Krzysztof Jackiewicz [Mon, 8 Jun 2015 14:05:47 +0000 (16:05 +0200)]
Update parameter list API
[Problem] Param name range check is needed. Support for param overwriting is
needed. Getters in CAPI are needed. IV param has to be added manually.
[Solution] Add predefined range for possible ParamName values. Add ParamName
value check. Support param overwriting. Add CAPI param getters. IV param is not
generated in ckmc_generate_params.
[Verification] Run ckm-tests --group=CKM_ALGO_PARAMS and
ckm-tests-internal -t SERIALIZATION_TEST
All should pass.
Change-Id: I72a2c603d7a8f60bab5cb0c18fdc3866a28c7a82
Maciej J. Karpiuk [Wed, 3 Jun 2015 07:14:16 +0000 (09:14 +0200)]
AES: add generation, save, get support.
[Verification] a copule of AES tests added along other key types tests:
https://review.tizen.org/gerrit/#/c/38195/
Change-Id: If6508811f874d438551a9d528b17d5719adc8ed0
Krzysztof Jackiewicz [Tue, 7 Apr 2015 08:36:24 +0000 (10:36 +0200)]
AES key creation API
[Issue#] N/A
[Feature] API allowing creation of AES key in key-manager database
[Problem] N/A
[Cause] N/A
[Solution] N/A
[Verification] Successfull compilation. Run tests.
Change-Id: I3ec358ce4a58afb657afaf110ca81bacea7dcd10
Maciej J. Karpiuk [Fri, 29 May 2015 11:51:15 +0000 (13:51 +0200)]
Key generation uses CryptoAlgorithm object provided by the client.
Protocol changed: single command to generate all types of asymetric keys.
Change-Id: Iafe2b593c3945ff0e3fcc31241faea3a542aca65
Krzysztof Jackiewicz [Thu, 28 May 2015 07:11:22 +0000 (09:11 +0200)]
Implement encryption/decryption API
[Feature] Implementation of encryption/decryption service.
[Solution] API implemented
[Verification] Run ckm-tests --group=CKM_ENCRYPTION_DECRYPTION
(TED_0040_encrypt_no_output_buffer passes, all other tests fail with
CKMC_ERROR_SOCKET)
Change-Id: Ib0ce85f031e92660713ae4f320a4fd3981a43ffc
Krzysztof Jackiewicz [Wed, 27 May 2015 12:47:07 +0000 (14:47 +0200)]
Algorithm types and param names updated
[Problem] ED_CTR can be replaced with ED_IV. We need a way to distinguish
asymmetric algorithms for different purposes (encryption, signing/verification,
key generation)
[Solution] ED_CTR replaced with ED_IV. New algorithm types added.
[Verification] Compile and run tests: ckm-tests-internal -t SERIALIZATION_TEST
Change-Id: Id7f5f805f25aa674023f6fc8c3631c8b7abcea64
Krzysztof Jackiewicz [Wed, 1 Apr 2015 09:45:48 +0000 (11:45 +0200)]
Encryption/decryption API
[Issue#] N/A
[Feature] Encryption decryption support
[Problem] N/A
[Cause] N/A
[Solution] API for encryption decryption
[Verification] Succesfull compilation. Run tests
ckm-tests --group=ALGO_PARAMS (all pass)
ckm-tests --group=ENCRYPTION_DECRYPTION (all fail with CKMC_ERROR_UNKNOWN)
Change-Id: I6cbb1fb56ad1d82f8d673ed27d22eade82e4e1d0
Maciej J. Karpiuk [Wed, 27 May 2015 13:01:48 +0000 (15:01 +0200)]
crypto-service key generation contents moved into SW backend.
Change-Id: Icf746f14b7bcbd4bc1ac847dae4de0e4ad23a194
Krzysztof Jackiewicz [Thu, 28 May 2015 07:28:09 +0000 (09:28 +0200)]
Make CryptoAlgorithm copyable.
[Problem] CryptoAlgorithm have to be copied on client side. One copy has to
remain on client side for decryption and the other has to be serialized in
client.
[Solution] Unique_ptr replaced with shared_ptr so that CryptoAlgorithm copying
is possible.
[Verification] Run ckm-tests-internal -t SERIALIZATION_TEST
Change-Id: Ied81a1414cc9c6b40206116895f713b779a685ac
Maciej J. Karpiuk [Mon, 25 May 2015 09:07:45 +0000 (11:07 +0200)]
Initial values XSD moved into read only directory.
Change-Id: I200465912b82eae0b75228273e0af7cafe53ec7d
Bartlomiej Grzelewski [Tue, 19 May 2015 15:18:30 +0000 (17:18 +0200)]
Add classes for Trust Zone backend.
Change-Id: I84d0fc46e0026e83903ead87285fb6f9fb5754db
Maciej J. Karpiuk [Fri, 8 May 2015 12:00:24 +0000 (14:00 +0200)]
Add initial values support - values to feed the shared database on first startup.
Change-Id: Iec81d8aa168dd30072aae86827124744798ef33d
Bartlomiej Grzelewski [Tue, 19 May 2015 14:41:11 +0000 (16:41 +0200)]
SW Backend initialization refactoring.
Random initialization from CryptoService was moved to
CKM::Crypto::SW::Internals namespace.
Change-Id: I47ff24a9af908a9856158ec32a402e09d9b163b2
Maciej J. Karpiuk [Wed, 6 May 2015 13:20:41 +0000 (15:20 +0200)]
Add generic XML parser + tests.
Change-Id: I44494b0e3034cb0e6e258bc9b8da8cadb5e2be70
Bartlomiej Grzelewski [Wed, 13 May 2015 14:56:08 +0000 (16:56 +0200)]
Use new classes to sign and verify messages.
Remove old implementation of sign/verify methods.
Change-Id: I391d29ffc3ae8a2fe49b09259387efa2023abec2
Krzysztof Jackiewicz [Fri, 15 May 2015 17:40:29 +0000 (19:40 +0200)]
Simplify CryptoAlgorithm interface
[Issue#] N/A
[Feature/Bug] N/A
[Problem] N/A
[Cause] CryptoAlgorithm interface was too complicated
[Solution] Add high level interface
[Verification] Run: ckm-tests-internal --run_test=SERIALIZATION_TEST
Change-Id: I9f02d6ea6f3cc37d46585e1460f2a02bdc107f3c
Krzysztof Jackiewicz [Fri, 15 May 2015 09:59:27 +0000 (11:59 +0200)]
Add backend id to database scheme
[Issue#] N/A
[Feature/Bug] N/A
[Problem] N/A
[Cause] We have to keep backend id in database.
[Solution] Schema updated
[Verification] Run migration tests:
ckm-tests-internal --run_test=DBCRYPTO_MIGRATION_TEST
ckm-tests-internal --run_test=DBCRYPTO_TEST/DBtestBackend
Change-Id: Ib33d6c360d655f7c7a01164385e284ec8f759837
Krzysztof Jackiewicz [Tue, 19 May 2015 08:00:09 +0000 (10:00 +0200)]
Fix row comparison function in tests
[Issue#] N/A
[Feature/Bug] N/A
[Problem] N/A
[Cause] The function was comparing the row with itself
[Solution] The pattern row is compared with the row read from db
[Verification] Run ckm-tests-internal
Change-Id: I2d98c3478f5e28ebd08bb1306edb5b00df8ab76b
kyungwook tak [Fri, 15 May 2015 01:39:09 +0000 (10:39 +0900)]
Remove DEK on memory when app removed
Change-Id: I927b50e8738f1fa6b8189467fa25658c2c235763
Signed-off-by: kyungwook tak <k.tak@samsung.com>
Krzysztof Jackiewicz [Fri, 15 May 2015 13:51:22 +0000 (15:51 +0200)]
Fix for sqlcipher ALTER TABLE ADD COLUMN
[Issue#] N/A
[Feature/Bug] N/A
[Problem] N/A
[Cause] In ALTER TABLE ADD COLUMN function the table name was not properly
extracted.
[Solution] Fixed.
[Verification] Run migration tests:
ckm-tests-internal --run_test=DBCRYPTO_MIGRATION_TEST
Change-Id: Ie81a2ec01adc17328bc493ad0aa56bf70dcc1fe5
Bartlomiej Grzelewski [Mon, 11 May 2015 16:05:28 +0000 (18:05 +0200)]
Move Token from CKM::Crypto to CKM namespace.
Token is used in database and crypto module. It should not be hidden in
CKM::Crypto namespace.
Change-Id: I6d000c05deda8f0027ce3afbdeb3bd0a793f0f78
Maciej J. Karpiuk [Thu, 16 Apr 2015 06:55:58 +0000 (08:55 +0200)]
Add system database - managed by service (uid<5000) users, accessible by priviledged regular users.
Change-Id: I08b6c4718ff4219bebfd85ab942cfe22570ed0a5
Bartlomiej Grzelewski [Fri, 8 May 2015 13:58:51 +0000 (15:58 +0200)]
Add implementation for sign and verify operation.
Change-Id: I105f6c719f17483da2987224f0029fd0a7b44c45
Bartlomiej Grzelewski [Mon, 4 May 2015 12:31:27 +0000 (14:31 +0200)]
New class hierarchy (multiple backends support).
Current implemantion my use only one crypto library. The target is to
use at least two libraries at the same time (openssl and trustzone
library for arm devices).
Change-Id: I3563fb1c89f3603a927b8b19f6358b4fc3f5c7cf
Krzysztof Jackiewicz [Fri, 8 May 2015 08:38:10 +0000 (10:38 +0200)]
Add serialization of CryptoAlgorithm
[Issue#] N/A
[Feature/Bug] N/A
[Problem] N/A
[Cause] CryptoAlgorithm needs serialization/deserialization methods.
[Solution] Serialization added.
[Verification] Run ckm-tests-internal --run_test=SERIALIZATION_TEST
Change-Id: I8556f366311f4e4a5255a33303bd7f42dc0cfcdd
Krzysztof Jackiewicz [Thu, 7 May 2015 15:38:24 +0000 (17:38 +0200)]
Add classes for algorithm parameters
[Issue#] N/A
[Feature/Bug] N/A
[Problem] N/A
[Cause] We need a way to represent different algorithm parameters in a common
way.
[Solution] A set of classes and enums added.
[Verification] Run ckm-tests --group=ALGO_PARAM_TEST
Change-Id: I281a1b192d01bad5bdfded8dbb1d385e876b6657
Krzysztof Jackiewicz [Fri, 24 Apr 2015 13:40:16 +0000 (15:40 +0200)]
Initial values format fixed
[Issue#] N/A
[Feature/Bug] N/A
[Problem] Wrong occurrence numbers used.
[Cause] N/A
[Solution] Occurrence numbers fixed. Removed whitespaces from ASCII example.
[Verification] xmllint -schema initial_values.xsd example.xml
Change-Id: I78a7cd216a2c412e271e3811a02ec812eadd53ac
Lukasz Wojciechowski [Wed, 22 Apr 2015 09:59:53 +0000 (11:59 +0200)]
Adjust manifest files to Tizen 3.0 Security model
Remove old Smack based security domain mode known from Tizen 2.X.
Request "_" domain for file labeling as suggested in Three Domains Model.
Do not assign "_" label manually, as that is the default label and files
will receive it anyway.
Change-Id: Ic1735a2f8dffc8f142007d4e3f8dcf981ef90300
Krzysztof Jackiewicz [Thu, 16 Apr 2015 12:38:03 +0000 (14:38 +0200)]
Version 0.1.14
Change-Id: I3bf2fa3b6a233fca6b46215d7b15a2ce8c3cc8e9
Maciej J. Karpiuk [Tue, 7 Apr 2015 11:23:57 +0000 (13:23 +0200)]
Reverting Tizen 2.x specific workarounds for password change/authtype==none.
Change-Id: Ib888b1df3afc54405cf6a3b48bad86e7fc0c92e4
Maciej J. Karpiuk [Wed, 15 Apr 2015 09:04:20 +0000 (11:04 +0200)]
bugfix: minor memory corruption. Internal tests work.
Change-Id: Ie6cc846ac066a6d86f0d2642a9906c08b4d35068
Maciej J. Karpiuk [Mon, 23 Mar 2015 15:13:07 +0000 (16:13 +0100)]
Key Manager tizen.org session and user management
integration.
Key-Manager integrates with PAM (via pam_key_manager_plugin.so lib
and appropriate configuration changes) and gumd via user removal hook.
PAM configuration needs to be changed to use the .so specified above.
For testing, do the following changes in /etc/pam.d/system-auth:
section password:
* remove pam_deny.so line
* change pam_unix.so from sufficient to required
* add "password optional pam_key_manager_plugin.so change_step=before" before the pam_unix.so entry
* add "password optional pam_key_manager_plugin.so change_step=after" after the pam_unix.so entry
section session:
* add "session optional pam_key_manager_plugin.so" as last item
Change-Id: I2fd29ab527aa3d89c810b9c6d5f74cbbec2e5957
Krzysztof Jackiewicz [Fri, 3 Apr 2015 12:30:14 +0000 (14:30 +0200)]
Initial values format adjusted
[Issue#] N/A
[Feature/Bug] N/A
[Problem] Symmetric keys should not hold information about encryption
algorithm. Initial data will be stored as system user but has to be accessible
by ordinary users
[Cause] N/A
[Solution] Symmetric encryption params can be stored separately from key as
data. Encryption params removed from schema. Added permission tag allowing
other users to access system database. XML structure redesigned. Example
updated.
[Verification] Validate example with:
xmllint -schema initial_values.xsd example.xml
Change-Id: I36149b15d6f786e37cec370d632ab74e40efc162
Bartlomiej Grzelewski [Wed, 18 Mar 2015 14:53:57 +0000 (15:53 +0100)]
Simplify implementation of ServiceThread
Change-Id: I56ced6bb12e2a6140ab26ab82f9dd68cb2b92b76
Krzysztof Jackiewicz [Wed, 18 Mar 2015 16:10:30 +0000 (17:10 +0100)]
Add inter-service communication framework
[Issue#] N/A
[Feature/Bug] N/A
[Problem] Services need to communicate with each other
[Cause] N/A
[Solution] Framework for inter-service communication added.
[Verification] Run ckm-tests-internal -t MESSAGE_MANAGER_TEST
Change-Id: I28714ba52efe25c47402adb6ac1bef52859ed898
Krzysztof Jackiewicz [Thu, 12 Mar 2015 16:34:53 +0000 (17:34 +0100)]
Add initial value format schema
[Issue#] N/A
[Feature/Bug] N/A
[Problem] Initial value format needs to be defined
[Cause] N/A
[Solution] Schema and example added
[Verification] Validate example with: xmllint -schema initial_values.xsd example.xml
Change-Id: I5c8979c971e73b07e959e2fdf5d32ee3f9dabf91
Krzysztof Jackiewicz [Tue, 17 Feb 2015 13:42:34 +0000 (14:42 +0100)]
Optimize openssl initialization
[Issue#] N/A
[Feature/Bug] N/A
[Problem] Each time Manager or PKCS12 object is created initCryptoLib is called
and mutex is locked inside it.
[Cause] N/A
[Solution] Once openssl is initialized the initalization function pointer is
switched to empty one, thus mutex is not used any more.
[Verification] Run tests. Alternatively check in gdb that client calls
initOpenSSL() only once
Change-Id: I733e4ca6c88a6a51d69ebb0606f560a9b4828e4c
yuseok.jeon [Wed, 25 Feb 2015 07:00:09 +0000 (16:00 +0900)]
Modify APIs and doxygen to meet ACR(TIZEN 2.4) requirement
Change-Id: I7a883273c6563df23f8e4668d88fbd73d61c2a08
Signed-off-by: yuseok.jeon <yuseok.jeon@samsung.com>
Bartlomiej Grzelewski [Thu, 12 Feb 2015 14:12:38 +0000 (15:12 +0100)]
Fix description in ckmc-manager.h
Change-Id: Iceb597c1c8cd10360add0c20a40a2269c53ab2cd
kyungwook tak [Mon, 23 Feb 2015 06:30:37 +0000 (15:30 +0900)]
Add symbolic-functions linker flag
Change-Id: I6b014e269f83a48ad516e2b64c1e0de89c546bf9
Signed-off-by: kyungwook tak <k.tak@samsung.com>
Krzysztof Jackiewicz [Tue, 10 Feb 2015 17:14:56 +0000 (18:14 +0100)]
Tool for measuring dlopen/dlsym performance
[Issue#] N/A
[Feature/Bug] N/A
[Problem] We need a tool that will show the influence of the number of symbols
and the size of a library on dlopen/dlsym performance
[Cause] N/A
[Solution] Tool added
[Verification] Run ckm_so_loader [library_path] [symbol_to_load]
Change-Id: I524bb20d4a23a5128e83ee42241161ce15fc2092
Krzysztof Jackiewicz [Tue, 10 Feb 2015 17:10:30 +0000 (18:10 +0100)]
Globals in LogSystem adjusted to use in lib constructor
[Issue#] N/A
[Feature/Bug] N/A
[Problem] dlopen() fails with client library
[Cause] The order of global variables construction in common library is unpredictable.
[Solution] Global variable made member. Strings replaced by const char* const.
[Verification] Use ckm_so_loader 2 100 /usr/lib/libkey-manager-client.so ckmc_save_key
Change-Id: I0add0c1fe3c66ac9d42a94b7e59bf21cadecdefc
Bartlomiej Grzelewski [Tue, 17 Feb 2015 16:30:00 +0000 (17:30 +0100)]
Fix serialization implementation to support 32 and 64 platform.
Change-Id: I3bf8c4bf1c1fa369ea9b0ba1aa20edfe9228f0d9
Maciej J. Karpiuk [Tue, 17 Feb 2015 11:54:18 +0000 (12:54 +0100)]
Removal of unused build artifact "key-provider".
Bartlomiej Grzelewski [Thu, 12 Feb 2015 13:09:35 +0000 (14:09 +0100)]
Change parameters of ckmc_get_pkcs12 function.
New version supports additional passwords that may be used
to secure private key and certificates.
Change-Id: I809e5fbbd090e4ee793745e68256915144bb1cd2
kyungwook tak [Thu, 12 Feb 2015 02:30:01 +0000 (11:30 +0900)]
Use _toCkmCertificateVector in pkcs12 client CAPIs
Change-Id: I21caca7f9c39dc5e372977e3a4891e1c71d99c22
Signed-off-by: kyungwook tak <k.tak@samsung.com>
kyungwook tak [Mon, 9 Feb 2015 06:36:07 +0000 (15:36 +0900)]
CKM FileSystem versioning with file name format update mechanism
* DKEK format releaseed on kiran
(key-<uid>-<autoincreased num>)
* DKEK format on version 0.1.13
(key-<uid>)
(key-backup-<uid>)
* DKEK format on tizen 2.4 which has container feature
(not merged from knox-tct branch yet,
so not included about it in this commit)
(key-<zone name>-<uid>)
(key-backup-<zone name>-<uid>
Change-Id: I5ce62528d54268cccb7f9705daf0793aec782513
Signed-off-by: kyungwook tak <k.tak@samsung.com>
Bartlomiej Grzelewski [Fri, 6 Feb 2015 16:55:59 +0000 (17:55 +0100)]
Add support for password in Manager::getPCKS12 function.
In function savePKCS12 user may specify passwords to protect
data. Function getPKCS12 wasn't support passwords so it was not
possible to extract PKCS12 secured with this functionality.
Change-Id: I542873b817a2bff1064b2b56254d14fb632d8bdf
kyungwook tak [Tue, 10 Feb 2015 01:17:12 +0000 (10:17 +0900)]
unlock with password when resetPassword called in case of first start of device
Change-Id: I536b7b5ff2448990bd0c5fdda87730b34e13c16f
Signed-off-by: kyungwook tak <k.tak@samsung.com>
Krzysztof Jackiewicz [Fri, 6 Feb 2015 14:24:47 +0000 (15:24 +0100)]
Fix for gcc4.8 (-ldl)
[Issue#] N/A
[Feature/Bug] N/A
[Problem] Linker fails when gcc4.8 is used
[Cause] Undefined symbols from dynamic linker library because of missing -ldl
option
[Solution] Add -ldl option
[Verification] Successfull linkage
Change-Id: Ida7784fddd9caa92c1a23cb50c5025f257ae7020
Krzysztof Jackiewicz [Thu, 29 Jan 2015 17:12:01 +0000 (18:12 +0100)]
Common logging setup for client and service
[Issue#] N/A
[Feature/Bug] N/A
[Problem] Client may use different logging method than service.
[Cause] Service reads environment flags from config file. Client doesn't
[Solution] Make the client read that file too and setup log system properly.
[Verification] Make changes to /etc/sysconfig/central-key-manager file and see
if both service and client uses the same logging setup (provider and log level)
File format is the following:
"
CKM_LOG_PROVIDER=<provider>
CKM_LOG_LEVEL=<level>
"
where:
<provider> is one of JOURNALD, DLOG, CONSOLE
<level> is <0..5>, 0 means not logs at all, 1 means errors only, 5 means all
Change-Id: I1662fe636f9987778345f8a02afa6fb77f7f1fe0
Krzysztof Jackiewicz [Thu, 5 Feb 2015 14:09:19 +0000 (15:09 +0100)]
Libraries reorganized to limit the number of exported symbols
[Issue#] N/A
[Feature/Bug] N/A
[Problem] Too much exported symbols
[Cause] Some of the code don't have to be exported or is used by a single binary.
[Solution] Unnecessary exports removed. Part of libkey-manager-common code
moved to client library or key-manager binary
[Verification] Compile key-manager and security-tests. Display the number of
exported symbols before and after with:
nm -g <library>.so | wc -l
Change-Id: Iccb053af2523368d353693247e505a794e783318
Bartlomiej Grzelewski [Wed, 4 Feb 2015 18:19:22 +0000 (19:19 +0100)]
Add support for AUTHENTICATION_FAILED code in getData function.
Function getPKCS12, getKey, getData will return proper code when
password does not mach.
Change-Id: I8b506f6c03f7acc5421278360cd839d059b914c2
kyungwook tak [Tue, 3 Feb 2015 03:46:56 +0000 (12:46 +0900)]
Symbol visibility changed from default to hidden.
Change-Id: I9b4b7e8af5ff62cd8c063a0ce45a899f166566d7
Signed-off-by: kyungwook tak <k.tak@samsung.com>
Bartlomiej Grzelewski [Mon, 2 Feb 2015 16:40:20 +0000 (17:40 +0100)]
Version 0.1.13
Change-Id: I1a7c7abb788ef647bd5e3137011484dc539d4771
Bartlomiej Grzelewski [Mon, 2 Feb 2015 11:30:25 +0000 (12:30 +0100)]
Add support for new error code in ckmc API
Change-Id: I111c8b64da39e3a19e5fac144e94a5516b389a32
Maciej J. Karpiuk [Mon, 2 Feb 2015 10:02:24 +0000 (11:02 +0100)]
Deprecated access control API fixed - proper mapping to permissions.
[Issue#] N/A
[Feature/Bug] bug: deprecated access control API not working.
[Problem] deprecated access control API incorrectly mapped given values into permissions.
[Solution] added translation mechanism between old access rights into permissions.
[Verification] compile, run updated test set.
Change-Id: If26c69160a79439774a8ffd800809c0a6f7f85e5
Maciej J. Karpiuk [Tue, 20 Jan 2015 13:29:09 +0000 (14:29 +0100)]
DB related classes moved into CKM::DB namespace.
Change-Id: Ifbf70ffe6865793394d46ea6443f27a0062fe02d
Krzysztof Jackiewicz [Wed, 28 Jan 2015 13:56:18 +0000 (14:56 +0100)]
Fix logs in internal tests
[Issue#] N/A
[Feature/Bug] N/A
[Problem] No logs from internal tests
[Cause] LogSystem tag was not set
[Solution] Internal tests refactored and cleaned up. Proper tag set.
[Verification] Run internal tests and see if logs are visible
Change-Id: Ibb8517bad710d06a62ba9ba7fbc7b9b8ed7b7c21
Krzysztof Jackiewicz [Wed, 28 Jan 2015 09:19:38 +0000 (10:19 +0100)]
Add file, line & function information to journald log
[Issue#] N/A
[Feature/Bug] N/A
[Problem] File, line & function not visible in default journalctl log
[Cause] Default log format does not display this information and other formats
are unreadable
[Solution] File, line & function information added to log message content
[Verification] Create /etc/sysconfig/central-key-manager with following content
"
CKM_LOG_LEVEL=3
CKM_LOG_PROVIDER=JOURNALD
"
Restart the service and see if journalctl logs contain file, line & function
info:
journalctl -f -u central-key-manager
Change-Id: I01389eda9f7db390f6ca00c8f44e1a5c097e59c8
Krzysztof Jackiewicz [Mon, 26 Jan 2015 13:28:26 +0000 (14:28 +0100)]
Remove unused key-manager-util.*
[Issue#] N/A
[Feature/Bug] N/A
[Problem] N/A
[Cause] Unused files
[Solution] Removed
[Verification] Successfull compilation
Change-Id: Ie71d5fd9b8093f262643efe5ad7930ea0d5ff53e
Krzysztof Jackiewicz [Tue, 27 Jan 2015 15:35:33 +0000 (16:35 +0100)]
Fix LogSystemSingleton issue
[Issue#] N/A
[Feature/Bug] N/A
[Problem] Logs from key-manager-common not visible
[Cause] 2 instances of LogSystemSingleton were created in key-manager binary
(log.cpp and key-manager-main.cpp)
[Solution] Excessive LogSystemSingleton definition removed.
[Verification] Compile & install ckm & tests. Run dlogutil and see if all logs
are visible (CKM-CLIENT and CKM including logs from key-manager-common library)
Change-Id: Idf508facc33318030db90633afa581d5cf012747
Maciej J. Karpiuk [Wed, 7 Jan 2015 10:40:55 +0000 (11:40 +0100)]
Add CKM database versioning with DB migration mechanism.
Change-Id: I3d773b1b9ff4949a4ae98e25c778e6c010bc8a62
Bartlomiej Grzelewski [Fri, 23 Jan 2015 15:50:21 +0000 (16:50 +0100)]
Replace error codes with exceptions in FileSystem module.
Change-Id: Id099e6a3cb5b6db69dedc19c781db4d85f7518a9
Krzysztof Jackiewicz [Mon, 26 Jan 2015 08:46:17 +0000 (09:46 +0100)]
Certificate chain in OCSP is assumed to be valid
[Issue#] N/A
[Feature/Bug] N/A
[Problem] Not all certificate chains can be properly verified with OCSP
[Cause] Certificate chain in OCSP verification may contain custom trusted root
CAs as well as untrusted certificates which are not taken into account by
current implementation of OCSP.
[Solution] Chain submitted for verification is treated as valid (i.e. created
with get_certificate_chain() API) and therefore all issuers preceeding a
certificate being currently verified with OCSP are treated as trusted and are
used for OCSP response verification.
[Verification] Run ocsp tests
Change-Id: Ia96e6ba830abfd121f9adc041c55789cbf919cbc
Krzysztof Jackiewicz [Fri, 23 Jan 2015 15:04:15 +0000 (16:04 +0100)]
Simplify conversion from RawBuffer to C API objects
[Issue#] N/A
[Feature/Bug] N/A
[Problem] Unnecessary casts and allocation were used during conversion from
RawBuffer to C API objects
[Cause] N/A
[Solution] Conversion simplified
[Verification] Successfull compilation. Run tests
Change-Id: I85d2f3d52dba5e440095be0eab1a924395ce2437
kyungwook tak [Fri, 16 Jan 2015 11:57:23 +0000 (20:57 +0900)]
Vconf key used only when sec_product_feature_mdfpp_state_enable 1
Change-Id: I447c3fdbd6617537a7767afa015b0f3065aac6ac
Signed-off-by: kyungwook tak <k.tak@samsung.com>
Krzysztof Jackiewicz [Thu, 22 Jan 2015 14:17:12 +0000 (15:17 +0100)]
Add line wrapping and fix formatting in C API
[Issue#] N/A
[Feature/Bug] N/A
[Problem] Too long lines. Unreadable API declarations.
[Cause] N/A
[Solution] Lines wrapped to 100 chars. Common function argument wrapping policy.
[Verification] Successfull compilation.
Change-Id: Ic3a9e732dc311662eb8b18640102ecca952e8b5d
Krzysztof Jackiewicz [Wed, 21 Jan 2015 13:33:01 +0000 (14:33 +0100)]
Remove deprecated C++ API for certificate chains
[Issue#] N/A
[Feature/Bug] N/A
[Problem] Old C++ certificate chain API is no longer necessary
[Cause] N/A
[Solution] API removed
[Verification] Successfull tests compilation
Change-Id: I588a99d1d211607dcd70290b9b0610b4732d8ef0
Krzysztof Jackiewicz [Mon, 1 Dec 2014 14:38:18 +0000 (15:38 +0100)]
New certificate chain API
[Issue#] N/A
[Feature/Bug] N/A
[Problem] N/A
[Cause] N/A
[Solution] API that allows contol of trusted/untrusted certificates used in
chain creation.
[Verification] Run certificate tests
Change-Id: I390d5889ee9221b3a5ffb5c3d3d501b10e3640d4
Bartlomiej Grzelewski [Thu, 22 Jan 2015 16:04:59 +0000 (17:04 +0100)]
Fix error connected with url parsing in ocsp module.
Change-Id: Ief450b4bb645fac652d0d270654a0ec883810f2c
Krzysztof Jackiewicz [Tue, 20 Jan 2015 10:45:06 +0000 (11:45 +0100)]
Fix label-related logic during permission setting
[Issue#] N/A
[Feature/Bug] N/A
[Problem] The logic of setPermissionHelper was not accurate. It worked because
in our special case the owner==client.
[Cause] N/A
[Solution] Logic fixed to address generic cases. Few comments added
[Verification] Run tests
Change-Id: I853cb523fb5309600a0f54df8efa65bc910e83cc
kyungwook tak [Thu, 20 Nov 2014 01:40:39 +0000 (10:40 +0900)]
Add OCSP check CAPI
Change-Id: I41876e3c8a3ea33c1a9eb200bc9467571b83940b
Bartlomiej Grzelewski [Mon, 12 Jan 2015 12:00:12 +0000 (13:00 +0100)]
Create bioLogger in OCSP module.
Change-Id: Iefcbaad56040df18e60bb09147d827de1ad14c38
Maciej J. Karpiuk [Fri, 2 Jan 2015 14:25:21 +0000 (15:25 +0100)]
DB re-factor: added VIEW joining all tables.
Restrictions applied on VIEW result.
Change-Id: I9b4b5962dd47327e39415db0de24896486534308
Maciej J. Karpiuk [Tue, 16 Dec 2014 15:29:31 +0000 (16:29 +0100)]
CAPI cleanup: control "owner" removal, set_permission replaces allow_access.
Change-Id: If56f8336d8782fffe5e4982ac5a86d7b59dc2682
Bartlomiej Grzelewski [Mon, 12 Jan 2015 13:22:17 +0000 (14:22 +0100)]
Version 0.1.12
Change-Id: Icd0a80393197637d3b839cb9bbc1bcd42ebb9424
yuseok.jeon [Tue, 6 Jan 2015 12:15:45 +0000 (21:15 +0900)]
fix for x509 cert chain verification (stric flag added when CC Mode enabled)
Change-Id: I679b1210d94c721343fc851c8a2b51ac9765635e
Signed-off-by: yuseok.jeon <yuseok.jeon@samsung.com>
Bartlomiej Grzelewski [Wed, 17 Dec 2014 09:10:26 +0000 (10:10 +0100)]
Add transaction during password change.
Change-Id: Ic236a84959d339ddc19b2f3e8078766cd97545a7
kyungwook tak [Wed, 17 Dec 2014 07:17:45 +0000 (16:17 +0900)]
Fix macro definition which is not following grammar
Change-Id: Idf7268bd147fee00e30a3714114f4b65d5a9a0fa
Signed-off-by: kyungwook tak <k.tak@samsung.com>
Bartlomiej Grzelewski [Mon, 15 Dec 2014 16:19:58 +0000 (17:19 +0100)]
Version 0.1.11
Change-Id: I77965c93ed03f27e16f35768ce93c985cd049945
Maciej J. Karpiuk [Fri, 14 Nov 2014 15:08:25 +0000 (16:08 +0100)]
Add PKCS12 support.
Change-Id: I389c56611fed80cf27bbbfa279b1c17e55572b14
Bartlomiej Grzelewski [Thu, 11 Dec 2014 14:38:08 +0000 (15:38 +0100)]
Prevent desynchronization in "battery remove test".
This commit force to save encrypted data as soon as possible.
There is still small time window then desynhronization may happen.
Desynchronization may occure if you take out battery exectly after the
data was saved by ckm and the confirmation was not send to
security-server yet.
Change-Id: Ib4d4f0299001d9c71b13acdcfa136298d942ab6c
Bartlomiej Grzelewski [Mon, 1 Dec 2014 16:12:26 +0000 (17:12 +0100)]
DBDataType refactoring.
Change-Id: I080034c971ae5d8f75747d2091fb34ca0a7c78fa
Maciej J. Karpiuk [Fri, 14 Nov 2014 10:15:15 +0000 (11:15 +0100)]
C++ API change: common method for removing Alias.
No need to deliver separate methods to remove keys, certs or data.
Item is unambiguosly identified by <name, label> pair.
Change-Id: Ice2c418d66fd4f4b776ac752d8d5c6a779ad3b5a
Maciej J. Karpiuk [Fri, 14 Nov 2014 09:09:45 +0000 (10:09 +0100)]
OpenSSL initialization is done by anyone who uses OpenSSL first.
This resolves issue when CKM::PKCS12::create() is called before client is initialized.
Client was initializing the OpenSSL so parsing PKCS12 was failing due to uninitialized OpenSSL.
Change-Id: I809af1f622ce7c0f4764172c2143773629c88b67
Krzysztof Jackiewicz [Tue, 2 Dec 2014 16:28:24 +0000 (17:28 +0100)]
Fix for duplicates in all alias list query
[Issue#] N/A
[Feature/Bug] N/A
[Problem] DBperfGetAliasList fails
[Cause] DB_CMD_NAME_SELECT_BY_TYPE_AND_PERMISSION query is incorrect. When
listing objects accessible by given label it will produce one result for every
owned object times the number of accessors allowed.
Example:
Label L1 is owner of object (L1 N1)
Labels L2 and L3 have read permission to (L1 N1)
Listing all aliases accessible by L1 will produce:
L1 N1 (access by L2)
L1 N1 (access by L3)
[Solution] Add GROUP BY clause clause to get rid of duplicated objects
[Verification] ckm-tests-internall succeeds
Change-Id: I63f0d576750038e0abc1d7d41921e05d87cadfe4
Maciej J. Karpiuk [Fri, 7 Nov 2014 14:38:45 +0000 (15:38 +0100)]
New DB layout: CKM_TABLE split into NAME_TABLE and OBJECT_TABLE.
Change-Id: I3a3666b2a928f45294adf97548bac09d54d133de
Bartlomiej Grzelewski [Mon, 1 Dec 2014 10:30:42 +0000 (11:30 +0100)]
Simplified code in ckm-logic.
Change-Id: I35d54422a88d075163509f2437d9c72d8e2a5006
Maciej J. Karpiuk [Fri, 28 Nov 2014 16:17:20 +0000 (17:17 +0100)]
Service denies attempt to add data using different label.
The same applies to attempt to modify another label's permissions.
Change-Id: Ib167de4b4ccb59271f2dcfdbf7ce049f3d3dc819
Bartlomiej Grzelewski [Mon, 1 Dec 2014 18:51:07 +0000 (19:51 +0100)]
Remove deprecated comments and logs.
This logs are no longer required to during ckm tests.
Change-Id: I74811ad7a14026bbb5fce09eeac421fac549019f
kyungwook tak [Mon, 1 Dec 2014 09:44:56 +0000 (18:44 +0900)]
Use AliasSupport in SaveData
Change-Id: I449e49aea2b52a9595d9e1ba8afcf47af3a7d69f
Signed-off-by: kyungwook tak <k.tak@samsung.com>
Maciej J. Karpiuk [Thu, 6 Nov 2014 15:14:49 +0000 (16:14 +0100)]
DBCrypto access control re-factor: access control moved into additional layer.
Change-Id: I3ea1ce1a858b69c4a5a7365dffa1344b64aab0b6
kyungwook tak [Fri, 28 Nov 2014 01:32:25 +0000 (10:32 +0900)]
Add cmake flags to support ASLR
Change-Id: Ie074e69a71e14c40f79a83f982c970d6a15b303f
Signed-off-by: kyungwook tak <k.tak@samsung.com>
Maciej J. Karpiuk [Tue, 18 Nov 2014 11:02:42 +0000 (12:02 +0100)]
Housekeeping: KLOC warnings removed.
Change-Id: I36a972fd2e9dbd7f4e5fc11647badaf0173a425d
kyungwook tak [Wed, 26 Nov 2014 06:15:28 +0000 (15:15 +0900)]
Bug fix for application DEK memory push
Change-Id: Ia874cac4e57312ed1be99e8ab66142d3f12d1ef0
Signed-off-by: kyungwook tak <k.tak@samsung.com>
Maciej J. Karpiuk [Thu, 23 Oct 2014 08:00:29 +0000 (10:00 +0200)]
Minor re-factoring: boost::vector replaced with std::vector.
<vector> header cleanup.
Change-Id: I8408a4943f22e5fb18a08c40e9e0b5f9c938b34c
Krzysztof Jackiewicz [Mon, 3 Nov 2014 11:28:33 +0000 (12:28 +0100)]
Add journald logging and refactor log system
Add journald log provider. Simplify log system and log providers. Add support
for environment flags.
[Verification] Compile and run different build configurations with different
CKM_LOG_LEVEL and CKM_LOG_PROVIDER values. For client apps just export desired
log level/provider as CKM_LOG_LEVEL/PROVIDER env variable and run it. For ckm
service use:
'echo "CKM_LOG_LEVEL=X" > /etc/sysconfig/central-key-manager'
'echo "CKM_LOG_PROVIDER=X" >> /etc/sysconfig/central-key-manager'
and restart ckm service.
Supported CKM_LOG_LEVEL values: <0,5>
Supported CKM_LOG_PROVIDER values: {CONSOLE, DLOG, JOURNALD }
Observe logs.
1.Release build
-by default (CKM_LOG_LEVEL not set) only errors should be logged
-by default (CKM_LOG_PROVIDER not set) dlog is used
-logs can be disabled completely by setting CKM_LOG_LEVEL to 0
2.Debug build
-by default Debug and higher severity logs should be logged
-by default (CKM_LOG_PROVIDER not set) dlog is used
-log level can be adjusted to any level <0,5>
Change-Id: I496d12309360354399cf5011680f081ce42ee58f
Krzysztof Jackiewicz [Tue, 4 Nov 2014 16:26:40 +0000 (17:26 +0100)]
Secure logging removed
Change-Id: I926178d7ce975cc64c828585beb75b445fded065
kyungwook tak [Mon, 17 Nov 2014 08:58:46 +0000 (17:58 +0900)]
Determine MDPP Mode Disabled to CC mode On
Change-Id: Ibb97e38e60a4165a3d418dd4e89f06708bafdecb
Signed-off-by: kyungwook tak <k.tak@samsung.com>
projects / platform / core / security / key-manager.git / log