Replace DEK_KEK from RSA key to AES keysubmit/tizen/20190524.043832accepted/tizen/unified/20190530.043039

Change-Id: I5a5b6935ee1908bd9be7edf0087fcd17d61b9fd2
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>

1 files changed, 12 insertions, 67 deletions

diff --git a/srcs/key_handler.c b/srcs/key_handler.c
index a60142e..c198d19 100644
--- a/srcs/key_handler.c
+++ b/srcs/key_handler.c
@@ -104,16 +104,6 @@ int _get_random(raw_buffer_s *rb)
 	return WAE_ERROR_NONE;
 }
 
-const char *_get_dek_kek_pub_key_path()
-{
-	return tzplatform_mkpath4(TZ_SYS_SHARE, "wae", "app_dek", "WAE_APPDEK_KEK_PublicKey.pem");
-}
-
-const char *_get_dek_kek_pri_key_path()
-{
-	return tzplatform_mkpath4(TZ_SYS_SHARE, "wae", "app_dek", "WAE_APPDEK_KEK_PrivateKey.pem");
-}
-
 const char *_get_dek_store_path()
 {
 	return tzplatform_mkpath3(TZ_SYS_SHARE, "wae", "app_dek");
@@ -197,8 +187,8 @@ error:
 	return ret;
 }
 
-typedef int(*entry_callback)(const char *path, const struct dirent *entry, void *user_data);
-static int traverse_directory(const char *path, entry_callback ecb, void *user_data)
+typedef int(*entry_callback)(const char *path, const struct dirent *entry);
+static int traverse_directory(const char *path, entry_callback ecb)
 {
 	DIR *dir = opendir(path);
 	if (dir == NULL) {
@@ -228,7 +218,7 @@ static int traverse_directory(const char *path, entry_callback ecb, void *user_d
 			continue;
 		}
 
-		int _ret = ecb(path, result, user_data);
+		int _ret = ecb(path, result);
 		if (_ret != WAE_ERROR_NONE)
 			ret = _ret;
 	}
@@ -243,10 +233,8 @@ static void _remove_file(const char *path)
 }
 
 static int _entry_callback_remove_all(
-	const char *path, const struct dirent *entry, void *user_data)
+	const char *path, const struct dirent *entry)
 {
-	(void) user_data; // TODO: use UNUSED macro
-
 	char file_path_buff[MAX_PATH_LEN] = {0, };
 	if ((unsigned)snprintf(file_path_buff, sizeof(file_path_buff), "%s/%s",
 				path, entry->d_name) >= sizeof(file_path_buff))
@@ -254,7 +242,7 @@ static int _entry_callback_remove_all(
 
 	int ret = WAE_ERROR_NONE;
 	if (entry->d_type == DT_DIR) {
-		int _ret = traverse_directory(file_path_buff, _entry_callback_remove_all, NULL);
+		int _ret = traverse_directory(file_path_buff, _entry_callback_remove_all);
 		if (_ret != WAE_ERROR_NONE)
 			ret = _ret;
 		rmdir(file_path_buff);
@@ -266,7 +254,7 @@ static int _entry_callback_remove_all(
 
 void _remove_directory(const char *path)
 {
-	traverse_directory(path, _entry_callback_remove_all, NULL);
+	traverse_directory(path, _entry_callback_remove_all);
 
 	WAE_SLOGD("remove directory(%s)", path);
 	rmdir(path);
@@ -323,8 +311,7 @@ int _write_encrypted_app_dek_to_file(const char *pkg_id, const raw_buffer_s *enc
 	return _write_to_file(path, encrypted);
 }
 
-int _load_preloaded_app_dek(
-	const raw_buffer_s *prikey, const char *filepath, const char *pkg_id)
+int _load_preloaded_app_dek(const char *filepath, const char *pkg_id)
 {
 	raw_buffer_s *encrypted_dek = NULL;
 	raw_buffer_s *dek = NULL;
@@ -337,7 +324,7 @@ int _load_preloaded_app_dek(
 		return ret;
 	}
 
-	ret = decrypt_app_dek(prikey, APP_DEK_KEK_PRIKEY_PASSWORD, encrypted_dek, &dek);
+	ret = decrypt_preloaded_app_dek(encrypted_dek, &dek);
 	if (ret != WAE_ERROR_NONE) {
 		WAE_SLOGW("Failed to decrypt dek. It will be ignored. file=%s", filepath);
 		goto finish;
@@ -536,7 +523,6 @@ int get_preloaded_app_ce(const char *pkg_id, const crypto_element_s **pce)
 int create_preloaded_app_ce(const char *pkg_id, const crypto_element_s **pce)
 {
 	raw_buffer_s *encrypted_app_dek = NULL;
-	raw_buffer_s *pubkey = NULL;
 	raw_buffer_s *dek = buffer_create(DEK_LEN);
 	raw_buffer_s *iv = buffer_create(sizeof(AES_CBC_IV));
 	crypto_element_s *ce = crypto_element_create(dek, iv);
@@ -556,14 +542,7 @@ int create_preloaded_app_ce(const char *pkg_id, const crypto_element_s **pce)
 	// copy default iv for preloaded app
 	memcpy(iv->buf, AES_CBC_IV, sizeof(AES_CBC_IV));
 
-	ret = _read_from_file(_get_dek_kek_pub_key_path(), &pubkey);
-
-	if (ret != WAE_ERROR_NONE) {
-		WAE_SLOGE("WAE: Fail to read APP_DEK_KEK Public Key");
-		goto error;
-	}
-
-	ret = encrypt_app_dek(pubkey, dek, &encrypted_app_dek);
+	ret = encrypt_preloaded_app_dek(dek, &encrypted_app_dek);
 
 	if (ret != WAE_ERROR_NONE) {
 		WAE_SLOGE("WAE: Fail to encrypt APP_DEK with APP_DEK_KEK");
@@ -592,7 +571,6 @@ int create_preloaded_app_ce(const char *pkg_id, const crypto_element_s **pce)
 
 error:
 	buffer_destroy(encrypted_app_dek);
-	buffer_destroy(pubkey);
 
 	if (ret != WAE_ERROR_NONE) {
 		if (ce) {
@@ -606,29 +584,13 @@ error:
 	return ret;
 }
 
-int _get_app_dek_kek(raw_buffer_s **pdek_kek)
-{
-#if 0
-	return get_dek_kek_from_key_manager(pdek_kek);
-#else
-	return _read_from_file(_get_dek_kek_pri_key_path(), pdek_kek);
-#endif
-}
-
 static int _entry_callback_load_preloaded_adeks(
-	const char *path, const struct dirent *entry, void *prikey)
+	const char *path, const struct dirent *entry)
 {
-	const char *pub_key_path = _get_dek_kek_pub_key_path();
-	const char *pri_key_path = _get_dek_kek_pri_key_path();
-
 	char file_path_buff[MAX_PATH_LEN] = {0, };
 	if ((unsigned)snprintf(file_path_buff, sizeof(file_path_buff), "%s/%s", path, entry->d_name) >= sizeof(file_path_buff))
 		return WAE_ERROR_INVALID_PARAMETER; /* buffer size too small */
 
-	if (strcmp(file_path_buff, pub_key_path) == 0 ||
-		strcmp(file_path_buff, pri_key_path) == 0)
-		return WAE_ERROR_NONE; /* skip KEK files */
-
 	if (entry->d_type != DT_REG || strstr(entry->d_name, APP_DEK_FILE_PFX) == NULL) {
 		if (entry->d_type == DT_DIR)
 			WAE_SLOGW(
@@ -648,7 +610,7 @@ static int _entry_callback_load_preloaded_adeks(
 		return ret;
 	}
 
-	ret = _load_preloaded_app_dek((raw_buffer_s *)prikey, file_path_buff, pkg_id);
+	ret = _load_preloaded_app_dek(file_path_buff, pkg_id);
 	if (ret == WAE_ERROR_NONE || ret == WAE_ERROR_KEY_EXISTS) {
 		WAE_SLOGI("Successfully load app dek(%s)", file_path_buff);
 		return WAE_ERROR_NONE;
@@ -666,7 +628,6 @@ int load_preloaded_app_deks()
 
 	const char *dek_store_path = _get_dek_store_path();
 
-	raw_buffer_s *prikey = NULL;
 	DIR *dir = NULL;
 
 	// check if all deks were already loaded into key-manager.
@@ -686,34 +647,18 @@ int load_preloaded_app_deks()
 		}
 	}
 
-	ret = _get_app_dek_kek(&prikey);
-	if (ret != WAE_ERROR_NONE) {
-		WAE_SLOGE("Fail to get APP_DEK_KEK Private Key. ret(%d)", ret);
-		goto out;
-	}
-
 	// close dek store dir fd not to affect the traverse_directory call
 	closedir(dir);
 	dir = NULL;
 
-	ret = traverse_directory(dek_store_path, _entry_callback_load_preloaded_adeks, prikey);
+	ret = traverse_directory(dek_store_path, _entry_callback_load_preloaded_adeks);
 	if (ret != WAE_ERROR_NONE)
 		WAE_SLOGE("Fail when traverse dek store directory. ret(%d)", ret);
 
 out:
-	if (prikey != NULL)
-		buffer_destroy(prikey);
-
 	if (dir != NULL)
 		closedir(dir);
 
-	// remove dek store after loade done even though it's partially failed
-	// because malware can still put the file in dek store if it still system service's
-	// ownership and they can break this logic by inserting any file to dek store path.
-	// If KEK private key is inserted to key-manager with initial-value feature, malware
-	// cannot insert/encrypt/decrypt app dek so it's fine on preloaded app security but
-	// if we handle errors related loading file, malware can at least occur webappenc
-	// initializer service failure.
 	_remove_directory(dek_store_path);
 
 	return ret;