Krzysztof Jackiewicz [Wed, 21 Jun 2023 15:16:19 +0000 (17:16 +0200)]
Fix typo in ckmc-manager.h
Change-Id: I76c95dcf4c32f3fc70abea680f757edd45676c07
Krzysztof Jackiewicz [Tue, 20 Jun 2023 15:52:03 +0000 (17:52 +0200)]
Enable -Wshadow and fix warnings
The flag is used in products an our code causes warnings/errors. Fix
existing code and enable the flag to detect possible errors in future.
Change-Id: I830696231f9a6f1b80d390f7bf3df4fff1814691
Krzysztof Jackiewicz [Wed, 14 Jun 2023 10:33:41 +0000 (12:33 +0200)]
Release 0.1.53
* Add few remarks regarding chunk size limits
* Cipher API implementation in TZ backend
* Backend info API implementation
* Alias info refactoring
* Extend E2EE API support back to 6.0
* Refactor serialization code
* Cipher API unit tests
* Cipher API implementation (server part)
* Cipher API implementation (backend part)
* Cipher API implementation (client part)
* Drop all encryption requests upon disconnection
* Update cipher api description
* Improve AAD and GCM tag handling in cipher API
* Update ckmc_generate_new_params with new algorithms
* Allow generating unexportable binary data in TZ
* Add missing KBKDF params in TZ backend
* Workaround for GCM IV length issue
* Fix GCM IV length setting
* Test proper GCM IV length handling
* Rename DataType::isSKey
* Fix backend selection logic
* Fix default value for KBKDF LLEN parameter
* Backend info API
* Multi-stage encryption API
* Fix ckmc_key_derive API description
Change-Id: If9bfbaa1fe5169412441660df3bb1a055d22ce2a
Krzysztof Jackiewicz [Wed, 14 Jun 2023 10:30:49 +0000 (12:30 +0200)]
Merge branch e2ee into tizen
Change-Id: I856e57b604e87582948e250929817fd3b7c0dd8b
Krzysztof Jackiewicz [Wed, 14 Jun 2023 10:07:09 +0000 (12:07 +0200)]
Add few remarks regarding chunk size limits
Mention the possibility of backend imposing limits on the size of
processed data in all places where it may happen.
Change-Id: Id828f15b8692859a1efad015dcb3692c9c29432e
Krzysztof Jackiewicz [Fri, 9 Jun 2023 08:51:08 +0000 (10:51 +0200)]
Cipher API implementation in TZ backend
Change-Id: I2510dfb8f7e1722ee300edce6e983075a0c5303a
Krzysztof Jackiewicz [Wed, 7 Jun 2023 11:19:02 +0000 (13:19 +0200)]
Backend info API implementation
Change-Id: Ib47c16bf5d2255c71d538b9e1009cb54b8f842ba
Krzysztof Jackiewicz [Fri, 26 May 2023 13:00:58 +0000 (15:00 +0200)]
Alias info refactoring
To extract alias backend information, the current structures and
mechanisms meant for alias & password protection status extraction have
to be modified as follows:
* Modify 'join_all_tables' view in db to include 'backendId' and other
columns from OBJECTS table. It also requires a db version bump and a
migration script
* Modify db query that lists aliases to include 'backendId'.
* Move AliasSupport to common library so it can be used in DBCrypto.
* Replace OwnerNameVector and OwnerNameEncryptionStatusVector with a
vector of AliasInfo structures.
* Add AliasInfoSerializableVector wrapper to allow AliasInfo
(de)serialization.
* Modify client to get password protection status during
ckmc_alias_info_is_password_protected() instead of checking all
accessible aliases one by one.
* Modify client to get aliases from AliasInfo vector when other info is
not required.
* Update unit-tests
Change-Id: Ic6741f7329afe858d561cab89d9616a53327a6bd
Krzysztof Jackiewicz [Wed, 7 Jun 2023 08:32:58 +0000 (10:32 +0200)]
Extend E2EE API support back to 6.0
Change-Id: I7aff7fb9a35fa26804303a11a4cf0a8c03fb287c
Krzysztof Jackiewicz [Mon, 5 Jun 2023 12:36:55 +0000 (14:36 +0200)]
Refactor serialization code
* Remove unused overloads (pointers, stl).
* Unify primitive types (de)serialization.
* Modify Serializable interface to allow passing an existing object.
* Update serialization wrappers' implementations and move them to cpp.
Change-Id: I498f9dd9cca570a1a7eb424fb481d07a1297a279
Krzysztof Jackiewicz [Wed, 7 Jun 2023 08:36:57 +0000 (10:36 +0200)]
Release 0.1.52
* Extend E2EE API support back to 6.0
Change-Id: I6f05c59bdbaf7c34b6c71ffbfb1eeea3687abab4
Krzysztof Jackiewicz [Wed, 7 Jun 2023 08:32:58 +0000 (10:32 +0200)]
Extend E2EE API support back to 6.0
Change-Id: I7aff7fb9a35fa26804303a11a4cf0a8c03fb287c
Krzysztof Jackiewicz [Wed, 17 May 2023 16:01:32 +0000 (18:01 +0200)]
Cipher API unit tests
Change-Id: I9ef5e3db62a36043d6b5691a0aaff5ce7236c302
Krzysztof Jackiewicz [Fri, 5 May 2023 08:37:23 +0000 (10:37 +0200)]
Cipher API implementation (server part)
Change-Id: Ie4a9c50378d461e659401829863bbe32cf67f305
Krzysztof Jackiewicz [Thu, 11 May 2023 12:32:56 +0000 (14:32 +0200)]
Cipher API implementation (backend part)
Change-Id: I7d2e5ef36a539a34f7e93a7fd9c16c90534d6aad
Krzysztof Jackiewicz [Wed, 26 Apr 2023 21:11:33 +0000 (23:11 +0200)]
Cipher API implementation (client part)
Change-Id: I191f606819ae306f570fe538674f943e336ec86f
Krzysztof Jackiewicz [Wed, 17 May 2023 12:35:13 +0000 (14:35 +0200)]
Drop all encryption requests upon disconnection
If client disconnects before finishing the request the request should
be removed from the map.
Change-Id: I7bb0fa71b12f0a07bac5e62e5191bd9729829bfe
Krzysztof Jackiewicz [Wed, 24 May 2023 09:02:48 +0000 (11:02 +0200)]
Update cipher api description
Encryption may return an empty buffer. Specify the return value in such
case.
Change-Id: Iabcbe30dc002d4dc7eb932fdbd5418263488ba2a
Krzysztof Jackiewicz [Mon, 15 May 2023 12:44:43 +0000 (14:44 +0200)]
Improve AAD and GCM tag handling in cipher API
* AAD may also be a subject of backend chunk size limitation. Allow
calling ckmc_cipher_init multiple time do provide consecutive AAD
portions.
* When encrypted data is split in to chunks there's no way to locate
the trailing GCM tag part. Add optional buffer argument to
ckmc_cipher_finalize() to allow passing the tag explicitly. This
function will also return the tag in the output buffer during
encryption.
Change-Id: Ic9ddb86e294f8180fb44327c1f4ac4f4650b3e4c
Krzysztof Jackiewicz [Thu, 18 May 2023 10:16:03 +0000 (12:16 +0200)]
Update ckmc_generate_new_params with new algorithms
Change-Id: I094372d55a89a9fe5b7c212bd8c2e2dc7e325c11
Krzysztof Jackiewicz [Mon, 22 May 2023 20:12:35 +0000 (22:12 +0200)]
Allow generating unexportable binary data in TZ
TZ backend already supports importing exportable binary data. Follow
the same rule for secret derivation and allow storing an exportable
secret (binary data), derived from TZ key, in TZ.
Change-Id: I61d202469a3df43e5f35746a0c09ca179d823336
Krzysztof Jackiewicz [Thu, 18 May 2023 11:50:04 +0000 (13:50 +0200)]
Add missing KBKDF params in TZ backend
Change-Id: I4cadca649889190c30868c55a2e91c9f49252d84
Krzysztof Jackiewicz [Tue, 23 May 2023 09:07:23 +0000 (11:07 +0200)]
Workaround for GCM IV length issue
GCM implementation was ignoring IV bytes except first 12B. The issue has
been fixed but we need to support the decryption of the data encrypted
the old way.
This workaround retries the decryption with an IV truncated to 12B if
the decryption with original IV length fails.
Unit-test included.
Change-Id: Ia1c06d9a7c6f3b75a69c2e1cb3e5f0801776e057
Krzysztof Jackiewicz [Mon, 22 May 2023 19:29:17 +0000 (21:29 +0200)]
Fix GCM IV length setting
IV length was not properly set in case of GCM. The default 12B IV was
used at all times.
GCM supports 1 to 2^64-1 byte long IVs. Reflect it in the SW backend
implementation, its tests and client API description.
Change-Id: Idfa18c1c3cfd06de6618b4ac7632133ace6ab8dc
Krzysztof Jackiewicz [Tue, 23 May 2023 06:45:16 +0000 (08:45 +0200)]
Test proper GCM IV length handling
GCM implementation was using only the first 12B of IV regardless of its
actual length. This modification makes the test check if the remaining
bytes of the IV are ignored.
Change-Id: I94281747bbe9363854484844fa038ae9bcd47a19
Krzysztof Jackiewicz [Thu, 18 May 2023 12:50:41 +0000 (14:50 +0200)]
Rename DataType::isSKey
Change-Id: I59e553cbf067baf3ad7209e07e5376b6601c5a6a
Krzysztof Jackiewicz [Tue, 16 May 2023 13:35:30 +0000 (15:35 +0200)]
Fix backend selection logic
In some cases the backend selection was not working properly:
- Key derivation, wrapped key import: the backend compatibility was not
checked at all. This resulted in a possibility of saving an exportable
key in TZ backend which normally is not allowed.
- Encrypted initial values could have been imported to incompatible SW
backend if the TZ backend fails to initialize or the SW backend is
forced.
The Decider API was also unclear and different policies were in force
depending on the usecase.
This commit introduces following changes:
* Keep the policy in a single place.
* Return a prioritized list of backends compatible with given use case.
* Add backend check to key derivation and wrapped key import.
* Do not assume SW backend is suitable for all cases.
* Handle illegal cases by returning empty list of compatible backends.
Change-Id: I2d5dbbb3c4ba9385ac756eb419f95ac877cdd532
Krzysztof Jackiewicz [Mon, 8 May 2023 18:43:51 +0000 (20:43 +0200)]
Fix default value for KBKDF LLEN parameter
Change the default value of CKMC_PARAM_KBKDF_LLEN from 0 to 32
according to API description.
Change-Id: I972d95227b047394c5f59addc9242d43c9c68be7
Krzysztof Jackiewicz [Thu, 27 Apr 2023 09:33:20 +0000 (11:33 +0200)]
Backend info API
New API:
- getting backend associated with given object
- getting backend information for given backend
- getting max encryption chunk size from backend information
Change-Id: I8c66e623ba49ebda0a9fad28dcb3b48bd21b175f
Krzysztof Jackiewicz [Wed, 26 Apr 2023 10:17:14 +0000 (12:17 +0200)]
Multi-stage encryption API
Change-Id: If56a367a40f1ca3a6d4dcebfbb38543c7ec44fd5
Krzysztof Jackiewicz [Fri, 5 May 2023 12:38:16 +0000 (14:38 +0200)]
Fix ckmc_key_derive API description
Describe input and output key/secret types in detail.
Change-Id: I1f82fe45f4a8b5145b7236b9b8d5db998959b1ed
Krzysztof Jackiewicz [Tue, 18 Apr 2023 09:08:24 +0000 (11:08 +0200)]
Release 0.1.51
* Unify variable naming in key export
* Fix documentation issues in E2EE API
* Fix documentation issues
Change-Id: I211ecfb0a2fa8fb705fc355158e17e5cd9021356
Krzysztof Jackiewicz [Mon, 17 Apr 2023 10:01:09 +0000 (12:01 +0200)]
Unify variable naming in key export
Change-Id: Ic89b6105e420b9eceb93e9e6bdf112c4de3c1a65
Krzysztof Jackiewicz [Thu, 6 Apr 2023 13:41:12 +0000 (15:41 +0200)]
Fix documentation issues in E2EE API
* Issues raised by check-header.py (see:
https://github.sec.samsung.net/RPO7-TIZEN/tizen-native-api-review-script)
* Other issues raised during ACR.
* Own initiative cleanup.
Changes done separately to simplify ACR review.
Change-Id: I346b979cd16f1cda8a0fd970ae38f7db7bb093d7
Krzysztof Jackiewicz [Thu, 6 Apr 2023 14:37:45 +0000 (16:37 +0200)]
Fix documentation issues
* Issues raised by check-header.py (see:
https://github.sec.samsung.net/RPO7-TIZEN/tizen-native-api-review-script)
* Other issues raised during ACR.
* Own initiative cleanup.
Change-Id: If38c6477ecb782e12651766bd2ef344ccaae1e84
Krzysztof Jackiewicz [Tue, 4 Apr 2023 13:18:42 +0000 (15:18 +0200)]
Release 0.1.50
* Fix svace/coverity issues
Change-Id: I618080688b381fd110248331f615fce26cc30b30
Krzysztof Jackiewicz [Mon, 3 Apr 2023 15:46:07 +0000 (17:46 +0200)]
Fix svace/coverity issues
Change-Id: I681fd80cddf5f56bc99b35546940e111d29a5311
Tomasz Swierczek [Mon, 3 Apr 2023 05:47:41 +0000 (07:47 +0200)]
Release 0.1.49
* Fix build for 64-bit architectures
Change-Id: Ib0e29f479d86f012872a25388d927a4c37f77e26
Tomasz Swierczek [Mon, 3 Apr 2023 05:41:27 +0000 (07:41 +0200)]
Fix build for 64-bit architectures.
Change-Id: I5d658ee32d7d631145ea759c8bb3cb72b13359cd
Krzysztof Jackiewicz [Fri, 31 Mar 2023 12:50:02 +0000 (14:50 +0200)]
Release 0.1.48
* E2EE implementation
Change-Id: Id51fe9009dbc7ef78322274415153df855dde8ea
Krzysztof Jackiewicz [Fri, 31 Mar 2023 12:44:54 +0000 (14:44 +0200)]
Merge branch 'e2ee' into 'tizen'
Change-Id: I61dd5bf5a3d73b766e4d4f126783f8ded90a6f62
Krzysztof Jackiewicz [Thu, 23 Mar 2023 08:21:05 +0000 (09:21 +0100)]
Key wrapping implementation in TZ backend
Change-Id: I3d33a0b41e8eb4b58706a32fb298b0476a0525cc
Krzysztof Jackiewicz [Wed, 22 Mar 2023 08:48:31 +0000 (09:48 +0100)]
Key unwrapping implementation in TZ backend
Change-Id: I1ada1788c7f436b9cdd22cc7734eb3ab0159c544
Dariusz Michaluk [Fri, 31 Mar 2023 10:14:39 +0000 (12:14 +0200)]
Change code formatting in import/export wrapped key
Change-Id: If8932f5f9b3a1f2cdb2003895b348b89b7a15321
m.ksiezak [Thu, 16 Mar 2023 10:56:02 +0000 (11:56 +0100)]
Implementation of ckmc_export_wrapped_key
Change-Id: I2769be74b1ad3d76537d31bc3f7ac4659946029f
m.ksiezak [Fri, 17 Feb 2023 13:57:55 +0000 (14:57 +0100)]
Implementation of ckmc_import_wrapped_key
Change-Id: Ic8d2a865de2a705d39a4de06e9b91de5a6f30ef5
Krzysztof Jackiewicz [Tue, 28 Mar 2023 16:16:18 +0000 (18:16 +0200)]
Use new types in key derivation
Change-Id: I379f6a1c53c278c0adbaa71269b6232176601769
Krzysztof Jackiewicz [Tue, 28 Mar 2023 10:48:12 +0000 (12:48 +0200)]
isSKey mistake counter + a refactoring promise
Change-Id: I9fd0a98db92c8c0a6c2c7091fc9da22d0325b16a
Krzysztof Jackiewicz [Thu, 23 Mar 2023 08:19:41 +0000 (09:19 +0100)]
Simplify DB::Row/Token extraction
For wrapped key export we need to pass 1 object to be wrapped by
another. GObjUPtr is insufficient as it loses information about the
specific type. We'll need that info in TZ backend.
The wrapping API can be then made look as follows:
RawBuffer GObj::wrap(const CryptoAlgorithm ¶ms,
const Token &keyToWrap,
const Password &keyToWrapPass);
Change-Id: Ifeea08cbef43c6e86c067e37c68627d6b819bfcf
Krzysztof Jackiewicz [Mon, 27 Mar 2023 10:47:45 +0000 (12:47 +0200)]
Enable EC key pair generation in TZ backend
Until now, the decider was redirecting such requests to SW backend at
all times.
Change-Id: Ibbda55fa8ecdb3b5b8b3803754bfbf226a612704
Krzysztof Jackiewicz [Fri, 24 Mar 2023 15:52:05 +0000 (16:52 +0100)]
Make unpack a static GStore method
Needed for key wrapping.
Change-Id: I1ac65d92176237d61719944f7eb1688588c67117
Krzysztof Jackiewicz [Wed, 22 Mar 2023 08:15:34 +0000 (09:15 +0100)]
Replace 'virtual' with 'override' in TZ Store
Change-Id: I5a5406be8a4e8f3429ddb18cc9603a8647ec66a2
Krzysztof Jackiewicz [Thu, 16 Mar 2023 11:45:45 +0000 (12:45 +0100)]
Key derivation in TZ backend
Change-Id: I76a9b93d0e2deb82724ba941b97dcc4c995b08d7
Krzysztof Jackiewicz [Tue, 21 Mar 2023 07:34:49 +0000 (08:34 +0100)]
Implement EC key pair generation in TZ backend
Change-Id: Id1199d174146dfeb7b75081783dca90624fe12de
Krzysztof Jackiewicz [Fri, 24 Mar 2023 16:01:55 +0000 (17:01 +0100)]
Remove unused function
Change-Id: I157503be4e191edc35c12453d0b780c8d1ed466b
Krzysztof Jackiewicz [Mon, 20 Mar 2023 09:41:57 +0000 (10:41 +0100)]
TZ backend helpers
Change-Id: I4d81f000ca130a468352c31060608d9c78b771ce
Krzysztof Jackiewicz [Mon, 20 Mar 2023 12:32:40 +0000 (13:32 +0100)]
Use proper constant in TZ data import
Change-Id: I4510a29f1bb8d8dfc2216199465cd2a76701ddb6
Krzysztof Jackiewicz [Fri, 20 Jan 2023 19:41:55 +0000 (20:41 +0100)]
Add ECDH+KBKDF example
Add an ECDH+KBKDF example in form of a doxygen snippet. The code used in it is
compiled together with the project.
Disclaimer:
I don't know how to generate Tizen API documentation. Basing on other projects
I made an assumption that doxygen's EXAMPLE_PATH points to doc subdirectory.
With such assumption, vanilla doxygen generates the code snippet properly.
Change-Id: I7cdc98ff204238be0ad2440a8816ed53a61e7efc
Krzysztof Jackiewicz [Mon, 13 Feb 2023 09:10:39 +0000 (10:10 +0100)]
KBKDF HMAC implementation in sw backend
Unit tests included
Change-Id: If4287b38c61fe3842024c5e7baf4934685f92566
Krzysztof Jackiewicz [Fri, 10 Feb 2023 15:02:15 +0000 (16:02 +0100)]
Custom KBKDF HMAC implementation
There's no KBKDF support in openssl1.1. Added implementation based on
NIST spec, openssl3.0 KBKDF implementation (as a reference) and
openssl1.1 HMAC.
Test vector validation included (supported PRFs only)
Change-Id: If1dc6070e8e8fc35582876c6fd4b4be4497c7de4
Krzysztof Jackiewicz [Thu, 9 Feb 2023 08:11:02 +0000 (09:11 +0100)]
Sw backend ECDH implementation
Unit tests included
Change-Id: I8e91ebbba587451e3b96212d7e74a3585e480702
Krzysztof Jackiewicz [Thu, 9 Feb 2023 08:59:15 +0000 (09:59 +0100)]
Make pack() a SW Store's static method
This is necessary to let SW object pack newly derived key/secret.
Change-Id: Ib9cb635e384ae3dfcee7cf4c60cbea80d2c86861
Krzysztof Jackiewicz [Wed, 1 Feb 2023 16:00:34 +0000 (17:00 +0100)]
Key derivation implementation: client & server
Client and server part (no implementation in backend)
Change-Id: I38d9be59b2c07ed59b61374f461383b58e4c98d0
Krzysztof Jackiewicz [Fri, 17 Mar 2023 09:18:09 +0000 (10:18 +0100)]
Remove API doc leftover
Change-Id: I2b28fa37206b72adb6d68255305718508ab2d70d
Krzysztof Jackiewicz [Tue, 14 Mar 2023 12:35:17 +0000 (13:35 +0100)]
Cleanup TZ backend API
Change-Id: Id0042379e7a85d6960609f7efad3dbe7483eeaf1
Krzysztof Jackiewicz [Thu, 9 Feb 2023 08:55:08 +0000 (09:55 +0100)]
Keep the backend id in GObj
This is necessary for key derivation & wrapping, when one object
creates another.
Update SW and TZ backend.
Change-Id: I898b75b0cc093414d089ed4130827571d592315f
Krzysztof Jackiewicz [Thu, 23 Feb 2023 08:47:44 +0000 (09:47 +0100)]
Allow saving unexportable data
Now it makes sense as such data can be used for key derivation.
Change-Id: Ie8db9cca5b83831045dce45cfadde8215c79a608
Krzysztof Jackiewicz [Mon, 20 Feb 2023 07:53:36 +0000 (08:53 +0100)]
Fix the forgotten scheme-test
Make the test properly handle key migration.
Change-Id: Id1e468b1da807d52f6054ee7d0edb9c0472264fd
Krzysztof Jackiewicz [Fri, 17 Feb 2023 20:13:46 +0000 (21:13 +0100)]
Fix decryption with unexpected password
Passing a password when a row was not additionally encrypted with one
did not fail as it should. Make it do so.
Change-Id: Ifd84cca1b55c67ef7e5b470cc42bb4efac6a0703
Krzysztof Jackiewicz [Thu, 16 Feb 2023 11:09:20 +0000 (12:09 +0100)]
Derivation API extension
Allows configuration of following KBKDF parameters:
- counter location,
- fixed input or label + context,
- length of counter representation,
- length of length suffix representation,
- existence of length suffix,
- existence of zero octet separator.
Change-Id: I685e4f38d28c4bc0a9d79fd6fbbd9da870534be8
Krzysztof Jackiewicz [Fri, 10 Feb 2023 12:52:28 +0000 (13:52 +0100)]
Encryption performance test
Change-Id: Ifacdbff488e977eca69417d6362273f32feeea11
Krzysztof Jackiewicz [Thu, 12 Jan 2023 18:29:47 +0000 (19:29 +0100)]
E2EE API draft
- Key wrapping API
- Key agreement/derivation API
- Updated encryption API doc
Change-Id: Iaa7add5cf102679aa8ad9464fcbea38d52cf9c3f
Krzysztof Jackiewicz [Wed, 8 Feb 2023 09:27:14 +0000 (10:27 +0100)]
Remove unnecessary helpers from CkmLogic
Change-Id: I32df8f2f0f17b22e2d72ac99708e79f7b8ebde81
Krzysztof Jackiewicz [Mon, 6 Feb 2023 08:50:25 +0000 (09:50 +0100)]
Unify CKMLogic methods and fix PKCS12 support
Add helper functions for frequently repeated code (input parameter
checks, database selection, permission checks, hash calculation,
transaction start)
Fixed object Id is calculated from uid, pkg_id & alias. PKCS12
components are stored under common alias differing only by type. As a
result, all PKCS12 components are saved with identical object id which
may lead to conflicts.
For PKCS12 add type information as hash function input.
Change-Id: Id54c5eb4e0ad5b3521f2661df64619316cf4a9ea
Krzysztof Jackiewicz [Thu, 9 Feb 2023 14:34:03 +0000 (15:34 +0100)]
Fix indentation
Change-Id: Ic98aea95c673fb94dc022eee9cac66fc4d1a5b9e
Krzysztof Jackiewicz [Mon, 6 Feb 2023 09:28:36 +0000 (10:28 +0100)]
Unify app key loading
Change-Id: Ic10c86c01fd71311477a1695fb9a5e3d60ca1f54
Krzysztof Jackiewicz [Fri, 3 Feb 2023 12:11:15 +0000 (13:11 +0100)]
Simplify explicit to effective owner translation
Change-Id: Iaae22210f7d08c4973d779f8330f4abb6f1f1c73
Krzysztof Jackiewicz [Fri, 3 Feb 2023 09:23:12 +0000 (10:23 +0100)]
Pass proper owner to hashing function
Explicit owner may be empty. In such case the default owner value
should be taken from user's credentials.
Change-Id: I59dc0d421975bc7b329a609ebddc35420cea446c
Krzysztof Jackiewicz [Fri, 3 Feb 2023 09:05:55 +0000 (10:05 +0100)]
Move system db owner check to AccessControl
Change-Id: I28daefd12f0492a93b63f66c11b0a6fdda9d302d
Krzysztof Jackiewicz [Fri, 3 Feb 2023 07:27:56 +0000 (08:27 +0100)]
Fix indentation
Change-Id: I1f4e3d3c0c3ec9d4d7da436979236e177ad86c6a
Krzysztof Jackiewicz [Wed, 1 Feb 2023 15:30:21 +0000 (16:30 +0100)]
SW backend API cleanup
Get rid of unnecessary "virtual" specifiers.
Use "override" instead.
Remove unnecessary destructors.
Change-Id: Ide0892647acee5fe2046653d6e65bfa09b2fbe01
Krzysztof Jackiewicz [Tue, 11 Oct 2022 15:42:57 +0000 (17:42 +0200)]
Add more KeyProvider tests
This includes tests for newly added key format and migration.
Change-Id: I852fa672ad39599dc89ac3a7b334c7e914c71bde
Krzysztof Jackiewicz [Wed, 5 Oct 2022 13:51:33 +0000 (15:51 +0200)]
Refactor KeyProvider
Apply modifications while keeping key file format and encryption scheme
unchanged:
* Remove unused code
* Deduplicate code
* Unify key naming
* Simplify structures keeping various forms of keys and their metadata
* Update tests
Change-Id: I38caceb6c38bfecbdbbb290df39042ba7b17b394
isaac2.lee [Thu, 6 Oct 2022 01:17:12 +0000 (10:17 +0900)]
add debug log and fix a bug
Change-Id: I35d284cb29ec3bfe53500f4473994ed5c8217e61
Dongsun Lee [Wed, 5 Oct 2022 10:07:05 +0000 (19:07 +0900)]
Release 0.1.47
* add the se-backend for db encryption
Change-Id: Id0c036cb08a11215e74be5e6bb2343785fd6bc93
이이삭/System Security Lab(SR)/삼성전자 [Wed, 5 Oct 2022 07:10:38 +0000 (16:10 +0900)]
add the se-backend for db encryption
* add the se-backend for db encryption
* change se-backend include dependancy and remove the unavailable codes
* remove migration DBDEK and rearrange KeyProvider structures
Change-Id: I52e07ac5af7b41d0f79b7fee818221f25b1d60cd
Krzysztof Jackiewicz [Mon, 26 Sep 2022 14:28:11 +0000 (16:28 +0200)]
Release 0.1.46
* Fix encryption request handling
* Add Samsung's Analysis Hub service configuration
* Remove unused sec_build_binary_debug_enable build macro
Change-Id: I909ddd67218797199f44d35582d20fb77e47f9ef
Krzysztof Jackiewicz [Mon, 26 Sep 2022 10:47:24 +0000 (12:47 +0200)]
Fix encryption request handling
The key used in m_requestMap is not unique which may lead to errors when
requests from multiple clients are processed.
Use a separate request counter as the key.
Change-Id: Iffbf0a3c43ea0c091eb3d714ef0a77211f9b3a78
Tomasz Swierczek [Wed, 21 Sep 2022 10:30:25 +0000 (12:30 +0200)]
Add Samsung's Analysis Hub service configuration
Configuration allows skipping sqlcipher.c file,
which is external open source, from static analysis.
Change-Id: Ia1ed85e403c8feefdfe659018b660af5dbe27daa
Dariusz Michaluk [Thu, 25 Nov 2021 10:46:28 +0000 (11:46 +0100)]
Remove unused sec_build_binary_debug_enable build macro
Change-Id: I3fc241eabb7ba6b8f737149f99410da0af028953
Tomasz Swierczek [Tue, 27 Jul 2021 06:39:17 +0000 (08:39 +0200)]
Release 0.1.45
* Deprecate ckmc_ocsp_check API
Change-Id: I248a647047782f6a7f403cd51b3c9b76152936b0
Tomasz Swierczek [Tue, 27 Jul 2021 06:01:47 +0000 (08:01 +0200)]
Deprecate ckmc_ocsp_check API
OCSP test certificate management is problematic, and Tizen platform
has another ocsp API in OpenSSL which can be officially recommended.
Change-Id: Ifc115c300e79a64b65361deaa848ee396e654240
Michał Szaknis [Mon, 28 Jun 2021 12:22:49 +0000 (14:22 +0200)]
Release 0.1.44
* Use fixed object ID in TZ backend
* Add more tests to increase coverage
Change-Id: I989df7e1b5b8c9f783014b40b4eb700c263d1cd3
Michał Szaknis [Wed, 21 Apr 2021 15:28:08 +0000 (17:28 +0200)]
Use fixed object ID in TZ backend
Calculate the object ID as a hash of credentials and alias instead of
using a random ID.
Change-Id: Ice164d6f8eda9acd157c4d74f47d45fef49f6ddc
Michał Szaknis [Fri, 21 May 2021 14:17:20 +0000 (16:17 +0200)]
Add tests for `try_catch` and `try_catch_enclosure`
Change-Id: If74b22ad53961a32c75d3d7feae48f2a41d09508
Michał Szaknis [Fri, 21 May 2021 08:18:35 +0000 (10:18 +0200)]
Add tests for ckmc-type-converter.cpp
Change-Id: Idd90ad6f954ec491d718b955bea2f43624986160
Michał Szaknis [Thu, 20 May 2021 15:16:14 +0000 (17:16 +0200)]
Add tests for AliasSupport class
Change-Id: I509160e10ca4ac00418d3ee408c32915c6aa5511
Michał Szaknis [Thu, 20 May 2021 10:30:06 +0000 (12:30 +0200)]
Add test to xml-utils.cpp
Change-Id: I74c1130c20245ade53dbb86c72e38528409be23f
Krzysztof Jackiewicz [Thu, 13 May 2021 13:34:32 +0000 (15:34 +0200)]
Release 0.1.43
* Open legacy db in R/W mode
* Fix coverage generation in rpm 4.14.1
* Suppress TEEC deprecated declarations warnings
* Remove unnecessary cast to double in db perf test
Change-Id: I44b581084930e2253ea3112e362733f47a0c9479
Krzysztof Jackiewicz [Thu, 13 May 2021 12:53:32 +0000 (14:53 +0200)]
Open legacy db in R/W mode
If due to a failure during previous transaction a rollback journal is
generated, the original legacy database has to be restored to the
original state before it can be dumped. However, it can't be done
unless the database is opened in R/W mode.
Change-Id: Icc455f4e820a5be8b0628e95895680e9cbb14eb6