diff options
author | Kyungwook Tak <k.tak@samsung.com> | 2016-07-27 16:54:50 +0900 |
---|---|---|
committer | kyungwook tak <k.tak@samsung.com> | 2016-08-02 21:45:45 -0700 |
commit | cc76acebe224f4b8a273752b2400190ab0aab679 (patch) | |
tree | 9f131a30f794d8a11174a3ef06c18c91976a8bd6 /srcs/key_handler.c | |
parent | a025df2ca4ae9a4e13b5b803674da4dd1bd133e9 (diff) | |
download | libwebappenc-cc76acebe224f4b8a273752b2400190ab0aab679.tar.gz libwebappenc-cc76acebe224f4b8a273752b2400190ab0aab679.tar.bz2 libwebappenc-cc76acebe224f4b8a273752b2400190ab0aab679.zip |
[API changed] Add uid parametersubmit/tizen/20160811.013634
Installer will be run as system (from user) so we cannot retrieve user
id from client credential(by key-manager).
Change-Id: I1e091bfc0b88fce418cd209a7a1adab021b6c0d2
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Diffstat (limited to 'srcs/key_handler.c')
-rw-r--r-- | srcs/key_handler.c | 165 |
1 files changed, 114 insertions, 51 deletions
diff --git a/srcs/key_handler.c b/srcs/key_handler.c index af7280b..cf3de1d 100644 --- a/srcs/key_handler.c +++ b/srcs/key_handler.c @@ -29,6 +29,7 @@ #include <tzplatform_config.h> +#include "web_app_enc.h" #include "wae_log.h" #include "crypto_service.h" #include "key_manager.h" @@ -56,19 +57,28 @@ static void deinit_lib(void) crypto_element_map_destroy(_map); } -static const crypto_element_s *_get_app_ce_from_cache(const char *pkg_id) +char *_create_map_key(uid_t uid, const char *pkg_id) { - return crypto_element_map_get(_map, pkg_id); + char *key = NULL; + + int ret = asprintf(&key, "%u-%s", uid, pkg_id); + + return (ret == -1) ? NULL : key; } -static int _add_app_ce_to_cache(const char *pkg_id, crypto_element_s *ce) +static const crypto_element_s *_get_app_ce_from_cache(const char *key) { - return crypto_element_map_add(&_map, pkg_id, ce); + return crypto_element_map_get(_map, key); } -void _remove_app_ce_from_cache(const char *pkg_id) +static int _add_app_ce_to_cache(const char *key, crypto_element_s *ce) { - crypto_element_map_remove(&_map, pkg_id); + return crypto_element_map_add(&_map, key, ce); +} + +void _remove_app_ce_from_cache(const char *key) +{ + crypto_element_map_remove(&_map, key); } int _get_random(raw_buffer_s *rb) @@ -110,13 +120,13 @@ static const char *_get_dek_store_path() static int _write_to_file(const char *path, const raw_buffer_s *data) { - if (path == NULL || data == NULL || data->buf == NULL || data->size == 0) + if (path == NULL || !is_buffer_valid(data)) return WAE_ERROR_INVALID_PARAMETER; FILE *f = fopen(path, "w"); if (f == NULL) { - WAE_SLOGE("WAE: Fail to open a file. file=%s", path); + WAE_SLOGE("Failed to open a file(%s)", path); return WAE_ERROR_FILE; } @@ -125,7 +135,7 @@ static int _write_to_file(const char *path, const raw_buffer_s *data) fclose(f); if (write_len != (int)data->size) { - WAE_SLOGE("WAE: Fail to write a file. file=%s", path); + WAE_SLOGE("Failed to write a file(%s)", path); return WAE_ERROR_FILE; } @@ -226,110 +236,145 @@ int _write_encrypted_app_dek_to_file(const char *pkg_id, const raw_buffer_s *enc return _write_to_file(path, encrypted); } -int get_app_ce(const char *pkg_id, wae_app_type_e app_type, bool create_for_migrated_app, - const crypto_element_s **pce) +int get_app_ce(uid_t uid, const char *pkg_id, wae_app_type_e app_type, + bool create_for_migrated_app, const crypto_element_s **pce) { if (pkg_id == NULL || pce == NULL) return WAE_ERROR_INVALID_PARAMETER; - const crypto_element_s *cached_ce = _get_app_ce_from_cache(pkg_id); + if (uid == 0 && app_type == WAE_DOWNLOADED_NORMAL_APP) + return WAE_ERROR_INVALID_PARAMETER; + + const char *key = NULL; + char *_key_per_user = NULL; + + if (app_type == WAE_DOWNLOADED_NORMAL_APP) { + _key_per_user = _create_map_key(uid, pkg_id); + if (_key_per_user == NULL) + return WAE_ERROR_MEMORY; + + key = _key_per_user; + } else { + key = pkg_id; + } + + int ret = WAE_ERROR_NONE; + const crypto_element_s *cached_ce = _get_app_ce_from_cache(key); if (cached_ce != NULL) { - WAE_SLOGD("cache hit of app ce for pkg_id(%s)", pkg_id); + WAE_SLOGD("cache hit of app ce for key(%s)", key); *pce = cached_ce; - return WAE_ERROR_NONE; + goto finish; } - WAE_SLOGD("cache miss of app ce for pkg_id(%s)", pkg_id); + WAE_SLOGD("cache miss of app ce for key(%s)", key); crypto_element_s *ce = NULL; - int ret = get_from_key_manager(pkg_id, app_type, &ce); + ret = get_from_key_manager(key, app_type, &ce); if (create_for_migrated_app && (ret == WAE_ERROR_NO_KEY && app_type == WAE_DOWNLOADED_GLOBAL_APP)) { - WAE_SLOGI("No dek found for pkg_id(%s)! It should be migrated app.", pkg_id); + WAE_SLOGI("No dek found for key(%s)! It should be migrated app.", key); - if ((ret = get_old_ss_crypto_element(pkg_id, &ce)) != WAE_ERROR_NONE) - goto error; + if ((ret = get_old_ss_crypto_element(key, &ce)) != WAE_ERROR_NONE) + goto finish; // (k.tak) disable to save ce to key-maanger for migrated app because of permission issue. - //ret = save_to_key_manager(pkg_id, app_type, ce); + //ret = save_to_key_manager(key, pkg_id, app_type, ce); //if (ret != WAE_ERROR_NONE) { // WAE_SLOGW("Failed to save migrated app ce to key-manager with ret(%d). " // "Ignore this error because we can create ce later again.", ret); // ret = WAE_ERROR_NONE; //} } else if (ret != WAE_ERROR_NONE) { - WAE_SLOGE("Failed to get crypto element from key-manager. pkg_id=%s, ret=%d", - pkg_id, ret); - goto error; + WAE_SLOGE("Failed to get crypto element from key-manager. key(%s) ret(%d)", + key, ret); + goto finish; } - ret = _add_app_ce_to_cache(pkg_id, ce); + ret = _add_app_ce_to_cache(key, ce); if (ret != WAE_ERROR_NONE) { - WAE_SLOGE("Failed to add ce to cache for pkg_id(%s) ret(%d)", pkg_id, ret); - goto error; + WAE_SLOGE("Failed to add ce to cache for key(%s) ret(%d)", key, ret); + goto finish; } *pce = ce; - WAE_SLOGD("Successfully get ce! pkgid(%s)", pkg_id); + WAE_SLOGD("Successfully get ce! key(%s)", key); - return WAE_ERROR_NONE; +finish: + free(_key_per_user); -error: - crypto_element_destroy(ce); + if (ret != WAE_ERROR_NONE) + crypto_element_destroy(ce); return ret; } -int create_app_ce(const char *pkg_id, wae_app_type_e app_type, const crypto_element_s **pce) +int create_app_ce(uid_t uid, const char *pkg_id, wae_app_type_e app_type, + const crypto_element_s **pce) { raw_buffer_s *dek = buffer_create(DEK_LEN); raw_buffer_s *iv = buffer_create(IV_LEN); crypto_element_s *ce = crypto_element_create(dek, iv); int ret = WAE_ERROR_NONE; + const char *key = NULL; + char *_key_per_user = NULL; if (ce == NULL) { ret = WAE_ERROR_MEMORY; goto error; } + if (app_type == WAE_DOWNLOADED_NORMAL_APP) { + _key_per_user = _create_map_key(uid, pkg_id); + if (_key_per_user == NULL) { + ret = WAE_ERROR_MEMORY; + goto error; + } + + key = _key_per_user; + } else { + key = pkg_id; + } + memcpy(ce->iv->buf, AES_CBC_IV, ce->iv->size); ret = _get_random(dek); if (ret != WAE_ERROR_NONE) { - WAE_SLOGE("Failed to get random for dek. pkg_id(%s) ret(%d)", pkg_id, ret); + WAE_SLOGE("Failed to get random for dek. key(%s) ret(%d)", key, ret); goto error; } - ret = save_to_key_manager(pkg_id, app_type, ce); + ret = save_to_key_manager(key, pkg_id, app_type, ce); if (ret != WAE_ERROR_NONE) { - WAE_SLOGE("Failed to save ce to key-manager. pkg_id(%s) app_type(%d) ret(%d)", - pkg_id, app_type, ret); + WAE_SLOGE("Failed to save ce to key-manager. key(%s) app_type(%d) ret(%d)", + key, app_type, ret); goto error; } - ret = _add_app_ce_to_cache(pkg_id, ce); + ret = _add_app_ce_to_cache(key, ce); if (ret != WAE_ERROR_NONE) { - WAE_SLOGE("Failed to add ce to cache for pkg_id(%s) ret(%d)", pkg_id, ret); + WAE_SLOGE("Failed to add ce to cache for key(%s) ret(%d)", key, ret); goto error; } *pce = ce; - WAE_SLOGI("Success to create dek/iv and store it in key-manager. pkg_id(%s)", pkg_id); - - return WAE_ERROR_NONE; + WAE_SLOGI("Success to create dek/iv and store it in key-manager. key(%s)", key); error: - if (ce == NULL) { - buffer_destroy(dek); - buffer_destroy(iv); - } else { - crypto_element_destroy(ce); + if (ret != WAE_ERROR_NONE) { + if (ce == NULL) { + buffer_destroy(dek); + buffer_destroy(iv); + } else { + crypto_element_destroy(ce); + } } + free(_key_per_user); + return ret; } @@ -542,7 +587,7 @@ int load_preloaded_app_deks(bool reload) continue; } - ret = save_to_key_manager(pkg_id, WAE_PRELOADED_APP, ce); + ret = save_to_key_manager(pkg_id, pkg_id, WAE_PRELOADED_APP, ce); if (ret == WAE_ERROR_KEY_EXISTS) { WAE_SLOGI("Key Manager already has dek. It will be ignored. file=%s", @@ -574,16 +619,34 @@ error: return ret; } -int remove_app_ce(const char *pkg_id, wae_app_type_e app_type) +int remove_app_ce(uid_t uid, const char *pkg_id, wae_app_type_e app_type) { - int ret = remove_from_key_manager(pkg_id, app_type); + if (uid == 0 && app_type == WAE_DOWNLOADED_NORMAL_APP) + return WAE_ERROR_INVALID_PARAMETER; + + const char *key = NULL; + char *_key_per_user = NULL; + + if (app_type == WAE_DOWNLOADED_NORMAL_APP) { + _key_per_user = _create_map_key(uid, pkg_id); + if (_key_per_user == NULL) + return WAE_ERROR_MEMORY; + + key = _key_per_user; + } else { + key = pkg_id; + } + + int ret = remove_from_key_manager(key, app_type); if (ret != WAE_ERROR_NONE) - WAE_SLOGE("Failed to remove app ce for pkg_id(%s) ret(%d)", pkg_id, ret); + WAE_SLOGE("Failed to remove app ce for key(%s) ret(%d)", key, ret); else - WAE_SLOGI("Success to remove app ce for pkg_id(%s)", pkg_id); + WAE_SLOGI("Success to remove app ce for key(%s)", key); + + _remove_app_ce_from_cache(key); - _remove_app_ce_from_cache(pkg_id); + free(_key_per_user); return ret; } |