platform/core/security/key-manager.git
9 years agoFix potential buffer overflow error CID: 40674 97/42897/6
Krzysztof Jackiewicz [Fri, 3 Jul 2015 14:51:22 +0000 (16:51 +0200)]
Fix potential buffer overflow error CID: 40674

Change backported from security-server repository.

Change-Id: I7613de85e79bc5627336c70842c64bd35eb36468

9 years agoExtend asynchronous API socket timeout 93/43593/5
Krzysztof Jackiewicz [Fri, 10 Jul 2015 10:31:40 +0000 (12:31 +0200)]
Extend asynchronous API socket timeout

[Problem] Encryption and decryption may take much longer than 10s. In such case it fails because of timeout.
[Solution] Extend timeout to 60s.

[Verification] Run ckm-tests --group=CKM_ENCRYPTION_DECRYPTION

Change-Id: I14c4084d7c44d310ab69649bd55e608f1b627204

9 years agoCall import & destroy on store 92/43592/7
Krzysztof Jackiewicz [Fri, 10 Jul 2015 09:05:42 +0000 (11:05 +0200)]
Call import & destroy on store

[Problem] Data is not imported to store during row creation and is not destroyed in
it during row removal.
[Solution] Import and destroy are called.

[Verification] Run ckm-tests --output=text

Change-Id: I364c98790fa4cffc408f05b641712aaec0d4955c

9 years agoVersion 0.1.15 21/45321/1 accepted/tizen/mobile/20150804.235652 accepted/tizen/tv/20150804.235701 accepted/tizen/wearable/20150804.235708 submit/tizen/20150804.145524
Bartlomiej Grzelewski [Tue, 4 Aug 2015 13:45:41 +0000 (15:45 +0200)]
Version 0.1.15

Change-Id: I52277c8cf9086d276379282971987d0fcead5ff0

9 years agoUpdate implementation of Stringify. 03/42703/2
Bartlomiej Grzelewski [Wed, 1 Jul 2015 14:02:45 +0000 (16:02 +0200)]
Update implementation of Stringify.

Change-Id: Id237fe33a435be9ab7b28ad223e00bca23a95fc9

9 years agoRemove unnecessary argument names in function typedef 04/43504/5
Krzysztof Jackiewicz [Thu, 9 Jul 2015 13:18:01 +0000 (15:18 +0200)]
Remove unnecessary argument names in function typedef

[Problem] Unnecessary argument names in function typedef
[Solution] Names removed

[Verification] Successfull compilation

Change-Id: I32255580b6b9e9c386493adb94f50e2f77b48661

9 years agoImplement asynchronous encryption/decryption API 03/43503/5
Krzysztof Jackiewicz [Thu, 9 Jul 2015 12:44:36 +0000 (14:44 +0200)]
Implement asynchronous encryption/decryption API

[Feature] Encryption/decryption API implementation
[Solution] Add asynchronous interface for encryption and decryption

[Verification] Run ckm-tests --group=CKM_ENCRYPTION_DECRYPTION

Change-Id: Ie18d80a47885895aabbedc51d8bdb8ff60172726

9 years agoAdd RSA OAEP support 46/43046/4
Krzysztof Jackiewicz [Tue, 7 Jul 2015 10:10:50 +0000 (12:10 +0200)]
Add RSA OAEP support

[Feature] Encryption service development
[Solution] Add support for RSA OAEP encryption/decryption

[Verification] Run ckm-tests --group=CKM_ENCRYPTION_DECRYPTION

Change-Id: Ieb78fcb65fbd6e2042c2b7effe1ef7b66429fcbd

9 years agoAdd AAD support in AES GCM 19/42819/5
Krzysztof Jackiewicz [Thu, 2 Jul 2015 13:34:47 +0000 (15:34 +0200)]
Add AAD support in AES GCM

[Feature] Encryption service development.
[Solution] Add AppendAAD method to EvpCipherWrapper. Use it to provide AAD in
AES GCM encryption/decryption.

[Verification] ckm-test --regexp=TED_1250_gcm_aad should pass.

Change-Id: If461a875490b3a6319eb5c78b914bd4df6591746

9 years agoOpenssl: add thread support and fix initialization 09/42809/5
Krzysztof Jackiewicz [Thu, 2 Jul 2015 11:40:12 +0000 (13:40 +0200)]
Openssl: add thread support and fix initialization

[Problem] Openssl is used in multiple threads without proper thread support.
Openssl initialization is scattered across several threads/files.
[Solution] Lock and thread id callbacks registered. Openssl initialization
refactored and fixed.

[Verification] Run ckm-tests --output=text & ckm-tests-internal

Change-Id: Iff26af6a0afd67001155aac040949bfde9cc6d31

9 years agoMerge "Match schema file version to db version" into tizen
Dong Sun Lee [Tue, 28 Jul 2015 01:15:04 +0000 (18:15 -0700)]
Merge "Match schema file version to db version" into tizen

9 years agoMatch schema file version to db version 73/44173/1
Kyungwook Tak [Fri, 17 Jul 2015 10:45:36 +0000 (19:45 +0900)]
Match schema file version to db version

Change-Id: I9379b1e4eb39125c0a421fc9655ce0f8c3641c4a
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
9 years agoFix segfault in getCertificateChain 20/42820/3
Krzysztof Jackiewicz [Thu, 2 Jul 2015 14:05:41 +0000 (16:05 +0200)]
Fix segfault in getCertificateChain

[Problem] When getCertificateChain is called with empty certificate a segfault
occurs in client.
[Solution] Add param check in client.

[Verification] Run ckm-tests --regexp=T13122_get_chain_empty_cert &&
ckm-tests --regexp=T13121_get_chain_no_cert

Change-Id: I4f29ab1ca95166de261ef9120897ac85ac80c722

9 years agoFix parameter validation in ocsp 92/42892/1
Krzysztof Jackiewicz [Fri, 3 Jul 2015 14:36:40 +0000 (16:36 +0200)]
Fix parameter validation in ocsp

[Problem] It's possible to pass invalid certificate chains to ocsp that will
cause segfault.
[Solution] Add argument check

[Verification] Run ckm-tests --regexp=ocsp_check

Change-Id: I267054f81780149a0512532a016c3f7caf30e900

9 years agoReduce number of error logs in ckm. 33/41433/7
Bartlomiej Grzelewski [Wed, 1 Jul 2015 13:47:27 +0000 (15:47 +0200)]
Reduce number of error logs in ckm.

Change-Id: Ibdf054bfa39723910dafd2eea64173b8e34f13e0

9 years agoFix table name to add backendId 37/42837/2
Kyungwook Tak [Fri, 3 Jul 2015 04:53:06 +0000 (13:53 +0900)]
Fix table name to add backendId

Change-Id: I5204529f11267f8df1b896435125108bc972bb63
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
9 years agoKlocwork fixes. 75/42375/5
Zbigniew Jasinski [Fri, 26 Jun 2015 13:13:35 +0000 (15:13 +0200)]
Klocwork fixes.

variable is used, but is uninitialized.

Change-Id: Ie7d1d1004479a48745b342c6a1f0914dfc919c3f

9 years agoremove sockets' smack label to conform to 3 domain policy 29/42729/1 accepted/tizen/mobile/20150702.104554 accepted/tizen/tv/20150702.104616 accepted/tizen/wearable/20150702.104629 submit/tizen/20150702.083501
Dongsun Lee [Thu, 2 Jul 2015 02:30:22 +0000 (11:30 +0900)]
remove sockets' smack label to conform to 3 domain policy

Change-Id: Ic5907ada63c08f468cdc497b365e66b44176991c
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
9 years agoAdd support for AES CTR and AES CFB 82/42582/4
Krzysztof Jackiewicz [Tue, 30 Jun 2015 09:19:02 +0000 (11:19 +0200)]
Add support for AES CTR and AES CFB

[Feature] Implementation of encryption service
[Solution] CTR and CFB modes implemented

[Verification] Run ckm-tests --group=CKM_ENCRYPTION_DECRYPTION. Only rsa tests
and gcm aad test may fail.

Change-Id: I71f8c71a0fce536037da7653986c674c3a63499a

9 years agoAdd support for different AES key sizes 26/42526/5
Krzysztof Jackiewicz [Mon, 29 Jun 2015 13:52:45 +0000 (15:52 +0200)]
Add support for different AES key sizes

[Problem] AES encryption/decryption supports only 256-bit key size.
[Solution] Add support for 128 and 192-bit key encryption/decryption.

[Verification] Run ckm-tests --group=CKM_ENCRYPTION_DECRYPTION. Only
TED_1250_gcm_aad may fail.

Change-Id: Ia949250b7f3597dee5360c3373c9164dc2e4d9e8

9 years agoEncryption service refactoring 69/42369/6
Krzysztof Jackiewicz [Fri, 26 Jun 2015 12:19:36 +0000 (14:19 +0200)]
Encryption service refactoring

[Problem] Unnecessary counter in communication manager. Request map name.
[Solution] Counter replaced by size(). Request map renamed.

[Verification] Successfull compilation. Run tests

Change-Id: I757d729de8f26a1bca8af65f1377d43afcc07d79

9 years agoAdd algorithm param validation 16/42116/8
Krzysztof Jackiewicz [Fri, 19 Jun 2015 08:08:31 +0000 (10:08 +0200)]
Add algorithm param validation

[Problem] Algorithm param validation is quite complicated. We need a generic
mechanism for parameter constraints definition. Aes key generation algorithm is
missing. There's no validation of encryption params.
[Solution] Created generic parameter validation framework. Defined constraints
for all algorithms. Aes key algorithm added. Algorithm parameter validation
refactored.

[Verification] run ckm-tests --output=text

Change-Id: Ia1df8a3f4bcda835a736d5fe1e4fbc7157d1a26c

9 years agoFix C compilation 82/42482/1 accepted/tizen/mobile/20150630.002445 accepted/tizen/tv/20150630.002501 accepted/tizen/wearable/20150630.002512 submit/tizen/20150629.123348
Krzysztof Jackiewicz [Mon, 29 Jun 2015 09:13:30 +0000 (11:13 +0200)]
Fix C compilation

[Problem] ckmc_param_list_s fails to compile when C compiler is used.
[Solution] Proper typedef added.

[Verification] Successfull compilation of security-tests (c-compilation.c).

Change-Id: I90cbd8a530707961d593f51e5bc0f2cc9b4b38d3

9 years agoMerge "allow all clients to access storage socket and ocsp socket" into tizen
Dongsun Lee [Sat, 27 Jun 2015 07:12:53 +0000 (00:12 -0700)]
Merge "allow all clients to access storage socket and ocsp socket" into tizen

9 years agoMerge "add a solution in case for no password set" into tizen
Dongsun Lee [Sat, 27 Jun 2015 07:12:42 +0000 (00:12 -0700)]
Merge "add a solution in case for no password set" into tizen

9 years agoallow all clients to access storage socket and ocsp socket 01/42401/1 accepted/tizen/mobile/20150629.000431 accepted/tizen/tv/20150629.000436 accepted/tizen/wearable/20150629.000446 submit/tizen/20150627.071352
Dongsun Lee [Sat, 27 Jun 2015 06:29:24 +0000 (15:29 +0900)]
allow all clients to access storage socket and ocsp socket

Change-Id: I38dc270b4e58cc791a219fb2c46520650f2bba0b
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
9 years agoadd a solution in case for no password set 00/42400/1
Dongsun Lee [Sat, 27 Jun 2015 06:27:54 +0000 (15:27 +0900)]
add a solution in case for no password set

Change-Id: Ie7d65c5165a2d0e162b4e990240c84e12d6227ed
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
9 years agoEncryption service calls proper encryption/decryption methods 83/41883/6
Krzysztof Jackiewicz [Thu, 18 Jun 2015 14:24:20 +0000 (16:24 +0200)]
Encryption service calls proper encryption/decryption methods

[Feature] Encryption srevice development
[Solution] After key is retrieved it is used to perform encryption/decryption
of data and return the result to the client.

[Verification] Run ckm-tests --group=CKM_ENCRYPTION_DECRYPTION.
TED_1250_gcm_aad may fail.

Change-Id: Iaff45ac05df0470eabf3164c6fb427c68c9ef1a5

9 years agoencrypted initial values: schema enhancements plus SW device key schema. 09/42309/5
Maciej J. Karpiuk [Thu, 25 Jun 2015 12:34:09 +0000 (14:34 +0200)]
encrypted initial values: schema enhancements plus SW device key schema.

Change-Id: Ib0f47fc5c95a785a9d2263a2d0b16da2c1ea7460

9 years agoImplement key retrieval in encryption service 01/41801/9
Krzysztof Jackiewicz [Wed, 17 Jun 2015 12:19:50 +0000 (14:19 +0200)]
Implement key retrieval in encryption service

[Feature] Encryption/decryption service implementation
[Solution] Encryption service sends a key request, CKM service retrieves the
key and returns it to Encryption service.

[Verification] Run ckm-tests --group=CKM_ENCRYPTION_DECRYPTION and observe
journalctl -f. TED_0010_encrypt_invalid_param_list should print:
"Attempt to retrieve key failed with error: -15" (5 times)
other failing tests should print:
"Encryption/decryption not yet supported"

Change-Id: I56dc8a08ba211e996295f962da12193027c1a78c

9 years agoAdd MessageService 00/41800/8
Krzysztof Jackiewicz [Wed, 17 Jun 2015 12:17:57 +0000 (14:17 +0200)]
Add MessageService

[Feature] Inter-service communication development
[Solution] Add MessageService and ThreadMessageService classes to
support/simplify transferring inter service messages between services/threads.

[Verification] Verify together with next commit

Change-Id: Id205e299ffc186a5e6eae6563d9804ce61fdec21

9 years agoAdd support for inter-service communication in SocketManager 99/41799/8
Krzysztof Jackiewicz [Wed, 17 Jun 2015 11:12:39 +0000 (13:12 +0200)]
Add support for inter-service communication in SocketManager

[Feature] Inter-service communication development.
[Solution] Add CommunicationManager basing on existing messages to
SocketManager. Set communication manager in services.

[Verification] Successfull compilation. Run ckm-tests --output.

Change-Id: Ic22b3496f7f40a424cec4794513cec9211a752d1

9 years agoAdd inter-service messages 98/41798/8
Krzysztof Jackiewicz [Wed, 17 Jun 2015 11:07:58 +0000 (13:07 +0200)]
Add inter-service messages

[Feature] Development of inter-service communication
[Solution] Create inter-service communication message class hierarchy including
key request and response messages.

[Verification] Successfull compilation

Change-Id: I41de882a089560201395fbcfe0143c067c1aee1f

9 years agoCommunicationManager returns the number of called listeners 97/41797/8
Krzysztof Jackiewicz [Wed, 17 Jun 2015 10:55:53 +0000 (12:55 +0200)]
CommunicationManager returns the number of called listeners

[Problem] There's no way to find out if inter-service message reached some
listeners.
[Solution] SendMessage returns the number of called listeners.

[Verification] Run ckm-tests-internal -t MESSAGE_MANAGER_TEST

Change-Id: I0f9cba13991cb79e2901a6784a6b18e3b87c7150

9 years agoAdd encryption service 66/40166/15
Krzysztof Jackiewicz [Fri, 29 May 2015 14:59:57 +0000 (16:59 +0200)]
Add encryption service

[Feature] Encryption/decryption implementation
[Solution] Encryption service added

[Verification] Run test: ckm-tests --group=CKM_ENCRYPTION_DECRYPTION

Change-Id: I3ff79b06eabb6957ef2bbbe9a5bf7e5e2a995a21

9 years agoUse new exception types in KeyProvider class. 49/41349/3
Bartlomiej Grzelewski [Fri, 12 Jun 2015 13:32:28 +0000 (15:32 +0200)]
Use new exception types in KeyProvider class.

This commit also removed exception throw in object destructor.

Change-Id: I55f58bd5e63261632404557f60caa7f0af393714

9 years agoReplace shared ptr with unique ptr. 22/42322/1
Bartlomiej Grzelewski [Thu, 25 Jun 2015 15:48:19 +0000 (17:48 +0200)]
Replace shared ptr with unique ptr.

Change-Id: I7542c03078dc449dfb925824e8e89d11fcffcde9

9 years agoMove encryption from crypto-logic class to "internal module". 62/41462/2
Maciej J. Karpiuk [Thu, 11 Jun 2015 13:21:52 +0000 (15:21 +0200)]
Move encryption from crypto-logic class to "internal module".

Change-Id: I60186591a9d3c188d9642b202be1bcab047fee61

9 years agoIntroduce new (much simpler) Exception type. 62/40962/5
Bartlomiej Grzelewski [Tue, 9 Jun 2015 13:09:59 +0000 (15:09 +0200)]
Introduce new (much simpler) Exception type.

This commit changes the exception class hierarhy. Exceptions class won't
be hidden inside classes. From now exceptions will be defined globally
per project.

It does not mean that you cannot create hidden exception inside class.

Change-Id: If10bc10154684de91ea1f82332860ef53bdd2d3a

9 years agoFix serious bug that causes crash on CKM exit. 15/41215/1
Bartlomiej Grzelewski [Thu, 11 Jun 2015 15:33:50 +0000 (17:33 +0200)]
Fix serious bug that causes crash on CKM exit.

Change-Id: Idef7ad9a4606b16f293a1052c313fa045a2f5da5

9 years agoUpdate parameter list API 48/40748/4
Krzysztof Jackiewicz [Mon, 8 Jun 2015 14:05:47 +0000 (16:05 +0200)]
Update parameter list API

[Problem] Param name range check is needed. Support for param overwriting is
needed. Getters in CAPI are needed. IV param has to be added manually.
[Solution] Add predefined range for possible ParamName values. Add ParamName
value check. Support param overwriting. Add CAPI param getters. IV param is not
generated in ckmc_generate_params.

[Verification] Run ckm-tests --group=CKM_ALGO_PARAMS and
ckm-tests-internal -t SERIALIZATION_TEST
All should pass.

Change-Id: I72a2c603d7a8f60bab5cb0c18fdc3866a28c7a82

9 years agoAES: add generation, save, get support. 80/40380/9
Maciej J. Karpiuk [Wed, 3 Jun 2015 07:14:16 +0000 (09:14 +0200)]
AES: add generation, save, get support.

[Verification] a copule of AES tests added along other key types tests:
https://review.tizen.org/gerrit/#/c/38195/

Change-Id: If6508811f874d438551a9d528b17d5719adc8ed0

9 years agoAES key creation API 95/39295/5
Krzysztof Jackiewicz [Tue, 7 Apr 2015 08:36:24 +0000 (10:36 +0200)]
AES key creation API

[Issue#] N/A
[Feature] API allowing creation of AES key in key-manager database
[Problem] N/A
[Cause] N/A
[Solution] N/A

[Verification] Successfull compilation. Run tests.

Change-Id: I3ec358ce4a58afb657afaf110ca81bacea7dcd10

9 years agoKey generation uses CryptoAlgorithm object provided by the client. 48/40148/3
Maciej J. Karpiuk [Fri, 29 May 2015 11:51:15 +0000 (13:51 +0200)]
Key generation uses CryptoAlgorithm object provided by the client.

Protocol changed: single command to generate all types of asymetric keys.

Change-Id: Iafe2b593c3945ff0e3fcc31241faea3a542aca65

9 years agoImplement encryption/decryption API 52/40052/8
Krzysztof Jackiewicz [Thu, 28 May 2015 07:11:22 +0000 (09:11 +0200)]
Implement encryption/decryption API

[Feature] Implementation of encryption/decryption service.
[Solution] API implemented

[Verification] Run ckm-tests --group=CKM_ENCRYPTION_DECRYPTION
(TED_0040_encrypt_no_output_buffer passes, all other tests fail with
CKMC_ERROR_SOCKET)

Change-Id: Ib0ce85f031e92660713ae4f320a4fd3981a43ffc

9 years agoAlgorithm types and param names updated 03/40003/5
Krzysztof Jackiewicz [Wed, 27 May 2015 12:47:07 +0000 (14:47 +0200)]
Algorithm types and param names updated

[Problem] ED_CTR can be replaced with ED_IV. We need a way to distinguish
asymmetric algorithms for different purposes (encryption, signing/verification,
key generation)
[Solution] ED_CTR replaced with ED_IV. New algorithm types added.

[Verification] Compile and run tests: ckm-tests-internal -t SERIALIZATION_TEST

Change-Id: Id7f5f805f25aa674023f6fc8c3631c8b7abcea64

9 years agoEncryption/decryption API 96/39296/10
Krzysztof Jackiewicz [Wed, 1 Apr 2015 09:45:48 +0000 (11:45 +0200)]
Encryption/decryption API

[Issue#] N/A
[Feature] Encryption decryption support
[Problem] N/A
[Cause] N/A
[Solution] API for encryption decryption

[Verification] Succesfull compilation. Run tests
ckm-tests --group=ALGO_PARAMS (all pass)
ckm-tests --group=ENCRYPTION_DECRYPTION (all fail with CKMC_ERROR_UNKNOWN)

Change-Id: I6cbb1fb56ad1d82f8d673ed27d22eade82e4e1d0

9 years agocrypto-service key generation contents moved into SW backend. 04/40004/7
Maciej J. Karpiuk [Wed, 27 May 2015 13:01:48 +0000 (15:01 +0200)]
crypto-service key generation contents moved into SW backend.

Change-Id: Icf746f14b7bcbd4bc1ac847dae4de0e4ad23a194

9 years agoMake CryptoAlgorithm copyable. 51/40051/2
Krzysztof Jackiewicz [Thu, 28 May 2015 07:28:09 +0000 (09:28 +0200)]
Make CryptoAlgorithm copyable.

[Problem] CryptoAlgorithm have to be copied on client side. One copy has to
remain on client side for decryption and the other has to be serialized in
client.
[Solution] Unique_ptr replaced with shared_ptr so that CryptoAlgorithm copying
is possible.

[Verification] Run ckm-tests-internal -t SERIALIZATION_TEST

Change-Id: Ied81a1414cc9c6b40206116895f713b779a685ac

9 years agoInitial values XSD moved into read only directory. 59/39859/3
Maciej J. Karpiuk [Mon, 25 May 2015 09:07:45 +0000 (11:07 +0200)]
Initial values XSD moved into read only directory.

Change-Id: I200465912b82eae0b75228273e0af7cafe53ec7d

9 years agoAdd classes for Trust Zone backend. 12/39612/4
Bartlomiej Grzelewski [Tue, 19 May 2015 15:18:30 +0000 (17:18 +0200)]
Add classes for Trust Zone backend.

Change-Id: I84d0fc46e0026e83903ead87285fb6f9fb5754db

9 years agoAdd initial values support - values to feed the shared database on first startup. 99/39299/11
Maciej J. Karpiuk [Fri, 8 May 2015 12:00:24 +0000 (14:00 +0200)]
Add initial values support - values to feed the shared database on first startup.

Change-Id: Iec81d8aa168dd30072aae86827124744798ef33d

9 years agoSW Backend initialization refactoring. 11/39611/3
Bartlomiej Grzelewski [Tue, 19 May 2015 14:41:11 +0000 (16:41 +0200)]
SW Backend initialization refactoring.

Random initialization from CryptoService was moved to
CKM::Crypto::SW::Internals namespace.

Change-Id: I47ff24a9af908a9856158ec32a402e09d9b163b2

9 years agoAdd generic XML parser + tests. 98/39298/9
Maciej J. Karpiuk [Wed, 6 May 2015 13:20:41 +0000 (15:20 +0200)]
Add generic XML parser + tests.

Change-Id: I44494b0e3034cb0e6e258bc9b8da8cadb5e2be70

9 years agoUse new classes to sign and verify messages. 63/39363/8
Bartlomiej Grzelewski [Wed, 13 May 2015 14:56:08 +0000 (16:56 +0200)]
Use new classes to sign and verify messages.

Remove old implementation of sign/verify methods.

Change-Id: I391d29ffc3ae8a2fe49b09259387efa2023abec2

9 years agoSimplify CryptoAlgorithm interface 01/39501/4
Krzysztof Jackiewicz [Fri, 15 May 2015 17:40:29 +0000 (19:40 +0200)]
Simplify CryptoAlgorithm interface

[Issue#] N/A
[Feature/Bug] N/A
[Problem] N/A
[Cause] CryptoAlgorithm interface was too complicated
[Solution] Add high level interface

[Verification] Run: ckm-tests-internal --run_test=SERIALIZATION_TEST

Change-Id: I9f02d6ea6f3cc37d46585e1460f2a02bdc107f3c

9 years agoAdd backend id to database scheme 87/39487/5
Krzysztof Jackiewicz [Fri, 15 May 2015 09:59:27 +0000 (11:59 +0200)]
Add backend id to database scheme

[Issue#] N/A
[Feature/Bug] N/A
[Problem] N/A
[Cause] We have to keep backend id in database.
[Solution] Schema updated

[Verification] Run migration tests:
ckm-tests-internal --run_test=DBCRYPTO_MIGRATION_TEST
ckm-tests-internal --run_test=DBCRYPTO_TEST/DBtestBackend

Change-Id: Ib33d6c360d655f7c7a01164385e284ec8f759837

9 years agoFix row comparison function in tests 92/39592/2
Krzysztof Jackiewicz [Tue, 19 May 2015 08:00:09 +0000 (10:00 +0200)]
Fix row comparison function in tests

[Issue#] N/A
[Feature/Bug] N/A
[Problem] N/A
[Cause] The function was comparing the row with itself
[Solution] The pattern row is compared with the row read from db

[Verification] Run ckm-tests-internal

Change-Id: I2d98c3478f5e28ebd08bb1306edb5b00df8ab76b

9 years agoRemove DEK on memory when app removed 25/39425/2
kyungwook tak [Fri, 15 May 2015 01:39:09 +0000 (10:39 +0900)]
Remove DEK on memory when app removed

Change-Id: I927b50e8738f1fa6b8189467fa25658c2c235763
Signed-off-by: kyungwook tak <k.tak@samsung.com>
9 years agoFix for sqlcipher ALTER TABLE ADD COLUMN 86/39486/1
Krzysztof Jackiewicz [Fri, 15 May 2015 13:51:22 +0000 (15:51 +0200)]
Fix for sqlcipher ALTER TABLE ADD COLUMN

[Issue#] N/A
[Feature/Bug] N/A
[Problem] N/A
[Cause] In ALTER TABLE ADD COLUMN function the table name was not properly
extracted.
[Solution] Fixed.

[Verification] Run migration tests:
ckm-tests-internal --run_test=DBCRYPTO_MIGRATION_TEST

Change-Id: Ie81a2ec01adc17328bc493ad0aa56bf70dcc1fe5

9 years agoMove Token from CKM::Crypto to CKM namespace. 94/39294/7
Bartlomiej Grzelewski [Mon, 11 May 2015 16:05:28 +0000 (18:05 +0200)]
Move Token from CKM::Crypto to CKM namespace.

Token is used in database and crypto module. It should not be hidden in
CKM::Crypto namespace.

Change-Id: I6d000c05deda8f0027ce3afbdeb3bd0a793f0f78

9 years agoAdd system database - managed by service (uid<5000) users, accessible by priviledged... 97/39297/4
Maciej J. Karpiuk [Thu, 16 Apr 2015 06:55:58 +0000 (08:55 +0200)]
Add system database - managed by service (uid<5000) users, accessible by priviledged regular users.

Change-Id: I08b6c4718ff4219bebfd85ab942cfe22570ed0a5

9 years agoAdd implementation for sign and verify operation. 93/39293/4
Bartlomiej Grzelewski [Fri, 8 May 2015 13:58:51 +0000 (15:58 +0200)]
Add implementation for sign and verify operation.

Change-Id: I105f6c719f17483da2987224f0029fd0a7b44c45

9 years agoNew class hierarchy (multiple backends support). 91/39291/1
Bartlomiej Grzelewski [Mon, 4 May 2015 12:31:27 +0000 (14:31 +0200)]
New class hierarchy (multiple backends support).

Current implemantion my use only one crypto library. The target is to
use at least two libraries at the same time (openssl and trustzone
library for arm devices).

Change-Id: I3563fb1c89f3603a927b8b19f6358b4fc3f5c7cf

9 years agoAdd serialization of CryptoAlgorithm 10/39110/2
Krzysztof Jackiewicz [Fri, 8 May 2015 08:38:10 +0000 (10:38 +0200)]
Add serialization of CryptoAlgorithm

[Issue#] N/A
[Feature/Bug] N/A
[Problem] N/A
[Cause] CryptoAlgorithm needs serialization/deserialization methods.
[Solution] Serialization added.

[Verification] Run ckm-tests-internal --run_test=SERIALIZATION_TEST

Change-Id: I8556f366311f4e4a5255a33303bd7f42dc0cfcdd

9 years agoAdd classes for algorithm parameters 57/39057/3
Krzysztof Jackiewicz [Thu, 7 May 2015 15:38:24 +0000 (17:38 +0200)]
Add classes for algorithm parameters

[Issue#] N/A
[Feature/Bug] N/A
[Problem] N/A
[Cause] We need a way to represent different algorithm parameters in a common
way.
[Solution] A set of classes and enums added.

[Verification] Run ckm-tests --group=ALGO_PARAM_TEST

Change-Id: I281a1b192d01bad5bdfded8dbb1d385e876b6657

9 years agoInitial values format fixed 91/38691/3
Krzysztof Jackiewicz [Fri, 24 Apr 2015 13:40:16 +0000 (15:40 +0200)]
Initial values format fixed

[Issue#] N/A
[Feature/Bug] N/A
[Problem] Wrong occurrence numbers used.
[Cause] N/A
[Solution] Occurrence numbers fixed. Removed whitespaces from ASCII example.

[Verification] xmllint -schema initial_values.xsd example.xml

Change-Id: I78a7cd216a2c412e271e3811a02ec812eadd53ac

9 years agoAdjust manifest files to Tizen 3.0 Security model 87/38587/1
Lukasz Wojciechowski [Wed, 22 Apr 2015 09:59:53 +0000 (11:59 +0200)]
Adjust manifest files to Tizen 3.0 Security model

Remove old Smack based security domain mode known from Tizen 2.X.
Request "_" domain for file labeling as suggested in Three Domains Model.
Do not assign "_" label manually, as that is the default label and files
will receive it anyway.

Change-Id: Ic1735a2f8dffc8f142007d4e3f8dcf981ef90300

9 years agoVersion 0.1.14 26/38326/1 tizen_3.0.2015.q2_common accepted/tizen/common/20150416.164946 accepted/tizen/mobile/20150416.235413 accepted/tizen/tv/20150416.234707 accepted/tizen/tv/20150416.234724 accepted/tizen/wearable/20150416.234849 submit/tizen/20150416.145454 submit/tizen/20150416.145858
Krzysztof Jackiewicz [Thu, 16 Apr 2015 12:38:03 +0000 (14:38 +0200)]
Version 0.1.14

Change-Id: I3bf2fa3b6a233fca6b46215d7b15a2ce8c3cc8e9

9 years agoReverting Tizen 2.x specific workarounds for password change/authtype==none. 57/37857/7
Maciej J. Karpiuk [Tue, 7 Apr 2015 11:23:57 +0000 (13:23 +0200)]
Reverting Tizen 2.x specific workarounds for password change/authtype==none.

Change-Id: Ib888b1df3afc54405cf6a3b48bad86e7fc0c92e4

9 years agobugfix: minor memory corruption. Internal tests work. 44/38244/1
Maciej J. Karpiuk [Wed, 15 Apr 2015 09:04:20 +0000 (11:04 +0200)]
bugfix: minor memory corruption. Internal tests work.

Change-Id: Ie6cc846ac066a6d86f0d2642a9906c08b4d35068

9 years agoKey Manager tizen.org session and user management 63/37263/11
Maciej J. Karpiuk [Mon, 23 Mar 2015 15:13:07 +0000 (16:13 +0100)]
Key Manager tizen.org session and user management
integration.

Key-Manager integrates with PAM (via pam_key_manager_plugin.so lib
and appropriate configuration changes) and gumd via user removal hook.

PAM configuration needs to be changed to use the .so specified above.
For testing, do the following changes in /etc/pam.d/system-auth:

section password:
* remove pam_deny.so line
* change pam_unix.so from sufficient to required
* add "password    optional      pam_key_manager_plugin.so change_step=before" before the pam_unix.so entry
* add "password    optional      pam_key_manager_plugin.so change_step=after" after the pam_unix.so entry

section session:
* add "session     optional      pam_key_manager_plugin.so" as last item

Change-Id: I2fd29ab527aa3d89c810b9c6d5f74cbbec2e5957

9 years agoInitial values format adjusted 65/37765/1
Krzysztof Jackiewicz [Fri, 3 Apr 2015 12:30:14 +0000 (14:30 +0200)]
Initial values format adjusted

[Issue#] N/A
[Feature/Bug] N/A
[Problem] Symmetric keys should not hold information about encryption
algorithm. Initial data will be stored as system user but has to be accessible
by ordinary users
[Cause] N/A
[Solution] Symmetric encryption params can be stored separately from key as
data. Encryption params removed from schema. Added permission tag allowing
other users to access system database. XML structure redesigned. Example
updated.

[Verification] Validate example with:
xmllint -schema initial_values.xsd example.xml

Change-Id: I36149b15d6f786e37cec370d632ab74e40efc162

9 years agoSimplify implementation of ServiceThread 60/37060/4
Bartlomiej Grzelewski [Wed, 18 Mar 2015 14:53:57 +0000 (15:53 +0100)]
Simplify implementation of ServiceThread

Change-Id: I56ced6bb12e2a6140ab26ab82f9dd68cb2b92b76

9 years agoAdd inter-service communication framework 65/37065/5
Krzysztof Jackiewicz [Wed, 18 Mar 2015 16:10:30 +0000 (17:10 +0100)]
Add inter-service communication framework

[Issue#] N/A
[Feature/Bug] N/A
[Problem] Services need to communicate with each other
[Cause] N/A
[Solution] Framework for inter-service communication added.

[Verification] Run ckm-tests-internal -t MESSAGE_MANAGER_TEST

Change-Id: I28714ba52efe25c47402adb6ac1bef52859ed898

9 years agoAdd initial value format schema 45/37045/1
Krzysztof Jackiewicz [Thu, 12 Mar 2015 16:34:53 +0000 (17:34 +0100)]
Add initial value format schema

[Issue#] N/A
[Feature/Bug] N/A
[Problem] Initial value format needs to be defined
[Cause] N/A
[Solution] Schema and example added

[Verification] Validate example with: xmllint -schema initial_values.xsd example.xml

Change-Id: I5c8979c971e73b07e959e2fdf5d32ee3f9dabf91

9 years agoOptimize openssl initialization 16/36116/2
Krzysztof Jackiewicz [Tue, 17 Feb 2015 13:42:34 +0000 (14:42 +0100)]
Optimize openssl initialization

[Issue#] N/A
[Feature/Bug] N/A
[Problem] Each time Manager or PKCS12 object is created initCryptoLib is called
and mutex is locked inside it.
[Cause] N/A
[Solution] Once openssl is initialized the initalization function pointer is
switched to empty one, thus mutex is not used any more.

[Verification] Run tests. Alternatively check in gdb that client calls
initOpenSSL() only once

Change-Id: I733e4ca6c88a6a51d69ebb0606f560a9b4828e4c

9 years agoModify APIs and doxygen to meet ACR(TIZEN 2.4) requirement 57/36257/1
yuseok.jeon [Wed, 25 Feb 2015 07:00:09 +0000 (16:00 +0900)]
Modify APIs and doxygen to meet ACR(TIZEN 2.4) requirement

Change-Id: I7a883273c6563df23f8e4668d88fbd73d61c2a08
Signed-off-by: yuseok.jeon <yuseok.jeon@samsung.com>
9 years agoFix description in ckmc-manager.h 56/36256/1
Bartlomiej Grzelewski [Thu, 12 Feb 2015 14:12:38 +0000 (15:12 +0100)]
Fix description in ckmc-manager.h

Change-Id: Iceb597c1c8cd10360add0c20a40a2269c53ab2cd

9 years agoAdd symbolic-functions linker flag 00/35800/1
kyungwook tak [Mon, 23 Feb 2015 06:30:37 +0000 (15:30 +0900)]
Add symbolic-functions linker flag

Change-Id: I6b014e269f83a48ad516e2b64c1e0de89c546bf9
Signed-off-by: kyungwook tak <k.tak@samsung.com>
9 years agoTool for measuring dlopen/dlsym performance 99/35799/1
Krzysztof Jackiewicz [Tue, 10 Feb 2015 17:14:56 +0000 (18:14 +0100)]
Tool for measuring dlopen/dlsym performance

[Issue#] N/A
[Feature/Bug] N/A
[Problem] We need a tool that will show the influence of the number of symbols
and the size of a library on dlopen/dlsym performance
[Cause] N/A
[Solution] Tool added

[Verification] Run ckm_so_loader [library_path] [symbol_to_load]

Change-Id: I524bb20d4a23a5128e83ee42241161ce15fc2092

9 years agoGlobals in LogSystem adjusted to use in lib constructor 98/35798/1
Krzysztof Jackiewicz [Tue, 10 Feb 2015 17:10:30 +0000 (18:10 +0100)]
Globals in LogSystem adjusted to use in lib constructor

[Issue#] N/A
[Feature/Bug] N/A
[Problem] dlopen() fails with client library
[Cause] The order of global variables construction in common library is unpredictable.
[Solution] Global variable made member. Strings replaced by const char* const.

[Verification] Use ckm_so_loader 2 100 /usr/lib/libkey-manager-client.so ckmc_save_key

Change-Id: I0add0c1fe3c66ac9d42a94b7e59bf21cadecdefc

9 years agoFix serialization implementation to support 32 and 64 platform. 97/35797/1
Bartlomiej Grzelewski [Tue, 17 Feb 2015 16:30:00 +0000 (17:30 +0100)]
Fix serialization implementation to support 32 and 64 platform.

Change-Id: I3bf8c4bf1c1fa369ea9b0ba1aa20edfe9228f0d9

9 years agoRemoval of unused build artifact "key-provider".
Maciej J. Karpiuk [Tue, 17 Feb 2015 11:54:18 +0000 (12:54 +0100)]
Removal of unused build artifact "key-provider".

9 years agoChange parameters of ckmc_get_pkcs12 function.
Bartlomiej Grzelewski [Thu, 12 Feb 2015 13:09:35 +0000 (14:09 +0100)]
Change parameters of ckmc_get_pkcs12 function.

New version supports additional passwords that may be used
to secure private key and certificates.

Change-Id: I809e5fbbd090e4ee793745e68256915144bb1cd2

9 years agoUse _toCkmCertificateVector in pkcs12 client CAPIs
kyungwook tak [Thu, 12 Feb 2015 02:30:01 +0000 (11:30 +0900)]
Use _toCkmCertificateVector in pkcs12 client CAPIs

Change-Id: I21caca7f9c39dc5e372977e3a4891e1c71d99c22
Signed-off-by: kyungwook tak <k.tak@samsung.com>
9 years agoCKM FileSystem versioning with file name format update mechanism
kyungwook tak [Mon, 9 Feb 2015 06:36:07 +0000 (15:36 +0900)]
CKM FileSystem versioning with file name format update mechanism

 * DKEK format releaseed on kiran
     (key-<uid>-<autoincreased num>)
 * DKEK format on version 0.1.13
     (key-<uid>)
     (key-backup-<uid>)
 * DKEK format on tizen 2.4 which has container feature
   (not merged from knox-tct branch yet,
    so not included about it in this commit)
     (key-<zone name>-<uid>)
     (key-backup-<zone name>-<uid>

Change-Id: I5ce62528d54268cccb7f9705daf0793aec782513
Signed-off-by: kyungwook tak <k.tak@samsung.com>
9 years agoAdd support for password in Manager::getPCKS12 function.
Bartlomiej Grzelewski [Fri, 6 Feb 2015 16:55:59 +0000 (17:55 +0100)]
Add support for password in Manager::getPCKS12 function.

In function savePKCS12 user may specify passwords to protect
data. Function getPKCS12 wasn't support passwords so it was not
possible to extract PKCS12 secured with this functionality.

Change-Id: I542873b817a2bff1064b2b56254d14fb632d8bdf

9 years agounlock with password when resetPassword called in case of first start of device
kyungwook tak [Tue, 10 Feb 2015 01:17:12 +0000 (10:17 +0900)]
unlock with password when resetPassword called in case of first start of device

Change-Id: I536b7b5ff2448990bd0c5fdda87730b34e13c16f
Signed-off-by: kyungwook tak <k.tak@samsung.com>
9 years agoFix for gcc4.8 (-ldl)
Krzysztof Jackiewicz [Fri, 6 Feb 2015 14:24:47 +0000 (15:24 +0100)]
Fix for gcc4.8 (-ldl)

[Issue#] N/A
[Feature/Bug] N/A
[Problem] Linker fails when gcc4.8 is used
[Cause] Undefined symbols from dynamic linker library because of missing -ldl
option
[Solution] Add -ldl option

[Verification] Successfull linkage

Change-Id: Ida7784fddd9caa92c1a23cb50c5025f257ae7020

9 years agoCommon logging setup for client and service
Krzysztof Jackiewicz [Thu, 29 Jan 2015 17:12:01 +0000 (18:12 +0100)]
Common logging setup for client and service

[Issue#] N/A
[Feature/Bug] N/A
[Problem] Client may use different logging method than service.
[Cause] Service reads environment flags from config file. Client doesn't
[Solution] Make the client read that file too and setup log system properly.

[Verification] Make changes to /etc/sysconfig/central-key-manager file and see
if both service and client uses the same logging setup (provider and log level)
File format is the following:
"
CKM_LOG_PROVIDER=<provider>
CKM_LOG_LEVEL=<level>
"
where:
<provider> is one of JOURNALD, DLOG, CONSOLE
<level> is <0..5>, 0 means not logs at all, 1 means errors only, 5 means all

Change-Id: I1662fe636f9987778345f8a02afa6fb77f7f1fe0

9 years agoLibraries reorganized to limit the number of exported symbols
Krzysztof Jackiewicz [Thu, 5 Feb 2015 14:09:19 +0000 (15:09 +0100)]
Libraries reorganized to limit the number of exported symbols

[Issue#] N/A
[Feature/Bug] N/A
[Problem] Too much exported symbols
[Cause] Some of the code don't have to be exported or is used by a single binary.
[Solution] Unnecessary exports removed. Part of libkey-manager-common code
moved to client library or key-manager binary

[Verification] Compile key-manager and security-tests. Display the number of
exported symbols before and after with:
nm -g <library>.so | wc -l

Change-Id: Iccb053af2523368d353693247e505a794e783318

9 years agoAdd support for AUTHENTICATION_FAILED code in getData function.
Bartlomiej Grzelewski [Wed, 4 Feb 2015 18:19:22 +0000 (19:19 +0100)]
Add support for AUTHENTICATION_FAILED code in getData function.

Function getPKCS12, getKey, getData will return proper code when
password does not mach.

Change-Id: I8b506f6c03f7acc5421278360cd839d059b914c2

9 years agoSymbol visibility changed from default to hidden.
kyungwook tak [Tue, 3 Feb 2015 03:46:56 +0000 (12:46 +0900)]
Symbol visibility changed from default to hidden.

Change-Id: I9b4b7e8af5ff62cd8c063a0ce45a899f166566d7
Signed-off-by: kyungwook tak <k.tak@samsung.com>
9 years agoVersion 0.1.13
Bartlomiej Grzelewski [Mon, 2 Feb 2015 16:40:20 +0000 (17:40 +0100)]
Version 0.1.13

Change-Id: I1a7c7abb788ef647bd5e3137011484dc539d4771

9 years agoAdd support for new error code in ckmc API
Bartlomiej Grzelewski [Mon, 2 Feb 2015 11:30:25 +0000 (12:30 +0100)]
Add support for new error code in ckmc API

Change-Id: I111c8b64da39e3a19e5fac144e94a5516b389a32

9 years agoDeprecated access control API fixed - proper mapping to permissions.
Maciej J. Karpiuk [Mon, 2 Feb 2015 10:02:24 +0000 (11:02 +0100)]
Deprecated access control API fixed - proper mapping to permissions.

[Issue#] N/A
[Feature/Bug] bug: deprecated access control API not working.
[Problem] deprecated access control API incorrectly mapped given values into permissions.
[Solution] added translation mechanism between old access rights into permissions.
[Verification] compile, run updated test set.

Change-Id: If26c69160a79439774a8ffd800809c0a6f7f85e5

9 years agoDB related classes moved into CKM::DB namespace.
Maciej J. Karpiuk [Tue, 20 Jan 2015 13:29:09 +0000 (14:29 +0100)]
DB related classes moved into CKM::DB namespace.

Change-Id: Ifbf70ffe6865793394d46ea6443f27a0062fe02d

9 years agoFix logs in internal tests
Krzysztof Jackiewicz [Wed, 28 Jan 2015 13:56:18 +0000 (14:56 +0100)]
Fix logs in internal tests

[Issue#] N/A
[Feature/Bug] N/A
[Problem] No logs from internal tests
[Cause] LogSystem tag was not set
[Solution] Internal tests refactored and cleaned up. Proper tag set.

[Verification] Run internal tests and see if logs are visible

Change-Id: Ibb8517bad710d06a62ba9ba7fbc7b9b8ed7b7c21

9 years agoAdd file, line & function information to journald log
Krzysztof Jackiewicz [Wed, 28 Jan 2015 09:19:38 +0000 (10:19 +0100)]
Add file, line & function information to journald log

[Issue#] N/A
[Feature/Bug] N/A
[Problem] File, line & function not visible in default journalctl log
[Cause] Default log format does not display this information and other formats
are unreadable
[Solution] File, line & function information added to log message content

[Verification] Create /etc/sysconfig/central-key-manager with following content
"
CKM_LOG_LEVEL=3
CKM_LOG_PROVIDER=JOURNALD
"

Restart the service and see if journalctl logs contain file, line & function
info:
journalctl -f -u central-key-manager

Change-Id: I01389eda9f7db390f6ca00c8f44e1a5c097e59c8