platform/core/security/key-manager.git
16 months agoFix typo in ckmc-manager.h 15/294615/1
Krzysztof Jackiewicz [Wed, 21 Jun 2023 15:16:19 +0000 (17:16 +0200)]
Fix typo in ckmc-manager.h

Change-Id: I76c95dcf4c32f3fc70abea680f757edd45676c07

16 months agoEnable -Wshadow and fix warnings 23/294523/4
Krzysztof Jackiewicz [Tue, 20 Jun 2023 15:52:03 +0000 (17:52 +0200)]
Enable -Wshadow and fix warnings

The flag is used in products an our code causes warnings/errors. Fix
existing code and enable the flag to detect possible errors in future.

Change-Id: I830696231f9a6f1b80d390f7bf3df4fff1814691

16 months agoRelease 0.1.53 19/294219/1 accepted/tizen/6.0/unified/20230621.004733 accepted/tizen/6.5/unified/20230621.125855 accepted/tizen/7.0/unified/20230620.164235 accepted/tizen/unified/20230621.023228
Krzysztof Jackiewicz [Wed, 14 Jun 2023 10:33:41 +0000 (12:33 +0200)]
Release 0.1.53

* Add few remarks regarding chunk size limits
* Cipher API implementation in TZ backend
* Backend info API implementation
* Alias info refactoring
* Extend E2EE API support back to 6.0
* Refactor serialization code
* Cipher API unit tests
* Cipher API implementation (server part)
* Cipher API implementation (backend part)
* Cipher API implementation (client part)
* Drop all encryption requests upon disconnection
* Update cipher api description
* Improve AAD and GCM tag handling in cipher API
* Update ckmc_generate_new_params with new algorithms
* Allow generating unexportable binary data in TZ
* Add missing KBKDF params in TZ backend
* Workaround for GCM IV length issue
* Fix GCM IV length setting
* Test proper GCM IV length handling
* Rename DataType::isSKey
* Fix backend selection logic
* Fix default value for KBKDF LLEN parameter
* Backend info API
* Multi-stage encryption API
* Fix ckmc_key_derive API description

Change-Id: If9bfbaa1fe5169412441660df3bb1a055d22ce2a

16 months agoMerge branch e2ee into tizen 18/294218/1
Krzysztof Jackiewicz [Wed, 14 Jun 2023 10:30:49 +0000 (12:30 +0200)]
Merge branch e2ee into tizen

Change-Id: I856e57b604e87582948e250929817fd3b7c0dd8b

16 months agoAdd few remarks regarding chunk size limits 15/294215/1 e2ee
Krzysztof Jackiewicz [Wed, 14 Jun 2023 10:07:09 +0000 (12:07 +0200)]
Add few remarks regarding chunk size limits

Mention the possibility of backend imposing limits on the size of
processed data in all places where it may happen.

Change-Id: Id828f15b8692859a1efad015dcb3692c9c29432e

16 months agoCipher API implementation in TZ backend 06/294006/5
Krzysztof Jackiewicz [Fri, 9 Jun 2023 08:51:08 +0000 (10:51 +0200)]
Cipher API implementation in TZ backend

Change-Id: I2510dfb8f7e1722ee300edce6e983075a0c5303a

16 months agoBackend info API implementation 91/293891/6
Krzysztof Jackiewicz [Wed, 7 Jun 2023 11:19:02 +0000 (13:19 +0200)]
Backend info API implementation

Change-Id: Ib47c16bf5d2255c71d538b9e1009cb54b8f842ba

16 months agoAlias info refactoring 74/293874/5
Krzysztof Jackiewicz [Fri, 26 May 2023 13:00:58 +0000 (15:00 +0200)]
Alias info refactoring

To extract alias backend information, the current structures and
mechanisms meant for alias & password protection status extraction have
to be modified as follows:
* Modify 'join_all_tables' view in db to include 'backendId' and other
  columns from OBJECTS table. It also requires a db version bump and a
  migration script
* Modify db query that lists aliases to include 'backendId'.
* Move AliasSupport to common library so it can be used in DBCrypto.
* Replace OwnerNameVector and OwnerNameEncryptionStatusVector with a
  vector of AliasInfo structures.
* Add AliasInfoSerializableVector wrapper to allow AliasInfo
  (de)serialization.
* Modify client to get password protection status during
  ckmc_alias_info_is_password_protected() instead of checking all
  accessible aliases one by one.
* Modify client to get aliases from AliasInfo vector when other info is
  not required.
* Update unit-tests

Change-Id: Ic6741f7329afe858d561cab89d9616a53327a6bd

17 months agoExtend E2EE API support back to 6.0 85/293885/2
Krzysztof Jackiewicz [Wed, 7 Jun 2023 08:32:58 +0000 (10:32 +0200)]
Extend E2EE API support back to 6.0

Change-Id: I7aff7fb9a35fa26804303a11a4cf0a8c03fb287c

17 months agoRefactor serialization code 73/293873/1
Krzysztof Jackiewicz [Mon, 5 Jun 2023 12:36:55 +0000 (14:36 +0200)]
Refactor serialization code

* Remove unused overloads (pointers, stl).
* Unify primitive types (de)serialization.
* Modify Serializable interface to allow passing an existing object.
* Update serialization wrappers' implementations and move them to cpp.

Change-Id: I498f9dd9cca570a1a7eb424fb481d07a1297a279

17 months agoRelease 0.1.52 71/293871/1 accepted/tizen/6.0/unified/20230612.054110 accepted/tizen/6.5/unified/20230612.123202 accepted/tizen/7.0/unified/20230608.164752 accepted/tizen/unified/20230608.164342
Krzysztof Jackiewicz [Wed, 7 Jun 2023 08:36:57 +0000 (10:36 +0200)]
Release 0.1.52

* Extend E2EE API support back to 6.0

Change-Id: I6f05c59bdbaf7c34b6c71ffbfb1eeea3687abab4

17 months agoExtend E2EE API support back to 6.0 70/293870/1
Krzysztof Jackiewicz [Wed, 7 Jun 2023 08:32:58 +0000 (10:32 +0200)]
Extend E2EE API support back to 6.0

Change-Id: I7aff7fb9a35fa26804303a11a4cf0a8c03fb287c

17 months agoCipher API unit tests 59/292959/7
Krzysztof Jackiewicz [Wed, 17 May 2023 16:01:32 +0000 (18:01 +0200)]
Cipher API unit tests

Change-Id: I9ef5e3db62a36043d6b5691a0aaff5ce7236c302

17 months agoCipher API implementation (server part) 45/292645/9
Krzysztof Jackiewicz [Fri, 5 May 2023 08:37:23 +0000 (10:37 +0200)]
Cipher API implementation (server part)

Change-Id: Ie4a9c50378d461e659401829863bbe32cf67f305

17 months agoCipher API implementation (backend part) 11/292711/8
Krzysztof Jackiewicz [Thu, 11 May 2023 12:32:56 +0000 (14:32 +0200)]
Cipher API implementation (backend part)

Change-Id: I7d2e5ef36a539a34f7e93a7fd9c16c90534d6aad

17 months agoCipher API implementation (client part) 53/292053/9
Krzysztof Jackiewicz [Wed, 26 Apr 2023 21:11:33 +0000 (23:11 +0200)]
Cipher API implementation (client part)

Change-Id: I191f606819ae306f570fe538674f943e336ec86f

17 months agoDrop all encryption requests upon disconnection 51/292951/7
Krzysztof Jackiewicz [Wed, 17 May 2023 12:35:13 +0000 (14:35 +0200)]
Drop all encryption requests upon disconnection

If client disconnects before finishing the request the request should
be removed from the map.

Change-Id: I7bb0fa71b12f0a07bac5e62e5191bd9729829bfe

17 months agoUpdate cipher api description 41/293341/2
Krzysztof Jackiewicz [Wed, 24 May 2023 09:02:48 +0000 (11:02 +0200)]
Update cipher api description

Encryption may return an empty buffer. Specify the return value in such
case.

Change-Id: Iabcbe30dc002d4dc7eb932fdbd5418263488ba2a

17 months agoImprove AAD and GCM tag handling in cipher API 47/292947/6
Krzysztof Jackiewicz [Mon, 15 May 2023 12:44:43 +0000 (14:44 +0200)]
Improve AAD and GCM tag handling in cipher API

* AAD may also be a subject of backend chunk size limitation. Allow
  calling ckmc_cipher_init multiple time do provide consecutive AAD
  portions.
* When encrypted data is split in to chunks there's no way to locate
  the trailing GCM tag part. Add optional buffer argument to
  ckmc_cipher_finalize() to allow passing the tag explicitly. This
  function will also return the tag in the output buffer during
  encryption.

Change-Id: Ic9ddb86e294f8180fb44327c1f4ac4f4650b3e4c

17 months agoUpdate ckmc_generate_new_params with new algorithms 37/293037/6
Krzysztof Jackiewicz [Thu, 18 May 2023 10:16:03 +0000 (12:16 +0200)]
Update ckmc_generate_new_params with new algorithms

Change-Id: I094372d55a89a9fe5b7c212bd8c2e2dc7e325c11

17 months agoAllow generating unexportable binary data in TZ 05/293205/4
Krzysztof Jackiewicz [Mon, 22 May 2023 20:12:35 +0000 (22:12 +0200)]
Allow generating unexportable binary data in TZ

TZ backend already supports importing exportable binary data. Follow
the same rule for secret derivation and allow storing an exportable
secret (binary data), derived from TZ key, in TZ.

Change-Id: I61d202469a3df43e5f35746a0c09ca179d823336

17 months agoAdd missing KBKDF params in TZ backend 41/293041/6
Krzysztof Jackiewicz [Thu, 18 May 2023 11:50:04 +0000 (13:50 +0200)]
Add missing KBKDF params in TZ backend

Change-Id: I4cadca649889190c30868c55a2e91c9f49252d84

17 months agoWorkaround for GCM IV length issue 71/293271/3
Krzysztof Jackiewicz [Tue, 23 May 2023 09:07:23 +0000 (11:07 +0200)]
Workaround for GCM IV length issue

GCM implementation was ignoring IV bytes except first 12B. The issue has
been fixed but we need to support the decryption of the data encrypted
the old way.

This workaround retries the decryption with an IV truncated to 12B if
the decryption with original IV length fails.

Unit-test included.

Change-Id: Ia1c06d9a7c6f3b75a69c2e1cb3e5f0801776e057

17 months agoFix GCM IV length setting 04/293204/4
Krzysztof Jackiewicz [Mon, 22 May 2023 19:29:17 +0000 (21:29 +0200)]
Fix GCM IV length setting

IV length was not properly set in case of GCM. The default 12B IV was
used at all times.

GCM supports 1 to 2^64-1 byte long IVs. Reflect it in the SW backend
implementation, its tests and client API description.

Change-Id: Idfa18c1c3cfd06de6618b4ac7632133ace6ab8dc

17 months agoTest proper GCM IV length handling 70/293270/2
Krzysztof Jackiewicz [Tue, 23 May 2023 06:45:16 +0000 (08:45 +0200)]
Test proper GCM IV length handling

GCM implementation was using only the first 12B of IV regardless of its
actual length. This modification makes the test check if the remaining
bytes of the IV are ignored.

Change-Id: I94281747bbe9363854484844fa038ae9bcd47a19

17 months agoRename DataType::isSKey 43/293043/1
Krzysztof Jackiewicz [Thu, 18 May 2023 12:50:41 +0000 (14:50 +0200)]
Rename DataType::isSKey

Change-Id: I59e553cbf067baf3ad7209e07e5376b6601c5a6a

17 months agoFix backend selection logic 87/292887/2
Krzysztof Jackiewicz [Tue, 16 May 2023 13:35:30 +0000 (15:35 +0200)]
Fix backend selection logic

In some cases the backend selection was not working properly:
- Key derivation, wrapped key import: the backend compatibility was not
  checked at all. This resulted in a possibility of saving an exportable
  key in TZ backend which normally is not allowed.
- Encrypted initial values could have been imported to incompatible SW
  backend if the TZ backend fails to initialize or the SW backend is
  forced.

The Decider API was also unclear and different policies were in force
depending on the usecase.

This commit introduces following changes:
* Keep the policy in a single place.
* Return a prioritized list of backends compatible with given use case.
* Add backend check to key derivation and wrapped key import.
* Do not assume SW backend is suitable for all cases.
* Handle illegal cases by returning empty list of compatible backends.

Change-Id: I2d5dbbb3c4ba9385ac756eb419f95ac877cdd532

18 months agoFix default value for KBKDF LLEN parameter 76/292476/1
Krzysztof Jackiewicz [Mon, 8 May 2023 18:43:51 +0000 (20:43 +0200)]
Fix default value for KBKDF LLEN parameter

Change the default value of CKMC_PARAM_KBKDF_LLEN from 0 to 32
according to API description.

Change-Id: I972d95227b047394c5f59addc9242d43c9c68be7

18 months agoBackend info API 35/292135/9
Krzysztof Jackiewicz [Thu, 27 Apr 2023 09:33:20 +0000 (11:33 +0200)]
Backend info API

New API:
- getting backend associated with given object
- getting backend information for given backend
- getting max encryption chunk size from backend information

Change-Id: I8c66e623ba49ebda0a9fad28dcb3b48bd21b175f

18 months agoMulti-stage encryption API 38/292038/6
Krzysztof Jackiewicz [Wed, 26 Apr 2023 10:17:14 +0000 (12:17 +0200)]
Multi-stage encryption API

Change-Id: If56a367a40f1ca3a6d4dcebfbb38543c7ec44fd5

18 months agoFix ckmc_key_derive API description 07/292407/2
Krzysztof Jackiewicz [Fri, 5 May 2023 12:38:16 +0000 (14:38 +0200)]
Fix ckmc_key_derive API description

Describe input and output key/secret types in detail.

Change-Id: I1f82fe45f4a8b5145b7236b9b8d5db998959b1ed

18 months agoRelease 0.1.51 58/291558/1 accepted/tizen/6.5/unified/20230503.104230 accepted/tizen/6.5/unified/20230517.090747 accepted/tizen/7.0/unified/20230424.020458 accepted/tizen/unified/20230419.044942
Krzysztof Jackiewicz [Tue, 18 Apr 2023 09:08:24 +0000 (11:08 +0200)]
Release 0.1.51

* Unify variable naming in key export
* Fix documentation issues in E2EE API
* Fix documentation issues

Change-Id: I211ecfb0a2fa8fb705fc355158e17e5cd9021356

18 months agoUnify variable naming in key export 89/291489/2
Krzysztof Jackiewicz [Mon, 17 Apr 2023 10:01:09 +0000 (12:01 +0200)]
Unify variable naming in key export

Change-Id: Ic89b6105e420b9eceb93e9e6bdf112c4de3c1a65

18 months agoFix documentation issues in E2EE API 43/291043/6
Krzysztof Jackiewicz [Thu, 6 Apr 2023 13:41:12 +0000 (15:41 +0200)]
Fix documentation issues in E2EE API

* Issues raised by check-header.py (see:
  https://github.sec.samsung.net/RPO7-TIZEN/tizen-native-api-review-script)
* Other issues raised during ACR.
* Own initiative cleanup.

Changes done separately to simplify ACR review.

Change-Id: I346b979cd16f1cda8a0fd970ae38f7db7bb093d7

18 months agoFix documentation issues 42/291042/5
Krzysztof Jackiewicz [Thu, 6 Apr 2023 14:37:45 +0000 (16:37 +0200)]
Fix documentation issues

* Issues raised by check-header.py (see:
  https://github.sec.samsung.net/RPO7-TIZEN/tizen-native-api-review-script)
* Other issues raised during ACR.
* Own initiative cleanup.

Change-Id: If38c6477ecb782e12651766bd2ef344ccaae1e84

19 months agoRelease 0.1.50 89/290889/2 accepted/tizen/unified/20230406.165733
Krzysztof Jackiewicz [Tue, 4 Apr 2023 13:18:42 +0000 (15:18 +0200)]
Release 0.1.50

* Fix svace/coverity issues

Change-Id: I618080688b381fd110248331f615fce26cc30b30

19 months agoFix svace/coverity issues 15/290815/3
Krzysztof Jackiewicz [Mon, 3 Apr 2023 15:46:07 +0000 (17:46 +0200)]
Fix svace/coverity issues

Change-Id: I681fd80cddf5f56bc99b35546940e111d29a5311

19 months agoRelease 0.1.49 78/290778/1
Tomasz Swierczek [Mon, 3 Apr 2023 05:47:41 +0000 (07:47 +0200)]
Release 0.1.49

* Fix build for 64-bit architectures

Change-Id: Ib0e29f479d86f012872a25388d927a4c37f77e26

19 months agoFix build for 64-bit architectures. 77/290777/1
Tomasz Swierczek [Mon, 3 Apr 2023 05:41:27 +0000 (07:41 +0200)]
Fix build for 64-bit architectures.

Change-Id: I5d658ee32d7d631145ea759c8bb3cb72b13359cd

19 months agoRelease 0.1.48 52/290752/1
Krzysztof Jackiewicz [Fri, 31 Mar 2023 12:50:02 +0000 (14:50 +0200)]
Release 0.1.48

* E2EE implementation

Change-Id: Id51fe9009dbc7ef78322274415153df855dde8ea

19 months agoMerge branch 'e2ee' into 'tizen' 51/290751/1
Krzysztof Jackiewicz [Fri, 31 Mar 2023 12:44:54 +0000 (14:44 +0200)]
Merge branch 'e2ee' into 'tizen'

Change-Id: I61dd5bf5a3d73b766e4d4f126783f8ded90a6f62

19 months agoKey wrapping implementation in TZ backend 48/290448/11
Krzysztof Jackiewicz [Thu, 23 Mar 2023 08:21:05 +0000 (09:21 +0100)]
Key wrapping implementation in TZ backend

Change-Id: I3d33a0b41e8eb4b58706a32fb298b0476a0525cc

19 months agoKey unwrapping implementation in TZ backend 45/290445/11
Krzysztof Jackiewicz [Wed, 22 Mar 2023 08:48:31 +0000 (09:48 +0100)]
Key unwrapping implementation in TZ backend

Change-Id: I1ada1788c7f436b9cdd22cc7734eb3ab0159c544

19 months agoChange code formatting in import/export wrapped key 49/290749/1
Dariusz Michaluk [Fri, 31 Mar 2023 10:14:39 +0000 (12:14 +0200)]
Change code formatting in import/export wrapped key

Change-Id: If8932f5f9b3a1f2cdb2003895b348b89b7a15321

19 months agoImplementation of ckmc_export_wrapped_key 84/289984/30
m.ksiezak [Thu, 16 Mar 2023 10:56:02 +0000 (11:56 +0100)]
Implementation of ckmc_export_wrapped_key

Change-Id: I2769be74b1ad3d76537d31bc3f7ac4659946029f

19 months agoImplementation of ckmc_import_wrapped_key 29/288529/24
m.ksiezak [Fri, 17 Feb 2023 13:57:55 +0000 (14:57 +0100)]
Implementation of ckmc_import_wrapped_key

Change-Id: Ic8d2a865de2a705d39a4de06e9b91de5a6f30ef5

19 months agoUse new types in key derivation 58/290558/2
Krzysztof Jackiewicz [Tue, 28 Mar 2023 16:16:18 +0000 (18:16 +0200)]
Use new types in key derivation

Change-Id: I379f6a1c53c278c0adbaa71269b6232176601769

19 months agoisSKey mistake counter + a refactoring promise 47/290547/4
Krzysztof Jackiewicz [Tue, 28 Mar 2023 10:48:12 +0000 (12:48 +0200)]
isSKey mistake counter + a refactoring promise

Change-Id: I9fd0a98db92c8c0a6c2c7091fc9da22d0325b16a

19 months agoSimplify DB::Row/Token extraction 46/290346/6
Krzysztof Jackiewicz [Thu, 23 Mar 2023 08:19:41 +0000 (09:19 +0100)]
Simplify DB::Row/Token extraction

For wrapped key export we need to pass 1 object to be wrapped by
another. GObjUPtr is insufficient as it loses information about the
specific type. We'll need that info in TZ backend.

The wrapping API can be then made look as follows:

RawBuffer GObj::wrap(const CryptoAlgorithm &params,
                     const Token &keyToWrap,
                     const Password &keyToWrapPass);

Change-Id: Ifeea08cbef43c6e86c067e37c68627d6b819bfcf

19 months agoEnable EC key pair generation in TZ backend 87/290487/2
Krzysztof Jackiewicz [Mon, 27 Mar 2023 10:47:45 +0000 (12:47 +0200)]
Enable EC key pair generation in TZ backend

Until now, the decider was redirecting such requests to SW backend at
all times.

Change-Id: Ibbda55fa8ecdb3b5b8b3803754bfbf226a612704

19 months agoMake unpack a static GStore method 47/290447/3
Krzysztof Jackiewicz [Fri, 24 Mar 2023 15:52:05 +0000 (16:52 +0100)]
Make unpack a static GStore method

Needed for key wrapping.

Change-Id: I1ac65d92176237d61719944f7eb1688588c67117

19 months agoReplace 'virtual' with 'override' in TZ Store 44/290444/4
Krzysztof Jackiewicz [Wed, 22 Mar 2023 08:15:34 +0000 (09:15 +0100)]
Replace 'virtual' with 'override' in TZ Store

Change-Id: I5a5406be8a4e8f3429ddb18cc9603a8647ec66a2

19 months agoKey derivation in TZ backend 25/290125/8
Krzysztof Jackiewicz [Thu, 16 Mar 2023 11:45:45 +0000 (12:45 +0100)]
Key derivation in TZ backend

Change-Id: I76a9b93d0e2deb82724ba941b97dcc4c995b08d7

19 months agoImplement EC key pair generation in TZ backend 91/290191/5
Krzysztof Jackiewicz [Tue, 21 Mar 2023 07:34:49 +0000 (08:34 +0100)]
Implement EC key pair generation in TZ backend

Change-Id: Id1199d174146dfeb7b75081783dca90624fe12de

19 months agoRemove unused function 49/290449/2
Krzysztof Jackiewicz [Fri, 24 Mar 2023 16:01:55 +0000 (17:01 +0100)]
Remove unused function

Change-Id: I157503be4e191edc35c12453d0b780c8d1ed466b

19 months agoTZ backend helpers 27/290127/7
Krzysztof Jackiewicz [Mon, 20 Mar 2023 09:41:57 +0000 (10:41 +0100)]
TZ backend helpers

Change-Id: I4d81f000ca130a468352c31060608d9c78b771ce

19 months agoUse proper constant in TZ data import 35/290135/4
Krzysztof Jackiewicz [Mon, 20 Mar 2023 12:32:40 +0000 (13:32 +0100)]
Use proper constant in TZ data import

Change-Id: I4510a29f1bb8d8dfc2216199465cd2a76701ddb6

19 months agoAdd ECDH+KBKDF example 62/287562/19
Krzysztof Jackiewicz [Fri, 20 Jan 2023 19:41:55 +0000 (20:41 +0100)]
Add ECDH+KBKDF example

Add an ECDH+KBKDF example in form of a doxygen snippet. The code used in it is
compiled together with the project.

Disclaimer:
I don't know how to generate Tizen API documentation. Basing on other projects
I made an assumption that doxygen's EXAMPLE_PATH points to doc subdirectory.
With such assumption, vanilla doxygen generates the code snippet properly.

Change-Id: I7cdc98ff204238be0ad2440a8816ed53a61e7efc

19 months agoKBKDF HMAC implementation in sw backend 67/288367/12
Krzysztof Jackiewicz [Mon, 13 Feb 2023 09:10:39 +0000 (10:10 +0100)]
KBKDF HMAC implementation in sw backend

Unit tests included

Change-Id: If4287b38c61fe3842024c5e7baf4934685f92566

19 months agoCustom KBKDF HMAC implementation 66/288366/12
Krzysztof Jackiewicz [Fri, 10 Feb 2023 15:02:15 +0000 (16:02 +0100)]
Custom KBKDF HMAC implementation

There's no KBKDF support in openssl1.1. Added implementation based on
NIST spec, openssl3.0 KBKDF implementation (as a reference) and
openssl1.1 HMAC.

Test vector validation included (supported PRFs only)

Change-Id: If1dc6070e8e8fc35582876c6fd4b4be4497c7de4

19 months agoSw backend ECDH implementation 55/288055/12
Krzysztof Jackiewicz [Thu, 9 Feb 2023 08:11:02 +0000 (09:11 +0100)]
Sw backend ECDH implementation

Unit tests included

Change-Id: I8e91ebbba587451e3b96212d7e74a3585e480702

19 months agoMake pack() a SW Store's static method 54/288054/12
Krzysztof Jackiewicz [Thu, 9 Feb 2023 08:59:15 +0000 (09:59 +0100)]
Make pack() a SW Store's static method

This is necessary to let SW object pack newly derived key/secret.

Change-Id: Ib9cb635e384ae3dfcee7cf4c60cbea80d2c86861

19 months agoKey derivation implementation: client & server 52/288052/11
Krzysztof Jackiewicz [Wed, 1 Feb 2023 16:00:34 +0000 (17:00 +0100)]
Key derivation implementation: client & server

Client and server part (no implementation in backend)

Change-Id: I38d9be59b2c07ed59b61374f461383b58e4c98d0

19 months agoRemove API doc leftover 29/290029/1
Krzysztof Jackiewicz [Fri, 17 Mar 2023 09:18:09 +0000 (10:18 +0100)]
Remove API doc leftover

Change-Id: I2b28fa37206b72adb6d68255305718508ab2d70d

19 months agoCleanup TZ backend API 44/289844/3
Krzysztof Jackiewicz [Tue, 14 Mar 2023 12:35:17 +0000 (13:35 +0100)]
Cleanup TZ backend API

Change-Id: Id0042379e7a85d6960609f7efad3dbe7483eeaf1

19 months agoKeep the backend id in GObj 53/288053/11
Krzysztof Jackiewicz [Thu, 9 Feb 2023 08:55:08 +0000 (09:55 +0100)]
Keep the backend id in GObj

This is necessary for key derivation & wrapping, when one object
creates another.

Update SW and TZ backend.

Change-Id: I898b75b0cc093414d089ed4130827571d592315f

19 months agoAllow saving unexportable data 30/288830/5
Krzysztof Jackiewicz [Thu, 23 Feb 2023 08:47:44 +0000 (09:47 +0100)]
Allow saving unexportable data

Now it makes sense as such data can be used for key derivation.

Change-Id: Ie8db9cca5b83831045dce45cfadde8215c79a608

20 months agoFix the forgotten scheme-test 04/288604/2
Krzysztof Jackiewicz [Mon, 20 Feb 2023 07:53:36 +0000 (08:53 +0100)]
Fix the forgotten scheme-test

Make the test properly handle key migration.

Change-Id: Id1e468b1da807d52f6054ee7d0edb9c0472264fd

20 months agoFix decryption with unexpected password 90/288590/2
Krzysztof Jackiewicz [Fri, 17 Feb 2023 20:13:46 +0000 (21:13 +0100)]
Fix decryption with unexpected password

Passing a password when a row was not additionally encrypted with one
did not fail as it should. Make it do so.

Change-Id: Ifd84cca1b55c67ef7e5b470cc42bb4efac6a0703

20 months agoDerivation API extension 40/288440/6
Krzysztof Jackiewicz [Thu, 16 Feb 2023 11:09:20 +0000 (12:09 +0100)]
Derivation API extension

Allows configuration of following KBKDF parameters:
- counter location,
- fixed input or label + context,
- length of counter representation,
- length of length suffix representation,
- existence of length suffix,
- existence of zero octet separator.

Change-Id: I685e4f38d28c4bc0a9d79fd6fbbd9da870534be8

20 months agoEncryption performance test 30/288130/2
Krzysztof Jackiewicz [Fri, 10 Feb 2023 12:52:28 +0000 (13:52 +0100)]
Encryption performance test

Change-Id: Ifacdbff488e977eca69417d6362273f32feeea11

21 months agoE2EE API draft 61/287561/6
Krzysztof Jackiewicz [Thu, 12 Jan 2023 18:29:47 +0000 (19:29 +0100)]
E2EE API draft

- Key wrapping API
- Key agreement/derivation API
- Updated encryption API doc

Change-Id: Iaa7add5cf102679aa8ad9464fcbea38d52cf9c3f

21 months agoRemove unnecessary helpers from CkmLogic 74/287974/3
Krzysztof Jackiewicz [Wed, 8 Feb 2023 09:27:14 +0000 (10:27 +0100)]
Remove unnecessary helpers from CkmLogic

Change-Id: I32df8f2f0f17b22e2d72ac99708e79f7b8ebde81

21 months agoUnify CKMLogic methods and fix PKCS12 support 73/287973/3
Krzysztof Jackiewicz [Mon, 6 Feb 2023 08:50:25 +0000 (09:50 +0100)]
Unify CKMLogic methods and fix PKCS12 support

Add helper functions for frequently repeated code (input parameter
checks, database selection, permission checks, hash calculation,
transaction start)

Fixed object Id is calculated from uid, pkg_id & alias. PKCS12
components are stored under common alias differing only by type. As a
result, all PKCS12 components are saved with identical object id which
may lead to conflicts.

For PKCS12 add type information as hash function input.

Change-Id: Id54c5eb4e0ad5b3521f2661df64619316cf4a9ea

21 months agoFix indentation 49/288049/1
Krzysztof Jackiewicz [Thu, 9 Feb 2023 14:34:03 +0000 (15:34 +0100)]
Fix indentation

Change-Id: Ic98aea95c673fb94dc022eee9cac66fc4d1a5b9e

21 months agoUnify app key loading 05/287805/2
Krzysztof Jackiewicz [Mon, 6 Feb 2023 09:28:36 +0000 (10:28 +0100)]
Unify app key loading

Change-Id: Ic10c86c01fd71311477a1695fb9a5e3d60ca1f54

21 months agoSimplify explicit to effective owner translation 04/287804/2
Krzysztof Jackiewicz [Fri, 3 Feb 2023 12:11:15 +0000 (13:11 +0100)]
Simplify explicit to effective owner translation

Change-Id: Iaae22210f7d08c4973d779f8330f4abb6f1f1c73

21 months agoPass proper owner to hashing function 03/287803/2
Krzysztof Jackiewicz [Fri, 3 Feb 2023 09:23:12 +0000 (10:23 +0100)]
Pass proper owner to hashing function

Explicit owner may be empty. In such case the default owner value
should be taken from user's credentials.

Change-Id: I59dc0d421975bc7b329a609ebddc35420cea446c

21 months agoMove system db owner check to AccessControl 02/287802/2
Krzysztof Jackiewicz [Fri, 3 Feb 2023 09:05:55 +0000 (10:05 +0100)]
Move system db owner check to AccessControl

Change-Id: I28daefd12f0492a93b63f66c11b0a6fdda9d302d

21 months agoFix indentation 01/287801/2
Krzysztof Jackiewicz [Fri, 3 Feb 2023 07:27:56 +0000 (08:27 +0100)]
Fix indentation

Change-Id: I1f4e3d3c0c3ec9d4d7da436979236e177ad86c6a

21 months agoSW backend API cleanup 00/287800/2
Krzysztof Jackiewicz [Wed, 1 Feb 2023 15:30:21 +0000 (16:30 +0100)]
SW backend API cleanup

Get rid of unnecessary "virtual" specifiers.
Use "override" instead.
Remove unnecessary destructors.

Change-Id: Ide0892647acee5fe2046653d6e65bfa09b2fbe01

2 years agoAdd more KeyProvider tests 05/282805/1 accepted/tizen/unified/20221102.020616
Krzysztof Jackiewicz [Tue, 11 Oct 2022 15:42:57 +0000 (17:42 +0200)]
Add more KeyProvider tests

This includes tests for newly added key format and migration.

Change-Id: I852fa672ad39599dc89ac3a7b334c7e914c71bde

2 years agoRefactor KeyProvider 11/282611/1
Krzysztof Jackiewicz [Wed, 5 Oct 2022 13:51:33 +0000 (15:51 +0200)]
Refactor KeyProvider

Apply modifications while keeping key file format and encryption scheme
unchanged:
* Remove unused code
* Deduplicate code
* Unify key naming
* Simplify structures keeping various forms of keys and their metadata
* Update tests

Change-Id: I38caceb6c38bfecbdbbb290df39042ba7b17b394

2 years agoadd debug log and fix a bug 58/282558/3
isaac2.lee [Thu, 6 Oct 2022 01:17:12 +0000 (10:17 +0900)]
add debug log and fix a bug

Change-Id: I35d284cb29ec3bfe53500f4473994ed5c8217e61

2 years agoRelease 0.1.47 50/282550/1
Dongsun Lee [Wed, 5 Oct 2022 10:07:05 +0000 (19:07 +0900)]
Release 0.1.47

* add the se-backend for db encryption

Change-Id: Id0c036cb08a11215e74be5e6bb2343785fd6bc93

2 years agoadd the se-backend for db encryption 49/282549/1
이이삭/System Security Lab(SR)/삼성전자 [Wed, 5 Oct 2022 07:10:38 +0000 (16:10 +0900)]
add the se-backend for db encryption

* add the se-backend for db encryption
* change se-backend include dependancy and remove the unavailable codes
* remove migration DBDEK and rearrange KeyProvider structures

Change-Id: I52e07ac5af7b41d0f79b7fee818221f25b1d60cd

2 years agoRelease 0.1.46 65/282065/1
Krzysztof Jackiewicz [Mon, 26 Sep 2022 14:28:11 +0000 (16:28 +0200)]
Release 0.1.46

* Fix encryption request handling
* Add Samsung's Analysis Hub service configuration
* Remove unused sec_build_binary_debug_enable build macro

Change-Id: I909ddd67218797199f44d35582d20fb77e47f9ef

2 years agoFix encryption request handling 50/282050/1
Krzysztof Jackiewicz [Mon, 26 Sep 2022 10:47:24 +0000 (12:47 +0200)]
Fix encryption request handling

The key used in m_requestMap is not unique which may lead to errors when
requests from multiple clients are processed.

Use a separate request counter as the key.

Change-Id: Iffbf0a3c43ea0c091eb3d714ef0a77211f9b3a78

2 years agoAdd Samsung's Analysis Hub service configuration 54/281754/1 sandbox/tswierczek/ahub_test
Tomasz Swierczek [Wed, 21 Sep 2022 10:30:25 +0000 (12:30 +0200)]
Add Samsung's Analysis Hub service configuration

Configuration allows skipping sqlcipher.c file,
which is external open source, from static analysis.

Change-Id: Ia1ed85e403c8feefdfe659018b660af5dbe27daa

2 years agoRemove unused sec_build_binary_debug_enable build macro 00/267100/1
Dariusz Michaluk [Thu, 25 Nov 2021 10:46:28 +0000 (11:46 +0100)]
Remove unused sec_build_binary_debug_enable build macro

Change-Id: I3fc241eabb7ba6b8f737149f99410da0af028953

3 years agoRelease 0.1.45 92/261992/1 accepted/tizen_7.0_unified_hotfix tizen_7.0_hotfix accepted/tizen/6.5/unified/20211028.121009 accepted/tizen/7.0/unified/hotfix/20221116.105609 accepted/tizen/unified/20210809.125009 submit/tizen/20210802.071931 submit/tizen_6.5/20211028.162401 tizen_6.5.m2_release tizen_7.0_m2_release
Tomasz Swierczek [Tue, 27 Jul 2021 06:39:17 +0000 (08:39 +0200)]
Release 0.1.45

* Deprecate ckmc_ocsp_check API

Change-Id: I248a647047782f6a7f403cd51b3c9b76152936b0

3 years agoDeprecate ckmc_ocsp_check API 91/261991/1
Tomasz Swierczek [Tue, 27 Jul 2021 06:01:47 +0000 (08:01 +0200)]
Deprecate ckmc_ocsp_check API

OCSP test certificate management is problematic, and Tizen platform
has another ocsp API in OpenSSL which can be officially recommended.

Change-Id: Ifc115c300e79a64b65361deaa848ee396e654240

3 years agoRelease 0.1.44 39/260539/1 accepted/tizen/unified/20210630.144039 submit/tizen/20210628.124714 submit/tizen/20210628.130131
Michał Szaknis [Mon, 28 Jun 2021 12:22:49 +0000 (14:22 +0200)]
Release 0.1.44

* Use fixed object ID in TZ backend
* Add more tests to increase coverage

Change-Id: I989df7e1b5b8c9f783014b40b4eb700c263d1cd3

3 years agoUse fixed object ID in TZ backend 44/260344/5
Michał Szaknis [Wed, 21 Apr 2021 15:28:08 +0000 (17:28 +0200)]
Use fixed object ID in TZ backend

Calculate the object ID as a hash of credentials and alias instead of
using a random ID.

Change-Id: Ice164d6f8eda9acd157c4d74f47d45fef49f6ddc

3 years agoAdd tests for `try_catch` and `try_catch_enclosure` 93/258693/5
Michał Szaknis [Fri, 21 May 2021 14:17:20 +0000 (16:17 +0200)]
Add tests for `try_catch` and `try_catch_enclosure`

Change-Id: If74b22ad53961a32c75d3d7feae48f2a41d09508

3 years agoAdd tests for ckmc-type-converter.cpp 91/258691/5
Michał Szaknis [Fri, 21 May 2021 08:18:35 +0000 (10:18 +0200)]
Add tests for ckmc-type-converter.cpp

Change-Id: Idd90ad6f954ec491d718b955bea2f43624986160

3 years agoAdd tests for AliasSupport class 90/258690/4
Michał Szaknis [Thu, 20 May 2021 15:16:14 +0000 (17:16 +0200)]
Add tests for AliasSupport class

Change-Id: I509160e10ca4ac00418d3ee408c32915c6aa5511

3 years agoAdd test to xml-utils.cpp 89/258689/4
Michał Szaknis [Thu, 20 May 2021 10:30:06 +0000 (12:30 +0200)]
Add test to xml-utils.cpp

Change-Id: I74c1130c20245ade53dbb86c72e38528409be23f

3 years agoRelease 0.1.43 37/258337/1 submit/tizen/20210514.053932
Krzysztof Jackiewicz [Thu, 13 May 2021 13:34:32 +0000 (15:34 +0200)]
Release 0.1.43

* Open legacy db in R/W mode
* Fix coverage generation in rpm 4.14.1
* Suppress TEEC deprecated declarations warnings
* Remove unnecessary cast to double in db perf test

Change-Id: I44b581084930e2253ea3112e362733f47a0c9479

3 years agoOpen legacy db in R/W mode 35/258335/1
Krzysztof Jackiewicz [Thu, 13 May 2021 12:53:32 +0000 (14:53 +0200)]
Open legacy db in R/W mode

If due to a failure during previous transaction a rollback journal is
generated, the original legacy database has to be restored to the
original state before it can be dumped. However, it can't be done
unless the database is opened in R/W mode.

Change-Id: Icc455f4e820a5be8b0628e95895680e9cbb14eb6