diff options
Diffstat (limited to 'include')
| -rwxr-xr-x | include/SLP_secure-storage_PG.h | 520 | ||||
| -rw-r--r-- | include/secure_storage.h | 192 | ||||
| -rwxr-xr-x[-rw-r--r--] | include/ss_manager.h | 629 |
3 files changed, 964 insertions, 377 deletions
diff --git a/include/SLP_secure-storage_PG.h b/include/SLP_secure-storage_PG.h new file mode 100755 index 0000000..8a54815 --- /dev/null +++ b/include/SLP_secure-storage_PG.h @@ -0,0 +1,520 @@ +/** + * + * @ingroup SLP_PG + * @defgroup SecureStorage_PG Secure Storage +@{ + +<h1 class="pg">Introduction</h1> + +<h2 class="pg">Goal</h2> +The purpose of the document is to explain the method to use <i>Secure Storage</i> for developing SLP. + +<h2 class="pg">Scope</h2> +This document can be referenced by SCM engineers and SLP developers. + +<h2 class="pg">Introduction</h2> +Secure storage is a kind of technology to store data securely, implemented by using cryptographic techniques. Distributed Secure storage Manager provides APIs so that other applications can tighten up security by using Secure storage Engine. +When user wants to store data, he(or she) can store data securely by using APIs provided by Secure storage. + +<h2 class="pg">Requirements</h2> +OpenSSL +- Cryptographic APIs of Secure storage refer to the OpenSSL libraries, the OpenSSL module MUST be prepared before building Secure storage module. + - # apt-get install openssl +- OpenSSL module is included in the SDK basically. In general, you don't care about that. + +<h2 class="pg">Abbreviations</h2> +<table> + <tr> + <td>SLP</td><td>Samsung Linux Platform</td> + </tr> + <tr> + <td> </td><td> </td> + </tr> + <tr> + <td> </td><td> </td> + </tr> +</table> + + +<h1 class="pg">Architecture</h1> +The Secure storage module is implemented by C language. + +<h2 class="pg">System Architecture</h2> +@image html SLP_secure-storage_PG_image001.png +The figure shown above is the architecture of Secure Storage which now implemented in SLP. The Secure Storage is implemented as a Server/Client model, using Unix Socket communication between the Server and Client. The user application utilizes Secure Storage operation by using APIs provided by the Manager. + +<h2 class="pg">File Structure</h2> +@image html SLP_secure-storage_PG_image002.png +The figure shown above is the structure of a file stored in Secure Storage. The file's metadata is added in a header before the actual data and is extendable. + +<h2 class="pg">Source code Architecture</h2> +- Server + - ss_server_ipc.c : processing communication of server + - ss_server_main.c : actual cryptographic function (encrypt / decrypt) +- Client + - ss_client_ipc : processing communication of client + - ss_client_intf : processing request and reply of server + - ss_manager : the high-ranked APIs which are used by other applications + +<h2 class="pg">Result of Build</h2> +If build of Secure storage module is success, results of build are as below: +- libss-client.so : shared library for providing manager APIs (/usr/lib) +- ss-server : executable for operating Secure storage Server (/usr/bin) +- ss_manager.h : header file for providing APIs and data structures (/usr/include + + +<h1 class="pg">APIs</h1> +The APIs are classified by three categories - Store, Read and get information. + +<h2 class="pg">Data Store</h2> +- Data Store 1 +<table> + <tr> + <td>API Name</td><td colspan="2">ssm_write_file()</td> + </tr> + <tr> + <td rowspan="3">Input Param</td><td>char* pFilePath</td><td>path of file to be stored in Secure Storage</td> + </tr> + <tr> + <td>ssm_flag flag</td><td>type of file to be stored</td> + </tr> + <tr> + <td>const char* group_id</td><td>group name to be shared, if not, NULL</td> + </tr> + <tr> + <td>Output Param</td><td colspan="2">None</td> + </tr> + <tr> + <td>Include File</td><td colspan="2">ss_manager.h</td> + </tr> + <tr> + <td>Return Value</td><td colspan="2">Return Type : INT<br>If 0, Success<br>If <0, Fail<br></td> + </tr> +</table> + - Store file in the Secure Storage. The original file will be deleted after storing. The 'pFilePath' is written in absolute path. To use data type, refer to 'Type Definition 1'. + +- Data Store 2 +<table> + <tr> + <td>API Name</td><td colspan="2">ssm_write_buffer()</td> + </tr> + <tr> + <td rowspan="5">Input Param</td><td>char* pWriteBuffer</td><td>buffer pointer of data to be stored in Secure storage</td> + </tr> + <tr> + <td>size_t bufLen</td><td>size of buffer</td> + </tr> + <tr> + <td>char* pFileName</td><td>file name to be used in Secure Storage</td> + </tr> + <tr> + <td>ssm_flag flag</td><td>type of file to be stored</td> + </tr> + <tr> + <td>const char* group_id</td><td>group name to be shared, if not, NULL</td> + </tr> + <tr> + <td>Output Param</td><td colspan="2">None</td> + </tr> + <tr> + <td>Include File</td><td colspan="2">ss_manager.h</td> + </tr> + <tr> + <td>Return Value</td><td colspan="2">Return Type : INT<br>If 0, Success<br>If <0, Fail</td> + </tr> +</table> + - Encrypt buffer content and store that in the Secure Storage in the file form. The 'pFileName' is real file name which be stored in the Secure Storage and is not absolute path but single file name. For example, that is not 'mydata/abc.txt', but 'abc.txt'. The 'bufLen' has length from 0 to 4KB(4096). To use data type, refer to chapter 'Type Definition 1'. + +<h2 class="pg">Data Information</h2> +- Data Information +<table> + <tr> + <td>API Name</td><td colspan="2">ssm_getinfo()</td> + </tr> + <tr> + <td rowspan="4">Input Param</td><td>char* pFilePath</td><td>file name or path to be stored in secure storage</td> + </tr> + <tr> + <td>ssm_flag flag</td><td>type of file to be stored</td> + </tr> + <tr> + <td>ssm_file_info_t* sfi</td><td>data structure or information of the file</td> + </tr> + <tr> + <td>const char* group_id</td><td>group name to be shared, if not, NULL</td> + </tr> + <tr> + <td>Output Param</td><td colspan="2">None</td> + </tr> + <tr> + <td>Include File</td><td colspan="2">ss_manager.h</td> + </tr> + <tr> + <td>Return Value</td><td colspan="2">Return Type : INT<br>If 0, Success<br>If <0, Fail</td> + </tr> +</table> + - Get information about file that you want to read. You can use 'originSize' of 'ssm_file_info_t' data structure to parameter 'bufLen' of SSM_Read() function. To use data type, refer to 'Type Definition 1'. + +<h2 class="pg">Data Read</h2> +<table> + <tr> + <td>API Name</td><td colspan="2">ssm_read()</td> + </tr> + <tr> + <td rowspan="4">Input Param</td><td>char* pFilePath</td><td>file name or path to be read in secure storage</td> + </tr> + <tr> + <td> size_t bufLen</td><td>length of data to be read</td> + </tr> + <tr> + <td>ssm_flag flag</td><td>data type to be read</td> + </tr> + <tr> + <td>const char* group_id</td><td>group name to be shared, if not, NULL</td> + </tr> + <tr> + <td rowspan="2">Output Param</td><td>char* pRetBuf</td><td>buffer for decrypted data</td> + </tr> + <tr> + <td>size_t* readLen</td><td>length of data that this function read</td> + </tr> + <tr> + <td>Include File</td><td colspan="2">ss_manager.h</td> + </tr> + <tr> + <td>Return Value</td><td colspan="2">Return Type : INT<br>If 0, Success<br>If <0, Fail</td> + </tr> +</table> + - Read contents of file stored in Secure Storage to buffer. When coding, please note the following. + -# The 'flag' of required data MUST be same as the 'flag' of stored data. + -# The 'pFilePath' is absolute path or file name. In case of ssm_write_file(), use the absolute path, and in case of ssm_write_buffer(), use a file name. + -# The 'pRetBuf' should be a pointer of already allocated memory. (Secure Storage does not allocate memory itself.) + -# When using 'pRetBuf', do not use "string function" but "memory function". (It may include NULL bytes.) + string function : strcpy, strlen, strcat, fputs, fgets, ... + memory function : memcpy, memset, fwrite, fread, ... +@code +int ret; +size_t bufLen, readLen; +ssm_file_info_t sfi; +char* buffer = NULL; +... +ssm_getinfo("/abc/def/ghi", &sfi, SSM_FLAG_DATA); +... +buffer = (char*)malloc(sfi.originSize + 1); +bufLen = sfi.originSize; +... +ret = ssm_read("/abc/def/ghi", buffer, bufLen, &readLen, SSM_FLAG_DATA); +... +@endcode + +<h2 class="pg">Delete File</h2> +- Delete encrypted file +<table> + <tr> + <td>API Name</td><td colspan="2">ssm_delete_file()</td> + </tr> + <tr> + <td rowspan="3">Input Param</td><td>char* pFilePath</td><td>path of file to be deleted from Secure Storage</td> + </tr> + <tr> + <td>ssm_flag flag</td><td>type of file to be deleted</td> + </tr> + <tr> + <td>const char* group_id</td><td>group name to be shared, if not, NULL</td> + </tr> + <tr> + <td>Output Param</td><td colspan="2">None</td> + </tr> + <tr> + <td>Include File</td><td colspan="2">ss_manager.h</td> + </tr> + <tr> + <td>Return Value</td><td colspan="2">Return Type : INT<br>If 0, Success<br>If <0, Fail</td> + </tr> +</table> + - Use when user want to delete file in Secure-storage. If you use the function ssm_write_file( ) or ssm_write_buffer( ) when storing in Secure-storage, you should use this function in order to delete those files. The flag MUST be identical with one which was used when storing. + +<h2 class="pg">Type Definition</h2> +- Type Definition 1 +<table> + <tr> + <td>Type Name</td><td>ssm_flag</td> + </tr> + <tr> + <td>Members</td> + <td> + typedef enum {<br> + SSM_FLAG_NONE = 0x00,<br> + SSM_FLAG_DATA,<br> + SSM_FLAG_SECRET_PRESERVE,<br> + SSM_FLAG_SECRET_OPERATION,<br> + SSM_FLAG_MAX<br> + } SSM_FLAG + </td> + </tr> + <tr> + <td>Include File</td><td>ss_manager.h</td> + </tr> +</table> + - The flag for separating contents of file to be stored in Secure Storage. Secure storage API requires the flag information. + -# <b>SSM_FLAG_DATA</b> : general data for user. (picture, movie, memo, etc.) + -# <b>SSM_FLAG_SECRET_PRESERVE</b> : the secret data for preservation. + -# <b>SSM_FLAG_SECRET_OPERATION</b> : the secret data to be renewed. + +- Type Definition 2 +<table> + <tr> + <td>Type Name</td><td>ssm_file_info_t</td> + </tr> + <tr> + <td>Members</td> + <td> + typedef struct {<br> + unsigned int originSize;<br> + insigned int storedSize;<br> + char reserved[8];<br> + } ssm_file_info_t<br> + </td> + </tr> + <tr> + <td>Include File</td><td>ss_manager.h</td> + </tr> +</table> + - The data structure for storing metadata of file to be stored in Secure Storage. After encrypting, file size will be increased because of cryptographic block size. Therefore store before and after file size. 1bytes of reserved 8bytes is used for storing flag information. + +<h2 class="pg">Error Definition</h2> +- Error Definition +<table> + <tr> + <td rowspan="2">Error Name</td><td colspan="2">Value</td> + </tr> + <tr> + <td>Hex</td><td>Decimal</td> + </tr> + <tr> + <td>SS_PARAM_ERROR</td><td>0x00000002</td><td>2</td> + </tr> + <tr> + <td>SS_FILE_TYPE_ERROR</td><td>0x00000003</td><td>3</td> + </tr> + <tr> + <td>SS_FILE_OPEN_ERROR</td><td>0x00000004</td><td>4</td> + </tr> + <tr> + <td>SS_FILE_READ_ERROR</td><td>0x00000005</td><td>5</td> + </tr> + <tr> + <td>SS_FILE_WRITE_ERROR</td><td>0x00000006</td><td>6</td> + </tr> + <tr> + <td>SS_MEMORY_ERROR</td><td>0x00000007</td><td>7</td> + </tr> + <tr> + <td>SS_SOCKET_ERROR</td><td>0x00000008</td><td>8</td> + </tr> + <tr> + <td>SS_ENCRYPTION_ERROR</td><td>0x00000009</td><td>9</td> + </tr> + <tr> + <td>SS_DECRYPTION_ERROR</td><td>0x0000000a</td><td>10</td> + </tr> + <tr> + <td>SS_SIZE_ERROR</td><td>0x0000000b</td><td>11</td> + </tr> + <tr> + <td>SS_SECURE_STORAGE_ERROR</td><td>0x0000000c</td><td>12</td> + </tr> + <tr> + <td>SS_PERMISSION_ERROR</td><td>0x0000000d</td><td>13</td> + </tr> +</table> + - The error codes are defined in ss_manager.h. The actual return value of Secure Storage API is the negative form of the defined value. + +<h2 class="pg">File System Synchronization (Recommended)</h2> +- When writing a file to Secure Storage using ssm_write_file() or ssm_write_buffer(), if it powers down unexpectedly, the data will not be recorded properly in the filesystem. To prevent this from happening, your application should call the <b>sync()</b> function. +<table> + <tr> + <td> + <b>POSIX Programmer's manual</b><br> + <br> + <b>NAME</b></br> + sync - schedule file system updates<br> + <br> + <b>SYNOPSIS</b> + #include <unistd.h><br> + <br> + void sync(void);<br> + <br> + <b>DESCRIPTION</b><br> + The sync() function shall cause all information in memory that updates file systems to be scheduled for writing out to all file systems.<br> + <br> + The writing, although scheduled, is not necessarily complete upon return from sync().<br> + <br> + <b>RETURN VALUE</b><br> + The sync() function shall not return a value.<br> + <br> + <b>ERRORS</b><br> + No errors are defined.<br> + <br> + The following sections are informative.<br> + <br> + <b>EXAMPLES</b><br> + None<br> + <br> + <b>APPLICATION USAGE</b><br> + None<br> + <br> + <b>RATIONALE</b><br> + None<br> + <br> + <b>FUTURE DIRECTIONS</b><br> + None<br> + <br> + <b>SEE ALSO</b><br> + fsync() , the Base Definitions volume of IEEE Std 1003.1-2001, <unistd.h><br> + <br> + <b>COPYRIGHT</b><br> + Portions of this text are reprinted and reproduced in electronic form from IEEE Std 1003.1, 2003 Edition, Standard for Information Technology -- Portable Operating System Interface (POSIX), The Open Group Base Specifications Issue 6, Copyright (C) 2001-2003 by the Institute of Electrical and Electronics Engineers, Inc and The Open Group. In the event of any discrepancy between this version and the original IEEE and The Open Group Standard, the original IEEE and The Open Group Standard is the referee document. The original Standard can be obtained online at http://www.open-group.org/unix/online.html.<br> + </td> + </tr> +</table> + + +<h1 class="pg">Implementation Guide</h1> +<h2 class="pg">A note of caution when implementing</h2> +- General particular + - The 'group_id' parameter is very important portion in Secure Storage module. + - In general cases, when an application stores some file in Secure Storage, he(or she) NEVER want to expose that file to other applications. + - Therefore, all applications should have their independent storage in Secure Storage. + - But in some cases, two or more applications should share same encrypted file. (e.g. DRM master secret key) + - The 'group_id' works in two diffrent ways - <b>'designated group name'</b> or <b>'NULL'</b> + - Use designated group name + - Use when two or more applications want to share same encrypted file. + - You should ask the security part to make the proper group_id. + - The storage is made in /opt/share/secure-storage/, and the directory name is group_id. (/opt/share/secure-storage/[GROUP_ID]) + - If an application wants to read the encrypted file in some specific storage, that application MUST have privilege to access the file in the storage. + - Use NULL + - In the most cases, an application writes file into it's own storage, and the privilege is given to ifself. + - The storage is made in /opt/share/secure-storage/, and the directory name is the hash value of execution path of that application. + - Each applications have it's own storage. + - Each applications CANNOT access to other's storage. (the hash value of execution path is unique.) +- Usage of tags. In Secure Storage, we have some tags, which is used to determine the kind of encrypted data. + - SSM_FLAG_DATA + - The general data. The most files are included, BUT you cannot use this flag in case of buffer encryption. + - The encrypted content will be stored in /opt/share/secure-storage/~~/. + - SSM_FLAG_SECRET_OPERATION + - If you want to encrypt buffer content, you can use this flag. The file can be encrypted, too. + - The encrypted content will be stored in /opt/share/secure-storage/~~/. + - SSM_FLAG_SECRET_PRESERVE + - This flag is reserved for special contents. The encrypted file by this flag will not be deleted regardless of any changes of binary. + - The encrypted content will be stored in directory which be specified in configuration file. + - The configuration file is /usr/share/secure-storage/config. + +<h2 class="pg">Encrypt file content and store into secure-storage</h2> +@code +#include <stdio.h> +#include <ss_manager.h> + +int main(void) +{ + int ret = -1; // if return is 0, success + char* filepath = "/opt/secure-storage/test/input.txt"; // this file will be encrypted. MUST use absolute path. + ssm_flag flag = SSM_FLAG_DATA; // in case of file encryption, SSM_FLAG_DATA is recommended. + char* group_id = NULL; // if some applications want to share encrypted file, 'group_id' will have a value, otherwise, NULL. + + ret = ssm_write_file(filepath, flag, group_id); + // - if success, return 0. otherwise, return negative value. each value has specific meaning. see Error Definition. + // - encrypted file will be stored in /opt/share/secure-storage/[HASH_VALUE_OF_CALLER]/{ORIGINAL_FILE_NAME}_{HASH_OF_NAME}.{EXTENSION}.e + // if you use specific 'group_id', directory name is that instead of {HASH_VALUE_OF_CALLER}. + // - the original file is deleted after encrypting. + + printf("ret: [%d]\n", ret); + return 0; +} +@endcode + +<h2 class="pg">Encrypt buffer content and store into secure-storage</h2> +@code +#include <stdio.h> +#include <ss_manager.h> + +int main(void) +{ + int ret = -1; // if return is 0, success + char buf[32]; // this buffer content will be encrypted. + ssm_flag flag = SSM_FLAG_SECRET_OPERATION; // in case of buffer encryption, SSM_FLAG_SECRET_OPERATION is recommended. + char* group_id = NULL; // if some applications want to share encrypted file, 'group_id' will have a value, otherwise, NULL. + char* filename = "write_buf_res.txt"; // file name of encrypted buffer content. this file will be stored in secure-storage. + int buflen = 0; // length of the original buffer content + + memset(buf, 0x00, 32); + strncpy(buf, "abcdefghij", 10); + + buflen = strlen(buf); + + ret = ssm_write_buf(buf, buflen, filename, flag, group_id); + // - if success, return 0. otherwise, return negative value. each value has specific meaning. see Error Definition. + // - encrypted file will be stored in /opt/share/secure-storage/[HASH_VALUE_OF_CALLER]/write_buf_res.txt + // file name is what you use as parameter. + // same as above, if you use specific 'group_id', directory name will be changed. + + printf("ret: [%d]\n", ret); + return 0; +} + +@endcode + +<h2 class="pg">Read encrypted content</h2> +@code +#include <stdio.h> +#include <ss_manager.h> + +int main(void) +{ + int ret = -1; // if return is 0, success + char* filepath = "/opt/secure-storage/test/input.txt"; + // this 'filepath' MUST be same with the one which be used when encrypting. + // in case of buffer encryption, type JUST file name. + char* retbuf = NULL; // decrypted content is stored in this buffer. + ssm_file_info_t sfi; // information of encrypted file. this information is used in order to know original file size. + int readlen = 0; // length of reading content + ssm_flag flag = SSM_FLAG_DATA; // this 'flag' MUST be same with the one which be used when encrypting. + char* group_id = NULL; // if some applications want to share encrypted file, 'group_id' will have a value, otherwise, NULL. + + ssm_get_info(filepath, &sfi, flag, group_id); // get information of encrypted file, that information will be stored in 'sfi'. + retbuf = (char*)malloc(sizeof(char) * (sfi.originSize + 1)); // memory allocation for decrypted data + memset(retbuf, 0x00, (sfi.originSize + 1)); + + ret = ssm_read(filepath, retbuf, sfi.originSize, &readlen, flag, group_id); + // - if success, return 0. otherwise, return negative value. each value has specific meaning. see Error Definition. + // - if no error occured, decrypted data is stored in 'refbuf' buffer. + + printf("ret: [%d]\n", ret); + printf("decrypted data: [%s]\n", retbuf); + return 0; +} +@endcode + + +<h1 class="pg">Test & Etc.</h1> +- Test + - Unit test - not supported yet. + - Integration test - not supported yet. + +- Server Action + - When testing, server program and test executable are running at the same time. Therefore two terminals are executed simultaneously. To doing this, execute server when booting. + - In /etc/rc.d/rc.sysinit script, there is code which starts secure storage (Already reflected) + +- Physical Secure storage + - The location of certificate file which be used OMA DRM is '/csa/'. But other files are stored in '/opt/share/secure-storage/'. If you want to check the file storing path, refer to 'ss_manager.h'. + - #define SSM_STORAGE_DEFAULT_PATH + +- Source code Download + - If you want to get source codes, there are two ways, + - # apt-get source libss-client-0 + +*/ + +/** + * @} + */ diff --git a/include/secure_storage.h b/include/secure_storage.h index 70c3965..def8fe0 100644 --- a/include/secure_storage.h +++ b/include/secure_storage.h @@ -1,88 +1,104 @@ -/*
- * secure storage
- *
- * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Kidong Kim <kd0228.kim@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-#ifndef __SECURE_STORAGE__
-#define __SECURE_STORAGE__
-
-#include "ss_manager.h"
-
-#define SS_SOCK_PATH "/tmp/SsSocket"
-
-#define MAX_FILENAME_LEN 256 // for absolute path
-#define MAX_RECV_DATA_LEN 4096 // internal buffer = 4KB
-#define MAX_SEND_DATA_LEN 4096 // internal buffer = 4KB
-#define MAX_GROUP_ID_LEN 32
-#define MAX_COOKIE_LEN 20
-
-#define SS_STORAGE_DEFAULT_PATH "/opt/share/secure-storage/"
-
-/* using dlog */
-#ifdef SS_DLOG_USE
-
-#define LOG_TAG "SECURE_STORAGE"
-#include <dlog.h>
-
-#elif SS_CONSOLE_USE // debug msg will be printed in console
-
-#define SLOGD(FMT, ARG ...) fprintf(stderr, FMT, ##ARG)
-#define SLOGV(FMT, ARG ...) fprintf(stderr, FMT, ##ARG)
-#define SLOGI(FMT, ARG ...) fprintf(stderr, FMT, ##ARG)
-#define SLOGW(FMT, ARG ...) fprintf(stderr, FMT, ##ARG)
-#define SLOGE(FMT, ARG ...) fprintf(stderr, FMT, ##ARG)
-#define SLOGF(FMT, ARG ...) fprintf(stderr, FMT, ##ARG)
-
-#else // don't use logging
-
-#define SLOGD(FMT, ARG ...) {}
-#define SLOGV(FMT, ARG ...) {}
-#define SLOGI(FMT, ARG ...) {}
-#define SLOGW(FMT, ARG ...) {}
-#define SLOGE(FMT, ARG ...) {}
-#define SLOGF(FMT, ARG ...) {}
-
-#endif
-
-#define SS_FILE_POSTFIX ".e"
-
-typedef union {
- ssm_file_info_t fInfoStruct;
- char fInfoArray[16];
-} ssm_file_info_convert_t;
-
-typedef struct {
- int req_type;
- int enc_type;
- unsigned int count; // 1 count = 4KB
- unsigned int flag;
- char data_infilepath[MAX_FILENAME_LEN];
- char buffer[MAX_SEND_DATA_LEN+1];
- char group_id[MAX_GROUP_ID_LEN];
- char cookie[MAX_COOKIE_LEN];
-} ReqData_t;
-
-typedef struct {
- int rsp_type;
- unsigned int readLen;
- char data_filepath[MAX_FILENAME_LEN];
- char buffer[MAX_RECV_DATA_LEN+1];
-} RspData_t;
-
-#endif
+/* + * secure storage + * + * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef __SECURE_STORAGE__ +#define __SECURE_STORAGE__ + +#include "ss_manager.h" + +#define SS_SOCK_PATH "/tmp/SsSocket" + +#define MAX_FILENAME_SIZE 256 // for absolute path +#define MAX_RECV_DATA_SIZE 4096 // internal buffer = 4KB +#define MAX_SEND_DATA_SIZE 4096 // internal buffer = 4KB +#define MAX_GROUP_ID_SIZE 32 + +#define SS_STORAGE_DEFAULT_PATH "/opt/share/secure-storage/" + +#define MAX_APPID_SIZE 32 +#define MAX_PASSWORD_SIZE 32 +#define KEY_SIZE 16 +#define SALT_SIZE 400 +#define SALT_NAME "salt" +#define HASH_SIZE 20 +#define DUK_NAME "duk" +#define SALT_PATH "/opt/share/secure-storage/salt/salt" +#define DELIMITER "::" +#define DELIMITER_SIZE 2 +#define PRE_GROUP_ID "secure-storage::" + +/* using dlog */ +#ifdef SS_DLOG_USE + +#define LOG_TAG "SECURE_STORAGE" +#include <dlog.h> + +#elif SS_CONSOLE_USE // debug msg will be printed in console + +#define SLOGD(FMT, ARG ...) fprintf(stderr, FMT, ##ARG) +#define SLOGV(FMT, ARG ...) fprintf(stderr, FMT, ##ARG) +#define SLOGI(FMT, ARG ...) fprintf(stderr, FMT, ##ARG) +#define SLOGW(FMT, ARG ...) fprintf(stderr, FMT, ##ARG) +#define SLOGE(FMT, ARG ...) fprintf(stderr, FMT, ##ARG) +#define SLOGF(FMT, ARG ...) fprintf(stderr, FMT, ##ARG) + +#else // don't use logging + +#define SLOGD(FMT, ARG ...) {} +#define SLOGV(FMT, ARG ...) {} +#define SLOGI(FMT, ARG ...) {} +#define SLOGW(FMT, ARG ...) {} +#define SLOGE(FMT, ARG ...) {} +#define SLOGF(FMT, ARG ...) {} + +#endif + +#define SS_FILE_POSTFIX ".e" + + +typedef struct { + unsigned int originSize; + unsigned int storedSize; + char reserved[8]; +}ssm_file_info_t; + +typedef union { + ssm_file_info_t fInfoStruct; + char fInfoArray[16]; +}ssm_file_info_convert_t; + +typedef struct { + int req_type; + int enc_type; + unsigned int count; // 1 count = 4KB + unsigned int flag; + char data_infilepath[MAX_FILENAME_SIZE+1]; // string + char buffer[MAX_SEND_DATA_SIZE+1]; + char group_id[MAX_GROUP_ID_SIZE+1]; // string +} ReqData_t; + +typedef struct { + int rsp_type; + unsigned int readLen; + char data_filepath[MAX_FILENAME_SIZE+1]; // string + char buffer[MAX_RECV_DATA_SIZE]; +} RspData_t; + + +#endif // __SECURE_STORAGE__ diff --git a/include/ss_manager.h b/include/ss_manager.h index b0f548c..4fc6066 100644..100755 --- a/include/ss_manager.h +++ b/include/ss_manager.h @@ -1,9 +1,7 @@ /* * secure storage * - * Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Contact: Kidong Kim <kd0228.kim@samsung.com> + * Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -22,381 +20,434 @@ #ifndef __SS_MANAGER__ #define __SS_MANAGER__ +#include <tizen.h> + + /** + * @addtogroup CAPI_SECURE_STORAGE_MODULE * @{ */ + /** - * @defgroup SECURE_STORAGE secure storage - * @ingroup SecurityFW - * @{ + * @brief Secure Storage default path + * @remark This path is deprecated. */ - #define SSM_STORAGE_DEFAULT_PATH "/opt/share/secure-storage/" #define DEPRECATED __attribute__((deprecated)) /** - * \name Enumeration + * @brief Enumeration for SSM data type + * @remark This enumeration is deprecated. */ typedef enum { - SSM_FLAG_NONE = 0x00, - SSM_FLAG_DATA, // normal data for user (ex> picture, video, memo, etc.) - SSM_FLAG_SECRET_PRESERVE, // for preserved operation - SSM_FLAG_SECRET_OPERATION, // for oma drm , wifi addr, divx and bt addr - SSM_FLAG_WIDGET, // for wiget encryption/decryption + SSM_FLAG_NONE = 0x00, /**< for initial purrpose */ + SSM_FLAG_DATA, /**< normal data for user (ex> picture, video, memo, etc.) */ + SSM_FLAG_SECRET_PRESERVE, /**< for preserved operation */ + SSM_FLAG_SECRET_OPERATION, /**< for oma drm , wifi addr, divx and bt addr */ + SSM_FLAG_WIDGET, /**< for wiget encryption/decryption */ + SSM_FLAG_WEB_APP, /**< for web application encryption/decryption */ + SSM_FLAG_PRELOADED_WEB_APP, /**< for preloaded application encryption/decryption */ SSM_FLAG_MAX } ssm_flag; +/* + * @brief Enumeration for SSM data type + * @remark This enumeration is deprecated. + */ +typedef enum { + SSM_FLAG_WEB_APP_, /**< for web application */ + SSM_FLAG_PRELOADED_WEB_APP_ /**< for preloaded web application */ +} WebFlag; + + +/** + * @brief Parameter error + * @remark This Error code is deprecated. + */ +#define SS_PARAM_ERROR 0x00000002 +/** + * @brief File type error + * @remark This Error code is deprecated. + */ +#define SS_FILE_TYPE_ERROR 0x00000003 +/** + * @brief File open error + * @remark This Error code is deprecated. + */ +#define SS_FILE_OPEN_ERROR 0x00000004 /** - * \name Type definition + * @brief File read error + * @remark This Error code is deprecated. */ -typedef struct { - unsigned int originSize; - unsigned int storedSize; - char reserved[8]; -}ssm_file_info_t; +#define SS_FILE_READ_ERROR 0x00000005 /** - * \name Error codes + * @brief File write error + * @remark This Error code is deprecated. + */ +#define SS_FILE_WRITE_ERROR 0x00000006 +/** + * @brief Out of memory + * @remark This Error code is deprecated. + */ +#define SS_MEMORY_ERROR 0x00000007 +/** + * @brief Socket error + * @remark This Error code is deprecated. + */ +#define SS_SOCKET_ERROR 0x00000008 +/** + * @brief Encryption error + * @remark This Error code is deprecated. + */ +#define SS_ENCRYPTION_ERROR 0x00000009 +/** + * @brief Decryption error + * @remark This Error code is deprecated. + */ +#define SS_DECRYPTION_ERROR 0x0000000a +/** + * @brief Data block size error + * @remark This Error code is deprecated. + */ +#define SS_SIZE_ERROR 0x0000000b +/** + * @brief Secure Storage access error + * @remark This Error code is deprecated. + */ +#define SS_SECURE_STORAGE_ERROR 0x0000000c +/** + * @brief Permission denied from security server + * @remark This Error code is deprecated. */ -#define SS_PARAM_ERROR 0x00000002 // 2 -#define SS_FILE_TYPE_ERROR 0x00000003 // 3 -#define SS_FILE_OPEN_ERROR 0x00000004 // 4 -#define SS_FILE_READ_ERROR 0x00000005 // 5 -// -#define SS_FILE_WRITE_ERROR 0x00000006 // 6 -#define SS_MEMORY_ERROR 0x00000007 // 7 -#define SS_SOCKET_ERROR 0x00000008 // 8 -#define SS_ENCRYPTION_ERROR 0x00000009 // 9 -#define SS_DECRYPTION_ERROR 0x0000000a // 10 -// -#define SS_SIZE_ERROR 0x0000000b // 11 -#define SS_SECURE_STORAGE_ERROR 0x0000000c // 12 -#define SS_PERMISSION_DENIED 0x0000000d // 13 +#define SS_PERMISSION_DENIED 0x0000000d +/** + * @brief Trust Zone error + * @remark This Error code is deprecated. + */ +#define SS_TZ_ERROR 0x0000000e + + #ifdef __cplusplus extern "C" { #endif +typedef enum +{ + SSA_PARAM_ERROR = TIZEN_ERROR_SYSTEM_CLASS | 0x01, /** < Invalid parameters */ + SSA_AUTHENTICATION_ERROR = TIZEN_ERROR_SYSTEM_CLASS | 0x02, /** < Authentication error */ + SSA_TZ_ERROR = TIZEN_ERROR_SYSTEM_CLASS | 0x03, /** < Trust zone error */ + SSA_SOCKET_ERROR = TIZEN_ERROR_CONNECTION, /** < Connection error */ + SSA_PERMISSION_ERROR = TIZEN_ERROR_PERMISSION_DENIED, /** < Permission denied */ + SSA_SECURITY_SERVER_ERROR = TIZEN_ERROR_SYSTEM_CLASS | 0x04,/** < Security server error */ + SSA_CIPHER_ERROR = TIZEN_ERROR_SYSTEM_CLASS | 0x05, /** < Encryption / Decryption error */ + SSA_IO_ERROR = TIZEN_ERROR_IO_ERROR, /** < I/O error */ + SSA_OUT_OF_MEMORY = TIZEN_ERROR_OUT_OF_MEMORY, /** < Out of memory */ + SSA_UNKNOWN_ERROR = TIZEN_ERROR_UNKNOWN, /** < Unknown error */ +} ssa_error_e; + /** - * \name Functions - */ -/** - * \par Description: - * Store encrypted file to secure-storage. - * - * \par Purpose: - * Encrypt file in order not to expose the contents of that file. The encrypted file is stored in specific directory and that file only be read by secure-storage server daemon. + * @brief Put application data to Secure Storage by given name. + * @remark Input parameters pInDataName, pInDataBlock, pGroupId, pPassword must be static / allocated by user. Maximum used length of user password and group id are 32. * - * \par Typical use case: - * When user wants to store some file securely, he(or she) can use this API. + * @since_tizen 2.3 + * @param[in] pDataName Data name to be identify. + * @param[in] pInDataBlock Data block to be stored. + * @param[in] pInDataBlockLen Length of data to be put. + * @param[in] pGroupId Sharing group id. (NULL if not used) + * @param[in] pPassword User password to use for encryption. (NULL if not used) * - * \par Method of function operation: - * First, encrypt the given file. Then make new file path which will be stored in secure storage. Then store new encrypted file and remove older one. + * @return Length of stored data block on success or an error code otherwise. + * @retval #SSA_PARAM_ERROR Invalid input parameter + * @retval #SSA_AUTHENTICATION_ERROR Non-authenticated application request + * @retval #SSA_TZ_ERROR Trust zone error + * @retval #SSA_SOCKET_ERROR Socket connection failed + * @retval #SSA_PERMISSION_ERROR Permission error + * @retval #SSA_SECURITY_SERVER_ERROR Getting smack information failed + * @retval #SSA_CIPHER_ERROR Encryption failed + * @retval #SSA_IO_ERROR I/O failed * - * \par Important Notes: - * - After encryption, original file will be deleted.\n * - * \param[in] pFilePath Absolute file path of original file - * \param[in] flag Type of stored data (data or secret) - * \param[in] group_id Sharing group id(string). (NULL if not used) * - * \return Return Type (integer) \n - * - 0 - Success \n - * - <0 - Fail \n + * @see ssa_get() * - * \par Related functions: - * None - * - * \par Known issues/bugs: - * None - * - * \pre None - * \post None - * \see None - * \remark None - * - * \par Sample code: - * \code + * @code * #include <ss_manager.h> * * ... * - * int ret = -1; - * char* infilepath = "/opt/test/test.txt"; - * ssm_flag flag = SSM_FLAG_DATA; - * - * ret = ssm_write_file(infilepath, flag, NULL); + * int outLen = -1; + * unsigned char dataName[32]; + * unsigned char* pDataBlock; + * unsigned int dataLen; + * unsigned char password[32]; + * unsigned char* pGroupId; + * + * // Put data name to array dataName + * // Put data block to pDataBlock and put its length to dataLen + * // Put user password to array password + * // Put group id to pGroupId if want share the data + * + * outLen = ssa_put(dataName, pDataBlock, dataLen, pGroupId, password); + * if(outLen < 0) + * { + * // Error handling + * } + * // Use dataName to read data block afterwards * - * return ret; // in case of success, return 0. Or fail, return corresponding error code. - * * ... - * \endcode + * @endcode * */ -/*================================================================================================*/ -int ssm_write_file(const char* pFilePath, ssm_flag flag, const char* group_id); +int ssa_put(const char* pDataName, const char* pInDataBlock, size_t inDataBlockLen, const char* pGroupId, const char* pPassword); + /** - * \par Description: - * Store encrypted file to secure-storage (Original data is in memory buffer). - * - * \par Purpose: - * Encrypt buffer in order not to expose the contents of that buffer. The encrypted file is stored in specific directory and that file only be read by secure-storage server daemon. - * - * \par Typical use case: - * When user wants to store some buffer contents securely, he(or she) can use this API. - * - * \par Method of function operation: - * First, encrypt the given buffer contents. Then make new file path which will be stored in secure storage. Then store new encrypted file. - * - * \par Important Notes: - * None - * - * \param[in] pWriteBuffer Data buffer to be stored in secure storage - * \param[in] bufLen Data size of buffer - * \param[in] pFileName File name be used when stored. Only file name, not a path - * \param[in] flag Type of stored data (data or secret) - * \param[in] group_id Sharing group id(string). (NULL if not used) - * - * \return Return Type (integer) \n - * - 0 - Success \n - * - <0 - Fail \n - * - * \par Related functions: - * None - * - * \par Known issues/bugs: - * None - * - * \pre None - * \post None - * \see None - * \remark None - * - * \par Sample code: - * \code + * @brief Get application data from Secure Storage by given name. + * @remark Input parameters pOutataName, pGroupId, pPassword must be static / allocated by user. Maximum used length of user password and group id are 32 + * + * @since_tizen 2.3 + * @param[in] pDataName Data name to read. + * @param[out] ppOutDataBlock Containing data get from secure storage. Memory allocated for ppOutDataBlock. So must be freed by the user of this function. + * @param[in] pGroupId Sharing group id. (NULL if not used) + * @param[in] pPassword User password to use for encryption. (NULL if not used) + * + * @return Length of read data block on success or an error code otherwise. + * @retval #SSA_PARAM_ERROR Invalid input parameter or no such data by given data name + * @retval #SSA_AUTHENTICATION_ERROR Non-authenticated application request + * @retval #SSA_TZ_ERROR Trust zone error + * @retval #SSA_SOCKET_ERROR Socket connection failed + * @retval #SSA_PERMISSION_ERROR Permission error + * @retval #SSA_SECURITY_SERVER_ERROR Getting smack information failed + * @retval #SSA_CIPHER_ERROR Decryption failed + * @retval #SSA_IO_ERROR I/O failed + * + * @see ssa_put() + * + * @code * #include <ss_manager.h> * * ... * - * int ret = -1; - * char buf[27] = "abcdefghijklmnopqrstuvwxyz"; - * int buflen = strlen(buf); - * char* filename = write_buf.txt; - * ssm_flag flag = SSM_FLAG_SECRET_OPERATION; - * - * ret = ssm_write_buffer(buf, buflen, filename, flag, NULL); - * - * return ret; // in case of success, return 0. Or fail, return corresponding error code. - * + * int outLen = -1; + * unsigned char dataName[32]; + * unsigned char* pOutDataBlock; + * unsigned char password[32]; + * unsigned char* pGroupId; + * + * // Put data name to array dataName + * // Put user password to array password + * // Put group id to pGroupId if want share the data + * + * outLen = ssa_get(dataName, &pOutDataBlock, pGroupId, password); + * if(outLen < 0) + * { + * // Error handling + * } + * + * free(pOutDataName); + * return; * ... - * \endcode + * @endcode * */ -/*================================================================================================*/ -int ssm_write_buffer(char* pWriteBuffer, size_t bufLen, const char* pFileName, ssm_flag flag, const char* group_id); +int ssa_get(const char* pDataName, char** ppOutDataBlock, const char* pGroupId, const char* pPassword); + /** - * \par Description: - * Decrypt encrypted file into memory buffer. - * - * \par Purpose: - * Read encrypted file which be stored in secure storage. Decrypted contents are only existed in the form of memory buffer, not file. - * - * \par Typical use case: - * When user wants to know the contents which be stored in secure storage, he(or she) can use this API. - * - * \par Method of function operation: - * First, read the file which be in secure storage. Then decrypt that file and store to memory buffer. Then return that buffer. - * - * \par Important Notes: - * - flag must be same with the one of stored data.\n - * - pFilePath can be either absolute path or file name.\n - * - pRetBuf is JUST pointer. User allocates memory buffer and passes a pointer.\n - * - not uses sting function, but uses memory function (not strcpy, strlen, ... use memcpy, memset, ...).\n - * - * \param[in] pFilePath File name or path to be read in secure storage - * \param[in] bufLen Length of data to be read - * \param[in] flag Type of stored data (data or secret) - * \param[out] readLen Length of data that this function read - * \param[out] pRetBuf Buffer for decrypted data - * \param[in] group_id Sharing group id(string). (NULL if not used) - * - * \return Return Type (integer) \n - * - 0 - Success \n - * - <0 - Fail \n - * - * \par Related functions: - * ssm_get_info() - use in order to know file size - * - * \par Known issues/bugs: - * None - * - * \pre None - * \post None - * \see None - * \remark None - * - * \par Sample code: - * \code + * @brief Delete application data from Secure Storage by given name. + * @remark Input parameters pDataName, pGroupId must be static / allocated by caller. Maximum used length of group id is 32 + * + * @since_tizen 2.3 + * @param[in] pDataName Data name to delete + * @param[in] pGroupId Sharing group id. (NULL if not used) + * + * @return Length of data block on success or an error code otherwise. + * @retval #SSA_PARAM_ERROR Invalid input parameter or no such data by given data name + * @retval #SSA_AUTHENTICATION_ERROR Non-authenticated application request + * @retval #SSA_TZ_ERROR Trust zone error + * @retval #SSA_SOCKET_ERROR Socket connection failed + * @retval #SSA_PERMISSION_ERROR Permission error + * @retval #SSA_SECURITY_SERVER_ERROR Getting smack information failed + * @retval #SSA_IO_ERROR I/O failed + * + * @pre The application data have to put before using this API by ssa_put() + * @see ssa_put() + * + * @code * #include <ss_manager.h> * * ... * * int ret = -1; - * char *filepath = "/opt/test/input.txt"; - * int buflen = 128; - * ssm_flag flag = SSM_FLAG_DATA; - * char* retbuf = NULL; - * int readlen = 0; - * ssm_file_info_t sfi; - * - * ssm_getinfo(filepath, &sfi, SSM_FLAG_DATA); - * retbuf = (char*)malloc(sizeof(char) * (sfi.originSize + 1)); - * memset(retbuf, 0x00, (sfi.originSize + 1)); - * - * ret = ssm_read(filepath, retbuf, sfi.originSize, &readlen, SSM_FLAG_DATA, NULL); - * free(retbuf); - * - * return ret; // in case of success, return 0. Or fail, return corresponding error code. - * + * unsigned char dataName[32]; + * unsigned char* pGroupId; + * + * // Put data name to array dataName + * // Put group id to pGroupId if want share the data + * + * ret = ssa_delete(dataName, pGroupId); + * if(ret < 0) + * { + * // Error handling + * } + * + * return; * ... - * \endcode + * @endcode * */ -/*================================================================================================*/ -int ssm_read(const char* pFilePath, char* pRetBuf, size_t bufLen, size_t *readLen, ssm_flag flag, const char* group_id); +int ssa_delete(const char* pDataName, const char* pGroupId); + /** - * \par Description: - * Get information of data which will be read. - * - * \par Purpose: - * Use in order to know file statistic information of encrypted file, original file size and encrypted file size. - * - * \par Typical use case: - * When using ssm_read API, user should know the size of original size of encrypted file. In that case, he(or she) can use this API. - * - * \par Method of function operation: - * When encrypting some file, information regarding size of file are saved with encrypted file. In this API, returns that information. - * - * \par Important Notes: - * None - * - * \param[in] pFilePath File name or path of file - * \param[in] flag Type of stored data (data or secret) - * \param[out] sfi Structure of file information - * \param[in] group_id Sharing group id(string). (NULL if not used) - * - * \return Return Type (integer) \n - * - 0 - Success \n - * - <0 - Fail \n - * - * \par Related functions: - * ssm_read() - * - * \par Known issues/bugs: - * None - * - * \pre None - * \post None - * \see None - * \remark None - * - * \par Sample code: - * \code + * @brief Encrypt application data using Secure Storage. + * @remark Input parameters pInDataBlock, pPassword must be static / allocated by caller. Maximum used length of password is 32 + * + * @since_tizen 2.3 + * @param[in] pInDataBlock Data block to be encrypted. + * @param[in] inDataBlockLen Length of data block to be encrypted. + * @param[out] ppOutDataBlock Data block contaning encrypted data block. Memory allocated for ppOutDataBlock. So must be freed user of this function. + * @param[in] pPassword User password to use for encryption. (NULL if not used) + * + * @return Length of encrypted data block on success or an error code otherwise. + * @retval #SSA_PARAM_ERROR Invalid input parameter + * @retval #SSA_AUTHENTICATION_ERROR Non-authenticated application request + * @retval #SSA_TZ_ERROR Trust zone error + * @retval #SSA_SOCKET_ERROR Socket connection failed + * @retval #SSA_PERMISSION_ERROR Permission error + * @retval #SSA_SECURITY_SERVER_ERROR Getting smack information failed + * + * @see ssa_decrypt() + * + * @code * #include <ss_manager.h> * * ... * - * int ret = -1; - * char *filepath = "/opt/secure-storage/test/input.txt"; - * ssm_flag flag = SSM_FLAG_DATA; - * ssm_file_info_t sfi; + * int len = -1; + * unsigned char* pDataBlock; + * unsigned int dataBlockLen; + * unsigned char* pOutDataBlock; + * unsigned char pPassword[32]; * - * ret = ssm_getinfo(filepath, &sfi, flag, NULL); - * - * printf(" ** original size: [%d]\n", sfi.originSize); - * printf(" ** stored size: [%d]\n", sfi.storedSize); - * printf(" ** reserved: [%s]\n", sfi.reserved); + * // Put data block to pDataBlock and put its length to dataBlockLen + * // Put user password to array pPassword + * + * len = ssa_encrypt(pDataBlock, dataBlockLen, &pOutDataBlock, pPassword); + * if(len < 0) + * { + * // Error handling + * } * - * return ret; // in case of success, return 0. Or fail, return corresponding error code. - * * ... - * \endcode + * free(pOutDataBlock); + * @endcode * */ -/*================================================================================================*/ -int ssm_getinfo(const char* pFilePath, ssm_file_info_t* sfi, ssm_flag flag, const char* group_id); +int ssa_encrypt(const char* pInDataBlock, size_t inDataBlockLen, char** ppOutDataBlock, const char* pPassword); + /** - * \par Description: - * Delete encrypted file in Secure-storage. - * - * \par Purpose: - * The Secure-storage is the special place, which only ss-server daemon can access. Therefore, in order to delete file, process requests to ss-server. - * - * \par Typical use case: - * When user wants to delete specific file, he(or she) can use this API. - * - * \par Method of function operation: - * All files in secure-storage have unique name. Process will request to delete some file, then ss-server deletes that. - * - * \par Important Notes: - * None - * - * \param[in] pFilePath File path - * \param[in] flag Type of stored data (data or secret) - * \param[in] group_id Sharing group id(string). (NULL if not used) - * - * \return Return Type (integer) \n - * - 0 - Success \n - * - <0 - Fail \n - * - * \par Related functions: - * None - * - * \par Known issues/bugs: - * None - * - * \pre None - * \post None - * \see None - * \remark None - * - * \par Sample code: - * \code + * @brief Decrypt application data using Secure Storage. + * @remark Input parameters pInDataBlock, pPassword must be static / allocated by caller. Maximum used length of password is 32 + * + * @since_tizen 2.3 + * @param[in] pInDataBlock Data block contained encrypted data from ssa_encrypt. + * @param[in] inDataBlockLen Length of data block to be decrypted. + * @param[out] ppOutDataBlock Data block contaning decrypted data block. Memory allocated for ppOutDataBlock. So must be freed user of this function. + * @param[in] pPassword User password to use for decryption. (NULL if not used) + * + * @return Length of decrypted data block on success or an error code otherwise. + * @retval #SSA_PARAM_ERROR Invalid input parameter + * @retval #SSA_AUTHENTICATION_ERROR Non-authenticated application request + * @retval #SSA_TZ_ERROR Trust zone error + * @retval #SSA_SOCKET_ERROR Socket connection failed + * @retval #SSA_PERMISSION_ERROR Permission error + * @retval #SSA_SECURITY_SERVER_ERROR Getting smack information failed + * + * @see ssa_encrypt() + * + * @code * #include <ss_manager.h> * * ... * - * int ret = -1; - * char *infilepath = "res_write_buf.txt"; - * ssm_flag flag = SSM_FLAG_SECRET_OPERATION; + * int len = -1; + * unsigned char* pDataBlock; + * unsigned int dataBlockLen; + * unsigned char* pOutDataBlock; + * unsigned char pPassword[32]; * - * ret = ssm_delete_file(infilepath, flag, NULL); + * // Put data block to pDataBlock and put its length to dataBlockLen + * // Put user password to array pPassword * - * return ret; // in case of success, return 0. Or fail, return corresponding error code. + * len = ssa_decrypt(pDataBlock, dataBlockLen, &pOutDataBlock, pPassword); + * if(len < 0) + * { + * // Error handling + * } * * ... - * \endcode + * free(pOutDataBlock); + * @endcode * */ -/*================================================================================================*/ -int ssm_delete_file(const char* pFilePath, ssm_flag flag, const char* group_id); +int ssa_decrypt(const char* pInDataBlock, size_t inDataBlockLen, char** ppOutDataBlock, const char* pPassword); -#ifdef __cplusplus -} -#endif /** - * @} + * @brief Encrypt web application data using Secure Storage. + * + * @since_tizen 2.3 + * @param[in] pAppId The application id. + * @param[in] idLen Length of application id. + * @param[in] pData Data block to be encrypted. + * @param[in] dataLen Length of data block. + * @param[out] ppEncryptedData Data block contaning encrypted data block. Memory allocated for ppEncryptedData. So must be freed user of this function. + * @param[in] isPreloaded True if the application is preloaded else false. + * + * @return Length of encrypted data block on success or an error code otherwise. + * @retval #SSA_PARAM_ERROR Invalid input parameter + * @retval #SSA_AUTHENTICATION_ERROR Non-authenticated application request + * @retval #SSA_TZ_ERROR Trust zone error + * @retval #SSA_SOCKET_ERROR Socket connection failed + * @retval #SSA_PERMISSION_ERROR Permission error + * @retval #SSA_SECURITY_SERVER_ERROR Getting smack information failed + * + * @see ssa_decrypt_web_application() */ +int ssa_encrypt_web_application(const char* pAppId, int idLen, const char* pData, int dataLen, char** ppEncryptedData, int isPreloaded); + /** - * @} + * @brief Encrypt web application data using Secure Storage. + * + * @since_tizen 2.3 + * @param[in] pAppId The application id. + * @param[in] idLen Length of application id. + * @param[in] pData Data block to be encrypted. + * @param[in] dataLen Length of data block. + * @param[out] ppEncryptedData Data block contaning encrypted data block. Memory allocated for ppEncryptedData. So must be freed user of this function. + * @param[in] isPreloaded True if the application is preloaded else false. + * + * @return Length of encrypted data block on success or an error code otherwise. + * @retval #SSA_PARAM_ERROR Invalid input parameter + * @retval #SSA_AUTHENTICATION_ERROR Non-authenticated application request + * @retval #SSA_TZ_ERROR Trust zone error + * @retval #SSA_SOCKET_ERROR Socket connection failed + * @retval #SSA_PERMISSION_ERROR Permission error + * @retval #SSA_SECURITY_SERVER_ERROR Getting smack information failed + * + * @see ssa_decrypt_web_application() */ +int ssa_decrypt_web_application(const char* pData, int dataLen, char** ppDecryptedData, int isPreloaded); + +#ifdef __cplusplus +} +#endif #endif |