZ_ERROR;; - } - - //check key exist - if(!(fp_read_key = fopen(duk_path, "r"))) - { - int result = 0; - char* pKey = NULL; - FILE* fp_write_key = NULL; - - pKey = (char*)calloc(keyLen, 1); - result = SecGenerateTzKey((unsigned char*)pKey, keyLen); - if(result != 0) - { - SLOGE("SecGetCipherLen = %d", keyLen); - SLOGE("failed to get duk"); - free(pKey); - return SS_TZ_ERROR;; - } - - if(!(fp_write_key = fopen(duk_path, "w"))) - { - SLOGE("failed to write duk"); - free(pKey); - return SS_TZ_ERROR;; - } - - if(chmod(duk_path, 0600) < 0) - { - int err_tmp = errno; - SLOGE("chmod error: %s\n", strerror(err_tmp)); - free(pKey); - fclose(fp_write_key); - return SS_FILE_OPEN_ERROR; // file related error - } - - fwrite(pKey, keyLen, 1, fp_write_key); - *ppWrapKey = pKey; - *wrapKeyLen = keyLen; - fclose(fp_write_key); - - return 1; - } - - - *ppWrapKey = (char*)calloc(keyLen, 1); - test = fread(*ppWrapKey, 1, keyLen, fp_read_key); - if(test != keyLen) - { - SLOGE("failed to read duk [%d] ", test); - fclose(fp_read_key); - free(*ppWrapKey); - return SS_FILE_READ_ERROR; - } - - *wrapKeyLen = keyLen; - fclose(fp_read_key); - - return 1; -} - -__attribute__((visibility("hidden"))) -int RequestUnwrapKey(char* pWrapKey, int wrapKeyLen, char** ppUnwrapKey, int* unwrapKeyLen) -{ - int result = 0; - int keyLen = 0; - char* pUnwrapKey = NULL; - - pUnwrapKey = (char*)calloc(256, 1); - - result = SecRetrieveTzKey((unsigned char*)pWrapKey, wrapKeyLen, (unsigned char*)pUnwrapKey, (unsigned int*)&keyLen); - if(result != 0) - { - SLOGE("failed to get unwrap duk"); - free(pUnwrapKey); - return SS_TZ_ERROR; - } - - *ppUnwrapKey = pUnwrapKey; - *unwrapKeyLen = keyLen; - - return 1; -} -*/ -int SsServerGetDuk(int client_sockfd, char* pBuffer, unsigned int* pBufferLen, char* pAppId, unsigned int flag) -{ - int result = 0; - int keyLen = 0; - int unwrapKeyLen = 0; - int hashLen = 0; - char* pTempDuk = NULL; - char* pSmackLabel = NULL; - char hashVal1[HASH_SIZE] = {0,}; - char hashVal2[HASH_SIZE] = {0,}; - -//temporary - pTempDuk = (char*)malloc(KEY_SIZE); - if(pTempDuk == NULL) - { - SLOGE("failed to allocate memory for temp duk"); - return -1; - } - memcpy(pTempDuk, "0123456789abcdef", KEY_SIZE); - unwrapKeyLen = KEY_SIZE; -//end temporary - - if(!IsSmackEnabled()) - { - pSmackLabel = (char*)calloc(8, 1); - if(pSmackLabel== NULL) - { - SLOGE("failed to allocate memory for smack label"); - free(pTempDuk); - return -1; - } - memcpy(pSmackLabel, "NOSMACK", 7); - } - - else - { - if(flag == 0) - { - pSmackLabel = security_server_get_smacklabel_sockfd(client_sockfd); - if(!pSmackLabel) - { - SLOGE("failed to get smack label"); - free(pTempDuk); - return -1; - } - } - - else - { - pSmackLabel = (char*)calloc(strlen(pAppId)+1,1); - if(pSmackLabel== NULL) - { - SLOGE("failed to allocate memory for smack label"); - free(pTempDuk); - return -1; - } - memcpy(pSmackLabel, pAppId, strlen(pAppId)); - } - } - - SECURE_SLOGI("smack lebel = %s, smack label length = %d", pSmackLabel, strlen(pSmackLabel)); - - - //ToDo - HMAC(EVP_sha1(), pSmackLabel, strlen(pSmackLabel), (unsigned char*)pTempDuk, unwrapKeyLen, (unsigned char*)hashVal1, (unsigned int*)&hashLen); - HMAC(EVP_sha1(), hashVal1, hashLen, (unsigned char*)pTempDuk, unwrapKeyLen, (unsigned char*)hashVal2, (unsigned int*)&hashLen); - memcpy(pBuffer, hashVal1, KEY_SIZE); - memcpy(pBuffer+KEY_SIZE, hashVal2, KEY_SIZE); - *pBufferLen = KEY_SIZE*2; - free(pSmackLabel); - free(pTempDuk); - - return 1; -} diff --git a/src/client/CMakeLists.txt b/src/client/CMakeLists.txt new file mode 100644 index 0000000..0c8265a --- /dev/null +++ b/src/client/CMakeLists.txt @@ -0,0 +1,37 @@ +PKG_CHECK_MODULES(SS_CLIENT_DEP + REQUIRED + capi-base-common + openssl + dlog + ) + +SET(SS_CLIENT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) + +SET(SS_CLIENT_SOURCES + ${SS_CLIENT_PATH}/src/ss_client_intf.c + ${SS_CLIENT_PATH}/src/ss_client_ipc.c + ${SS_CLIENT_PATH}/src/ss_manager.c + ) + +INCLUDE_DIRECTORIES( + SYSTEM + ${SS_CLIENT_DEP_INCLUDE_DIRS} + ${PROJECT_SOURCE_DIR}/include + ${SS_CLIENT_PATH}/include + ) + +ADD_LIBRARY(${TARGET_SS_CLIENT} SHARED ${SS_CLIENT_SOURCES}) + +TARGET_LINK_LIBRARIES(${TARGET_SS_CLIENT} + ${SS_CLIENT_DEP_LIBRARIES} + ) + +SET_TARGET_PROPERTIES( + ${TARGET_SS_CLIENT} + PROPERTIES + COMPILE_FLAGS "-D_GNU_SOURCE -fPIC -fvisibility=hidden" + SOVERSION ${VERSION_MAJOR} + VERSION ${VERSION} + ) + +INSTALL(TARGETS ${TARGET_SS_CLIENT} DESTINATION lib) diff --git a/src/client/include/ss_client_intf.h b/src/client/include/ss_client_intf.h new file mode 100644 index 0000000..16b9e8b --- /dev/null +++ b/src/client/include/ss_client_intf.h @@ -0,0 +1,33 @@ +/* + * secure storage + * + * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Kidong Kim <kd0228.kim@samsung.com> + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef __SS_MANAGER__ +#include "ss_manager.h" +#endif + +int SsClientPutData(const char* pInDataName, const char* pInDataBlock, size_t inDataBlockLen, const char* pGroupId, const char* pPassword); +int SsClientGetData(const char* pOutDataName, char** ppOutDataBlock, const char* pGroupId, const char* pPassword); +int SsClientDeleteData(const char* pDataName, const char* pGroupId); +int SsClientEncryptData(const char* pInDataBlock, size_t inDataBlockLen, char** ppOutDataBlock, const char* pPassword); +int SsClientDecryptData(const char* pInDataBlock, size_t inDataBlockLen, char** ppOutDataBlock, const char* pPassword); +int SsEncryptWebApplication(const char* pAppId, int idLen, const char* pData, int dataLen, char** ppEncryptedData, int isPreloaded); +int SsDecryptWebApplication(const char* pData, int dataLen, char** ppDecryptedData, int isPreloaded); +int DoCipher(const char* pInputBuf, int inputLen, char** ppOutBuf, int* pOutBufLen, char* pKey, char* iv, int encryption); diff --git a/client/non-tz/include/ss_client_ipc.h b/src/client/include/ss_client_ipc.h index 036d49b..a56e125 100644 --- a/client/non-tz/include/ss_client_ipc.h +++ b/src/client/include/ss_client_ipc.h @@ -29,4 +29,4 @@ #include "secure_storage.h" -RspData_t SsClientComm(ReqData_t* client_data); +ResponseData SsClientComm(RequestData* client_data); diff --git a/src/client/src/ss_client_intf.c b/src/client/src/ss_client_intf.c new file mode 100644 index 0000000..598302c --- /dev/null +++ b/src/client/src/ss_client_intf.c @@ -0,0 +1,767 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <openssl/evp.h> +#include <openssl/crypto.h> +#include <openssl/sha.h> + +#include "secure_storage.h" +#include "ss_client_intf.h" +#include "ss_client_ipc.h" +#include "ss_manager.h" + +void printData(const char* pLogName, const char* pData, int dataLen) +{ +#ifdef PRINT_DEBUG_DATA + int i=0; + int j=0; + int count=0; + + SECURE_LOGD("========== %s, Lengh=%d ==========", pLogName, dataLen); + if(dataLen % 4 == 0) + count = dataLen/4; + else + count = dataLen/4+1; + + for(i=j=0; j<count; i=i+4, j++) + SECURE_LOGD("[%d]= %02x [%d]=%02x [%d]=%02x [%d]=%02x", i, pData[i], i+1, pData[i+1], i+2, pData[i+2], i+3, pData[i+3]); + SECURE_LOGD("========================", pLogName); +#else + (void) pLogName; + (void) pData; + (void) dataLen; +#endif +} + +void InitializeReqData(RequestData* pData) +{ + memset(pData->dataName, 0, MAX_FILENAME_SIZE+1); + memset(pData->dataBlock, 0, MAX_SEND_DATA_SIZE); + memset(pData->groupId, 0, MAX_GROUP_ID_SIZE+1); + memset(pData->password, 0, MAX_PASSWORD_SIZE+1); + pData->enablePassword = 0; +} + +RequestData* SetRequestData(int reqType, const char* pDataName, const char* pData, int dataLen, const char* pGroupId, const char* pPassword, int encryptionMode) +{ + RequestData* pReqData = (RequestData*)malloc(sizeof(RequestData)); + if (!pReqData) { + LOGE("Failed to allocate memory for RequestData"); + return NULL; + } + + InitializeReqData(pReqData); + + pReqData->reqType = reqType; + pReqData->dataBlockLen = dataLen; + pReqData->encryptionMode = encryptionMode; + + if(pDataName) + { + if(strlen(pDataName) > MAX_FILENAME_SIZE) + { + LOGE("The data name is too long"); + free(pReqData); + return NULL; + } + strncpy(pReqData->dataName, pDataName, MAX_FILENAME_SIZE); + pReqData->dataName[strlen(pDataName)] = '\0'; + } + + if(dataLen != 0) + { + if(dataLen > MAX_SEND_DATA_SIZE) + { + LOGE("The data length is too long [%d]", dataLen); + free(pReqData); + return NULL; + } + memcpy(pReqData->dataBlock, pData, dataLen); + } + + if(pGroupId != 0) + { + if(strlen(pGroupId) > MAX_GROUP_ID_SIZE) + { + LOGE("The group_id length is too long"); + free(pReqData); + return NULL; + } + strncpy(pReqData->groupId, pGroupId, MAX_GROUP_ID_SIZE); + pReqData->groupId[strlen(pGroupId)] = '\0'; + } + else + { + strncpy(pReqData->groupId, "NOTUSED", MAX_GROUP_ID_SIZE); + } + + if(pPassword != NULL) + { + if(strlen(pPassword) > MAX_PASSWORD_SIZE) + { + LOGE("The password is too long"); + free(pReqData); + return NULL; + } + pReqData->enablePassword = 1; + strncpy(pReqData->password, pPassword, MAX_PASSWORD_SIZE); + pReqData->password[strlen(pPassword)] = '\0'; + } + + return pReqData; +} + +////////////////////////////// +__attribute__((visibility("hidden"))) +int DoCipher(const char* pInputBuf, int inputLen, char** ppOutBuf, int* pOutBufLen, char* pKey, char* iv, int encryption) +{ + struct evp_cipher_st* pCipherAlgorithm = NULL; + EVP_CIPHER_CTX cipherCtx; + int tempLen = 0; + int result = 0; + int finalLen = 0; + + printData("DoCipher key", pKey, 16); + printData("DoCipher iv", iv, 16); + printData("DoCipehr inData", pInputBuf, inputLen); + + pCipherAlgorithm = (struct evp_cipher_st*)EVP_aes_128_cbc(); + tempLen = (int)((inputLen / pCipherAlgorithm->block_size + 1) * pCipherAlgorithm->block_size); + + *ppOutBuf = (char*)calloc(tempLen, 1); + EVP_CIPHER_CTX_init(&cipherCtx); + + result = EVP_CipherInit( + &cipherCtx, + pCipherAlgorithm, + (const unsigned char*)pKey, + (const unsigned char *)iv, + encryption); + + if(result != 1) + { + LOGE("[%d] EVP_CipherInit failed", result); + goto Error; + } + + result = EVP_CIPHER_CTX_set_padding(&cipherCtx, 1); + if(result != 1) + { + LOGE("[%d] EVP_CIPHER_CTX_set_padding failed", result); + goto Error; + } + + //cipher update operation + result = EVP_CipherUpdate(&cipherCtx, (unsigned char*)*ppOutBuf, pOutBufLen, (const unsigned char*)pInputBuf, inputLen); + if(result != 1) + { + LOGE("[%d] EVP_CipherUpdate failed", result); + goto Error; + } + + //cipher final operation + result = EVP_CipherFinal(&cipherCtx, (unsigned char*)*ppOutBuf + *pOutBufLen, &finalLen); + if(result != 1) + { + LOGE("[%d] EVP_CipherFinal failed", result); + goto Error; + } + *pOutBufLen = *pOutBufLen + finalLen; + + printData("DoCipehr outData", (*ppOutBuf), *pOutBufLen); + + goto Last; +Error: + result = SSA_CIPHER_ERROR; + free(*ppOutBuf); + +Last: + EVP_CIPHER_CTX_cleanup(&cipherCtx); + if((result != 1) && (encryption != 1)) + result = SSA_CIPHER_ERROR; + + return result; +} + +char* GetSalt(void) +{ + FILE* pFile = NULL; + + if((pFile = fopen(SALT_PATH, "r"))) + { + char* pSalt = NULL; + int readLen = 0; + + pSalt = (char*)calloc(SALT_SIZE, 1); + if (!pSalt) { + LOGE("Failed to allocate memory for salt"); + fclose(pFile); + return NULL; + } + + readLen = fread(pSalt, 1, SALT_SIZE, pFile); + + if(readLen != SALT_SIZE) + { + LOGE("[real data size: %d] failed to read random code....", readLen); + fclose(pFile); + free(pSalt); + return NULL; + } + fclose(pFile); + return pSalt; + } + + return NULL; +} + +int GenerateRandomIndex(void) +{ + srandom(time(NULL)); + + return random() % SALT_SIZE; +} + +void SelectSalt(char* pSalt, int index, char* pSelectedSalt) +{ + if(index <= SALT_SIZE - KEY_SIZE) + memcpy(pSelectedSalt, pSalt + index, KEY_SIZE); + else + { + int first = 0; + int last = 0; + + first = SALT_SIZE - index; + last = KEY_SIZE - first; + memcpy(pSelectedSalt, pSalt + index, first); + memcpy(pSelectedSalt + first, pSalt, last); + } +} + +int GetIv(char* pSrc, char* pIv, int srcLen) +{ + size_t outLen = 0; + if (EVP_Digest(pSrc, srcLen, (unsigned char *)pIv, &outLen, EVP_sha1(), NULL) != 1) { + LOGE("Failed to get iv"); + return 0; + } + + return 1; +} + +char* GenerateMasterKey(const char* pAppId, int idLen, const char* pSalt) +{ + char* pMasterKey = NULL; + + SECURE_LOGD("applicaton id[= %s] to generate master key", pAppId); + + pMasterKey = (char*)calloc(1, KEY_SIZE * 2); + PKCS5_PBKDF2_HMAC_SHA1(pAppId, idLen, (const unsigned char*)pSalt, KEY_SIZE, 10, KEY_SIZE * 2, (unsigned char*)pMasterKey); + + return pMasterKey; +} + +int SsClientEncryptPreloadedApplication(const char* pBuffer, int bufLen, char** ppEncryptedBuffer, int* pEncryptedBufLen) +{ + int result = 0; + char duk[36] = {0,}; + char iv[SHA_DIGEST_LENGTH] = {0,}; + + if(!pBuffer || bufLen ==0) + { + LOGE("Parameter error"); + result = SSA_PARAM_ERROR; + goto Final; + } + + if(DoCipher(pBuffer, bufLen, ppEncryptedBuffer, pEncryptedBufLen, duk, iv, 1) != 1) + { + LOGE("failed to decrypt data"); + result = SSA_CIPHER_ERROR; + goto Final; + } + + result = 1; + +Final: + return result; +} + +int SsClientDecryptPreloadedApplication(const char* pBuffer, int bufLen, char** ppDecryptedBuffer, int* pDecryptedBufLen) +{ + int result = 0; + char duk[36] = {0,}; + char iv[SHA_DIGEST_LENGTH] = {0,}; + + if(!pBuffer || bufLen ==0) + { + LOGE("Parameter error"); + result = SSA_PARAM_ERROR; + goto Final; + } + + if(DoCipher(pBuffer, bufLen, ppDecryptedBuffer, pDecryptedBufLen, duk, iv, 0) != 1) + { + LOGE("failed to decrypt data"); + result = SSA_CIPHER_ERROR; + goto Final; + } + + result = 1; + +Final: + return result; +} + + +int SsClientPutData(const char* pInDataName, const char* pInDataBlock, size_t inDataBlockLen, const char* pGroupId, const char* pPassword) +{ + LOGD("SsClientPutData"); + RequestData* pSendData = NULL; + ResponseData recvData = {0, }; + + pSendData = SetRequestData(PUT_DATA, pInDataName, pInDataBlock, inDataBlockLen, pGroupId, pPassword, 0); + + if(pSendData == NULL) + { + LOGE("Failed to set request data"); + return SSA_PARAM_ERROR; + } + + recvData = SsClientComm(pSendData); + if(recvData.result < 0) + { + LOGE("An error occurred from server side err:[%d]", recvData.result); + free(pSendData); + return recvData.result; + } + + free(pSendData); + + return recvData.result; +} + +int SsClientGetData(const char* pOutDataName, char** ppOutDataBlock, const char* pGroupId, const char* pPassword) +{ + LOGD("SsClientGetData"); + RequestData* pSendData = NULL; + ResponseData recvData; + + pSendData = SetRequestData(GET_DATA, pOutDataName, NULL, 0, pGroupId, pPassword, 0); + if(pSendData == NULL) + { + LOGE("Failed to set request data"); + return SSA_PARAM_ERROR; + } + + recvData = SsClientComm(pSendData); + if(recvData.result < 0) + { + LOGE("An error occurred from server side err[%d]", recvData.result); + free(pSendData); + return recvData.result; + } + + free(pSendData); + + if(recvData.dataBlockLen > 0 && recvData.dataBlockLen <= MAX_RECV_DATA_SIZE) + { + *ppOutDataBlock = (char*)malloc(recvData.dataBlockLen); + if (!(*ppOutDataBlock)) { + LOGE("Failed to allocate memory for OutDataBlock"); + return SSA_OUT_OF_MEMORY; + } + memcpy(*ppOutDataBlock, recvData.dataBlock, recvData.dataBlockLen); + } + else + { + LOGE("revcData length is wrong : %d", recvData.dataBlockLen); + return SSA_PARAM_ERROR; + } + + return recvData.result; +} + +int SsClientDeleteData(const char* pDataName, const char* pGroupId) +{ + LOGD("SsClientDeleteData"); + RequestData* pSendData = NULL; + ResponseData recvData; + + pSendData = SetRequestData(DELETE_DATA, pDataName, NULL, 0, pGroupId, NULL, 0); + if(pSendData == NULL) + { + LOGE("Failed to set request data"); + return SSA_PARAM_ERROR; + } + + recvData = SsClientComm(pSendData); + + free(pSendData); + + return recvData.result; +} + +int SsClientEncryptData(const char* pInDataBlock, size_t inDataBlockLen, char** ppOutDataBlock, const char* pPassword) +{ + RequestData* pSendData = NULL; + ResponseData recvData = {0,}; + + pSendData = SetRequestData(ENCRYPT_DATA, NULL, pInDataBlock, inDataBlockLen, NULL, pPassword, 0); + if(pSendData == NULL) + { + LOGE("Failed to set request data"); + return SSA_PARAM_ERROR; + } + + recvData = SsClientComm(pSendData); + free(pSendData); + + if(recvData.dataBlockLen < 0) + { + LOGE("An error occurred from server side : %d", recvData.dataBlockLen); + return recvData.result; + } + else if(recvData.dataBlockLen > MAX_RECV_DATA_SIZE) + { + LOGE("dataBlockLength is wrong : %d", recvData.dataBlockLen); + return SSA_PARAM_ERROR; + } + + *ppOutDataBlock = (char*)malloc(recvData.dataBlockLen); + if (!(*ppOutDataBlock)) { + LOGE("Failed to allocate memory for OutDataBlock"); + return SSA_OUT_OF_MEMORY; + } + memcpy(*ppOutDataBlock, recvData.dataBlock, recvData.dataBlockLen); + + return recvData.result; +} + +int SsClientDecryptData(const char* pInDataBlock, size_t inDataBlockLen, char** ppOutDataBlock, const char* pPassword) +{ + RequestData* pSendData = NULL; + ResponseData recvData; + + pSendData = SetRequestData(DECRYPT_DATA, NULL, pInDataBlock, inDataBlockLen, NULL, pPassword, 0); + if(pSendData == NULL) + { + LOGE("Failed to set request data"); + return SSA_PARAM_ERROR; + } + + recvData = SsClientComm(pSendData); + free(pSendData); + + if(recvData.dataBlockLen < 0) + { + LOGE("An error occurred from server side err[%d]", recvData.dataBlockLen); + return recvData.result; + } + else if(recvData.dataBlockLen > MAX_RECV_DATA_SIZE) + { + LOGE("dataBlockLength is wrong : %d", recvData.dataBlockLen); + return SSA_PARAM_ERROR; + } + + *ppOutDataBlock = (char*)malloc(recvData.dataBlockLen); + if (!(*ppOutDataBlock)) { + LOGE("Failed to allocate memory for OutDataBlock"); + return SSA_OUT_OF_MEMORY; + } + memcpy(*ppOutDataBlock, recvData.dataBlock, recvData.dataBlockLen); + + return recvData.result; +} + + +int SsEncryptPreloadedWebApplication(const char*pAppId, int idLen, const char* pData, int dataLen, char**ppEncryptedData) +{ + RequestData* pSendData= NULL; + ResponseData recvData; + static char salt[SALT_SIZE] = {0,}; + static int saltExist = 0; + char selectedSalt[KEY_SIZE] = {0,}; + char iv[SHA_DIGEST_LENGTH] = {0,}; + char* pSaltData = NULL; + char* pKey = NULL; + char* pTempBuffer = NULL; + int index = 0; + int tempBufLen = 0; + + pSaltData = GetSalt(); + + if(pSaltData == NULL) + { + if(!saltExist) + { + pSendData = SetRequestData(GET_SALT, NULL, NULL, 0, NULL, NULL, 1); + if(pSendData == NULL) + { + LOGE("Failed to set request data"); + return SSA_PARAM_ERROR; + } + + recvData = SsClientComm(pSendData); + if(recvData.result <= 0) + { + LOGE("An error occurred from server side err[%d]", recvData.result); + free(pSendData); + return recvData.result; + } + free(pSendData); + memcpy(salt, recvData.dataBlock, SALT_SIZE); + saltExist = 1; + } + } + + else + { + memcpy(salt, pSaltData, SALT_SIZE); + free(pSaltData); + } + + index = GenerateRandomIndex(); + SelectSalt(salt, index, selectedSalt); + printData("EncryptPreloadedWebApp salt", selectedSalt, 16); + + SECURE_LOGD("appId= %s, len = %d", pAppId, idLen); + + pKey = GenerateMasterKey(pAppId, idLen, selectedSalt); + if(pKey!=NULL) + { + int res = GetIv(pKey, iv, KEY_SIZE); + if(res != 1) + { + free(pKey); + return SSA_CIPHER_ERROR; + } + } + else + { + LOGE("failed to get key"); + return SSA_CIPHER_ERROR; + } + + if(DoCipher(pData, dataLen, &pTempBuffer, &tempBufLen, pKey, iv, 1) != 1) + { + LOGE("failed to encrypt data"); + free(pKey); + return SSA_CIPHER_ERROR; + } + + *ppEncryptedData = (char*)calloc(tempBufLen + sizeof(int), 1); + if (!(*ppEncryptedData)) { + LOGE("failed to allocate memory for EncryptedData"); + free(pTempBuffer); + return SSA_OUT_OF_MEMORY; + } + memcpy(*ppEncryptedData, &index, sizeof(int)); + memcpy(*ppEncryptedData + sizeof(int), pTempBuffer, tempBufLen); + free(pTempBuffer); + free(pKey); + + return tempBufLen + sizeof(int); +} + +int SsEncryptWebApplication(const char* pAppId, int idLen, const char* pData, int dataLen, char** ppEncryptedData, int isPreloaded) +{ + if(isPreloaded) + { + return SsEncryptPreloadedWebApplication(pAppId, idLen, pData, dataLen, ppEncryptedData); + } + + else + { + RequestData* pSendData= NULL; + ResponseData recvData; + static char duk[KEY_SIZE] = {0,}; + static int dukExist = 0; + int encryptedLen = 0; + char iv[SHA_DIGEST_LENGTH] = {0,}; + + LOGD("downloaded application, appId = %s", pAppId); + if(!dukExist) + { + pSendData = SetRequestData(GET_DUK, NULL, pAppId, idLen, NULL, NULL, 1); + if(pSendData == NULL) + { + LOGE("Failed to set request data"); + return SSA_PARAM_ERROR; + } + + recvData = SsClientComm(pSendData); + if(recvData.result <= 0) + { + LOGE("An error occurred from server side err:[%d]", recvData.result); + free(pSendData); + return recvData.result; + } + + free(pSendData); + memcpy(duk, recvData.dataBlock, KEY_SIZE); + dukExist = 1; + } + + int res = GetIv(duk, iv, KEY_SIZE); + if(res != 1) + { + return SSA_CIPHER_ERROR; + } + + if(DoCipher(pData, dataLen, ppEncryptedData, &encryptedLen, duk, iv, 1) != 1) + { + LOGE("failed to encrypt data"); + return SSA_CIPHER_ERROR; + } + return encryptedLen; + } +} + + +int SsDecryptPreloadedWebApplication(const char* pData, int dataLen, char** ppDecryptedData) +{ + RequestData* pSendData= NULL; + ResponseData recvData; + int index = 0; + int tempBufLen = 0; + char selectedSalt[KEY_SIZE] = {0,}; + static char appId[MAX_APPID_SIZE] = {0,}; + static char salt[SALT_SIZE] = {0,}; + static int saltExist = 0; + char* pKey = NULL; + char iv[SHA_DIGEST_LENGTH] = {0,}; + + if(!saltExist) + { + pSendData = SetRequestData(GET_SALT, NULL, NULL, 0, NULL, NULL, 0); + if(pSendData == NULL) + { + LOGE("Failed to set request data"); + return SSA_PARAM_ERROR; + } + + recvData = SsClientComm(pSendData); + if(recvData.result <= 0) + { + LOGE("An error occurred from server side err[%d]", recvData.result); + free(pSendData); + return recvData.result; + } + free(pSendData); + memcpy(appId, recvData.dataBlock, MAX_APPID_SIZE); + memcpy(salt, recvData.dataBlock + MAX_APPID_SIZE, SALT_SIZE); + LOGD("preloaded appId = %s", appId); + + saltExist = 1; + } + memcpy(&index, pData, sizeof(int)); + SECURE_LOGD("index = %d", index); + + if(index >= SALT_SIZE) + { + LOGE("Invalid input prameter"); + return SSA_PARAM_ERROR; + } + + SelectSalt(salt, index, selectedSalt); + printData("DecryptPreloadedWebApp salt", selectedSalt, 16); + SECURE_LOGD("appId= %s, len = %d", appId, strlen(appId)); + pKey = GenerateMasterKey(appId, strlen(appId), selectedSalt); + if(pKey!=NULL) + { + int res = GetIv(pKey, iv, KEY_SIZE); + if(res != 1) + { + free(pKey); + return SSA_CIPHER_ERROR; + } + } + else + { + LOGE("failed to get key"); + return SSA_CIPHER_ERROR; + } + + if(DoCipher(pData+sizeof(int), dataLen-sizeof(int), ppDecryptedData, &tempBufLen, pKey, iv, 0) != 1) + { + LOGE("failed to decrypt data"); + free(pKey); + return SSA_CIPHER_ERROR; + } + return tempBufLen; +} + + +int SsDecryptWebApplication(const char* pData, int dataLen, char** ppDecryptedData, int isPreloaded) +{ + if(isPreloaded) + { + LOGD("preloaded application"); + return SsDecryptPreloadedWebApplication(pData, dataLen, ppDecryptedData); + } + + else + { + RequestData* pSendData = NULL; + ResponseData recvData; + static char duk[KEY_SIZE] = {0,}; + static int dukExist = 0; + int decryptedLen = 0 ; + char iv[SHA_DIGEST_LENGTH] = {0,}; + + LOGD("downloaded application"); + if(!dukExist) + { + pSendData = SetRequestData(GET_DUK, NULL, NULL, 0, NULL, NULL, 0); + if(pSendData == NULL) + { + LOGE("Failed to set request data"); + return SSA_PARAM_ERROR; + } + + recvData = SsClientComm(pSendData); + SECURE_LOGD("read bytes : %d", recvData.result); + if(recvData.result <= 0) + { + LOGE("An error occurred from server side err[%d]", recvData.result); + free(pSendData); + return recvData.result; + } + free(pSendData); + memcpy(duk, recvData.dataBlock, recvData.result); + dukExist = 1; + } + + int res = GetIv(duk, iv, KEY_SIZE); + if(res != 1) + { + return SSA_CIPHER_ERROR; + } + + if(DoCipher(pData, dataLen, ppDecryptedData, &decryptedLen, duk, iv, 0) != 1) + { + LOGE("failed to decrypt data"); + return SSA_CIPHER_ERROR; + } + return decryptedLen; + } +} diff --git a/src/client/src/ss_client_ipc.c b/src/client/src/ss_client_ipc.c new file mode 100644 index 0000000..70444e9 --- /dev/null +++ b/src/client/src/ss_client_ipc.c @@ -0,0 +1,103 @@ +/* + * secure storage + * + * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Kidong Kim <kd0228.kim@samsung.com> + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <sys/stat.h> +#include <sys/un.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <errno.h> + +#include "ss_client_ipc.h" +#include "secure_storage.h" + +ResponseData SsClientComm(RequestData* pClientData) +{ + int sockfd = 0; + int clientLen = 0; + struct sockaddr_un clientaddr; + RequestData sendData = {0, }; + ResponseData recvData = {0, }; + int tempLen = 0; + int tempSockLen = 0; + int read_len = 0; + + sendData.reqType = pClientData->reqType; + sendData.dataBlockLen = pClientData->dataBlockLen; + sendData.enablePassword = pClientData->enablePassword; + sendData.encryptionMode = pClientData->encryptionMode; + + tempLen = strlen(pClientData->dataName); + + strncpy(sendData.dataName, pClientData->dataName, MAX_FILENAME_SIZE); + sendData.dataName[tempLen] = '\0'; + + strncpy(sendData.groupId, pClientData->groupId, MAX_GROUP_ID_SIZE); + strncpy(sendData.password, pClientData->password, MAX_PASSWORD_SIZE); + + memcpy(sendData.dataBlock, pClientData->dataBlock, MAX_SEND_DATA_SIZE); + + if((sockfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) + { + LOGE("Error in function socket()..\n"); + recvData.result = SSA_SOCKET_ERROR; // ipc error + goto Error_exit; + } + + tempSockLen = strlen(SS_SOCK_PATH); + + bzero(&clientaddr, sizeof(clientaddr)); + clientaddr.sun_family = AF_UNIX; + strncpy(clientaddr.sun_path, SS_SOCK_PATH, tempSockLen); + clientaddr.sun_path[tempSockLen] = '\0'; + clientLen = sizeof(clientaddr); + + if(connect(sockfd, (struct sockaddr*)&clientaddr, clientLen) < 0) + { + LOGE("Error in function connect()..\n"); + recvData.result = SSA_SOCKET_ERROR; // ipc error + goto Error_close_exit; + } + + if(write(sockfd, (char*)&sendData, sizeof(sendData)) < 0) + { + LOGE("Error in function write()..\n"); + recvData.result = SSA_SOCKET_ERROR; // ipc error + goto Error_close_exit; + } + + read_len = read(sockfd, (char*)&recvData, sizeof(recvData)); + if(read_len < 0) + { + LOGE("Error in function read()..\n"); + recvData.result = SSA_SOCKET_ERROR; // ipc error + goto Error_close_exit; + } + +Error_close_exit: + close(sockfd); + +Error_exit: + return recvData; +} diff --git a/src/client/src/ss_manager.c b/src/client/src/ss_manager.c new file mode 100644 index 0000000..3617160 --- /dev/null +++ b/src/client/src/ss_manager.c @@ -0,0 +1,194 @@ +/* + * secure storage + * + * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Kidong Kim <kd0228.kim@samsung.com> + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#include "secure_storage.h" +#include "ss_client_intf.h" + +#ifndef SS_API +#define SS_API __attribute__((visibility("default"))) +#endif +SS_API +int ssa_put(const char* pDataName, const char* pDataBlock, size_t inDataBlockLen, const char* pGroupId, const char* pPassword) +{ + int ret = 0; + + if(pPassword && (strlen(pPassword) > MAX_PASSWORD_SIZE)) + { + LOGE("Invalid input argument."); + return SSA_PARAM_ERROR; + } + + if(!pDataName || !pDataBlock) + { + LOGE("Invalid input argument."); + return SSA_PARAM_ERROR; + } + + if(inDataBlockLen <= 0 || inDataBlockLen > MAX_SEND_DATA_SIZE) + { + LOGE("Invalid input argument."); + return SSA_PARAM_ERROR; + } + + ret = SsClientPutData(pDataName, pDataBlock, inDataBlockLen, pGroupId, pPassword); + + return ret; +} + +SS_API +int ssa_get(const char* pDataName, char** ppOutDataBlock, const char* pGroupId, const char* pPassword) +{ + int ret = 0; + + if(pPassword && (strlen(pPassword) > MAX_PASSWORD_SIZE)) + { + LOGE("Invalid input argument."); + return SSA_PARAM_ERROR; + } + + if(!pDataName) + { + LOGE("Invalid input argument."); + return SSA_PARAM_ERROR; + } + + ret = SsClientGetData(pDataName, ppOutDataBlock, pGroupId, pPassword); + return ret; +} + + +SS_API +int ssa_delete(const char* pDataName, const char* pGroupId) +{ + int ret = 0; + + if(!pDataName) + { + LOGE("Invalid input argument."); + return SSA_PARAM_ERROR; + } + + ret = SsClientDeleteData(pDataName, pGroupId); + + return ret; +} + +SS_API +int ssa_encrypt(const char* pInDataBlock, size_t inDataBlockLen, char** ppOutDataBlock, const char* pPassword) +{ + int ret = 0; + int outLen = 0; + char* pKey = "0123456789abcdef0123456789abcdef"; // to be changed + + if(pPassword && (strlen(pPassword) > MAX_PASSWORD_SIZE)) + { + LOGE("Invalid input argument."); + return SSA_PARAM_ERROR; + } + + if(!pInDataBlock || inDataBlockLen == 0 || inDataBlockLen > MAX_SEND_DATA_SIZE) + { + LOGE("Invalid input argument."); + return SSA_PARAM_ERROR; + } + + ret = DoCipher(pInDataBlock, inDataBlockLen, ppOutDataBlock, &outLen, pKey, pKey, 1); // iv have to changed + if(ret != 1) + { + return SSA_CIPHER_ERROR; + } + + return outLen; +} + + +SS_API +int ssa_decrypt(const char* pInDataBlock, size_t inDataBlockLen, char** ppOutDataBlock, const char* pPassword) +{ + int ret = 0; + int outLen = 0; + char* pKey = "0123456789abcdef0123456789abcdef"; // to be changed + + if(pPassword && (strlen(pPassword) > MAX_PASSWORD_SIZE)) + { + LOGE("Invalid input argument."); + return SSA_PARAM_ERROR; + } + + if(!pInDataBlock || inDataBlockLen == 0) + { + LOGE("Invalid input argument."); + return SSA_PARAM_ERROR; + } + + ret = DoCipher(pInDataBlock, inDataBlockLen, ppOutDataBlock, &outLen, pKey, pKey, 0); // iv have to changed + if(ret != 1) + { + return SSA_CIPHER_ERROR; + } + + return outLen; +} + +SS_API +int ssa_encrypt_web_application(const char* pAppId, int idLen, const char* pData, int dataLen, char** ppEncryptedData, int isPreloaded) +{ + int result = 0; + + if(!pData || dataLen ==0 || !pAppId || idLen == 0) + { + LOGE("Parameter error"); + return SSA_PARAM_ERROR; + } + + result = SsEncryptWebApplication(pAppId, idLen, pData, dataLen, ppEncryptedData, isPreloaded); + SECURE_LOGD("result = %d", result); + + return result; +} + + +SS_API +int ssa_decrypt_web_application(const char* pData, int dataLen, char** ppDecryptedData, int isPreloaded) +{ + int result = 0; + + if(!pData || dataLen == 0) + { + if(pData == NULL) + LOGE("pData is null"); + else + LOGE("dataLen is null [%d]", dataLen); + + LOGE("Parameter error"); + return SSA_PARAM_ERROR; + } + + result = SsDecryptWebApplication(pData, dataLen, ppDecryptedData, isPreloaded); + SECURE_LOGD("result = %d", result); + + return result; +} diff --git a/src/server/CMakeLists.txt b/src/server/CMakeLists.txt new file mode 100644 index 0000000..72e36b5 --- /dev/null +++ b/src/server/CMakeLists.txt @@ -0,0 +1,42 @@ +PKG_CHECK_MODULES(SS_SERVER_DEP + REQUIRED + capi-base-common + dlog + libsystemd-daemon + sqlite3 + db-util + security-server + ) + +SET(SS_SERVER_PATH ${CMAKE_CURRENT_SOURCE_DIR}/secure-storage) +SET(PRNG_PATH ${CMAKE_CURRENT_SOURCE_DIR}/prng) + +SET(SS_SERVER_SOURCES + ${SS_SERVER_PATH}/src/ss_server_ipc.c + ${SS_SERVER_PATH}/src/ss_server_main.c + ${PRNG_PATH}/src/ss_prng.c + ) + +SET_SOURCE_FILES_PROPERTIES( + ${SS_SERVER_SOURCES} + PROPERTIES + COMPILE_FLAGS "-D_GNU_SOURCE -fvisibility=hidden -fPIE" + ) + +INCLUDE_DIRECTORIES( + SYSTEM + ${SS_SERVER_DEP_INCLUDE_DIRS} + ${PROJECT_SOURCE_DIR}/include + ${SS_SERVER_PATH}/include + ${PRNG_PATH}/include + ) + +ADD_EXECUTABLE(${TARGET_SS_SERVER} ${SS_SERVER_SOURCES}) + +TARGET_LINK_LIBRARIES(${TARGET_SS_SERVER} + ${SS_SERVER_DEP_LIBRARIES} + -ldl + -pie + ) + +INSTALL(TARGETS ${TARGET_SS_SERVER} DESTINATION bin) diff --git a/prng/include/ss_prng.h b/src/server/prng/include/ss_prng.h index 9e54712..4ff334b 100755..100644 --- a/prng/include/ss_prng.h +++ b/src/server/prng/include/ss_prng.h @@ -39,7 +39,8 @@ #ifndef __SS_PRNG__ #define __SS_PRNG__ -#define LOG_TAG "SECURE_STORAGE" +#include "secure_storage.h" + struct evp_cipher_st; diff --git a/prng/include/ss_prng_impl.h b/src/server/prng/include/ss_prng_impl.h index 217d938..54972d8 100755..100644 --- a/prng/include/ss_prng_impl.h +++ b/src/server/prng/include/ss_prng_impl.h @@ -34,7 +34,6 @@ #ifndef __SS_INTERNAL_PRNG_IMPL__ #define __SS_INTERNAL_PRNG_IMPL__ -#include <dlog.h> #include "ss_prng.h" typedef unsigned char byte; diff --git a/prng/src/ss_prng.c b/src/server/prng/src/ss_prng.c index 46019c5..f9d3a01 100755..100644 --- a/prng/src/ss_prng.c +++ b/src/server/prng/src/ss_prng.c @@ -24,7 +24,7 @@ #include <sys/timeb.h> #include <openssl/crypto.h> #include <openssl/evp.h> -#include "ss_prng_impl.h" +#include <ss_prng_impl.h> void DestroyPrngContext(PrngContext* pPrng) { @@ -195,8 +195,6 @@ int GenerateRandomBytes(PrngContext* prng, PrngByteBuffer* pSeed) EVP_CIPHER_CTX cipherCtx; const EVP_CIPHER* pEncryptionAlgorithm = NULL; - EVP_CIPHER_CTX_init(&cipherCtx); - if (pSeed != NULL) { pDt = (byte*)pSeed->pBuffer; diff --git a/server/non-tz/include/ss_server_ipc.h b/src/server/secure-storage/include/ss_server_ipc.h index 4245508..771704f 100644 --- a/server/non-tz/include/ss_server_ipc.h +++ b/src/server/secure-storage/include/ss_server_ipc.h @@ -3,8 +3,6 @@ * * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved * - * Contact: Kidong Kim <kd0228.kim@samsung.com> - * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -19,13 +17,4 @@ * */ - -/* - * Declare new function - * - * @name: SsServerComm - * @parameter: void - * @return type: void - */ void SsServerComm(void); -char* get_key_file_path(void); diff --git a/src/server/secure-storage/include/ss_server_main.h b/src/server/secure-storage/include/ss_server_main.h new file mode 100644 index 0000000..c469104 --- /dev/null +++ b/src/server/secure-storage/include/ss_server_main.h @@ -0,0 +1,29 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Kidong Kim <kd0228.kim@samsung.com> + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include "ss_manager.h" + +int SsServerPutData(int sockfd, const char* pDataName, const char* pData, int dataLen, const char* pGroupId, const char* pPassword,int enablePassword); +int SsServerGetData(int sockfd, const char* pDataName, const char* pGroupId, const char* pPassword, int enablePassword, char*pOutData); +int SsServerDeleteData(int sockfd, const char* pDataName, const char* pGroupId); +int SsServerEncryptData(int sockfd, const char* pInData, int inDataLen, const char* pPassword, int enablePassword, char* pOutData); +int SsServerDecryptData(int sockfd, const char* pInData, int inDataLen, const char* pPassword, int enablePassword, char* pOutData); + +int SsServerGetDuk(int client_sockfd, char* pBuffer, int* pBufferLen, char* pAppId, unsigned int flag); +int SsServerGetSalt(int client_sockfd, char* pBuffer, int* pBufferLen, int encryptionMode); diff --git a/src/server/secure-storage/src/ss_server_ipc.c b/src/server/secure-storage/src/ss_server_ipc.c new file mode 100644 index 0000000..85af1e7 --- /dev/null +++ b/src/server/secure-storage/src/ss_server_ipc.c @@ -0,0 +1,274 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Contact: Kidong Kim <kd0228.kim@samsung.com> + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <signal.h> +#include <unistd.h> +#include <sys/un.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/socket.h> +#include <sys/time.h> +#include <sys/select.h> +#include <sys/ioctl.h> +#include <errno.h> +#include <dirent.h> +#include <fcntl.h> +#include <systemd/sd-daemon.h> + +#include "secure_storage.h" +#include "ss_server_ipc.h" +#include "ss_server_main.h" + +#define CONF_FILE_PATH "/usr/share/secure-storage/config" +#define KEY_SIZE 16 +#define TIMEOUT_SEC 60 +#define TIMEOUT_USEC 0 + +/* for executing coverage tool (2009-04-03) */ +void SigHandler(int signo) +{ + SLOGI("Got Signal %d", signo); + exit(1); +} +/* end */ + +int GetSocketFromSystemd(int* pSockfd) +{ + int n = sd_listen_fds(0); + int fd; + + for (fd = SD_LISTEN_FDS_START; fd < SD_LISTEN_FDS_START + n; ++fd) { + if (sd_is_socket_unix(fd, SOCK_STREAM, 1, SS_SOCK_PATH, 0) > 0) { + SLOGD("Get socket from systemd. fd[%d]", fd); + *pSockfd = fd; + return 1; + } + } + return 0; +} + +void SsServerComm(void) +{ + int server_sockfd = 0, client_sockfd = 0; + int read_len = 0; + int client_len = 0; + struct sockaddr_un clientaddr; + int ret = 0; + + RequestData recv_data = {0, }; + ResponseData send_data = {0, }; + + if (!GetSocketFromSystemd(&server_sockfd)) { + SLOGE("Failed to get sockfd from systemd."); + return; + } + + client_len = sizeof(clientaddr); + + signal(SIGINT, (void*)SigHandler); + + fd_set fd; + struct timeval tv; + while (1) { + errno = 0; + + FD_ZERO(&fd); + FD_SET(server_sockfd, &fd); + + tv.tv_sec = TIMEOUT_SEC; + tv.tv_usec = TIMEOUT_USEC; + + ret = select(server_sockfd + 1, &fd, NULL, NULL, &tv); + if (ret == 0) { // timeout + SLOGD("ss-server timeout. exit."); + break; + } + + if (ret == -1) { + SLOGE("select() error."); + break; + } + + if((client_sockfd = accept(server_sockfd, (struct sockaddr*)&clientaddr, (socklen_t*)&client_len)) < 0) { + SLOGE("Error in function accept()..[%d, %d]", client_sockfd, errno); + send_data.result = SSA_SOCKET_ERROR; // ipc error + goto Error_close_exit; + } + + SLOGD("ss-server Accept! client sock[%d]", client_sockfd); + + read_len = read(client_sockfd, (char*)&recv_data, sizeof(recv_data)); + if (read_len < 0) { + SLOGE("Error in function read().."); + send_data.result = SSA_SOCKET_ERROR; // ipc error + goto Error_close_exit; + } + + switch (recv_data.reqType) { + case PUT_DATA: + { + SLOGD("ssa_put() called"); + send_data.result = SsServerPutData(client_sockfd, recv_data.dataName, recv_data.dataBlock, recv_data.dataBlockLen, recv_data.groupId, recv_data.password, recv_data.enablePassword); + ret = write(client_sockfd, (char*)&send_data, sizeof(send_data)); + break; + } + + case GET_DATA: + { + SLOGD("ssa_get() called"); + send_data.result = SsServerGetData(client_sockfd, recv_data.dataName, recv_data.groupId, recv_data.password, recv_data.enablePassword, send_data.dataBlock); + send_data.dataBlockLen = send_data.result; + ret = write(client_sockfd, (char*)&send_data, sizeof(send_data)); + break; + } + + case DELETE_DATA: + { + SLOGD("ssa_delete() called"); + send_data.result = SsServerDeleteData(client_sockfd, recv_data.dataName, recv_data.groupId); + ret = write(client_sockfd, (char*)&send_data, sizeof(send_data)); + break; + } + + case ENCRYPT_DATA: + { + SLOGD("ssa_encrypt() called"); + send_data.result = SsServerEncryptData(client_sockfd, recv_data.dataBlock, recv_data.dataBlockLen, recv_data.password, recv_data.enablePassword, send_data.dataBlock); + send_data.dataBlockLen = send_data.result; + ret = write(client_sockfd, (char*)&send_data, sizeof(send_data)); + break; + } + + case DECRYPT_DATA: + { + SLOGD("ssa_decrypt() called"); + send_data.result = SsServerDecryptData(client_sockfd, recv_data.dataBlock, recv_data.dataBlockLen, recv_data.password, recv_data.enablePassword, send_data.dataBlock); + send_data.dataBlockLen = send_data.result; + ret = write(client_sockfd, (char*)&send_data, sizeof(send_data)); + break; + } + + case GET_DUK: + { + SLOGD("ssa_get_duk() called, recv.DataBlock : %s, encrypted mode : %d", recv_data.dataBlock, recv_data.encryptionMode); + //send_data.result = SsServerGetDuk(send_data.dataBlock, &send_data.dataBlockLen); + send_data.result = SsServerGetDuk(client_sockfd, send_data.dataBlock, &(send_data.dataBlockLen), recv_data.dataBlock, recv_data.encryptionMode); // from old code + SLOGD("GET_DUK result : %d", send_data.result); + ret = write(client_sockfd, (char*)&send_data, sizeof(send_data)); + break; + } + + case GET_SALT: + { + SLOGD("ssa_get_salt() called"); + send_data.result = SsServerGetSalt(client_sockfd, send_data.dataBlock, &send_data.dataBlockLen, recv_data.encryptionMode); + ret = write(client_sockfd, (char*)&send_data, sizeof(send_data)); + break; + } + + default: + SLOGE("Input error..Please check request type"); + break; + } + + if (ret <= 0) { + SLOGE("write failed :%d, errno %d try once", ret, errno); + ret = write(client_sockfd, (char*)&send_data, sizeof(send_data)); + SLOGE("retry result :%d, errno %d", ret, errno); + } + + close(client_sockfd); + } + +Error_close_exit: + close(server_sockfd); + + if(client_sockfd >= 0) + { + ret = write(client_sockfd, (char*)&send_data, sizeof(send_data)); + close(client_sockfd); + } + else + SLOGE("cannot connect to client socket."); + + SLOGI("SsServerComm Done."); +} + +void PutSalt() +{ + FILE* pSalt = NULL; + + if (access(SALT_PATH, F_OK) == -1) { + SLOGD("salt doesn't exist. It should be in secure-storage already."); + return 0; + } + + if (!(pSalt = fopen(SALT_PATH, "rb"))) { + SLOGD("No salt file. Maybe it's already saved and removed."); + return; + } + + char saltData[SALT_SIZE] = {0,}; + int readLen = fread(saltData, 1, SALT_SIZE, pSalt); + if (readLen != SALT_SIZE) { + SLOGE("Failed to read salt [read length = %d]", readLen); + fclose(pSalt); + return; + } + + fclose(pSalt); + + int result = 0; + int retryCount = 3; + while (1) { + result = SsServerPutData(-1, SALT_NAME, saltData, SALT_SIZE, "NOTUSED", NULL, 0); + if (result < 0) { + SLOGE("Failed to put salt [error code = %d]", result); + if (retryCount > 0) { + SLOGE("Remaining retry count to put data [%d]", retryCount); + retryCount--; + sleep(1); + continue; + } + return; + } + + if (unlink(SALT_PATH) != 0) { + SLOGE("unlink fail"); + return; + } + break; + } +} + +int main(void) +{ + SLOGI("Secure Storage Server Start.."); + + SLOGI("PutSalt start"); + PutSalt(); + + SLOGI("SsServerComm start"); + SsServerComm(); + + SLOGI("Secure Storage Server End.."); + return 0; +} diff --git a/src/server/secure-storage/src/ss_server_main.c b/src/server/secure-storage/src/ss_server_main.c new file mode 100644 index 0000000..6ac544a --- /dev/null +++ b/src/server/secure-storage/src/ss_server_main.c @@ -0,0 +1,1294 @@ +/* + * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include <stdlib.h> +#include <string.h> +#include <math.h> +#include <fcntl.h> +#include <sys/stat.h> +#include <sys/types.h> +#include <sys/time.h> +#include <unistd.h> +#include <dirent.h> +#include <errno.h> + +#include <openssl/hmac.h> +#include <openssl/aes.h> +#include <openssl/sha.h> +#include <openssl/evp.h> + +#include <security-server/security-server.h> + +#include "secure_storage.h" + +#include "ss_server_ipc.h" +#include "ss_server_main.h" + +#define ENCRYPT_SIZE 1024 +#define DUK_SIZE 16 +#define DUK_SALT_SIZE 32 +#define ITERATE_NUM 1 +#define SECURE_STORAGE_NAME "secure-storage" +#define CONF_FILE_PATH "/usr/share/secure-storage/config" + +void printData(const char* pLogName, const char* pData, int dataLen) +{ +#ifdef PRINT_DEBUG_DATA + int i=0; + int j=0; + int count=0; + + SECURE_SLOGI("========== %s, Lengh=%d ==========", pLogName, dataLen); + if(dataLen % 4 == 0) + count = dataLen/4; + else + count = dataLen/4+1; + + for(i=j=0; j<count; i=i+4, j++) + SECURE_SLOGI("[%d]= %02x [%d]=%02x [%d]=%02x [%d]=%02x", i, pData[i], i+1, pData[i+1], i+2, pData[i+2], i+3, pData[i+3]); + SECURE_SLOGI("========================"); +#else + (void) pLogName; + (void) pData; + (void) dataLen; +#endif +} + +/* + * salt is dummy in platform (0xFF * size) and iterates only once + * + * [in] id : used as pwd + * + * return DUK with size keyLen + */ +char *GetDummyDeviceUniqueKey(const char *id, size_t keyLen) +{ + unsigned char *duk = NULL; + unsigned char salt[DUK_SALT_SIZE]; + + memset(salt, 0xFF, DUK_SALT_SIZE); + + duk = (unsigned char *)malloc(sizeof(unsigned char) * (keyLen + 1)); + if (duk == NULL) { + SECURE_SLOGE("Failed to alloc memory"); + return NULL; + } + + PKCS5_PBKDF2_HMAC_SHA1( + id, + strlen(id), + salt, + DUK_SALT_SIZE, + ITERATE_NUM, + keyLen, + duk); + + duk[keyLen] = 0; + + return (char *)duk; +} + +static const char Base64EncodingTable[] = { + 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', + 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', + 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', + 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', + 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', + 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', + 'w', 'x', 'y', 'z', '0', '1', '2', '3', + '4', '5', '6', '7', '8', '9', '+', '/' +}; + +int IsSmackEnabled() +{ + FILE *file = fopen("/smack/load2", "r"); + if (file == NULL) + return 0; + + fclose(file); + + return 1; +} + +int IsDirExist(const char* dirpath) +{ + DIR* dp = opendir(dirpath); + + if (dp == NULL) { + SECURE_SLOGD("directory [%s] is not exist.", dirpath); + return 0; + } + + closedir(dp); + return 1; +} + +int CreateStorageDir(const char* path) +{ + if (IsDirExist(path)) + return 0; + + SECURE_SLOGD("Make directory [%s]", path); + + if (mkdir(path, 0700) < 0) { + SLOGE("[%s] cannot be made", SS_STORAGE_DEFAULT_PATH); + return SSA_IO_ERROR; + } + + return 0; +} + +int check_privilege_by_sockfd(int sockfd, const char* object, const char* access_rights) +{ + int ret = -1; // if success, return 0 + const char* private_group_id = PRIVATE_GROUP_ID; + char* default_smack_label = NULL; + const char* group_id = object; + + if(!IsSmackEnabled()) + { + return 0; + } + + if(!strncmp(group_id, private_group_id, strlen(private_group_id))) + { + SECURE_SLOGD("requested default group_id. get smack label"); + default_smack_label = security_server_get_smacklabel_sockfd(sockfd); + if(default_smack_label) + { + SECURE_SLOGD("defined smack label : %s", default_smack_label); + group_id = default_smack_label; + } + else + { + SLOGD("failed to get smack label"); + return -1; + } + } + + SECURE_SLOGD("object : %s, access_rights : %s", group_id, access_rights); + ret = security_server_check_privilege_by_sockfd(sockfd, group_id, access_rights); + + if(default_smack_label) + { + free(default_smack_label); + } + + return ret; +} + +int GetProcessSmackLabel(int sockfd, char* proc_smack_label) +{ + char* smack_label = security_server_get_smacklabel_sockfd(sockfd); + if(smack_label && strlen(smack_label) < MAX_GROUP_ID_SIZE) + { + strncpy(proc_smack_label, smack_label, MAX_GROUP_ID_SIZE); + free(smack_label); + } + else + { + SLOGE("failed to get smack label"); + if(smack_label) + free(smack_label); + return -1; // SS_SECURITY_SERVER_ERROR? + } + SECURE_SLOGD("defined smack label : %s", proc_smack_label); + return 0; +} + +/* aes crypto function wrapper - p_text : plain text, c_text : cipher text, aes_key : from GetKey, mode : ENCRYPT/DECRYPT, size : data size */ +unsigned char* AES_Crypto(unsigned char* p_text, unsigned char* c_text, char* aes_key, unsigned char* iv, int mode, unsigned long size) +{ + AES_KEY e_key, d_key; + + AES_set_encrypt_key((unsigned char*)aes_key, 128, &e_key); + AES_set_decrypt_key((unsigned char*)aes_key, 128, &d_key); + + if(mode == 1) + { + AES_cbc_encrypt(p_text, c_text, size, &e_key, iv, AES_ENCRYPT); + return c_text; + } + else + { + AES_cbc_encrypt(c_text, p_text, size, &d_key, iv, AES_DECRYPT); + return p_text; + } +} + +int SsServerGetDuk(int client_sockfd, char* pBuffer, int* pBufferLen, char* pAppId, unsigned int flag) +{ + char* pDuk = NULL; + char* pSmackLabel = NULL; + + if(!IsSmackEnabled()) + { + pSmackLabel = (char*)calloc(8, 1); + if (!pSmackLabel) { + SLOGE("Failed to allocate memory"); + return SSA_OUT_OF_MEMORY; + } + memcpy(pSmackLabel, "NOSMACK", 7); + } + + else + { + if(flag == 0) + { + pSmackLabel = security_server_get_smacklabel_sockfd(client_sockfd); + if(!pSmackLabel) + { + SLOGE("failed to get smack label"); + return SSA_SECURITY_SERVER_ERROR; + } + } + + else + { + pSmackLabel = (char*)calloc(strlen(pAppId)+1,1); + if (!pSmackLabel) { + SLOGE("Failed to allocate memory"); + return SSA_OUT_OF_MEMORY; + } + memcpy(pSmackLabel, pAppId, strlen(pAppId)); + } + } + + SECURE_SLOGD("smack label = %s, smack label length = %d", pSmackLabel, strlen(pSmackLabel)); + + pDuk = GetDummyDeviceUniqueKey(pSmackLabel, DUK_SIZE * 2); + if (pDuk == NULL) { + SLOGE("failed to get duk"); + free(pSmackLabel); + *pBufferLen = 0; + return SSA_CIPHER_ERROR; + } + + printData("Duk", pDuk, DUK_SIZE); + + memcpy(pBuffer, pDuk, DUK_SIZE); + *pBufferLen = DUK_SIZE; + free(pSmackLabel); + free(pDuk); + + return *pBufferLen; +} + +int SsServerGetSalt(int sockfd, char* pBuffer, int* pBufferLen, int encryptionMode) +{ + char* pSmackLabel = NULL; + char salt[SALT_SIZE + 16] = {0,}; + int result = 0; + + result = SsServerGetData(-1, SALT_NAME, PRIVATE_GROUP_ID, NULL, 0, salt); + if(result < 0) + { + SLOGE("Faild to get salt from secure storage [result = %d]", result); + return result; + } + if(encryptionMode) + { + memcpy(pBuffer, salt, SALT_SIZE); + *pBufferLen = SALT_SIZE; + } + else + { + pSmackLabel = security_server_get_smacklabel_sockfd(sockfd); + if(!pSmackLabel) + { + SLOGE("Failed to get smack label"); + return SSA_SECURITY_SERVER_ERROR; + } + SECURE_SLOGD("smack lebel = %s, smack label length = %d", pSmackLabel, strlen(pSmackLabel)); + + memcpy(pBuffer, pSmackLabel, strlen(pSmackLabel)); + memset(pBuffer + strlen(pSmackLabel), 0, MAX_APPID_SIZE - strlen(pSmackLabel)); + memcpy(pBuffer + MAX_APPID_SIZE, salt, SALT_SIZE); + *pBufferLen = MAX_APPID_SIZE + SALT_SIZE; + free(pSmackLabel); + } + + return 1; +} + + +int CheckGroupId(const char* pGroupId) +{ + const char* pPreGroupId = "secure-storage::"; + + if(!strncmp(pGroupId, pPreGroupId, strlen(pPreGroupId))) + { + SLOGD("Valid group id"); + return 1; + } + + SLOGD("Invalid group Id [%s]", pGroupId); + return 0; +} + +__attribute__((visibility("hidden"))) +int DoCipher(const char* pInputBuf, int inputLen, char** ppOutBuf, int* pOutBufLen, char* pKey, char* iv, int encryption) +{ + struct evp_cipher_st* pCipherAlgorithm = NULL; + EVP_CIPHER_CTX cipherCtx; + int tempLen = 0; + int result = 0; + int finalLen = 0; + + printData("DoCipher key", pKey, 16); + printData("DoCipher iv", iv, 16); + printData("DoCipehr inData", pInputBuf, inputLen); + + pCipherAlgorithm = (struct evp_cipher_st*)EVP_aes_128_cbc(); + tempLen = (int)((inputLen / pCipherAlgorithm->block_size + 1) * pCipherAlgorithm->block_size); + + *ppOutBuf = (char*)calloc(tempLen, 1); + EVP_CIPHER_CTX_init(&cipherCtx); + + result = EVP_CipherInit(&cipherCtx, pCipherAlgorithm, (const unsigned char*)pKey, (const unsigned char *)iv, encryption); + if(result != 1) + { + SLOGE("[%d] EVP_CipherInit failed", result); + goto Error; + } + + result = EVP_CIPHER_CTX_set_padding(&cipherCtx, 1); + if(result != 1) + { + SLOGE("[%d] EVP_CIPHER_CTX_set_padding failed", result); + goto Error; + } + + //cipher update operation + result = EVP_CipherUpdate(&cipherCtx, (unsigned char*)*ppOutBuf, pOutBufLen, (const unsigned char*)pInputBuf, inputLen); + if(result != 1) + { + SLOGE("[%d] EVP_CipherUpdate failed", result); + goto Error; + } + + //cipher final operation + result = EVP_CipherFinal(&cipherCtx, (unsigned char*)*ppOutBuf + *pOutBufLen, &finalLen); + if(result != 1) + { + SLOGE("[%d] EVP_CipherFinal failed", result); + goto Error; + } + *pOutBufLen = *pOutBufLen + finalLen; + + printData("DoCipehr outData", (*ppOutBuf), *pOutBufLen); + + goto Last; +Error: + result = SSA_CIPHER_ERROR; + free(*ppOutBuf); + +Last: + EVP_CIPHER_CTX_cleanup(&cipherCtx); + if((result != 1)) + result = SSA_CIPHER_ERROR; + + return result; +} + +// not use +char* GenerateDataName(int sockfd, const char* pDataName, const char* pGroupId) +{ + SLOGD("GenerateDataName sockfd : %d, pDataName : %s, pGroupId : %s", sockfd, pDataName, pGroupId); + + char* pConvertedDataName = NULL; + const char* pNotUsed = PRIVATE_GROUP_ID; + const char* pSalt = "salt"; + const char* pDuk = "duk"; + + if(sockfd == -1) + { + pConvertedDataName = (char*)calloc(1, strlen(pDataName)+1); + if (!pConvertedDataName) { + SLOGE("Failed to allocate memory"); + return NULL; + } + memcpy(pConvertedDataName, pDataName, strlen(pDataName)); + } + else + { + //for test + if(!(strncmp(pDataName, pSalt, strlen(pSalt)))) + { + char* pSmackLabel = NULL; + char* pTestApp = "ssa-test-util"; + + pSmackLabel = security_server_get_smacklabel_sockfd(sockfd); + if(!pSmackLabel) + { + SLOGE("Failed to get smack label"); + return NULL; + } + + if(!(strncmp(pSmackLabel, pTestApp, strlen(pTestApp)))) + { + free(pSmackLabel); + pSmackLabel = NULL; + + pConvertedDataName = (char*)calloc(1, strlen(pSalt)+1); + if (!pConvertedDataName) { + SLOGE("Failed to allocate memory"); + return NULL; + } + + memcpy(pConvertedDataName, pSalt, strlen(pSalt)); + return pConvertedDataName; + } + free(pSmackLabel); + } + + if(!(strncmp(pDataName, pDuk, strlen(pDuk)))) + { + char* pSmackLabel = NULL; + char* pTestApp = "ssa-test-util"; + + pSmackLabel = security_server_get_smacklabel_sockfd(sockfd); + if(!pSmackLabel) + { + SLOGE("Failed to get smack label"); + return NULL; + } + + if(!(strncmp(pSmackLabel, pTestApp, strlen(pTestApp)))) + { + free(pSmackLabel); + pSmackLabel = NULL; + + pConvertedDataName = (char*)calloc(1, strlen(pDuk)+1); + if (!pConvertedDataName) { + SLOGE("Failed to allocate memory"); + return NULL; + } + + memcpy(pConvertedDataName, pDuk, strlen(pDuk)); + return pConvertedDataName; + } + free(pSmackLabel); + } + //end test + + if(strncmp(pGroupId, pNotUsed, strlen(pNotUsed))) + { + if(!CheckGroupId(pGroupId)) + { + SLOGD("Invalid Group ID [%s]", pGroupId); + return NULL; + } + + pConvertedDataName = (char*)calloc(1, strlen(pDataName)+strlen(pGroupId)+DELIMITER_SIZE+1); + if (!pConvertedDataName) { + SLOGE("Failed to allocate memory"); + return NULL; + } + memcpy(pConvertedDataName, pGroupId, strlen(pGroupId)); + memcpy(pConvertedDataName + strlen(pGroupId), DELIMITER, DELIMITER_SIZE); + memcpy(pConvertedDataName + strlen(pGroupId) + DELIMITER_SIZE, pDataName, strlen(pDataName)); + } + else + { + char* pSmackLabel = NULL; + + pSmackLabel = security_server_get_smacklabel_sockfd(sockfd); + if (!pSmackLabel) { + SLOGE("Failed to get smack label"); + return NULL; + } + + SECURE_SLOGD("defined smack label : %s", pSmackLabel); + pConvertedDataName = (char*)calloc(1, strlen(pDataName)+strlen(pSmackLabel)+DELIMITER_SIZE+1); + if (!pConvertedDataName) { + free(pSmackLabel); + SLOGE("Failed to allocate memory"); + return NULL; + } + + memcpy(pConvertedDataName, pSmackLabel, strlen(pSmackLabel)); + memcpy(pConvertedDataName + strlen(pSmackLabel), DELIMITER, DELIMITER_SIZE); + memcpy(pConvertedDataName + strlen(pSmackLabel) + DELIMITER_SIZE, pDataName, strlen(pDataName)); + free(pSmackLabel); + } + } + + return pConvertedDataName; +} + +// use group_id if it is given else, use default label +char* GenerateStorageName(int sockfd, const char* pGroupId) +{ + SECURE_SLOGD("GenerateDataName sockfd : %d, pGroupId : %s", sockfd, pGroupId); + + char* pConvertedDataName = NULL; + const char* pNotUsed= PRIVATE_GROUP_ID; + + if(sockfd == -1) // return default storage(or make secure-storage?) + { + pConvertedDataName = (char*)calloc(1, strlen(SECURE_STORAGE_NAME)+1); + if (!pConvertedDataName) { + SLOGE("Failed to allocate memory"); + return NULL; + } + memcpy(pConvertedDataName, SECURE_STORAGE_NAME, strlen(SECURE_STORAGE_NAME)); + } + else + { + if(strncmp(pGroupId, pNotUsed, strlen(pNotUsed))) + { + if(!CheckGroupId(pGroupId)) + { + SLOGD("Invalid Group ID [%s]", pGroupId); + return NULL; + } + + pConvertedDataName = (char*)calloc(1, strlen(pGroupId) + 1); + if (!pConvertedDataName) { + SLOGE("Failed to allocate memory"); + return NULL; + } + memcpy(pConvertedDataName, pGroupId, strlen(pGroupId)); + } + else + { + char* pSmackLabel = NULL; + + pSmackLabel = security_server_get_smacklabel_sockfd(sockfd); + if (!pSmackLabel) { + SLOGD("failed to get smack label"); + return NULL; + } + + SECURE_SLOGD("defined smack label : %s", pSmackLabel); + pConvertedDataName = (char*)calloc(1, strlen(pSmackLabel) + 1); + if (!pConvertedDataName) { + free(pSmackLabel); + SLOGE("Failed to allocate memory"); + return NULL; + } + + memcpy(pConvertedDataName, pSmackLabel, strlen(pSmackLabel)); + free(pSmackLabel); + } + } + + SECURE_SLOGD("StorageName : %s", pConvertedDataName); + + return pConvertedDataName; +} + +char* Base64Encoding(char* pData, size_t size) +{ + char* pEncodedBuf = NULL; + char* pPointer = NULL; + char* pLength = NULL; + unsigned char pInput[3] = {0,0,0}; + unsigned char poutput[4] = {0,0,0,0}; + int index = 0; + int loopCnt = 0; + int stringCnt = 0; + int sizeEncodedString = 0; + + pLength = pData + size - 1; + sizeEncodedString = (4 * (size / 3)) + (size % 3 ? 4 : 0) + 1; + pEncodedBuf = (char*)calloc(sizeEncodedString, sizeof(char)); + if (!pEncodedBuf) { + SLOGE("Failed to allocate memory"); + return NULL; + } + + for (loopCnt = 0, pPointer = pData; pPointer <= pLength; loopCnt++, pPointer++) { + index = loopCnt % 3; + pInput[index] = *pPointer; + + if (index == 2 || pPointer == pLength) { + poutput[0] = ((pInput[0] & 0xFC) >> 2); + poutput[1] = ((pInput[0] & 0x3) << 4) | ((pInput[1] & 0xF0) >> 4); + poutput[2] = ((pInput[1] & 0xF) << 2) | ((pInput[2] & 0xC0) >> 6); + poutput[3] = (pInput[2] & 0x3F); + + pEncodedBuf[stringCnt++] = Base64EncodingTable[poutput[0]]; + pEncodedBuf[stringCnt++] = Base64EncodingTable[poutput[1]]; + pEncodedBuf[stringCnt++] = index == 0? '=' : Base64EncodingTable[poutput[2]]; + pEncodedBuf[stringCnt++] = index < 2? '=' : Base64EncodingTable[poutput[3]]; + + pInput[0] = pInput[1] = pInput[2] = 0; + } + } + + pEncodedBuf[stringCnt] = '\0'; + + return pEncodedBuf; +} + +char* HashAndBase64Encoding(char* pData) +{ + size_t outLen = 0; + char hashOut[HASH_SIZE] = {0,}; + + EVP_Digest(pData, strlen(pData), (unsigned char *)hashOut, &outLen, EVP_sha1(), NULL); + + return Base64Encoding(hashOut, outLen); +} + +// Replace whole delim char to dest from pName +char* ReplaceDelim(const char* pName, char pDelim, char pDestChar) +{ + int len = strlen(pName); + int i = 0; + + char* pOutStr = strdup(pName); + if (!pOutStr) { + SLOGE("Failed to strdup. out of memory."); + return NULL; + } + for(i=0; i<len; i++) + { + if(pOutStr[i] == pDelim) + { + pOutStr[i] = pDestChar; + } + } + + return pOutStr; +} + +int CreateDataFile(const char* pPath, const char *pMode) +{ + FILE *fd = fopen(pPath, pMode); + int ret = 0; + + if (fd == NULL) { + SECURE_SLOGE("File open error:(path) %s", pPath); + return SSA_IO_ERROR; + } + + ret = chmod(pPath, 0600); + + fclose(fd); + + if (ret < 0) { + SLOGE("chmod error"); + return SSA_IO_ERROR; + } + + return 0; +} + +int GetIv(char* pSrc, char* pIv, int srcLen) +{ + size_t outLen = 0; + if (EVP_Digest(pSrc, srcLen, (unsigned char *)pIv, &outLen, EVP_sha1(), NULL) != 1) { + SLOGE("Failed to get iv"); + return 0; + } + + return 1; +} + +int GenerateCipherKey(const char* pSeed, const char* pPassword, char** key, char** iv) +{ + char* pDuk = NULL; + char *passwordedSeed = NULL; + size_t seedLen = 0; + size_t pwLen = 0; + + if(!pSeed) + { + SLOGE("Invalid pramters"); + return SSA_CIPHER_ERROR; + } + + if(pPassword && strlen(pPassword) > 0) + { + // pSeed + pPassword + seedLen = strlen(pSeed); + pwLen = strlen(pPassword); + passwordedSeed = (char*)malloc(seedLen + pwLen + 1); + if(!passwordedSeed) + { + SLOGE("Failed to get memory allocation"); + return SSA_OUT_OF_MEMORY; + } + + memcpy(passwordedSeed, pSeed, seedLen); + memcpy(passwordedSeed+seedLen, pPassword, pwLen); + passwordedSeed[seedLen + pwLen] = 0; + + pDuk = GetDummyDeviceUniqueKey(passwordedSeed, DUK_SIZE); + free(passwordedSeed); + } + else + { + pDuk = GetDummyDeviceUniqueKey(pSeed, DUK_SIZE); + } + + if (pDuk == NULL) + { + SLOGE("failed to get duk"); + return SSA_CIPHER_ERROR; + } + + *key = pDuk; + *iv = (char*)malloc(DUK_SIZE); + + GetIv(*key, *iv, DUK_SIZE); + + return 0; +} + +int CipherData(const char* pData, int dataLen, const char* pPassword, const char* pSeed, char** ppOutData, int* outLen, int encrypt) +{ + if(!pData || !dataLen || !pSeed || !outLen) + { + SLOGE("Invalid Paramters"); + return SSA_PARAM_ERROR; + } + + char* key = NULL; + char* iv = NULL; + + if(GenerateCipherKey(pSeed, pPassword, &key, &iv) < 0) + { + SLOGE("Failed to get key"); + return SSA_CIPHER_ERROR; + } + + if(DoCipher(pData, dataLen, ppOutData, outLen, key, iv, encrypt) != 1) + { + SLOGE("Failed to encrypt data"); + free(key); + free(iv); + return SSA_CIPHER_ERROR; + } + + free(key); + free(iv); + + return 1; +} + +int WriteData(const char* pStoragePath, char* pData, int dataLen) +{ + FILE *fp = NULL; + if(!pStoragePath || !pData || !dataLen) + { + SLOGE("Invalid Paramters"); + return SSA_PARAM_ERROR; + } + + SECURE_SLOGD("Path : %s, dataLen : %d", pStoragePath, dataLen); + + if((fp = fopen(pStoragePath, "wb")) == NULL) + { + SLOGE("Failed to open file"); + return SSA_IO_ERROR; + } + + if((fwrite(pData, sizeof(char), dataLen, fp)) == 0) + { + SLOGE("Failed to store data"); + fclose(fp); + return SSA_IO_ERROR; + } + + if(fflush(fp) != 0) { + SLOGE("fail to execute fflush().\n"); + fclose(fp); + return SSA_IO_ERROR; + } + else { + if(fsync(fp->_fileno) == -1) { + SLOGE("fail to execute fsync().\n"); + fclose(fp); + return SSA_PARAM_ERROR; + } + } + + fclose(fp); + return 0; +} + +int ReadData(const char* pStoragePath, char** pData, int* dataLen) +{ + FILE *fp = NULL; + unsigned int size = 0; + int read_byte = 0; + + if(!pStoragePath || !pData || !dataLen) + { + SLOGE("Invalid Paramters"); + return SSA_PARAM_ERROR; + } + + if(!(fp = fopen(pStoragePath, "rb"))) + { + SECURE_SLOGE("File open error: %s", pStoragePath); + return SSA_PARAM_ERROR; + } + + if(fseek(fp, 0L, SEEK_END) < 0) + { + SECURE_SLOGE("Fseek error: in %s", pStoragePath); + fclose(fp); + return SSA_IO_ERROR; + } + + size = ftell(fp); + if((int)size < 1) + { + SECURE_SLOGE("Failed to get data size"); + fclose(fp); + return SSA_IO_ERROR; + } + fseek(fp, 0L, SEEK_SET); + + *pData = (char*)malloc(size * sizeof(char)); + if(*pData == NULL) + { + SLOGE("Failed to allocated memory!"); + fclose(fp); + return SSA_UNKNOWN_ERROR; + } + + read_byte = fread(*pData, 1, size, fp); + if(read_byte == 0) + { + SLOGE("Failed to read data"); + free(*pData); + fclose(fp); + return SSA_IO_ERROR; + } + + *dataLen = read_byte; + + fclose(fp); + return 0; +} + +int DeleteData(const char* pPath) +{ + FILE *fp = NULL; + int size = 0; + + if(!pPath) + { + SLOGE("Invalid Paramters"); + return SSA_PARAM_ERROR; + } + + if( access( pPath, F_OK ) != 0 ) + { + SLOGE("Can not find data"); + return SSA_PARAM_ERROR; + } + + if(!(fp = fopen(pPath, "rb"))) + { + SECURE_SLOGE("File open error: %s", pPath); + return SSA_IO_ERROR; + } + + if(fseek(fp, 0L, SEEK_END) < 0) + { + SECURE_SLOGE("Fseek error in %s", pPath); + fclose(fp); + return SSA_IO_ERROR; + } + + size = ftell(fp); + fseek(fp, 0L, SEEK_SET); + + if(unlink(pPath) != 0) + { + SLOGE("Failed to delete data"); + fclose(fp); + return SSA_IO_ERROR; + } + fclose(fp); + + return size; +} + + +int StoreDataToStorage(const char* pStorageName, const char* pDataName, const char* pData, int dataLen, const char *pPassword, const char* pSeed) +{ + char pDestPath[1024] = {0}; + char* pEncryptedData = NULL; + int encryptedDataLen = 0; + + snprintf(pDestPath, 1024, "%s/%s/", SS_STORAGE_DEFAULT_PATH, pStorageName); + if(CreateStorageDir(pDestPath) < 0) + { + return SSA_IO_ERROR; + } + + if (sizeof(pDestPath) < (strlen(pDataName) + strlen(pDestPath) + 1)) { + SLOGE("String is too long. pDestPath[%s], pDataName[%s]", pDestPath, pDataName); + return SSA_PARAM_ERROR; + } + strncat(pDestPath, pDataName, strlen(pDataName)); + + // encrypt data. if there is group_id, key seed will be group id else, it will be smack label + if(CipherData(pData, dataLen, pPassword, pSeed, &pEncryptedData, &encryptedDataLen, 1) != 1) + { + SLOGE("Failed to Encrypt Data"); + return SSA_CIPHER_ERROR; + } + + if(WriteData(pDestPath, pEncryptedData, encryptedDataLen) < 0) + { + SLOGE("Failed to Store Data"); + free(pEncryptedData); + return SSA_IO_ERROR; + } + + return encryptedDataLen; +} + +int GetDataFromStroage(const char* pStorageName, const char* pDataName, const char* pPassword, const char* pSeed, char** ppOutData, int* outDataLen) +{ + char pDestPath[1024] = {0}; + char* pDecryptedData = NULL; + char* pEncryptedData = NULL; + int encryptedLen = NULL; + int decryptedLen = 0; + int ret = 0; + + snprintf(pDestPath, 1024, "%s/%s/%s", SS_STORAGE_DEFAULT_PATH, pStorageName, pDataName); + + // read encrypted data + if((ret = ReadData(pDestPath, &pEncryptedData, &encryptedLen)) < 0) + { + SLOGE("Failed to get Data"); + return ret; + } + + // encrypt data. if there is group_id, key seed will be group id else, it will be smack label + if(CipherData(pEncryptedData, encryptedLen, pPassword, pSeed, &pDecryptedData, &decryptedLen, 0) != 1) + { + SLOGE("Failed to Encrypt Data"); + free(pEncryptedData); + return SSA_CIPHER_ERROR; + } + + *ppOutData = pDecryptedData; + *outDataLen = decryptedLen; + + free(pEncryptedData); + return decryptedLen; +} + +int DeleteDataFromStorage(const char* pStorageName, const char* pDataName) +{ + char pDestPath[1024] = {0}; + + snprintf(pDestPath, 1024, "%s/%s/%s", SS_STORAGE_DEFAULT_PATH, pStorageName, pDataName); + + int len = DeleteData(pDestPath); + if(len < 0) + { + SLOGE("Failed to Delete Data"); + return SSA_IO_ERROR; + } + + return len; +} + +int GetStorageSeed(int sockfd, const char* pGroupId, char** ppSeed) +{ + char* pSeed = NULL; + if(!strncmp(pGroupId, PRIVATE_GROUP_ID, strlen(PRIVATE_GROUP_ID))) + { + if(sockfd != -1) + { + pSeed = security_server_get_smacklabel_sockfd(sockfd); + if(!pSeed) + { + SLOGE("Failed to get label"); + return SSA_SECURITY_SERVER_ERROR; + } + } + else // for salt. to be better.. + { + pSeed = (char*)malloc(sizeof(char) * (strlen(SECURE_STORAGE_NAME) + 1)); + if (!pSeed) { + SLOGE("Failed to allocate memory"); + return SSA_OUT_OF_MEMORY; + } + strncpy(pSeed, SECURE_STORAGE_NAME, strlen(SECURE_STORAGE_NAME)); + pSeed[strlen(SECURE_STORAGE_NAME)] = 0; + } + } + else + { + pSeed = (char*)malloc(sizeof(char) * (strlen(pGroupId)+1)); + if (!pSeed) { + SLOGE("Failed to allocate memory"); + return SSA_OUT_OF_MEMORY; + } + strncpy(pSeed, pGroupId, strlen(pGroupId)); + pSeed[strlen(pGroupId)] = 0; + } + + *ppSeed = pSeed; + + return 0; +} + +int SsServerPutData(int sockfd, const char* pDataName, const char* pData, int dataLen, const char* pGroupId, const char* pPassword, int enablePassword) +{ + char* pStorageName= NULL; + char* pSeed = NULL; + char* pReplaced = NULL; +// char* pHashedDataName = NULL; + int result = 0; + + if(sockfd != -1) + { + if(check_privilege_by_sockfd(sockfd, pGroupId, "w") != 0) + { + SECURE_SLOGE("[%s] permission denied\n", pGroupId); + return SSA_PERMISSION_ERROR; + } + } + + // replace / string + pReplaced = ReplaceDelim(pDataName, '/', '_'); + if (!pReplaced) { + SLOGE("Failed to ReplaceDelim. pDataName[%s] is null or out of memory.", pDataName); + return SSA_OUT_OF_MEMORY; + } + SECURE_SLOGD("data name : %s replaces : %s", pDataName, pReplaced); + + // generate storage name(smacklable + group id) as dataname + pStorageName = GenerateStorageName(sockfd, pGroupId); + if(!pStorageName) + { + SLOGE("Failed to generate data name"); + SECURE_SLOGE("[sockfd = %d, name = %s, groupId = %s]",sockfd, pDataName, pGroupId); + free(pReplaced); + return SSA_SECURITY_SERVER_ERROR; + } + +// pHashedDataName = HashAndBase64Encoding(pDataName); +// SECURE_SLOGD("pHashedDataName : %s", pHashedDataName); + + if(GetStorageSeed(sockfd, pGroupId, &pSeed) < 0) + { + SLOGE("Failed to get seed"); + free(pStorageName); + free(pReplaced); + return SSA_SECURITY_SERVER_ERROR; + } + + result = StoreDataToStorage(pStorageName, pReplaced, pData, dataLen, pPassword, pSeed); + if(result < 0) + { + SLOGE("Failed to put data from secure storage"); + SECURE_SLOGE("result : %d, dataName : %s", result, pDataName); + } + + free(pStorageName); + free(pSeed); + free(pReplaced); +// free(pHashedDataName); + + SECURE_SLOGI("result value = %d", result); + + return result; +} + +int SsServerGetData(int sockfd, const char* pDataName, const char* pGroupId, const char* pPassword, int enablePassword, char* pOutData) +{ + char* pStorageName= NULL; + char* pTempData = NULL; + char* pSeed = NULL; + char* pReplaced = NULL; + int outDataLen = 0; +// char* pHashedDataName = NULL; + + if(sockfd != -1) + { + if(check_privilege_by_sockfd(sockfd, pGroupId, "r") != 0) + { + SECURE_SLOGE("[%s] permission denied\n", pGroupId); + return SSA_PERMISSION_ERROR; + } + } + + // replace / string + pReplaced = ReplaceDelim(pDataName, '/', '_'); + if (!pReplaced) { + SLOGE("Failed to ReplaceDelim. pDataName[%s] is null or out of memory.", pDataName); + return SSA_OUT_OF_MEMORY; + } + SECURE_SLOGD("data name : %s replaced : %s", pDataName, pReplaced); + + pStorageName = GenerateStorageName(sockfd, pGroupId); + if(!pStorageName) + { + SLOGE("Failed to generate data name"); + SECURE_SLOGE("[sockfd = %d, name = %s, groupId = %s]",sockfd, pDataName, pGroupId); + free(pReplaced); + return SSA_SECURITY_SERVER_ERROR; + } + +// pHashedDataName = HashAndBase64Encoding(pDataName); +// SECURE_SLOGD("pHashedDataName : %s", pHashedDataName); + + if(GetStorageSeed(sockfd, pGroupId, &pSeed) < 0) + { + SLOGE("Failed to get seed"); + free(pStorageName); + free(pReplaced); + return SSA_SECURITY_SERVER_ERROR; + } + + int ret = GetDataFromStroage(pStorageName, pReplaced, pPassword, pSeed, &pTempData, &outDataLen); + if(ret > 0) + { + printData("get", pTempData, outDataLen); + + memcpy(pOutData, pTempData, outDataLen); + } + else + { + SLOGE("Failed to get data from secure storage"); + SECURE_SLOGE("result : %d, dataName : %s", ret, pDataName); + } + + free(pStorageName); + free(pSeed); + free(pTempData); + free(pReplaced); +// free(pHashedDataName); + + SECURE_SLOGI("result value = %d", ret); + return ret; +} + +int SsServerDeleteData(int sockfd, const char* pDataName, const char* pGroupId) +{ + char* pStorageName = NULL; + char* pReplaced = NULL; + int result = 0; + + if(check_privilege_by_sockfd(sockfd, pGroupId, "w") != 0) + { + SLOGE("[%s] permission denied\n", pGroupId); + return SSA_PERMISSION_ERROR; + } + + /* replace '/' with '_' in string */ + pReplaced = ReplaceDelim(pDataName, '/', '_'); + if (!pReplaced) { + SLOGE("Failed to ReplaceDelim. pDataName[%s] is null or out of memory.", pDataName); + return SSA_OUT_OF_MEMORY; + } + SECURE_SLOGD("data name : %s replaces : %s", pDataName, pReplaced); + + pStorageName = GenerateStorageName(sockfd, pGroupId); + if(!pStorageName) + { + SLOGE("Failed to generate data name"); + SECURE_SLOGE("[sockfd = %d, name = %s, groupId = %s]",sockfd, pDataName, pGroupId); + free(pReplaced); + return SSA_SECURITY_SERVER_ERROR; + } + + result = DeleteDataFromStorage(pStorageName, pReplaced); + + free(pStorageName); + free(pReplaced); + + SECURE_SLOGI("result value = %d", result); + return result; +} + +int SsServerEncryptData(int sockfd, const char* pInData, int inDataLen, const char* pPassword, int enablePassword, char* pOutData) +{ + char* pTempData = NULL; + int outDataLen = 0; + char* pSeed = NULL; + int result = SSA_UNKNOWN_ERROR; + + printData("before encryption", pInData, inDataLen); + + if (GetStorageSeed(sockfd, NULL, &pSeed) < 0) { + SLOGE("Failed to get seed"); + return SSA_SECURITY_SERVER_ERROR; + } + + result = CipherData(pInData, inDataLen, pPassword, pSeed, &pTempData, &outDataLen, 1); + + free(pSeed); + + if (result != 1) { + SLOGE("Failed to encrypt by CipherData. errcode : %d", result); + return SSA_CIPHER_ERROR; + } else if (outDataLen > MAX_RECV_DATA_SIZE || outDataLen <= 0) { + SLOGE("Invalid out data length : %d", outDataLen); + free(pTempData); + return SSA_PARAM_ERROR; + } + + memcpy(pOutData, pTempData, outDataLen); + free(pTempData); + + printData("after encryption", pOutData, outDataLen); + + return outDataLen; +} + +int SsServerDecryptData(int sockfd, const char* pInData, int inDataLen, const char* pPassword, int enablePassword, char* pOutData) +{ + char* pTempData = NULL; + int outDataLen = 0; + char* pSeed = NULL; + int result = SSA_UNKNOWN_ERROR; + + printData("before decryption", pInData, inDataLen); + + if (GetStorageSeed(sockfd, NULL, &pSeed) < 0) { + SLOGE("Failed to get seed"); + return SSA_SECURITY_SERVER_ERROR; + } + + result = CipherData(pInData, inDataLen, pPassword, pSeed, &pTempData, &outDataLen, 0); + + free(pSeed); + + if (result != 1) { + SLOGE("Failed to decrypt by CipherData. errcode : %d", result); + return SSA_CIPHER_ERROR; + } else if (outDataLen <= 0) { + SLOGE("Invalid out data length : %d", outDataLen); + free(pTempData); + return SSA_PARAM_ERROR; + } + + + memcpy(pOutData, pTempData, outDataLen); + free(pTempData); + + printData("after decryption", pOutData, outDataLen); + + return outDataLen; +} diff --git a/systemd/CMakeLists.txt b/systemd/CMakeLists.txt new file mode 100644 index 0000000..cdaffad --- /dev/null +++ b/systemd/CMakeLists.txt @@ -0,0 +1,5 @@ +INSTALL(FILES + ${CMAKE_SOURCE_DIR}/systemd/ss-server.socket + ${CMAKE_SOURCE_DIR}/systemd/secure-storage.service + DESTINATION ${SYSTEMD_UNIT_DIR} + ) diff --git a/packaging/secure-storage.service b/systemd/secure-storage.service index 68f6c92..ca8acff 100755..100644 --- a/packaging/secure-storage.service +++ b/systemd/secure-storage.service @@ -1,14 +1,14 @@ [Unit] Description=Start the Secure Storage server -After=csa.mount samsung-secure-storage.service -Requires=security-server.service +Requires=security-server-privilege-by-pid.socket +After=csa.mount [Service] -Type=simple ExecStart=/usr/bin/ss-server +User=system +Group=system +SmackProcessLabel=secure-storage Sockets=ss-server.socket -Restart=always -RestartSec=0 [Install] WantedBy=multi-user.target diff --git a/packaging/ss-server.socket b/systemd/ss-server.socket index 893926f..5053d8b 100644 --- a/packaging/ss-server.socket +++ b/systemd/ss-server.socket @@ -1,5 +1,7 @@ [Socket] ListenStream=/tmp/SsSocket +SocketUser=system +SocketGroup=system SocketMode=0777 SmackLabelIPIn=* SmackLabelIPOut=@ diff --git a/testcases/CMakeLists.txt b/testcases/CMakeLists.txt new file mode 100644 index 0000000..710064f --- /dev/null +++ b/testcases/CMakeLists.txt @@ -0,0 +1,26 @@ +SET(SS_CLIENT_TEST_PATH ${PROJECT_SOURCE_DIR}/testcases) + +SET(SS_CLIENT_TEST_SOURCES + ${SS_CLIENT_TEST_PATH}/test_ss_manager.c + #${SS_CLIENT_TEST_PATH}/test_manager.c + #${SS_CLIENT_TEST_PATH}/ss_test.c + #${SS_CLIENT_TEST_PATH}/unit_test.c + ) + +SET_SOURCE_FILES_PROPERTIES( + ${SS_CLIENT_TEST_SOURCES} + PROPERTIES + COMPILE_FLAGS "-D_GNU_SOURCE -fPIE") + +INCLUDE_DIRECTORIES( + ${PROJECT_SOURCE_DIR}/include + ${PROJECT_SOURCE_DIR}/client/ + ) + +ADD_EXECUTABLE(${TARGET_SS_CLIENT_TEST} ${SS_CLIENT_TEST_SOURCES}) + +TARGET_LINK_LIBRARIES(${TARGET_SS_CLIENT_TEST} + ${TARGET_SS_CLIENT} + ) + +INSTALL(TARGETS ${TARGET_SS_CLIENT_TEST} DESTINATION bin) diff --git a/testcases/test_ss_manager.c b/testcases/test_ss_manager.c new file mode 100644 index 0000000..a3f5707 --- /dev/null +++ b/testcases/test_ss_manager.c @@ -0,0 +1,160 @@ +/* + * secure storage + * + * Copyright (c) 2000 - 2010 Samsung Electronics Co., Ltd. + * + * Contact: Kidong Kim <kd0228.kim@samsung.com> + * + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/stat.h> + +#include "ss_manager.h" + +#define MAX_FILENAME_SIZE 256 + +// ssa_get, ssa_put +// ssa_put +// ssa_delete +// ssa_encrypt, ssa_decrypt +// ssa_encrypt_web_application, ssa_decrypt_web_application + +void test_get_put_delete () { + const char* pDataName = "test_data"; + const char* pInDataBlock = "testtesttest"; + size_t inDataBlockLen = strlen(pInDataBlock); + const char* pGroupId = "NOTUSED"; + const char* pPassword = "test_password"; + + char* pOutDataBlock = NULL; + + int outLen = -1; + int ret = -1; + + printf("\n"); + printf("[TEST : test_get_put_delete ]\n"); + ret = ssa_delete(pDataName, pGroupId); + + outLen = ssa_put(pDataName, pInDataBlock, inDataBlockLen, pGroupId, pPassword); + if(outLen < 0) { + printf("..fail : ssa_put result = %d\n", outLen); + return; + } + printf("..success : ssa_put - [%s,%s]=%s\n", pDataName, pGroupId, pInDataBlock); + + outLen = ssa_get(pDataName, &pOutDataBlock, pGroupId, pPassword); + if(outLen < 0 || outLen > 4096) { + printf("..fail : ssa_get result = %d\n", outLen); + free(pOutDataBlock); + return; + } + if(strncmp(pInDataBlock, pOutDataBlock, outLen) == 0) { + printf("..success : ssa_get - [%s,%s]=%s\n", pDataName, pGroupId, pOutDataBlock); + }else { + printf("..fail: ssa_get - [%s,%s] : input[%s]=output[%s]\n", pDataName, pGroupId, pInDataBlock, pOutDataBlock); + } + + free(pOutDataBlock); + + ret = ssa_delete(pDataName, pGroupId); + if(ret < 0) { + printf("..fail : ssa_delete = %d\n", ret); + return; + } + printf("..success : ssa_delete - [%s,%s]\n", pDataName, pGroupId); + +} + +void test_enc_dec () { + const char* pInDataBlock = "test_data"; + size_t inDataBlockLen = strlen(pInDataBlock); + char* pEncDataBlock = NULL; + char* pDecDataBlock = NULL; + const char* pPassword = "test_password"; + + int len = -1; + + printf("\n"); + printf("[TEST : test_enc_dec]\n"); + + len = ssa_encrypt(pInDataBlock, inDataBlockLen, &pEncDataBlock, pPassword); + if(len < 0) { + printf("..fail : ssa_encrypt. len = %d\n", len); + return; + } + printf("..success : ssa_encrypt- input data = %s\n", pInDataBlock); + + len = ssa_decrypt(pEncDataBlock, len, &pDecDataBlock, pPassword); + if(len < 0) { + printf("..fail : ssa_decrypt. len = %d\n", len); + return; + } + if(strncmp(pInDataBlock, pDecDataBlock, len) == 0) { + printf("..success : ssa_decrypt- decrypted data = %s\n", pDecDataBlock); + }else { + printf("..fail: ssa_decrypt- decrypted data = %s\n", pDecDataBlock); + } +} + +void test_webapp_enc_dec() { + const char* pAppId = "ss-client-tests"; + int idLen = strlen(pAppId); + const char* pData = "test_app_data"; + int dataLen = strlen(pData); + char* pEncAppData = NULL; + char* pDecAppData = NULL; + int isPreloaded = 0; + + printf("\n"); + printf("[TEST : test_webapp_enc_dec]\n"); + + int len = -1; + len = ssa_encrypt_web_application(pAppId, idLen, pData, dataLen, &pEncAppData, isPreloaded); + if(len < 0) { + printf("..fail : downloaded: ssa_ssa_encrypt_web_application. len = %d\n", len); + return; + } + printf("..success : downloaded: ssa_ssa_encrypt_web_application. input app data - %s\n", pData); + + len = ssa_decrypt_web_application(pEncAppData, len, &pDecAppData, isPreloaded); + if(len < 0) { + printf("..fail : downloaded: ssa_decrypt_web_application. len = %d\n", len); + return; + } + if(strncmp(pData, pDecAppData, len) == 0) { + printf("..success : downloaded: ssa_decrypt_web_application. decrypted app data - %s\n", pDecAppData); + }else { + printf("..fail: downloaded: ssa_decrypt_web_application. decrypted app data - %s\n", pDecAppData); + } + + + isPreloaded = 1; + len = ssa_encrypt_web_application(pAppId, idLen, pData, dataLen, &pEncAppData, isPreloaded); + if(len < 0) { + printf("..fail : preloaded : ssa_ssa_encrypt_web_application. len = %d\n", len); + return; + } + printf("..success : preloaded : ssa_ssa_encrypt_web_application. input app data - %s\n", pData); + + len = ssa_decrypt_web_application(pEncAppData, len, &pDecAppData, isPreloaded); + if(len < 0) { + printf("..fail : preloaded : ssa_decrypt_web_application. len = %d\n", len); + return; + } + if(strncmp(pData, pDecAppData, len) == 0) { + printf("..success : preloaded : ssa_decrypt_web_application. decrypted app data - %s\n", pDecAppData); + }else { + printf("..fail: preloaded : ssa_decrypt_web_application. decrypted app data - %s\n", pDecAppData); + } +} + +void main(void) +{ + test_get_put_delete(); + test_enc_dec(); + test_webapp_enc_dec(); +} + |
