Krzysztof Jackiewicz [Wed, 15 Jul 2020 19:25:26 +0000 (21:25 +0200)]
Move db perf tests to a separate exec
Performance tests are not unit tests and do not improve code coverage. Also
they are all "positive". This commit moves them to a separate binary.
Also fixed performance calculation and few other minor issues.
Code slightly refactored.
Change-Id: Ifcf2463be28001a0e88e5127dd95ee081771382a
Krzysztof Jackiewicz [Wed, 15 Jul 2020 14:57:51 +0000 (16:57 +0200)]
Improve DB::Crypto negative test ratio
Redundant positive tests removed.
Negative constructor tests added.
Change-Id: Ic1c2d30d4121c4e901485cae63cb7a203865af7d
Krzysztof Jackiewicz [Tue, 14 Jul 2020 16:21:34 +0000 (18:21 +0200)]
Get rid of the openssl 1.0.2 specific code
Also move entropy initialization to key-manager-main.cpp where it is used.
Change-Id: I187c76565b3864b6042a31a6eb71ac5921dc1ffd
Krzysztof Jackiewicz [Tue, 14 Jul 2020 15:32:32 +0000 (17:32 +0200)]
Make BeginTransaction exclusive and use it
Change-Id: Ie37fb0a36c25079eadab374093065f1e466d22f9
Krzysztof Jackiewicz [Tue, 14 Jul 2020 15:31:44 +0000 (17:31 +0200)]
Remove unused SqlConnection::DataCommand::Reset
Change-Id: Ib4279ccd14c6066efc980ec00bd63e76b699ca6a
Krzysztof Jackiewicz [Tue, 7 Jul 2020 07:14:35 +0000 (09:14 +0200)]
Improve DB::Crypto code coverage
Change-Id: I0fcb65833641ef75ab2af3c265e15df4d45231b6
Krzysztof Jackiewicz [Tue, 14 Jul 2020 14:35:48 +0000 (16:35 +0200)]
Return if there are no rows to save
Before this change, an attempt to save an empty list of objects would populate
the NAME and PERMISSIONS table but insert no objects into the OBJECTS table.
Change-Id: I08a2b68831ed51564e43ef4a01fca28d2c789641
Krzysztof Jackiewicz [Mon, 6 Jul 2020 10:55:32 +0000 (12:55 +0200)]
Remove unused DB::Crypto methods
Change-Id: Ie9f54b02736f1eebd72a496f87e250bbdd48b7aa
Krzysztof Jackiewicz [Wed, 1 Jul 2020 20:53:14 +0000 (22:53 +0200)]
Add unit tests related to Pkcs 12
* Implement unit tests.
* Add p12 test files for different types of keys.
* Slightly refactor PKCS12Serializable API.
Change-Id: I87e4d9ee50e75aff8cc4e042bb239983a1f3c4d9
Krzysztof Jackiewicz [Tue, 9 Jun 2020 16:27:23 +0000 (18:27 +0200)]
SW backend unit tests
Also:
* Hide SW::Internals functions unused outside and add few asserts.
* Add missing openssl errors.
* Properly handle rsa encryption output.
* Properly handle missing asymmetric key.
* Old partial tests replaced.
* Minor code cleanup.
Change-Id: I1f83f6dc6bcdc99708b2f1f081b4be6fef8a4b08
Krzysztof Jackiewicz [Mon, 29 Jun 2020 16:33:32 +0000 (18:33 +0200)]
Unwrap 4 lines in SW::Internals to make them covered
Seriously.
Also remove one duplicated line exposed thanks to the lcov flaw.
Change-Id: If2c9ac01db6bbccf2e30a7d9ccecfbda9c2994ee
Krzysztof Jackiewicz [Mon, 29 Jun 2020 16:09:33 +0000 (18:09 +0200)]
Install all source files with coverage package
We only need to calculate code coverage for code in src subdirectory. However,
if unit-tests sourcess are not provided, the lcov fails to notice some of the
covered code paths in header files.
This commit installs all the sources, but removes irrelevant ones from the
report. It adds ~ +5% and +10% to line and function coverage respectively.
Change-Id: If17259ee4b8b76b8c7060c8d49ec92577d997eaf
Krzysztof Jackiewicz [Fri, 22 May 2020 14:47:26 +0000 (16:47 +0200)]
Coverage only mode
Additional "COVERAGE_ONLY" build type for skipping key-manager binaries and
RPMs. Translates to debug build with additional "coverage_only" flag.
Build key-manager with --define "build_type COVERAGE_ONLY".
Change-Id: I1e4a762b14d611ea6ad170f8b63f13af541fd8b1
Krzysztof Jackiewicz [Mon, 15 Jun 2020 15:06:26 +0000 (17:06 +0200)]
Remove key-manager requirement from unit tests
Unit tests package does not require key-manager anymore.
Change-Id: Ia9de48c188b4b9ca63cc53721c58f25ccc4ec4fc
Krzysztof Jackiewicz [Fri, 22 May 2020 14:47:26 +0000 (16:47 +0200)]
Automate code coverage measurement
* Unit-tests built and linked with coverage flags in debug mode only.
* Separate rpm for code coverage built in debug mode only, including:
** All the *.cpp and *.h files in /home/abuild/... in case lcov needs them
(missing files issue).
** All the key-manager's *.gcno files produced during compilation
(test/tools/misc files skipped).
** A helper script taking care of whole code coverage measurement, that is:
*** Removing old *.gcda files.
*** Launching internal test.
*** Gathering runtime *.gcda files.
*** Preparing a report with lcov. Fails if any error or warning is reported
(e.g. a missing file warning). Files external to the project are excluded.
*** Preparing an html report based on lcov output.
Usage:
* Build key-manager in debug mode mode.
* Install the key-manager-unit-tests and key-manager-coverage RPMs.
* Execute ckm-coverage.sh to produce lcov html report.
Change-Id: I5118b8ffba05e40d05e732c5162bd924a2f24120
Krzysztof Jackiewicz [Fri, 5 Jun 2020 19:50:34 +0000 (21:50 +0200)]
Improve KeyImpl & KeyAesImpl code coverage
Also unify key API.
KeyAesImpl() will now return an empty object instead of throwing. This will
unify the error code returned for symmetric and asymmetric keys from
ckmc_get_key(). It will also fix asynchronous C++ API. Observer will receive
an empty key instead of not being called at all.
Unify the type returned from empty keys. C++ API is a platform one and
getType() function is not used in tizen.org according to CodeGrok.
Change-Id: I7de8f32dfe59b1c5af441dfb9a0b8bee5c0d0bcf
Krzysztof Jackiewicz [Fri, 22 May 2020 14:47:26 +0000 (16:47 +0200)]
Reorganize project structure and RPM packages
* Internal tests package and binary renamed.
* Scheme test moved to a separate binary as they are not actual unit tests.
They use internal API, client library and need a running server. These tests
should be rewritten.
* New key-manager-misc RPM containing scheme test binary and helper tools.
* Project structure reorganized to better fit rpm packages.
* CMakeFiles.txt refactoring.
Change-Id: I4875f0a7189a960f193747591cc917fd5b9e2799
Krzysztof Jackiewicz [Thu, 7 May 2020 09:18:02 +0000 (11:18 +0200)]
Update DataType unit-tests
Change-Id: I1a15e4fa665fc8be551eea23bb997bd4aa869c82
Krzysztof Jackiewicz [Thu, 7 May 2020 08:27:08 +0000 (10:27 +0200)]
Refactor DataType related code
* Remove unnecessary DataType methods.
* Remove unnecessary Type enumeration scope.
* Make DataType serializable to avoid static casts.
* Use DataType checker methods instead of explicit DataType::Type comparison.
Change-Id: I01dc355050326ad1e40c34c869acbc07613c57db
Krzysztof Jackiewicz [Mon, 11 May 2020 18:49:53 +0000 (20:49 +0200)]
Don't return command in client-server communication
Client already has an id of the message sent to the server. There's no
point in returning the command from server and checking in on the
client's side.
* Stop returning command from server.
* Stop receiving and checking the command in the client.
* Unify naming.
Change-Id: I74bde065c5edcf414820b9c398d18e6bc0d299dd
Krzysztof Jackiewicz [Mon, 11 May 2020 09:22:05 +0000 (11:22 +0200)]
Fix async symmetric key getter
Symmetric keys were not properly returned to the caller.
Change-Id: Ibe0f6a98d57250f8d29cde8b16abce0270fb59b3
Krzysztof Jackiewicz [Thu, 9 Apr 2020 07:08:43 +0000 (09:08 +0200)]
Release 0.1.38
* Annotate fallthru switch statements
Change-Id: I03b7eb50af98adbbb51581769bf59c2ab8d3d22d
Konrad Lipinski [Tue, 7 Apr 2020 11:17:21 +0000 (13:17 +0200)]
Annotate fallthru switch statements
As of gcc 7:
* -Wimplicit-fallthrough is enabled via -Wextra
* the standard statement attribute [[fallthrough]] is supported
Change-Id: Iea6809980b5cb6c9abe28cbded74bcaa8997650d
Dariusz Michaluk [Mon, 30 Mar 2020 13:19:19 +0000 (15:19 +0200)]
Release 0.1.37
* Switch to sqlcipher library
* [NOT COMPILING] Append 4.3.0 dbdump.c to sqlcipher
* [NOT COMPILING] Replace sqlcipher with upstream 4.3.0
* Improve CryptoLogic tests code coverage
* Relax FileSystem::removeUserData and check its return value
* Properly report unaught exceptions in latest boost test
* Add negative CommunicationManager test
* Refactor BinaryQueue and tests
* Replace dpl asserts with libc ones
* Implement negative cert tests
* Categorize tests into positive and negative
Change-Id: Ic15444e23a95e1f40a78a19c51613ea05af57857
Konrad Lipinski [Thu, 21 Nov 2019 15:51:31 +0000 (16:51 +0100)]
Switch to sqlcipher library
Prior to this change, a modified sqlcipher 1.1.9 amalgamation bundled
with key-manager was being used. A push to externalize sqlcipher has
emerged as a result of wise men running SAM (a metrics tool) on the
entire key-manager repo to find that a 130k loc file scores badly.
Problem is, the bundled 1.1.9 sqlcipher had meta-tables renamed as
a result of an oversight, ex. sqlite_master was renamed to
sqlcipher_master. Result: binary incompatibility with upstream.
Running upstream sqlcipher on our legacy db files was found to corrupt
the files after running a single query.
Backward compatibility with existing db files is achieved by:
* bundling sqlcipher 4.3.0 amalgamation with key-manager
* renaming meta tables in the bundled sqlcipher so it's capable of
opening legacy db files
* adding a textual sql db dump functionality to the bundled sqlcipher,
based on an upstream extension; it would not work correctly with
1.1.9, thus the bump to upstream version 4.3.0
* correcting meta table names on the fly when dumping, for instance
printing sqlite_sequence instead of sqlcipher_sequence
* keeping legacy db filenames as db-$uid
* introducing upstream db filenames as db0-$uid
* converting legacy db files to upstream by using sql dumps of legacy
files to seed freshly created upstream files
* removing respective legacy files after successful conversion
The bundled amalgamation is factored out into a separate .so library
exporting only one function: dumpLegacyDb. The library is huge and never
needed once the initial conversion is done, thus dlopen/dlsym/dlclose
are employed to mitigate the overhead.
Room for improvement:
* sqlcipher_master meta table contains arbitrary sql that is output
verbatim when dumping; I have not been able able to prove that those
statements are free of misnamed meta table references; key-manager
database dumps appear to be clean
* the entire thing seems fragile; author of the upstream sql dump code
very nearly disclaims responsibility for its correctness so I believe
I should too; no sqlcipher tests were imported, just the amalgamation;
however, a few migration tests were added to ckm-tests-internal
* as before, no additional preprocessor definitions were specified when
compiling bundled amalgamation; it may be possible to make the
resulting binary leaner by judicious use of optimization options;
regardless, that falls out of scope of this change, i.e. doing the
bare minimum to make things work
* the current solution is unlikely to satisfy the SAM crowd - the
amalgamation is still here and it's grown to 230k loc
Change-Id: Ia6b25e29151f7957598b68657d083c064cc44ac9
Konrad Lipinski [Tue, 17 Mar 2020 11:17:47 +0000 (12:17 +0100)]
[NOT COMPILING] Append 4.3.0 dbdump.c to sqlcipher
Change-Id: Ic397ecd980e61dd03c12eb8ca68063ebdd4c9272
Konrad Lipinski [Tue, 17 Mar 2020 11:10:54 +0000 (12:10 +0100)]
[NOT COMPILING] Replace sqlcipher with upstream 4.3.0
Change-Id: I4340f95a11afdcd06263c7eb73a5530c4210171f
Krzysztof Jackiewicz [Thu, 26 Mar 2020 20:10:05 +0000 (21:10 +0100)]
Improve CryptoLogic tests code coverage
Change-Id: I14d50f0269166931e7d4b9a7591c8186eff7d16a
Konrad Lipinski [Fri, 27 Mar 2020 10:47:39 +0000 (11:47 +0100)]
Relax FileSystem::removeUserData and check its return value
Said function no longer returns errors on ENOENT.
Change-Id: I10051ab71028d02b5c6708e20f1f91b45ff67457
Krzysztof Jackiewicz [Fri, 27 Mar 2020 10:51:53 +0000 (11:51 +0100)]
Properly report unaught exceptions in latest boost test
Change-Id: Ib9a517bf88f56aa7fddb3d0260282d62f0af7888
Krzysztof Jackiewicz [Wed, 25 Mar 2020 15:31:51 +0000 (16:31 +0100)]
Add negative CommunicationManager test
Invalid usage simply won't compile. Not much that can be done to reach the 50%
ratio except for merging all positive tests into one.
Change-Id: I99b8b97397a7d4ccdf762fc96dbf7d8648ad9a17
Krzysztof Jackiewicz [Tue, 17 Mar 2020 12:56:58 +0000 (13:56 +0100)]
Refactor BinaryQueue and tests
- Increase code coverage by removing code
- Check NULL/0 argument values
- Simplify buckets
- Adjust tests
- 50% negative tests
Change-Id: I39bc58b0809798313a26cf13a35668028bbf3be4
Krzysztof Jackiewicz [Tue, 24 Mar 2020 16:32:26 +0000 (17:32 +0100)]
Replace dpl asserts with libc ones
- Libc asserts were already used in few places. Now it's unified.
- Libc asserts are disabled in release builds unlike dpl ones.
- Code coverage is improved.
Change-Id: Ie241b997433b2286d1b6c3f5e24571af5bf5809f
Krzysztof Jackiewicz [Mon, 23 Mar 2020 19:44:41 +0000 (20:44 +0100)]
Implement negative cert tests
- 50% negative tests for CertificateImpl
- Positive OCSP test updated
- Minor changes in CertificateImpl
Change-Id: I6bdb9e6140694357cba93b8efe26f622744ce927
Krzysztof Jackiewicz [Mon, 16 Mar 2020 14:54:45 +0000 (15:54 +0100)]
Categorize tests into positive and negative
Wise men said:
"Thou shalt not covet positive tests more than the negative ones"
To easily distinguish between positive and negative tests their names will be
prefixed with "POSITIVE_" and "NEGATIVE_" string respectively.
Boost test macros wrappers included.
Existing tests have been categorized.
Change-Id: Ifb21077437ebf82d2a2f4b4c70c53ab61b320c49
Tomasz Swierczek [Wed, 18 Mar 2020 07:03:36 +0000 (08:03 +0100)]
Release 0.1.36
* Fixed build break in some environments
* Store DB::Crypto::m_connection as unique_ptr
* Move to -std=c++14
Change-Id: I8a1982b8f4f22f22ce5a460f4a85f2e7197a3637
Tomasz Swierczek [Wed, 18 Mar 2020 06:52:14 +0000 (07:52 +0100)]
Fix build break
Previously, log_build_info was not having additional bool parameter.
When new parameter was added, new function was added that overridden
previous one but had no chance of being properly used (ambiguity
introduced). This failed at compile time in some envs, depending on
options used.
Change-Id: Icb8ffeae5c0c51bca2e9a6f2a0956fc6fe1590ec
Konrad Lipinski [Tue, 17 Mar 2020 16:31:45 +0000 (17:31 +0100)]
Store DB::Crypto::m_connection as unique_ptr
Change-Id: I289c8c7c62af72ae34ac1692f89af1d2bfd813f6
Konrad Lipinski [Tue, 17 Mar 2020 11:09:20 +0000 (12:09 +0100)]
Move to -std=c++14
Change-Id: Id2f9eaa0ab2237aa8a8da379949cd239ec69d565
Tomasz Swierczek [Thu, 30 Jan 2020 11:31:20 +0000 (12:31 +0100)]
Release 0.1.35
* Fix build break with boost 1.71.0
Change-Id: Ib4ea4024a5751d78bed1effd6c52753a333cd985
Tomasz Swierczek [Thu, 30 Jan 2020 09:05:39 +0000 (10:05 +0100)]
Fix build break with boost 1.71.0
Change-Id: I539f28540d327b4cd87a63f39b84a2a36a35e34a
Tomasz Swierczek [Wed, 15 Jan 2020 08:33:24 +0000 (09:33 +0100)]
Release 0.1.34
* Fix build for gcc 9
* Fix documentation error(This function points to itself in the @see tag)
Change-Id: Ica82caa211fa8005183a1834f860aff6b42ad3c0
Tomasz Swierczek [Fri, 10 Jan 2020 09:11:23 +0000 (10:11 +0100)]
Fix build for gcc 9
Change-Id: I2d5eb654f7e7ab6fa9145d902542b5fe1984da64
Dongsun Lee [Fri, 29 Nov 2019 02:42:59 +0000 (11:42 +0900)]
Fix documentation error(This function points to itself in the @see tag)
Change-Id: I464677cf7e23d41a133e3ea83a71754a17ca8541
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Tomasz Swierczek [Thu, 21 Nov 2019 08:56:55 +0000 (09:56 +0100)]
Release 0.1.33
* Implement asymmetric key initial value import
* Add key-manager script for platform upgrade
* Make some single arg constructors explicit
* Refactor Decider, route all encrypted storage to tz backend
* Devirtualize DescriptorSet
* Refactor RawBuffer hex dumps
* ckmc_alias_new: replace str* calls with memcpy
* [ocsp] Fix static string length calculation
* Improve ckm deserialization errors detection
* Treat pwd data deserialization as an error
Change-Id: I60f2fe6d0a3d539e2a63743f9b3a61ae31287bd9
Konrad Lipinski [Tue, 22 Oct 2019 16:52:52 +0000 (18:52 +0200)]
Implement asymmetric key initial value import
Change-Id: I0f5e4ab9b156abc3ab97a59f32b4adef9779eb98
Dongsun Lee [Thu, 31 Oct 2019 04:24:46 +0000 (13:24 +0900)]
Add key-manager script for platform upgrade
Change-Id: Icd62bd0f79ba7accab6acd5ee5e5527eac580fb8
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Konrad Lipinski [Tue, 24 Sep 2019 14:45:41 +0000 (16:45 +0200)]
Make some single arg constructors explicit
Change-Id: Id5023fef37dd0b84a83a90fb0a3c52b0be31974c
Konrad Lipinski [Fri, 20 Sep 2019 13:48:03 +0000 (15:48 +0200)]
Refactor Decider, route all encrypted storage to tz backend
Change-Id: Iaf00f5a2a09792586f59fbc726c22fcccbb8ca7d
Konrad Lipinski [Tue, 24 Sep 2019 12:58:06 +0000 (14:58 +0200)]
Devirtualize DescriptorSet
Change-Id: I985ab5279078ffde6686390a1d3284a3e93ff92d
Konrad Lipinski [Tue, 24 Sep 2019 14:36:36 +0000 (16:36 +0200)]
Refactor RawBuffer hex dumps
Change-Id: I2d52c63c908e3a69c8de5f20e275fecda0165a66
Konrad Lipinski [Tue, 24 Sep 2019 13:11:32 +0000 (15:11 +0200)]
ckmc_alias_new: replace str* calls with memcpy
Change-Id: I7b8d340f7ce2ce1f5867065cf65650733ef1c44a
Konrad Lipinski [Tue, 24 Sep 2019 12:40:58 +0000 (14:40 +0200)]
[ocsp] Fix static string length calculation
Change-Id: I13d6c6f825a9340bfd54462d7d6c9cbd46008dd2
Alicja Kluczek [Tue, 3 Sep 2019 10:10:13 +0000 (12:10 +0200)]
Improve ckm deserialization errors detection
Add a check to TZSerializableBinary::Deserialize making sure
that deserialized buffer has adequate size.
* In case of fixed-size data, buffer size should be equal to the
size given in constructor.
* In case of variable-size data, buffer size should be less or equal
to the size given in constructor.
Change-Id: Ie0f80169adb8b758cb7aa2370551bd30410dc8b0
Krzysztof Jackiewicz [Tue, 3 Sep 2019 09:33:13 +0000 (11:33 +0200)]
Treat pwd data deserialization as an error
The KM_PwdData structure keeps an authentication data needed to access
an item on the TA side. As such it should only be transferred from
key-manager to the TA.
Expecting such structure in an output buffer of the TA command
execution is a programmer error. It is now dealt with accordingly.
Change-Id: I209957a05700052eefc694d82b881c8aae96abb5
Tomasz Swierczek [Tue, 27 Aug 2019 08:23:55 +0000 (10:23 +0200)]
Release 0.1.32
* Change serialization in TZ backend to match km-ta changes
* Refactoring central-key-manager.service and central-key-manager-OOO.socket
* Assume http if no protocol is given in proxy url
Change-Id: I6ee197d13561231aed8f584463397b088456e1f1
Tomasz Swierczek [Mon, 5 Aug 2019 14:47:47 +0000 (16:47 +0200)]
Change serialization in TZ backend to match km-ta changes
Changed functions:
* CMD_GENERATE_KEY
* CMD_ENCRYPT
* CMD_DECRYPT
* CMD_SIGN
* CMD_VERIFY
* CMD_GENERATE_IV
* CMD_GENERATE_KEY_PWD
* CMD_DESTROY_KEY
Change-Id: I3d4789b895ca66245f1e700a98f177f56e7a3e28
INSUN PYO [Tue, 23 Jul 2019 11:11:59 +0000 (20:11 +0900)]
Refactoring central-key-manager.service and central-key-manager-OOO.socket
- "central-key-manager.target" is a typo mistaken for "central-key-manager.service"
- All four sockets are required for central-key-manager.service. So, "Requires=OOO.socket" must be in central-key-manager.service.
- "Sockets=" in the central-key-manager.service is replaced by "Requires=OOO.socket".
Change-Id: I547431abead19ae5a0f9ae3680318a476de269dd
Krzysztof Jackiewicz [Fri, 2 Aug 2019 09:11:02 +0000 (11:11 +0200)]
Assume http if no protocol is given in proxy url
Change-Id: I080f5afe373e23376b07518485a41d62edd4a130
Dariusz Michaluk [Thu, 4 Jul 2019 14:00:47 +0000 (16:00 +0200)]
Release 0.1.31
* Migrate tz_backend to openssl 1.1
* Make GStore members pure virtual
* Remove unnecessary settings on central-key-manager.target
* Turn backends into Decider members
* Build key-manager with openssl-1.1
* Adapt key-manager to work with OpenSSL 1.1 preserving 1.0 compatibility
* Add minor fixes for listing aliases from db
Change-Id: Ie9814d7505077f37246a76f405238fb5064d6cf4
Konrad Lipinski [Tue, 18 Jun 2019 15:05:40 +0000 (17:05 +0200)]
Migrate tz_backend to openssl 1.1
Change-Id: Ib6b50de235f00c268e423cd5fd05f1b49ae0e902
Konrad Lipinski [Wed, 5 Jun 2019 12:55:16 +0000 (14:55 +0200)]
Make GStore members pure virtual
Change-Id: I88347d7c7fcab49e97398d3d4878a4d448123a54
INSUN PYO [Mon, 29 Apr 2019 00:11:42 +0000 (09:11 +0900)]
Remove unnecessary settings on central-key-manager.target
Change-Id: I62a5d6f857de9874323a18b8772fcb509f94a443
Konrad Lipinski [Wed, 5 Jun 2019 12:41:20 +0000 (14:41 +0200)]
Turn backends into Decider members
Change-Id: If42fff63e2946f299cac23e81d2edb4b663db644
Dariusz Michaluk [Fri, 23 Feb 2018 12:07:14 +0000 (13:07 +0100)]
Build key-manager with openssl-1.1
Change-Id: I3b928d509d88479b0a2c37f2c05fe9316544b1c4
Dariusz Michaluk [Fri, 23 Feb 2018 12:04:02 +0000 (13:04 +0100)]
Adapt key-manager to work with OpenSSL 1.1 preserving 1.0 compatibility
Change-Id: Ia62003a44d3dcb6d8c076706387e88399bf6cfb1
Tomasz Swierczek [Tue, 4 Jun 2019 06:55:09 +0000 (08:55 +0200)]
Add minor fixes for listing aliases from db
* update list out pointer to null if there are no aliases to list
This is in accordance to official header documentation; in such case, the code
returns CKMC_ERROR_DB_ALIAS_UNKNOWN but also the list should be properly null'ed.
Change-Id: I2861e67ae80fe0ce73b0e2e180aba393f66e255c
Tomasz Swierczek [Mon, 20 May 2019 09:08:27 +0000 (11:08 +0200)]
Release 0.1.30
* Forbid HashAlgorithm::NONE for DSA & ECDSA signatures
* Setup verification algorithm if not provided
* Be prepared for no data from TA
* tz-backend: Implement asymmetric operations
* tz-backend: Add serialization wrapper
* decider: Allow multiple policies for more complex logic
Change-Id: Ie09953ce89557b32fe036855f65329b1ed307996
Krzysztof Jackiewicz [Wed, 15 May 2019 15:46:58 +0000 (17:46 +0200)]
Forbid HashAlgorithm::NONE for DSA & ECDSA signatures
Openssl uses SHA1 if no hash algorithm is provided for DSA & ECDSA
signatures. TZ does not support that option at all. It's better to
forbid it.
This commit changes the API behavior and may lead to errors in clients
that used HashAlgorithm::NONE with DSA or ECDSA which is highly
unlikely.
Change-Id: I8522e8f157b5ef2d6599bb672ef790ee8ea48644
Krzysztof Jackiewicz [Fri, 5 Apr 2019 09:44:10 +0000 (11:44 +0200)]
Setup verification algorithm if not provided
Verification API has no knowledge about the algorithm type. It has to be derived
from the key type.
Change-Id: I2e0d094372e4bf8c28275544204e431c4023e391
Krzysztof Jackiewicz [Thu, 21 Mar 2019 14:21:02 +0000 (15:21 +0100)]
Be prepared for no data from TA
Deserialization may return an empty buffer with no error. Adjust code to handle
that case.
Change-Id: Ife80b4d35914eda700798e0515812b3b638e735e
Lukasz Kostyra [Wed, 20 Feb 2019 11:27:33 +0000 (12:27 +0100)]
tz-backend: Implement asymmetric operations
Change-Id: Ie98b4e72addb257c2a8de1de57097fe077fff380
Krzysztof Jackiewicz [Fri, 1 Mar 2019 16:11:55 +0000 (17:11 +0100)]
tz-backend: Add serialization wrapper
Change-Id: I304452444887de48d808a6aa11eb42a1de385bf0
Lukasz Kostyra [Tue, 5 Feb 2019 11:13:56 +0000 (12:13 +0100)]
decider: Allow multiple policies for more complex logic
When generating asymmetric keys, ckm-logic selected less restrictive
policy out of two provided and selected key store this way. Now, both
policies are supplied to Decider, which will allow for more complex
backend selection logic.
Change-Id: Id2b845326cae7bbf5d90bb575645c8af36c20d0f
Tomasz Swierczek [Wed, 15 May 2019 12:22:54 +0000 (14:22 +0200)]
Release 0.1.29
* Get rid of misleading SCHEMA_INFO error
* Adjust to boost 1.65
* Fix file name in file header
* Fix svace defects
* Check fs errors before saving the file
Change-Id: Ic90ecdd256a23cec9f9356a7e59c85be982cd8e9
Krzysztof Jackiewicz [Wed, 20 Feb 2019 11:40:21 +0000 (12:40 +0100)]
Get rid of misleading SCHEMA_INFO error
During startup the key-manager attempts to read a table SCHEMA_INFO to get the
information about the database version. In older versions of the database that
table is missing. Key-manager properly handles that case but produces 3 lines of
error log which may suggest that something went wrong.
This commit checks the existence of the table before attempting to use it. Whole
operation is enclosed in a transaction.
Change-Id: Ie7f1fbe1182c2add5965f8e5ddada262ffcb42fe
Krzysztof Jackiewicz [Wed, 15 May 2019 12:23:57 +0000 (12:23 +0000)]
Merge "Increase backlog for listening sockets" into tizen
Tomasz Swierczek [Wed, 15 May 2019 08:05:49 +0000 (10:05 +0200)]
Adjust to boost 1.65
Change-Id: I43e986a010030db949053a8e1b3669495fa1a986
Dariusz Michaluk [Tue, 14 May 2019 13:53:58 +0000 (15:53 +0200)]
Increase backlog for listening sockets
When systemd's socket activaction is utilized, the default backlog
parameter passed to the listen() function is set to SOMAXCONN,
which is equal to 128. In distributions where systemd is not used
for socket activation, the default UNIX socket
implementation sets the backlog value to 5.
This may lead to rare overflow of an internal connection queue.
This manifests itself as the -EAGAIN error returned by connect().
To mitigate the issue, the backlog parameter has been set
to SOMAXCONN, which is a default value used by systemd.
Change-Id: I906cd4de478b0dac0eaf860550fccd2f9cd6e184
Tomasz Swierczek [Mon, 13 May 2019 09:14:00 +0000 (11:14 +0200)]
Fix file name in file header
Change-Id: I3e087729762d16b84327863317643387c304ef88
Konrad Lipinski [Mon, 6 May 2019 18:24:55 +0000 (20:24 +0200)]
Fix svace defects
va_start / va_end must be called in the same function
Change-Id: I5176fc2686a62eb0a21e6eb9a5f737dbc3880056
Krzysztof Jackiewicz [Mon, 11 Feb 2019 16:04:46 +0000 (17:04 +0100)]
Check fs errors before saving the file
GetFd(os) on a non-existing file causes segfault.
Change-Id: I8365dfbddace160ae99b1e7d1f6070ee1032f6cd
Tomasz Swierczek [Mon, 11 Mar 2019 10:42:02 +0000 (11:42 +0100)]
Release 0.1.28
* Change contact information to Dongsun Lee
* Fix since_tizen tag in ckmc-type.h
* Replace time(NULL) with monotonic clock usage
* Fix memory leak/corruption
* Add API for CKM return code descriptions
* Add test for listing aliases with password protection statuses on old database schema
* CKMC API: Add option to list aliases with information about password protection
* Add option to list aliases with password protection statuses
* replace strcpy with strncpy for fixing SVACE(WGID=411075,411076)
Change-Id: If1b53e3dc88bcadbb32b40b8d89e5bc781d71e32
Tomasz Swierczek [Mon, 11 Mar 2019 10:40:35 +0000 (11:40 +0100)]
Change contact information to Mr Dongsun Lee
bj.im@samsung.com is no longer a valid email address.
Change-Id: I81103542e0d23e80a71d5f1e86cc263f92ab78b0
Tomasz Swierczek [Tue, 5 Mar 2019 09:34:36 +0000 (10:34 +0100)]
Replace time(NULL) with monotonic clock usage
Calculating timeout for socket connections should
use monotonic clock.
Change-Id: If9c3d573b70d1faa1cf46b9215048a5853abbaaa
Ernest Borowski [Thu, 7 Mar 2019 10:39:16 +0000 (11:39 +0100)]
Fix since_tizen tag in ckmc-type.h
Change-Id: Ib8fd0260527ed87bf0801e3cb7a24d2ca97f4c90
Signed-off-by: Ernest Borowski <e.borowski@partner.samsung.com>
Dariusz Michaluk [Thu, 31 Jan 2019 13:41:09 +0000 (14:41 +0100)]
Fix memory leak/corruption
Change-Id: I8f9bed07752fde26f629cca6931231dab5fd8980
Tomasz Swierczek [Wed, 20 Feb 2019 09:08:14 +0000 (10:08 +0100)]
Add API for CKM return code descriptions
In rare case when DB tool was used for db inspection,
and db could not be opened, the commandline interface
returned raw error code, without any explanation.
Change-Id: If7a29842ae5a7fc2e99a2d991545539704647f3c
Ernest Borowski [Thu, 2 Aug 2018 10:19:31 +0000 (12:19 +0200)]
Add test for listing aliases with password protection
statuses on old database schema
Change-Id: I2e9e409a385744a0ed694023872cbd4b37cce523
Ernest Borowski [Tue, 27 Feb 2018 14:38:34 +0000 (15:38 +0100)]
CKMC API: Add option to list aliases with information about password protection
Change-Id: I02ff75a9f6c60bdcd4b3450a135a4047bbbc05f0
Signed-off-by: Ernest Borowski <e.borowski@partner.samsung.com>
Ernest Borowski [Mon, 19 Feb 2018 18:52:07 +0000 (19:52 +0100)]
Add option to list aliases with password protection statuses
Change-Id: I045174602edd51dc7efcc8d79eb1beed76215b10
Signed-off-by: Ernest Borowski <e.borowski@partner.samsung.com>
Dongsun Lee [Fri, 22 Feb 2019 04:15:36 +0000 (13:15 +0900)]
replace strcpy with strncpy for fixing SVACE(WGID=411075,411076)
Change-Id: I26207f412d5aeee68f6c90131d6c62978233c5f5
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Tomasz Swierczek [Tue, 19 Feb 2019 16:20:50 +0000 (17:20 +0100)]
Release 0.1.27
* Encode blobs with Base64 in ckm tools
* Refactor PKEK2 related functions
* Add a common function for zeroing sensitive data
* Free the context in case of openssl failure
* Add helpers for domain KEK encryption/decryption
* Add helper randomization function in key-provider.cpp
* Make encrypt/decrypt local functions of key-provider.cpp
* Use common function for PKEK1&2 generation
* Make username shorter in KeyProvider tests
* Remove outdated tz_backend test
* Validate encrypted DKEK
* Fix SVACE and C++ issues
* Add gbs option to enable the TZ backend support
* Update log formatter in tests
* Fix internal migration tests
* Fix internal scheme tests
* Remove secret key for software backend
* Some TZ backend fixes.
* Remove unnecessary BSD license
* Add allowed values for -b option of initial values tool
* Add RO location for initial values
* Overwrite existing initial values
* Initial values tool
* Support for encrypted initial-values
* Reduce number of import methods in tz-backend
* Unification of import methods in gstore
* Add parser support of new schema version
* Add backend attribute in xml schema
* Introduce Key class in tz backend
* Add support for TrustZone backend data storage
* Simplify key related functions in tz-backend
* Fix buildbreak caused by improper rebase
* Add log for invalid system service owner id
* Unify alias naming
* Fix TYPO in key-manager_doc.h
* Make spec compliant with gbs --incremental
* Add protection against memory leaking during deserialization
* Add Apache 2.0 license headers
Change-Id: I05a9b6bdf376f6bdc58542fb023528ac122f619f
Krzysztof Jackiewicz [Fri, 15 Feb 2019 12:40:39 +0000 (13:40 +0100)]
Encode blobs with Base64 in ckm tools
If an unprintable data is returned as a result of sqlite query
execution it will be encoded in base64 and prefixed with "b64:". This
is to make binary data readable in ckm_db_tool/merge.
Also extend the maximum size of printed row to 64 characters.
Change-Id: I4471090977b19ded9b1bea76f26ff1b98d5ba826
Krzysztof Jackiewicz [Tue, 19 Feb 2019 11:39:17 +0000 (12:39 +0100)]
Refactor PKEK2 related functions
PKEK2 is used to derive both DB DEK and APP DEK. Currently, variable names and
comments are a bit misleading.
This commit refactors the variable names and comments to better describe the
actual purpose of this key.
Change-Id: If8ee266ec2da63c929f498f1ed009df5d79c134f
Krzysztof Jackiewicz [Thu, 14 Feb 2019 14:30:48 +0000 (15:30 +0100)]
Add a common function for zeroing sensitive data
Encryption keys and passwords are sensitive data and as such should be cleared
when no longer used to prevent memory attacks.
According to the "as-if" rule, the compiler is allowed to perform any changes to
the program as long as the observable behavior of the program is not
changed. Since the contents of unused memory are not considered an observable
behavior the compiler is allowed to optimize out the call to memset(). The
following solutions were considered:
- Reading the memory after overwriting it with memset(). Since reading the
memory has no observable effects it's perfectly legal for the compiler to
remove both operations.
- Using volatile asembly code to prevent optimization. It may prevent some
compilers from optimizing but there's no guarantee.
- Using volatile funtion pointer to memset. Apparently, it can be optimized as
well during LTO.
- Using memcpy_s(). The function is not widely available yet. It may be missing
so we still need a fallback solution.
- Locally disabling optimization with #pragma GCC optimize("O0"). It's GCC
specific and it's not clear whether GCC will try to optimize it with
"O0". Empirical test showed that memset() call is not removed.
This commit applies the last solution adding a new unoptimized wrapper for
memset().
Note that this commit will not prevent the processor from creating another copy
of the sensitive data in registers, on the stack, in swap or in cache memory. It
will only limit the number of places in memory where the secret data can be
found.
Change-Id: I80fe8ce8ce3d808b423858254d6fd23f491d2674
Krzysztof Jackiewicz [Tue, 29 Jan 2019 15:46:01 +0000 (16:46 +0100)]
Free the context in case of openssl failure
Change-Id: Ia2e387f70a50b090641f6bf6fb509d7d54dfdd8f
Krzysztof Jackiewicz [Tue, 29 Jan 2019 14:58:55 +0000 (15:58 +0100)]
Add helpers for domain KEK encryption/decryption
Change-Id: I048649f8a9a3450f6cefcbd9d2d75c8445f46277
Krzysztof Jackiewicz [Tue, 29 Jan 2019 14:56:52 +0000 (15:56 +0100)]
Add helper randomization function in key-provider.cpp
Change-Id: I657ac68ce8e9253ca63187132eef3fb769d8426a
Krzysztof Jackiewicz [Tue, 29 Jan 2019 14:43:32 +0000 (15:43 +0100)]
Make encrypt/decrypt local functions of key-provider.cpp
Change-Id: I0dfceda850c69b09a92d26254642357838ea7cb5
projects / platform / core / security / key-manager.git / log