diff options
author | Kyungwook Tak <k.tak@samsung.com> | 2016-07-18 12:54:40 +0900 |
---|---|---|
committer | Kyungwook Tak <k.tak@samsung.com> | 2016-07-19 11:32:22 +0900 |
commit | 99ad3b114bce6ba5743f74c39079d524781134cd (patch) | |
tree | e7a247f32834b4d2ba00bbcfcc7a786b52cd8a01 /srcs/web_app_enc.c | |
parent | f72179753846682e783bbc4dbe1a3a570e7fac23 (diff) | |
download | libwebappenc-99ad3b114bce6ba5743f74c39079d524781134cd.tar.gz libwebappenc-99ad3b114bce6ba5743f74c39079d524781134cd.tar.bz2 libwebappenc-99ad3b114bce6ba5743f74c39079d524781134cd.zip |
Support platform upgrade case
secure-storage is removed since Tizen platform version 3.0.
downloaded web apps encryption works based on different key from lower
than 3.0. secure-storage used DUK(device unique key with seed(pkgid)) as DEK.
If downloaded app cannot find DEK when decrypt, it's considered as
encrypted lower than 3.0 case. So webappenc creates DEK and uses algorithm
which had been used lower than 3.0 in secure-storage.
For now it's hard to save newly created old key in key-manager because
migrated web app is considered as global app and the case would be found
in decryption time (by web app launcher) who don't have permission to save
in system db of key-manager with "/System" label.
Permission policy of system db of key-manager should be changed OR
migrated app should not be global app (it should be downloaded normal
app) to save created key in key-manager.
Change-Id: I9b8516184cce9f43b328e290c15127151e5c861e
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Diffstat (limited to 'srcs/web_app_enc.c')
-rw-r--r-- | srcs/web_app_enc.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/srcs/web_app_enc.c b/srcs/web_app_enc.c index dd133d9..a5224ea 100644 --- a/srcs/web_app_enc.c +++ b/srcs/web_app_enc.c @@ -23,6 +23,7 @@ #include <stdlib.h> +#include "decrypt_migrated_wgt.h" #include "key_handler.h" #include "crypto_service.h" #include "wae_log.h" @@ -70,8 +71,18 @@ int _wae_decrypt_downloaded_web_application(const char *pkg_id, wae_app_type_e a size_t dek_len = -1; int ret = get_app_dek(pkg_id, app_type, &dek, &dek_len); - if (ret != WAE_ERROR_NONE) + if (app_type == WAE_DOWNLOADED_GLOBAL_APP && ret == WAE_ERROR_NO_KEY) { + WAE_SLOGI("app dek for decrypt downloaded app(%s) doesn't exist. This case would be " + "needed secure-storage data migration.", pkg_id); + + ret = decrypt_by_old_ss_algo(pkg_id, data, data_len, pdecrypted_data, pdecrypted_data_len); + if (ret != WAE_ERROR_NONE) + goto error; + else + return WAE_ERROR_NONE; + } else if (ret != WAE_ERROR_NONE) { goto error; + } // decrypt ret = decrypt_aes_cbc(dek, dek_len, data, data_len, pdecrypted_data, pdecrypted_data_len); |