diff options
| author | Kyungwook Tak <k.tak@samsung.com> | 2016-07-21 16:46:00 +0900 |
|---|---|---|
| committer | Kyungwook Tak <k.tak@samsung.com> | 2016-07-26 15:51:15 +0900 |
| commit | d6da3e3d9bc29e22103b094bee5ca68f5d8f0f61 (patch) | |
| tree | 6439a58283180d86c72f4c30413d55be728f6dd4 /srcs/crypto_service.c | |
| parent | 6818b8559b7d4d45adaeb1937d708a154dc00fd7 (diff) | |
| download | libwebappenc-d6da3e3d9bc29e22103b094bee5ca68f5d8f0f61.tar.gz libwebappenc-d6da3e3d9bc29e22103b094bee5ca68f5d8f0f61.tar.bz2 libwebappenc-d6da3e3d9bc29e22103b094bee5ca68f5d8f0f61.zip | |
Add data structures
For migrated web app, we need to more fields in cache e.g., IV and
is_migrated flag to handle it separately.
Because cipher algorithm, iv and key size could be different between old
secure storage, it depends on product implementation. So this
architecture needs more flexibility.
A lot of code changed because of the principle data structure is added
from the bottom.
Change-Id: Id6a10b9f707f4da25016dd928ab4049be619a610
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Diffstat (limited to 'srcs/crypto_service.c')
| -rw-r--r-- | srcs/crypto_service.c | 187 |
1 files changed, 95 insertions, 92 deletions
diff --git a/srcs/crypto_service.c b/srcs/crypto_service.c index 0991d42..bd83eba 100644 --- a/srcs/crypto_service.c +++ b/srcs/crypto_service.c @@ -36,11 +36,6 @@ #define AES_256_KEY_SIZE 32 -static unsigned char AES_CBC_IV[16] = { - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x08, 0x39, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F -}; - static bool __initialized = false; void _initialize() @@ -52,26 +47,27 @@ void _initialize() } } -int encrypt_app_dek(const unsigned char *pubkey, size_t pubkey_len, - const unsigned char *dek, size_t dek_len, - unsigned char **pencrypted_dek, size_t *pencrypted_dek_len) +int encrypt_app_dek(const raw_buffer_s *pubkey, const raw_buffer_s *dek, + raw_buffer_s **pencrypted_dek) { + if (!is_buffer_valid(pubkey) || !is_buffer_valid(dek) || pencrypted_dek == NULL) + return WAE_ERROR_INVALID_PARAMETER; + int ret = WAE_ERROR_NONE; EVP_PKEY *key = NULL; - BIO *bio = NULL; EVP_PKEY_CTX *ctx = NULL; - unsigned char *out = NULL; - size_t out_len = 0; + raw_buffer_s *encrypted_dek = NULL; + size_t len = 0; _initialize(); - bio = BIO_new(BIO_s_mem()); - BIO_write(bio, pubkey, pubkey_len); + BIO *bio = BIO_new(BIO_s_mem()); + BIO_write(bio, pubkey->buf, pubkey->size); key = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL); if (key == NULL) { BIO_reset(bio); - BIO_write(bio, pubkey, pubkey_len); + BIO_write(bio, pubkey->buf, pubkey->size); key = d2i_PUBKEY_bio(bio, NULL); } @@ -102,28 +98,26 @@ int encrypt_app_dek(const unsigned char *pubkey, size_t pubkey_len, } /* Determine buffer length */ - if (EVP_PKEY_encrypt(ctx, NULL, &out_len, dek, dek_len) <= 0) { + if (EVP_PKEY_encrypt(ctx, NULL, &len, dek->buf, dek->size) <= 0) { WAE_SLOGE("Encrypt APP DEK Failed. EVP_PKEY_encrypt failed"); ret = WAE_ERROR_CRYPTO; goto error; } - out = OPENSSL_malloc(out_len); - - if (out == NULL) { + if ((encrypted_dek = buffer_create(len)) == NULL) { WAE_SLOGE("Encrypt APP DEK Failed. OPENSSL_malloc failed"); ret = WAE_ERROR_MEMORY; goto error; } - if (EVP_PKEY_encrypt(ctx, out, &out_len, dek, dek_len) <= 0) { + if (EVP_PKEY_encrypt(ctx, encrypted_dek->buf, &encrypted_dek->size, dek->buf, + dek->size) <= 0) { WAE_SLOGE("Encrypt APP DEK Failed. EVP_PKEY_encrypt failed"); ret = WAE_ERROR_CRYPTO; goto error; } - *pencrypted_dek = out; - *pencrypted_dek_len = out_len; + *pencrypted_dek = encrypted_dek; error: if (bio != NULL) @@ -135,39 +129,41 @@ error: if (ctx != NULL) EVP_PKEY_CTX_free(ctx); - if (ret != WAE_ERROR_NONE && out != NULL) - OPENSSL_free(out); + if (ret != WAE_ERROR_NONE) + buffer_destroy(encrypted_dek); return ret; } -int decrypt_app_dek(const unsigned char *prikey, size_t prikey_len, - const char *prikey_pass, - const unsigned char *encrypted_dek, size_t encrypted_dek_len, - unsigned char **pdecrypted_dek, size_t *pdecrypted_dek_len) +int decrypt_app_dek(const raw_buffer_s *prikey, const char *prikey_pass, + const raw_buffer_s *encrypted_dek, raw_buffer_s **pdek) { + if (!is_buffer_valid(prikey) || !is_buffer_valid(encrypted_dek) || pdek == NULL) + return WAE_ERROR_INVALID_PARAMETER; + int ret = WAE_ERROR_NONE; - EVP_PKEY *key = NULL; - BIO *bio = NULL; EVP_PKEY_CTX *ctx = NULL; - unsigned char *out = NULL; - size_t out_len = 0; + raw_buffer_s *dek = NULL; + size_t len = 0; _initialize(); - bio = BIO_new(BIO_s_mem()); - BIO_write(bio, prikey, prikey_len); - key = PEM_read_bio_PrivateKey(bio, NULL, NULL, (void *)prikey_pass); + BIO *bio = BIO_new(BIO_s_mem()); + if (bio == NULL) + return WAE_ERROR_MEMORY; + + BIO_write(bio, prikey->buf, prikey->size); + EVP_PKEY *key = PEM_read_bio_PrivateKey(bio, NULL, NULL, (void *)prikey_pass); if (key == NULL) { BIO_reset(bio); - BIO_write(bio, prikey, prikey_len); + BIO_write(bio, prikey->buf, prikey->size); key = d2i_PrivateKey_bio(bio, NULL); } if (key == NULL) { ret = WAE_ERROR_FILE; - WAE_SLOGE("Failt to convert to public key."); + WAE_SLOGE("Failed to convert to public key."); goto error; } @@ -192,28 +188,27 @@ int decrypt_app_dek(const unsigned char *prikey, size_t prikey_len, } /* Determine buffer length */ - if (EVP_PKEY_decrypt(ctx, NULL, &out_len, encrypted_dek, encrypted_dek_len) <= 0) { + if (EVP_PKEY_decrypt(ctx, NULL, &len, encrypted_dek->buf, encrypted_dek->size) <= 0) { WAE_SLOGE("Decrypt APP DEK Failed. EVP_PKEY_decrypt failed"); ret = WAE_ERROR_CRYPTO; goto error; } - out = OPENSSL_malloc(out_len); - - if (out == NULL) { + dek = buffer_create(len); + if (dek == NULL) { WAE_SLOGE("Decrypt APP DEK Failed. OPENSSL_malloc failed"); ret = WAE_ERROR_MEMORY; goto error; } - if (EVP_PKEY_decrypt(ctx, out, &out_len, encrypted_dek, encrypted_dek_len) <= 0) { + if (EVP_PKEY_decrypt(ctx, dek->buf, &dek->size, encrypted_dek->buf, + encrypted_dek->size) <= 0) { WAE_SLOGE("Encrypt APP DEK Failed. EVP_PKEY_decrypt failed"); ret = WAE_ERROR_CRYPTO; goto error; } - *pdecrypted_dek = out; - *pdecrypted_dek_len = out_len; + *pdek = dek; error: if (bio != NULL) @@ -225,36 +220,40 @@ error: if (ctx != NULL) EVP_PKEY_CTX_free(ctx); - if (ret != WAE_ERROR_NONE && out != NULL) - OPENSSL_free(out); + if (ret != WAE_ERROR_NONE) + buffer_destroy(dek); return ret; } -int encrypt_aes_cbc(const unsigned char *key, size_t key_len, - const unsigned char *data, size_t data_len, - unsigned char **pencrypted_data, size_t *pencrypted_data_len) +int encrypt_aes_cbc(const crypto_element_s *ce, const raw_buffer_s *data, + raw_buffer_s **pencrypted_data) { - EVP_CIPHER_CTX *ctx; - int len; - unsigned char *ciphertext = NULL; - size_t ciphertext_len; - unsigned char *iv = AES_CBC_IV; + if (!is_crypto_element_valid(ce) || !is_buffer_valid(data) || pencrypted_data == NULL) + return WAE_ERROR_INVALID_PARAMETER; + + EVP_CIPHER_CTX *ctx = NULL; + int len = 0; + raw_buffer_s *encrypted_data = NULL; int ret = WAE_ERROR_NONE; _initialize(); - WAE_SLOGI("Encryption Started. size=%d", data_len); + WAE_SLOGI("Encryption Started. size=%d", data->size); /* check input paramter */ - if (key_len != 32) { - WAE_SLOGE("Encryption Failed. Invalid Key Length. key_len=%d", key_len); + if (ce->dek->size != 32) { + WAE_SLOGE("Encryption Failed. Invalid Key Length. key_len=%d", ce->dek->size); return WAE_ERROR_INVALID_PARAMETER; } // assing a enough memory for decryption. - ciphertext = (unsigned char *) malloc(data_len + 32); + encrypted_data = buffer_create(data->size + 32); + if (encrypted_data == NULL) { + ret = WAE_ERROR_MEMORY; + goto error; + } /* Create and initialise the context */ if (!(ctx = EVP_CIPHER_CTX_new())) { @@ -268,7 +267,7 @@ int encrypt_aes_cbc(const unsigned char *key, size_t key_len, * In this example we are using 256 bit AES (i.e. a 256 bit key). The * IV size for *most* modes is the same as the block size. For AES this * is 128 bits */ - if (1 != EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv)) { + if (EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, ce->dek->buf, ce->iv->buf) != 1) { WAE_SLOGE("Encryption Failed. EVP_EncryptInit_ex failed"); ret = WAE_ERROR_CRYPTO; goto error; @@ -277,64 +276,68 @@ int encrypt_aes_cbc(const unsigned char *key, size_t key_len, /* Provide the message to be encrypted, and obtain the encrypted output. * EVP_EncryptUpdate can be called multiple times if necessary */ - if (1 != EVP_EncryptUpdate(ctx, ciphertext, &len, data, data_len)) { + len = encrypted_data->size; + if (EVP_EncryptUpdate(ctx, encrypted_data->buf, &len, data->buf, + data->size) != 1) { WAE_SLOGE("Encryption Failed. EVP_EncryptUpdate failed"); ret = WAE_ERROR_CRYPTO; goto error; } - ciphertext_len = len; + encrypted_data->size = len; - /* Finalise the encryption. Further ciphertext bytes may be written at + /* Finalise the encryption. Further encrypted data bytes may be written at * this stage. */ - if (1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) { + if (EVP_EncryptFinal_ex(ctx, encrypted_data->buf + encrypted_data->size, &len) != 1) { WAE_SLOGE("Encryption Failed. EVP_EncryptFinal_ex failed"); ret = WAE_ERROR_CRYPTO; goto error; } - ciphertext_len += len; + encrypted_data->size += len; - *pencrypted_data = ciphertext; - *pencrypted_data_len = ciphertext_len; + *pencrypted_data = encrypted_data; - ret = WAE_ERROR_NONE; - WAE_SLOGI("Encryption Ended Successfully. encrypted_len", ciphertext_len); + WAE_SLOGI("Encryption Ended Successfully. encrypted_len: %d", encrypted_data->size); error: if (ctx != NULL) EVP_CIPHER_CTX_free(ctx); - if (ret != WAE_ERROR_NONE && ciphertext != NULL) - free(ciphertext); + if (ret != WAE_ERROR_NONE) + buffer_destroy(encrypted_data); return ret; } -int decrypt_aes_cbc(const unsigned char *key, size_t key_len, - const unsigned char *data, size_t data_len, - unsigned char **pdecrypted_data, size_t *pdecrypted_data_len) +int decrypt_aes_cbc(const crypto_element_s *ce, const raw_buffer_s *encrypted_data, + raw_buffer_s **pdata) { - EVP_CIPHER_CTX *ctx; - int len; - unsigned char *plaintext = NULL; - size_t plaintext_len; - unsigned char *iv = AES_CBC_IV; + if (!is_crypto_element_valid(ce) || !is_buffer_valid(encrypted_data) || pdata == NULL) + return WAE_ERROR_INVALID_PARAMETER; + + EVP_CIPHER_CTX *ctx = NULL; + int len = 0; + raw_buffer_s *data = NULL; int ret = WAE_ERROR_NONE; _initialize(); - WAE_SLOGI("Decryption Started. size=%d", data_len); + WAE_SLOGI("Decryption Started. size=%d", encrypted_data->size); /* check input paramter */ - if (key_len != 32) { - WAE_SLOGE("Decryption Failed. Invalid Key Length. key_len=%d", key_len); + if (ce->dek->size != 32) { + WAE_SLOGE("Decryption Failed. Invalid Key Length. key_len=%d", ce->dek->size); return WAE_ERROR_INVALID_PARAMETER; } // assing a enough memory for decryption. - plaintext = (unsigned char *) malloc(data_len); + data = buffer_create(encrypted_data->size); + if (data == NULL) { + ret = WAE_ERROR_MEMORY; + goto error; + } /* Create and initialise the context */ if (!(ctx = EVP_CIPHER_CTX_new())) { @@ -348,7 +351,7 @@ int decrypt_aes_cbc(const unsigned char *key, size_t key_len, * In this example we are using 256 bit AES (i.e. a 256 bit key). The * IV size for *most* modes is the same as the block size. For AES this * is 128 bits */ - if (1 != EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv)) { + if (EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, ce->dek->buf, ce->iv->buf) != 1) { WAE_SLOGE("Decryption Failed. EVP_DecryptInit_ex failed"); ret = WAE_ERROR_CRYPTO; goto error; @@ -357,37 +360,37 @@ int decrypt_aes_cbc(const unsigned char *key, size_t key_len, /* Provide the message to be decrypted, and obtain the plaintext output. * EVP_DecryptUpdate can be called multiple times if necessary */ - if (1 != EVP_DecryptUpdate(ctx, plaintext, &len, data, data_len)) { + len = data->size; + if (EVP_DecryptUpdate(ctx, data->buf, &len, encrypted_data->buf, + encrypted_data->size) != 1) { WAE_SLOGE("Decryption Failed. EVP_DecryptUpdate failed"); ret = WAE_ERROR_CRYPTO; goto error; } - plaintext_len = len; + data->size = len; /* Finalise the decryption. Further plaintext bytes may be written at * this stage. */ - if (1 != EVP_DecryptFinal_ex(ctx, plaintext + len, &len)) { + if (EVP_DecryptFinal_ex(ctx, data->buf + data->size, &len) != 1) { WAE_SLOGE("Decryption Failed. EVP_DecryptFinal_ex failed"); ret = WAE_ERROR_CRYPTO; goto error; } - plaintext_len += len; + data->size += len; - *pdecrypted_data = plaintext; - *pdecrypted_data_len = plaintext_len; + *pdata = data; - ret = WAE_ERROR_NONE; - WAE_SLOGI("Decryption Ended Successfully. decrypted_len", plaintext_len); + WAE_SLOGI("Decryption Ended Successfully. decrypted_len: %d", data->size); error: if (ctx != NULL) EVP_CIPHER_CTX_free(ctx); - if (ret != WAE_ERROR_NONE && plaintext != NULL) - free(plaintext); + if (ret != WAE_ERROR_NONE) + buffer_destroy(data); return ret; } |