summaryrefslogtreecommitdiff
path: root/srcs/key_handler.c
diff options
context:
space:
mode:
Diffstat (limited to 'srcs/key_handler.c')
-rw-r--r--srcs/key_handler.c710
1 files changed, 253 insertions, 457 deletions
diff --git a/srcs/key_handler.c b/srcs/key_handler.c
index 0cb2776..af7280b 100644
--- a/srcs/key_handler.c
+++ b/srcs/key_handler.c
@@ -27,112 +27,55 @@
#include <dirent.h>
#include <unistd.h>
-#include <ckmc/ckmc-manager.h>
#include <tzplatform_config.h>
#include "wae_log.h"
-#include "web_app_enc.h"
#include "crypto_service.h"
+#include "key_manager.h"
+#include "decrypt_migrated_wgt.h"
#define RANDOM_FILE "/dev/urandom"
#define APP_DEK_KEK_PRIKEY_PASSWORD "wae_appdek_kek_1q2w3e4r"
-#define APP_DEK_ALIAS_PFX "APP_DEK_"
-#define APP_DEK_LOADING_DONE_ALIAS "APP_DEKS_LOADING_FINISHED"
#define APP_DEK_FILE_PFX "WAE_APP_DEK"
-#define APP_DEK_KEK_ALIAS "WAE_APP_DEK_KEK"
#define DEK_LEN 32
-#define MAX_ALIAS_LEN 256
+#define IV_LEN 16
#define MAX_PKGID_LEN 256
#define MAX_CACHE_SIZE 100
-typedef struct _dek_cache_element {
- char pkg_id[MAX_PKGID_LEN];
- unsigned char dek[DEK_LEN];
-} dek_cache_element;
+static unsigned char AES_CBC_IV[IV_LEN] = {
+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+ 0x08, 0x39, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+};
-dek_cache_element APP_DEK_CACHE[MAX_CACHE_SIZE];
-int NEXT_CACHE_IDX = -1;
+static crypto_element_map_s *_map;
-void _initialize_cache()
+static void deinit_lib(void) __attribute__((destructor));
+static void deinit_lib(void)
{
- NEXT_CACHE_IDX = 0;
- memset(APP_DEK_CACHE, 0, sizeof(dek_cache_element) * MAX_CACHE_SIZE);
+ crypto_element_map_destroy(_map);
}
-const unsigned char *_get_app_dek_from_cache(const char *pkg_id)
+static const crypto_element_s *_get_app_ce_from_cache(const char *pkg_id)
{
- if (NEXT_CACHE_IDX < 0)
- _initialize_cache();
-
- for (size_t i = 0; i < MAX_CACHE_SIZE; i++) {
- //WAE_SLOGI("CACHED APP_DEK[%d]=%s", i, APP_DEK_CACHE[i].pkg_id);
- if (strncmp(pkg_id, APP_DEK_CACHE[i].pkg_id, MAX_PKGID_LEN) == 0)
- return APP_DEK_CACHE[i].dek;
- }
-
- return NULL;
+ return crypto_element_map_get(_map, pkg_id);
}
-void _add_app_dek_to_cache(const char *pkg_id, const unsigned char *dek)
+static int _add_app_ce_to_cache(const char *pkg_id, crypto_element_s *ce)
{
- if (NEXT_CACHE_IDX < 0)
- _initialize_cache();
-
- // if existing one has the same pkgid
- for (size_t i = 0; i < MAX_CACHE_SIZE; i++) {
- if (strncmp(pkg_id, APP_DEK_CACHE[i].pkg_id, MAX_PKGID_LEN) == 0) {
- memcpy(APP_DEK_CACHE[i].dek, dek, DEK_LEN);
- return;
- }
- }
-
- // for new pkgid
- strncpy(APP_DEK_CACHE[NEXT_CACHE_IDX].pkg_id, pkg_id, MAX_PKGID_LEN - 1);
- memcpy(APP_DEK_CACHE[NEXT_CACHE_IDX].dek, dek, DEK_LEN);
-
- ++NEXT_CACHE_IDX;
-
- if (NEXT_CACHE_IDX >= MAX_CACHE_SIZE)
- NEXT_CACHE_IDX = 0;
+ return crypto_element_map_add(&_map, pkg_id, ce);
}
-void _remove_app_dek_from_cache(const char *pkg_id)
+void _remove_app_ce_from_cache(const char *pkg_id)
{
- for (size_t i = 0; i < MAX_CACHE_SIZE; i++) {
- if (strncmp(pkg_id, APP_DEK_CACHE[i].pkg_id, MAX_PKGID_LEN) == 0) {
- memset(APP_DEK_CACHE[i].pkg_id, 0, MAX_PKGID_LEN);
- return;
- }
- }
-
+ crypto_element_map_remove(&_map, pkg_id);
}
-int _to_wae_error(int key_manager_error)
+int _get_random(raw_buffer_s *rb)
{
- switch (key_manager_error) {
- case CKMC_ERROR_NONE:
- return WAE_ERROR_NONE;
-
- case CKMC_ERROR_INVALID_PARAMETER:
+ if (!is_buffer_valid(rb))
return WAE_ERROR_INVALID_PARAMETER;
- case CKMC_ERROR_PERMISSION_DENIED:
- return WAE_ERROR_PERMISSION_DENIED;
-
- case CKMC_ERROR_DB_ALIAS_UNKNOWN:
- return WAE_ERROR_NO_KEY;
-
- case CKMC_ERROR_DB_ALIAS_EXISTS:
- return WAE_ERROR_KEY_EXISTS;
-
- default:
- return WAE_ERROR_KEY_MANAGER;
- }
-}
-
-int _get_random(size_t length, unsigned char *random)
-{
FILE *f = fopen(RANDOM_FILE, "r");
if (f == NULL) {
@@ -142,100 +85,95 @@ int _get_random(size_t length, unsigned char *random)
size_t i = 0;
int ch = 0;
- while (i < length && (ch = fgetc(f) != EOF))
- random[i++] = (unsigned char)ch;
+ while (i < rb->size && (ch = fgetc(f) != EOF))
+ rb->buf[i++] = (unsigned char)ch;
fclose(f);
return WAE_ERROR_NONE;
}
-void _get_alias(const char *pkg_id, wae_app_type_e app_type, bool forSave, char *alias, size_t buff_len)
+static const char *_get_dek_kek_pub_key_path()
{
- if (app_type == WAE_DOWNLOADED_NORMAL_APP) {
- if (forSave) {
- snprintf(alias, buff_len, "%s%s",
- APP_DEK_ALIAS_PFX,
- pkg_id);
- } else {
- snprintf(alias, buff_len, "%c%s%s%s%s",
- '/', INSTALLER_LABEL,
- ckmc_owner_id_separator,
- APP_DEK_ALIAS_PFX,
- pkg_id);
- }
- } else { // system alias
- snprintf(alias, buff_len, "%s%s%s%s",
- ckmc_owner_id_system,
- ckmc_owner_id_separator,
- APP_DEK_ALIAS_PFX,
- pkg_id);
- }
+ return tzplatform_mkpath4(TZ_SYS_SHARE, "wae", "app_dek", "WAE_APPDEK_KEK_PublicKey.pem");
}
-void _get_dek_kek_alias(char *alias, size_t buff_len)
+static const char *_get_dek_kek_pri_key_path()
{
- snprintf(alias, buff_len, "%s%s%s",
- ckmc_owner_id_system,
- ckmc_owner_id_separator,
- APP_DEK_KEK_ALIAS);
+ return tzplatform_mkpath4(TZ_SYS_SHARE, "wae", "app_dek", "WAE_APPDEK_KEK_PrivateKey.pem");
}
-void _get_dek_loading_done_alias(char *alias, size_t buff_len)
+static const char *_get_dek_store_path()
{
- snprintf(alias, buff_len, "%s%s%s",
- ckmc_owner_id_system,
- ckmc_owner_id_separator,
- APP_DEK_LOADING_DONE_ALIAS);
+ return tzplatform_mkpath3(TZ_SYS_SHARE, "wae", "app_dek");
}
-const char *_get_dek_kek_pub_key_path()
+static int _write_to_file(const char *path, const raw_buffer_s *data)
{
- return tzplatform_mkpath4(TZ_SYS_SHARE, "wae", "app_dek", "WAE_APPDEK_KEK_PublicKey.pem");
-}
+ if (path == NULL || data == NULL || data->buf == NULL || data->size == 0)
+ return WAE_ERROR_INVALID_PARAMETER;
-const char *_get_dek_kek_pri_key_path()
-{
- return tzplatform_mkpath4(TZ_SYS_SHARE, "wae", "app_dek", "WAE_APPDEK_KEK_PrivateKey.pem");
-}
+ FILE *f = fopen(path, "w");
-const char *_get_dek_store_path()
-{
- return tzplatform_mkpath3(TZ_SYS_SHARE, "wae", "app_dek");
+ if (f == NULL) {
+ WAE_SLOGE("WAE: Fail to open a file. file=%s", path);
+ return WAE_ERROR_FILE;
+ }
+
+ int write_len = fwrite(data->buf, 1, data->size, f);
+
+ fclose(f);
+
+ if (write_len != (int)data->size) {
+ WAE_SLOGE("WAE: Fail to write a file. file=%s", path);
+ return WAE_ERROR_FILE;
+ }
+
+ return WAE_ERROR_NONE;
}
-int _add_dek_to_key_manager(const char *pkg_id, wae_app_type_e app_type, const unsigned char *dek, size_t dek_len)
+static int _read_from_file(const char *path, raw_buffer_s **pdata)
{
int ret = WAE_ERROR_NONE;
- char alias[MAX_ALIAS_LEN] = {0, };
- ckmc_raw_buffer_s buff;
- ckmc_policy_s policy;
-
- buff.data = (unsigned char *)dek;
- buff.size = dek_len;
+ raw_buffer_s *data = NULL;
+ int ch = 0;
+ int i = 0;
- policy.password = NULL;
- policy.extractable = true;
+ FILE *f = fopen(path, "r");
- _get_alias(pkg_id, app_type, true, alias, sizeof(alias));
+ if (f == NULL) {
+ WAE_SLOGE("Failed to open a file. file=%s", path);
+ return WAE_ERROR_FILE;
+ }
- // even if it fails to remove, ignore it.
- ckmc_remove_alias(alias);
+ fseek(f, 0, SEEK_END); // move to the end of a file
+ int file_len = ftell(f);
- ret = _to_wae_error(ckmc_save_data(alias, buff, policy));
- if (ret != WAE_ERROR_NONE) {
- WAE_SLOGE("WAE: Fail to add APP_DEK to key-manager. pkg_id=%s, alias=%s, ret=%d", pkg_id, alias, ret);
- return ret;
+ if (file_len <= 0) {
+ WAE_SLOGE("Failed to get file size by ftell. ret: %d", file_len);
+ ret = WAE_ERROR_FILE;
+ goto error;
}
- // share app_dek for web app laucher to use app_dek
- ret = _to_wae_error(ckmc_set_permission(alias, pkg_id, CKMC_PERMISSION_READ));
- if (ret != WAE_ERROR_NONE) {
- WAE_SLOGE("WAE: Fail to set_permission to APP_DEK. pkg_id=%s, ret=%d", pkg_id, ret);
- return ret;
+ fseek(f, 0, SEEK_SET); // move to the start of a file
+
+ data = buffer_create(file_len);
+ if (data == NULL) {
+ WAE_SLOGE("Failed to allocate memory for encrypted_dek");
+ ret = WAE_ERROR_MEMORY;
+ goto error;
}
- WAE_SLOGI("WAE: Success to add APP_DEK to key-manager. pkg_id=%s, alias=%s", pkg_id, alias);
+ while ((ch = fgetc(f)) != EOF)
+ data->buf[i++] = (char)ch;
+
+ *pdata = data;
+
+error:
+ fclose(f);
+
+ if (ret != WAE_ERROR_NONE)
+ buffer_destroy(data);
return ret;
}
@@ -251,7 +189,7 @@ int _get_preloaded_app_dek_file_path(const char *pkg_id, size_t size, char *path
return WAE_ERROR_NONE;
}
-int _extract_pkg_id_from_file_name(const char *file_name, char *pkg_id)
+static int _extract_pkg_id_from_file_name(const char *file_name, char *pkg_id)
{
char *start = strstr(file_name, APP_DEK_FILE_PFX);
@@ -274,238 +212,172 @@ int _extract_pkg_id_from_file_name(const char *file_name, char *pkg_id)
return WAE_ERROR_NONE;
}
-int _read_encrypted_app_dek_from_file(const char *pkg_id, unsigned char **pencrypted_app_dek, size_t *pencrypted_app_dek_len)
+int _read_encrypted_app_dek_from_file(const char *pkg_id, raw_buffer_s **pencrypted)
{
char path[MAX_PATH_LEN] = {0,};
_get_preloaded_app_dek_file_path(pkg_id, sizeof(path), path);
- return _read_from_file(path, pencrypted_app_dek, pencrypted_app_dek_len);
+ return _read_from_file(path, pencrypted);
}
-int _write_encrypted_app_dek_to_file(const char *pkg_id, const unsigned char *encrypted_app_dek, size_t encrypted_app_dek_len)
+int _write_encrypted_app_dek_to_file(const char *pkg_id, const raw_buffer_s *encrypted)
{
char path[MAX_PATH_LEN] = {0,};
_get_preloaded_app_dek_file_path(pkg_id, sizeof(path), path);
- return _write_to_file(path, encrypted_app_dek, encrypted_app_dek_len);
+ return _write_to_file(path, encrypted);
}
-int _read_from_file(const char *path, unsigned char **pdata, size_t *pdata_len)
+int get_app_ce(const char *pkg_id, wae_app_type_e app_type, bool create_for_migrated_app,
+ const crypto_element_s **pce)
{
- int ret = WAE_ERROR_NONE;
- unsigned char *file_contents = NULL;
- int ch = 0;
- int i = 0;
-
- FILE *f = fopen(path, "r");
+ if (pkg_id == NULL || pce == NULL)
+ return WAE_ERROR_INVALID_PARAMETER;
- if (f == NULL) {
- WAE_SLOGE("WAE: Fail to open a file. file=%s", path);
- return WAE_ERROR_FILE;
+ const crypto_element_s *cached_ce = _get_app_ce_from_cache(pkg_id);
+ if (cached_ce != NULL) {
+ WAE_SLOGD("cache hit of app ce for pkg_id(%s)", pkg_id);
+ *pce = cached_ce;
+ return WAE_ERROR_NONE;
}
- fseek(f, 0, SEEK_END); // move to the end of a file
- int file_len = ftell(f);
+ WAE_SLOGD("cache miss of app ce for pkg_id(%s)", pkg_id);
- if (file_len <= 0) {
- WAE_SLOGE("WAE: Failed to get file size by ftell. ret: %d", file_len);
- ret = WAE_ERROR_FILE;
- goto error;
- }
+ crypto_element_s *ce = NULL;
+ int ret = get_from_key_manager(pkg_id, app_type, &ce);
- fseek(f, 0, SEEK_SET); // move to the start of a file
+ if (create_for_migrated_app &&
+ (ret == WAE_ERROR_NO_KEY && app_type == WAE_DOWNLOADED_GLOBAL_APP)) {
+ WAE_SLOGI("No dek found for pkg_id(%s)! It should be migrated app.", pkg_id);
- file_contents = (unsigned char *)malloc(file_len);
+ if ((ret = get_old_ss_crypto_element(pkg_id, &ce)) != WAE_ERROR_NONE)
+ goto error;
- if (file_contents == NULL) {
- WAE_SLOGE("WAE: Fail to allocate memory for encrypted_app_dek");
- ret = WAE_ERROR_MEMORY;
+ // (k.tak) disable to save ce to key-maanger for migrated app because of permission issue.
+ //ret = save_to_key_manager(pkg_id, app_type, ce);
+ //if (ret != WAE_ERROR_NONE) {
+ // WAE_SLOGW("Failed to save migrated app ce to key-manager with ret(%d). "
+ // "Ignore this error because we can create ce later again.", ret);
+ // ret = WAE_ERROR_NONE;
+ //}
+ } else if (ret != WAE_ERROR_NONE) {
+ WAE_SLOGE("Failed to get crypto element from key-manager. pkg_id=%s, ret=%d",
+ pkg_id, ret);
goto error;
}
- memset(file_contents, 0x00, file_len);
+ ret = _add_app_ce_to_cache(pkg_id, ce);
+ if (ret != WAE_ERROR_NONE) {
+ WAE_SLOGE("Failed to add ce to cache for pkg_id(%s) ret(%d)", pkg_id, ret);
+ goto error;
+ }
- while ((ch = fgetc(f)) != EOF)
- file_contents[i++] = (char)ch;
+ *pce = ce;
- *pdata = file_contents;
- *pdata_len = file_len;
+ WAE_SLOGD("Successfully get ce! pkgid(%s)", pkg_id);
-error:
- fclose(f);
+ return WAE_ERROR_NONE;
- if (ret != WAE_ERROR_NONE)
- free(file_contents);
+error:
+ crypto_element_destroy(ce);
return ret;
}
-int _write_to_file(const char *path, const unsigned char *data, size_t data_len)
+int create_app_ce(const char *pkg_id, wae_app_type_e app_type, const crypto_element_s **pce)
{
- FILE *f = fopen(path, "w");
+ raw_buffer_s *dek = buffer_create(DEK_LEN);
+ raw_buffer_s *iv = buffer_create(IV_LEN);
+ crypto_element_s *ce = crypto_element_create(dek, iv);
- if (f == NULL) {
- WAE_SLOGE("WAE: Fail to open a file. file=%s", path);
- return WAE_ERROR_FILE;
- }
-
- int write_len = fwrite(data, 1, data_len, f);
-
- fclose(f);
-
- if (write_len != (int)data_len) {
- WAE_SLOGE("WAE: Fail to write a file. file=%s", path);
- return WAE_ERROR_FILE;
- }
-
- return WAE_ERROR_NONE;
-}
-
-int get_app_dek(const char *pkg_id, wae_app_type_e app_type, unsigned char **pdek, size_t *pdek_len)
-{
int ret = WAE_ERROR_NONE;
- ckmc_raw_buffer_s *dek_buffer = NULL;
- char alias[MAX_ALIAS_LEN] = {0, };
-
- const unsigned char *cached_dek = _get_app_dek_from_cache(pkg_id);
-
- if (cached_dek == NULL) {
- // get APP_DEK from system database
- _get_alias(pkg_id, app_type, false, alias, sizeof(alias));
-
- ret = _to_wae_error(ckmc_get_data(alias, NULL, &dek_buffer));
-
- if (ret != WAE_ERROR_NONE) {
- WAE_SLOGE("Failed to get APP_DEK from key-manager. pkg_id=%s, alias=%s, ret=%d",
- pkg_id, alias, ret);
- goto error;
- } else if (dek_buffer == NULL || dek_buffer->data == NULL) {
- WAE_SLOGE("key-manager success but buffer is null for getting dek of pkg_id=%s",
- pkg_id);
- ret = WAE_ERROR_KEY_MANAGER;
- goto error;
- } else if (dek_buffer->size != DEK_LEN) {
- WAE_SLOGE("DEK's length which has been saved in key-manager is not valid!");
- ret = WAE_ERROR_KEY_MANAGER;
- goto error;
- }
-
- WAE_SLOGD("Successfully get dek from key-manager for pkgid=%s", pkg_id);
- cached_dek = dek_buffer->data;
- }
-
- unsigned char *dek = (unsigned char *)malloc(DEK_LEN);
-
- if (dek == NULL) {
- WAE_SLOGE("Fail to allocate a memory");
+ if (ce == NULL) {
ret = WAE_ERROR_MEMORY;
goto error;
}
- memcpy(dek, cached_dek, DEK_LEN);
-
- *pdek = dek;
- *pdek_len = DEK_LEN;
-
- WAE_SLOGI("WAE: Success to get APP_DEK from key-manager. pkg_id=%s, alias=%s",
- pkg_id, alias);
-
-error:
- ckmc_buffer_free(dek_buffer);
-
- if (ret != WAE_ERROR_NONE)
- free(dek);
-
- return ret;
-}
-
-int create_app_dek(const char *pkg_id, wae_app_type_e app_type, unsigned char **pdek, size_t *pdek_len)
-{
- unsigned char *dek = (unsigned char *)malloc(DEK_LEN);
-
- if (dek == NULL)
- return WAE_ERROR_MEMORY;
-
- int ret = _get_random(DEK_LEN, dek);
+ memcpy(ce->iv->buf, AES_CBC_IV, ce->iv->size);
+ ret = _get_random(dek);
if (ret != WAE_ERROR_NONE) {
- WAE_SLOGE("WAE: Fail to get random for APP_DEK. pkg_id=%s, ret=%d", pkg_id, ret);
+ WAE_SLOGE("Failed to get random for dek. pkg_id(%s) ret(%d)", pkg_id, ret);
goto error;
}
- // save app_dek in key_manager
- ret = _add_dek_to_key_manager(pkg_id, app_type, dek, DEK_LEN);
-
+ ret = save_to_key_manager(pkg_id, app_type, ce);
if (ret != WAE_ERROR_NONE) {
+ WAE_SLOGE("Failed to save ce to key-manager. pkg_id(%s) app_type(%d) ret(%d)",
+ pkg_id, app_type, ret);
goto error;
}
- // store APP_DEK in cache
- _add_app_dek_to_cache(pkg_id, dek);
+ ret = _add_app_ce_to_cache(pkg_id, ce);
+ if (ret != WAE_ERROR_NONE) {
+ WAE_SLOGE("Failed to add ce to cache for pkg_id(%s) ret(%d)", pkg_id, ret);
+ goto error;
+ }
- *pdek = dek;
- *pdek_len = DEK_LEN;
+ *pce = ce;
- WAE_SLOGI("WAE: Success to create APP_DEK and store it in key-manager. pkg_id=%s", pkg_id);
+ WAE_SLOGI("Success to create dek/iv and store it in key-manager. pkg_id(%s)", pkg_id);
return WAE_ERROR_NONE;
error:
- free(dek);
+ if (ce == NULL) {
+ buffer_destroy(dek);
+ buffer_destroy(iv);
+ } else {
+ crypto_element_destroy(ce);
+ }
return ret;
}
-int get_preloaded_app_dek(const char *pkg_id, unsigned char **pdek, size_t *pdek_len)
+int get_preloaded_app_ce(const char *pkg_id, const crypto_element_s **pce)
{
- const unsigned char *cached_dek = _get_app_dek_from_cache(pkg_id);
+ const crypto_element_s *cached_ce = _get_app_ce_from_cache(pkg_id);
- if (cached_dek == NULL) {
+ if (cached_ce == NULL) {
WAE_SLOGE("WAE: Fail to get APP_DEK from cache for preloaded app");
return WAE_ERROR_NO_KEY;
}
- unsigned char *dek = (unsigned char *)malloc(DEK_LEN);
-
- if (dek == NULL) {
- WAE_SLOGE("WAE: Fail to allocate memory for preloaded app dek");
- return WAE_ERROR_MEMORY;
- }
-
- memcpy(dek, cached_dek, DEK_LEN);
-
- *pdek = dek;
- *pdek_len = DEK_LEN;
+ *pce = cached_ce;
return WAE_ERROR_NONE;
}
-int create_preloaded_app_dek(const char *pkg_id, unsigned char **pdek, size_t *pdek_len)
+int create_preloaded_app_ce(const char *pkg_id, const crypto_element_s **pce)
{
- unsigned char *encrypted_app_dek = NULL;
- size_t encrypted_app_dek_len = 0;
- unsigned char *pubkey = NULL;
- size_t pubkey_len = 0;
+ raw_buffer_s *encrypted_app_dek = NULL;
+ raw_buffer_s *pubkey = NULL;
+ raw_buffer_s *dek = buffer_create(DEK_LEN);
+ raw_buffer_s *iv = buffer_create(sizeof(AES_CBC_IV));
+ crypto_element_s *ce = crypto_element_create(dek, iv);
- // create APP_DEK
- unsigned char *dek = (unsigned char *)malloc(DEK_LEN);
+ int ret = WAE_ERROR_NONE;
- if (dek == NULL)
- return WAE_ERROR_MEMORY;
+ if (dek == NULL || iv == NULL || ce == NULL) {
+ ret = WAE_ERROR_MEMORY;
+ goto error;
+ }
- int ret = _get_random(DEK_LEN, dek);
+ ret = _get_random(dek);
if (ret != WAE_ERROR_NONE)
goto error;
- // encrypt APP_DEK with APP_DEK_KEK
- ret = _read_from_file(_get_dek_kek_pub_key_path(), &pubkey, &pubkey_len);
+ // copy default iv for preloaded app
+ memcpy(iv->buf, AES_CBC_IV, sizeof(AES_CBC_IV));
+
+ ret = _read_from_file(_get_dek_kek_pub_key_path(), &pubkey);
if (ret != WAE_ERROR_NONE) {
WAE_SLOGE("WAE: Fail to read APP_DEK_KEK Public Key");
goto error;
}
- ret = encrypt_app_dek(pubkey, pubkey_len, dek, DEK_LEN, &encrypted_app_dek, &encrypted_app_dek_len);
+ ret = encrypt_app_dek(pubkey, dek, &encrypted_app_dek);
if (ret != WAE_ERROR_NONE) {
WAE_SLOGE("WAE: Fail to encrypt APP_DEK with APP_DEK_KEK");
@@ -513,139 +385,48 @@ int create_preloaded_app_dek(const char *pkg_id, unsigned char **pdek, size_t *p
}
// write APP_DEK in a file
- ret = _write_encrypted_app_dek_to_file(pkg_id, encrypted_app_dek, encrypted_app_dek_len);
+ ret = _write_encrypted_app_dek_to_file(pkg_id, encrypted_app_dek);
if (ret != WAE_ERROR_NONE) {
- WAE_SLOGE("WAE: Fail to write encrypted APP_DEK. pkg_id=%s", pkg_id);
+ WAE_SLOGE("Failed to write encrypted dek to file. pkg_id(%s)", pkg_id);
goto error;
}
// store APP_DEK in cache
- _add_app_dek_to_cache(pkg_id, dek);
-
- *pdek = dek;
- *pdek_len = DEK_LEN;
- WAE_SLOGI("WAE: Success to create preleaded APP_DEK and write it in initail value file. pkg_id=%s", pkg_id);
-
-error:
- free(pubkey);
- free(encrypted_app_dek);
-
- if (ret != WAE_ERROR_NONE)
- free(dek);
-
- return ret;
-}
-
-int _get_app_dek_kek(unsigned char **pdek_kek, size_t *pdek_kek_len)
-{
- int ret = _read_from_file(_get_dek_kek_pri_key_path(), pdek_kek, pdek_kek_len);
-
- if (ret != WAE_ERROR_NONE) {
- WAE_SLOGE("WAE: Fail to read APP_DEK_KEK Private Key");
- return ret;
- }
-
-#if 0
- ckmc_raw_buffer_s *kek_buffer = NULL;
- unsigned char* kek = NULL;
-
- char dek_kek_alias[MAX_ALIAS_LEN] = {0, };
- _get_dek_kek_alias(dek_kek_alias, sizeof(dek_kek_alias));
-
- ret = _to_wae_error(ckmc_get_data(dek_kek_alias, NULL, &kek_buffer));
+ _add_app_ce_to_cache(pkg_id, ce);
if (ret != WAE_ERROR_NONE) {
- WAE_SLOGE("Fail to get APP_DEK_KEK from key-manager. alias=%s, ret=%d",
- APP_DEK_KEK_ALIAS, ret);
- goto error;
+ WAE_SLOGE("Failed to add ce to cache for pkg_id(%s) ret(%d)", pkg_id, ret);
+ goto error;
}
- kek = (unsigned char *)malloc(kek_buffer->size);
- if(kek == NULL) {
- WAE_SLOGE("Fail to allocate a memory");
- ret = WAE_ERROR_MEMORY;
- goto error;
- }
- memcpy(kek, kek_buffer->data, kek_buffer->size);
+ *pce = ce;
- *pdek_kek = kek;
- *pdek_kek_len = kek_buffer->size;
- WAE_SLOGI("Success to get APP_DEK_KEK from key-manager.");
+ WAE_SLOGI("Success to create preleaded dek and write it in initial value file. "
+ "pkg_id(%s)", pkg_id);
error:
- ckmc_buffer_free(kek_buffer);
- free(kek);
-#endif
-
- return ret;
-}
-
-int _get_app_deks_loaded()
-{
- char loading_done_alias[MAX_ALIAS_LEN] = {0, };
- _get_dek_loading_done_alias(loading_done_alias, sizeof(loading_done_alias));
-
- ckmc_raw_buffer_s *buffer = NULL;
- int ret = _to_wae_error(ckmc_get_data(loading_done_alias, NULL, &buffer));
-
- if (ret == WAE_ERROR_NO_KEY)
- WAE_SLOGI("WAE: APP_DEK_LOADING was not done");
- else if (ret == WAE_ERROR_NONE)
- WAE_SLOGI("WAE: APP_DEK_LOADING was already done");
- else
- WAE_SLOGE("WAE: Fail to get information from key-manager about APP_DEK_LOADING_DONE_ALIAS. ret=%d", ret);
-
- ckmc_buffer_free(buffer);
+ buffer_destroy(encrypted_app_dek);
+ buffer_destroy(pubkey);
- return ret;
-}
-
-int _set_app_deks_loaded()
-{
- ckmc_raw_buffer_s buff;
- ckmc_policy_s policy;
- unsigned char dummy_data[1] = {0};
-
- buff.data = dummy_data;
- buff.size = sizeof(dummy_data);
-
- policy.password = NULL;
- policy.extractable = true;
-
- char loading_done_alias[MAX_ALIAS_LEN] = {0, };
- _get_dek_loading_done_alias(loading_done_alias, sizeof(loading_done_alias));
-
- int ret = _to_wae_error(ckmc_save_data(loading_done_alias, buff, policy));
-
- if (ret == WAE_ERROR_KEY_EXISTS) {
- WAE_SLOGI("WAE: APP_DEK_LOADING was already done");
- ret = WAE_ERROR_NONE;
- } else if (ret == WAE_ERROR_NONE) {
- WAE_SLOGI("Success to set APP_DEK_LOADING_DONE_ALIAS to key-manager.");
- } else {
- WAE_SLOGE("WAE: Fail to set APP_DEK_LOADING_DONE_ALIAS to key-manager. ret=%d", ret);
+ if (ret != WAE_ERROR_NONE) {
+ if (ce) {
+ crypto_element_destroy(ce);
+ } else {
+ buffer_destroy(dek);
+ buffer_destroy(iv);
+ }
}
return ret;
}
-int _clear_app_deks_loaded()
+int _get_app_dek_kek(raw_buffer_s **pdek_kek)
{
- char loading_done_alias[MAX_ALIAS_LEN] = {0, };
- _get_dek_loading_done_alias(loading_done_alias, sizeof(loading_done_alias));
-
- int ret = _to_wae_error(ckmc_remove_alias(loading_done_alias));
-
- if (ret == WAE_ERROR_NO_KEY) {
- WAE_SLOGI("APP_DEK_LOADING_DONE_ALIAS was not set to key-manager before.");
- ret = WAE_ERROR_NONE;
- } else if (ret == WAE_ERROR_NONE) {
- WAE_SLOGI("Success to clear app deks loaded");
- } else {
- WAE_SLOGE("Fail to clear APP_DEK_LOADING_DONE_ALIAS to key-manager. ret=%d", ret);
- }
-
- return ret;
+#if 0
+ return get_dek_kek_from_key_manager(pdek_kek);
+#else
+ return _read_from_file(_get_dek_kek_pri_key_path(), pdek_kek);
+#endif
}
int load_preloaded_app_deks(bool reload)
@@ -655,24 +436,23 @@ int load_preloaded_app_deks(bool reload)
char pkg_id[MAX_PKGID_LEN] = {0, };
char file_path_buff[MAX_PATH_LEN];
- unsigned char *encrypted_app_dek = NULL;
- size_t encrypted_app_dek_len = 0;
- unsigned char *app_dek = NULL;
- size_t app_dek_len = 0;
- unsigned char *prikey = NULL;
- size_t prikey_len = 0;
+ raw_buffer_s *encrypted_dek = NULL;
+ raw_buffer_s *dek = NULL;
+ raw_buffer_s *iv = NULL;
+ raw_buffer_s *prikey = NULL;
+ crypto_element_s *ce = NULL;
int error_during_loading = 0;
if (!reload) {
// check if all deks were already loaded into key-manager.
- ret = _get_app_deks_loaded();
+ ret = is_app_deks_loaded_in_key_manager();
if (ret == WAE_ERROR_NONE)
return ret;
}
- ret = _get_app_dek_kek(&prikey, &prikey_len);
+ ret = _get_app_dek_kek(&prikey);
if (ret != WAE_ERROR_NONE) {
WAE_SLOGE("Fail to get APP_DEK_KEK Private Key");
@@ -706,7 +486,6 @@ int load_preloaded_app_deks(bool reload)
if (entry.d_type != DT_REG || strstr(entry.d_name, APP_DEK_FILE_PFX) == NULL)
continue;
- memset(file_path_buff, 0, sizeof(file_path_buff));
ret = snprintf(file_path_buff, sizeof(file_path_buff), "%s/%s",
_get_dek_store_path(), entry.d_name);
@@ -719,75 +498,92 @@ int load_preloaded_app_deks(bool reload)
ret = _extract_pkg_id_from_file_name(entry.d_name, pkg_id);
if (ret != WAE_ERROR_NONE) {
- WAE_SLOGW("Fail to extract pkgid from file. It will be ignored. file=%s", file_path_buff);
+ WAE_SLOGW("Failed to extract pkgid from file. It will be ignored. file=%s",
+ file_path_buff);
continue;
}
- ret = _read_from_file(file_path_buff, &encrypted_app_dek, &encrypted_app_dek_len);
+ ret = _read_from_file(file_path_buff, &encrypted_dek);
- if (ret != WAE_ERROR_NONE || encrypted_app_dek == NULL) {
- error_during_loading++;
- WAE_SLOGW("Fail to read file. It will be ignored. file=%s", file_path_buff);
+ if (ret != WAE_ERROR_NONE || encrypted_dek == NULL) {
+ ++error_during_loading;
+ WAE_SLOGW("Failed to read file. It will be ignored. file=%s", file_path_buff);
continue;
}
- ret = decrypt_app_dek(prikey, prikey_len, APP_DEK_KEK_PRIKEY_PASSWORD,
- encrypted_app_dek, encrypted_app_dek_len,
- &app_dek, &app_dek_len);
+ ret = decrypt_app_dek(prikey, APP_DEK_KEK_PRIKEY_PASSWORD, encrypted_dek, &dek);
- if (ret != WAE_ERROR_NONE || app_dek == NULL) {
- error_during_loading++;
- WAE_SLOGW("Fail to decrypt APP DEK. It will be ignored. file=%s", file_path_buff);
+ buffer_destroy(encrypted_dek);
+ encrypted_dek = NULL;
+
+ if (ret != WAE_ERROR_NONE || dek == NULL) {
+ ++error_during_loading;
+ WAE_SLOGW("Failed to decrypt dek. It will be ignored. file=%s",
+ file_path_buff);
continue;
}
+ iv = buffer_create(IV_LEN);
+ if (iv == NULL) {
+ ++error_during_loading;
+ buffer_destroy(dek);
+ dek = NULL;
+ continue;
+ }
+
+ memcpy(iv->buf, AES_CBC_IV, iv->size);
- // save app_dek in key_manager
- ret = _add_dek_to_key_manager(pkg_id, WAE_PRELOADED_APP, app_dek, app_dek_len);
- // free temp objects
- free(app_dek);
- free(encrypted_app_dek);
- app_dek = NULL;
- encrypted_app_dek = NULL;
+ ce = crypto_element_create(dek, iv);
+ if (ce == NULL) {
+ ++error_during_loading;
+ buffer_destroy(iv);
+ iv = NULL;
+ buffer_destroy(dek);
+ dek = NULL;
+ continue;
+ }
+
+ ret = save_to_key_manager(pkg_id, WAE_PRELOADED_APP, ce);
if (ret == WAE_ERROR_KEY_EXISTS) {
- WAE_SLOGI("Key Manager already has APP_DEK. It will be ignored. file=%s", file_path_buff);
+ WAE_SLOGI("Key Manager already has dek. It will be ignored. file=%s",
+ file_path_buff);
} else if (ret != WAE_ERROR_NONE) {
- error_during_loading++;
+ ++error_during_loading;
WAE_SLOGW("Fail to add APP DEK to key-manager. file=%s", file_path_buff);
}
+
+ crypto_element_destroy(ce);
+ ce = NULL;
}
- ret = _set_app_deks_loaded();
+ ret = set_app_deks_loaded_to_key_manager();
- if (ret == WAE_ERROR_NONE) {
- WAE_SLOGI("Success to load_preloaded_app_deks");
- ret = WAE_ERROR_NONE;
- } else {
- WAE_SLOGW("Fail to _set_app_deks_loaded to key-manager. ret=%d", ret);
+error:
+ if (ret != WAE_ERROR_NONE) {
+ if (ce) {
+ crypto_element_destroy(ce);
+ } else {
+ buffer_destroy(dek);
+ buffer_destroy(iv);
+ }
}
-error:
- free(prikey);
+ buffer_destroy(prikey);
closedir(dir);
return ret;
}
-int remove_app_dek(const char *pkg_id, wae_app_type_e app_type)
+int remove_app_ce(const char *pkg_id, wae_app_type_e app_type)
{
- char alias[MAX_ALIAS_LEN] = {0,};
-
- _get_alias(pkg_id, app_type, true, alias, sizeof(alias));
-
- int ret = _to_wae_error(ckmc_remove_alias(alias));
+ int ret = remove_from_key_manager(pkg_id, app_type);
- if (ret != WAE_ERROR_NONE) {
- WAE_SLOGE("Fail to remove APP_DEK from key-manager. pkg_id=%s, alias=%s, ret=%d", pkg_id, alias, ret);
- return ret;
- }
+ if (ret != WAE_ERROR_NONE)
+ WAE_SLOGE("Failed to remove app ce for pkg_id(%s) ret(%d)", pkg_id, ret);
+ else
+ WAE_SLOGI("Success to remove app ce for pkg_id(%s)", pkg_id);
- _remove_app_dek_from_cache(pkg_id);
- WAE_SLOGI("Success to remove APP_DEK from key-manager. pkg_id=%s", pkg_id);
+ _remove_app_ce_from_cache(pkg_id);
- return WAE_ERROR_NONE;
+ return ret;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-19 19:23:43 +0000