Kyungwook Tak [Tue, 22 Mar 2016 05:57:31 +0000 (14:57 +0900)]
APIs since 3.0 for wearable profile
Wearable profile doesn't have platform version 2.4
So APIs newly added on platform version 2.4 (on mobile profile)
should be shown as since 3.0 for wearable profile
Change-Id: I63d107740ac17b682fb2a06bbd3a59db0663e3e1
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 21 Mar 2016 11:55:45 +0000 (20:55 +0900)]
Change char unique_ptr to char vector
char vector can free resource naturally than unique_ptr
which should use delete [] explicitly by destructor.
Related SVACE defect id : 56526, 56527
Vericiation: ckm-tests-internal --run_test=ENCRYPTION_SCHEME_TEST
Change-Id: I508192c49557b9f980556e7a20d589be37390b3b
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Wed, 16 Mar 2016 04:50:35 +0000 (13:50 +0900)]
Hotfix: build error by warning on 64bit arch
unused return value of BIO_reset
Change-Id: If03759de08a0f5e67d8e344f0026032b3f16ccf3
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Wed, 16 Mar 2016 04:24:01 +0000 (13:24 +0900)]
Version 0.1.23
Remove unused internal functions in common lib
Refactor client-capi code as c++ style
Remove CKMC error -> CKMC error converter
Change-Id: I0f1a0b166720eec86821aa5cfbc80814c03ed66b
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 15 Mar 2016 13:30:54 +0000 (22:30 +0900)]
Add internal TC: for Base64, DataType
Change-Id: Ic5bdcd1298e1b76c37ee69f58dff2b7dc39fbcdf
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 15 Mar 2016 05:27:19 +0000 (14:27 +0900)]
Clean up move/copy assignment/constructor
Change-Id: If87eacaa85ac5b7d11cede5a256c62e4e71cc935
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 15 Mar 2016 03:06:23 +0000 (12:06 +0900)]
Clean up old dpl core sources
errno to string function is too heavy. make it light-weighted
Use dpl log to print assert message and unhandled exception
dpl log can print to several provider(console, journal, dlog) already
by modify configuration file
Change-Id: Ib2e090a0e1c5aafa51bde40c73030b435ae1a1e8
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 15 Mar 2016 02:47:09 +0000 (11:47 +0900)]
Remove unused functions in certificate-impl
Change-Id: I343f14a7fa076ea8c7f744b5aa6c2c4babe70633
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 15 Mar 2016 02:26:58 +0000 (11:26 +0900)]
Refactor client-capi manager as c++ style
Change-Id: If26aab66bc2b8e4fdfb14c62d9c79300d8af61e0
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 15 Mar 2016 01:06:03 +0000 (10:06 +0900)]
Remove useless CKMC error -> CKM error converter
Change-Id: Ia8fcfd5424d2886ffcc535220b301c1bb9ea8078
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 14 Mar 2016 13:46:06 +0000 (22:46 +0900)]
Add for_each files handling style when reading dir
Change-Id: I41ecf62acf6277db6651fdbf3ac5b0eb4761f005
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 11 Mar 2016 08:13:54 +0000 (17:13 +0900)]
Fix SVACE defects
Use thread-safe functions
Initialize values in constructor
Catch all exceptions
Change-Id: I7ce649b7ba1a11e45949e8f8fca257be4eb7f37d
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 11 Mar 2016 05:03:09 +0000 (14:03 +0900)]
Hotfix: image creation failed
/usr/sbin/ldconfig cannot be found.
Use /sbin/ldconfig as it was.
Change-Id: Ieb38a62b2474ae3b89c0305c5bfb20bd9c4dbe9f
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 4 Mar 2016 07:21:37 +0000 (16:21 +0900)]
Version 0.1.22
- Fix SVACE defects
- Remove hard-coded paths
- remove dependency from pwdutils -> user/group manage backup plan given up for now...
Change-Id: I91ede36bcbc017a067783fbbf46a6c919cf6c717
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 4 Mar 2016 07:14:40 +0000 (16:14 +0900)]
Sync error code description with common package
platform/core/api/common error_message/key-manager.xml
Change-Id: Iae51652c580f4b3ccf4fbd2dec261e97a0a04bcd
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 4 Mar 2016 06:32:48 +0000 (15:32 +0900)]
Add description of changed priv on ocsp check API
Change-Id: I8247cd2fd48c973528d801cd3347d963dfa8ade0
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 3 Mar 2016 03:08:04 +0000 (12:08 +0900)]
Fix unsafe buffer usage
- sprintf
- strcpy
Change-Id: I85716d6daabc149526146dfe375874a7057550a2
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 4 Mar 2016 04:36:03 +0000 (13:36 +0900)]
Remove all of hard coded paths
Change-Id: Ib829bab36e177d36c6093707e5212acc0a82bcf7
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 3 Mar 2016 03:19:46 +0000 (12:19 +0900)]
Deprecate key-manager user/group manage backup plan
pwdutils package would be excluded from binary
Change-Id: Ia9bcd5c3e35f319f7ad9810ef5ebbd00a976c1bb
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Wed, 2 Mar 2016 07:40:14 +0000 (16:40 +0900)]
Remove usage of _datadir macro
TZ_SYS_SHARE is changed to /opt/share by tizen-platform-config commit:
Change: https://review.tizen.org/gerrit/#/c/59623
commit id:
bde2d5558c63ce281ea85c294be1816783612f92
Change-Id: I6b00ba7b39e10b30e19ec0346a5aef20c931a9b8
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 29 Feb 2016 06:24:24 +0000 (15:24 +0900)]
Version 0.1.21
- Translation of label <-> pkgid made by Security Manager
- Add BSD license for SQL Cipher
Change-Id: I40fadb12f5472a99624ddf342a8b480fc1bf3dba
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 29 Feb 2016 06:21:03 +0000 (15:21 +0900)]
Add BSD-2.0 license for sqlcipher
Refer SQL Cipher license info in https://www.zetetic.net/sqlcipher/license/
Change-Id: I54e9569cd529b65e4af8be857c7ac33dd822012b
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Wed, 24 Feb 2016 07:25:16 +0000 (16:25 +0900)]
Change log level when smacklabel isn't found by SM
Change-Id: Ic06d8346a2fa5e9181b5abbef97ecf49101b5ace
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Wed, 24 Feb 2016 06:22:17 +0000 (15:22 +0900)]
Fix hard-coded paths and test res installation
Change-Id: Icaf1b070b8fbbc5368643d53755a759f98ed3245
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Adam Malinowski [Mon, 26 Oct 2015 13:25:31 +0000 (14:25 +0100)]
Add getting pkgId form socket using new SM API
Change-Id: Iabb1c021fd98c3998b4f7031f042d1c35a611fa6
Kyungwook Tak [Fri, 22 Jan 2016 02:15:03 +0000 (11:15 +0900)]
Version 0.1.20
Hotfix: Smack label/type setting failed when installs rpm
Change-Id: I9029495356b1b9d4e5b0c09fdb48adf24b08115c
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 22 Jan 2016 02:11:42 +0000 (11:11 +0900)]
Remove '/' from the end of rw_data_dir for manifest
filesystem path attribute on manifest file cannot parse
corretcly with '/' at the end of path. Smack label/type couldn't
set with it.
Add %dir directive on file list on %files. It's for removing all
resources and directories clearly when rpm update/remove.
Change-Id: I6bca24de763cc6754cd3c5a77cbf7a4ac6e86970
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 18 Jan 2016 02:52:08 +0000 (11:52 +0900)]
Version 0.1.19
Change-Id: I10a96d85897401716a053a795de1d9d609416c3f
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 15 Jan 2016 08:31:11 +0000 (17:31 +0900)]
Use internal package manager client API
capi-package-manager API is for application layer.
Change-Id: Ia07e0e3514303a62df6d723303d46c5bec791876
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Fri, 15 Jan 2016 06:03:55 +0000 (15:03 +0900)]
Remove empty listener rpm
Change-Id: I2dec628ffee5af467a5d31eb81a8b2e3909186f5
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Krzysztof Jackiewicz [Fri, 8 Jan 2016 12:32:28 +0000 (13:32 +0100)]
Get dir locations from environment
[Problem] Key manager data dir location was hardcoded to /opt/data/ckm/. On
common profile image key-manager fails to start because of lack of /opt/data.
[Solution] Get directory locations from tizen platform config. Copy files
from old location if necessary. Make installation fail if runtime and compile
time settings differ. Provide upgrade script.
[Verification] Install key-manager package. Make sure all the content from
/opt/data/ckm/ has been moved to new location (/usr/data/ckm). Run tests. Make
sure all data is placed in new location. Run upgrade scripts
(/etc/opt/upgrad/*key-manager*.sh) on old version of ckm and check results.
Change-Id: Idafbe0fe43f1140c137f87883273b609a499b4cc
Kyungwook Tak [Wed, 13 Jan 2016 01:14:48 +0000 (10:14 +0900)]
Not to set DKEK value to DEK struct salt attribute
DEK struct salt value is derived from DKEK. It's not
clear to be stored on multiple data which is security-sensitive.
Change-Id: Ie3684e350d12dce132cb9425de3b075e25dbb63e
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Dongsun Lee [Wed, 13 Jan 2016 04:39:48 +0000 (13:39 +0900)]
change "protected by a user password" to "protected by Tizen platform" in a document file
Change-Id: Ib303ef0596203e2dd5fe0ae7a89a517bad494a9a
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Bartlomiej Grzelewski [Mon, 4 Jan 2016 14:50:12 +0000 (15:50 +0100)]
Integrate glib loop with key-manager.
Change-Id: I218d3794e4405ea668c513b3ba40a6e3f98e044c
Bartlomiej Grzelewski [Tue, 5 Jan 2016 10:48:56 +0000 (11:48 +0100)]
Remove key-manager-listener.
Change-Id: I5c56ebadc865ff61b18f7fa6235963aa0d3b4376
Krzysztof Jackiewicz [Mon, 11 Jan 2016 10:48:23 +0000 (11:48 +0100)]
Move data dir labeling & chowning to key-manager post
[Problem] Key-manager data dir was labeled and chowned in key-manager-listener
post install section.
[Solution] Moved to key-manager post section
[Verification] Install key-manager. Smack shouldn't report any denials to data
directory.
Change-Id: I345716a676f6abaa8670911e1ec7af3e57e9cb54
Bartlomiej Grzelewski [Wed, 16 Dec 2015 16:50:30 +0000 (17:50 +0100)]
Change user from root to key-manager
[Solution] User changed. Smack labels/manifests adjusted. Runtime directory
created. Tests adjusted.
Change-Id: I22b7ed01158b16ce3ac3d04110e4ab2ab3d46711
Bartlomiej Grzelewski [Mon, 4 Jan 2016 12:26:44 +0000 (13:26 +0100)]
Fix file permissions.
Change-Id: I8aa70dd580c192d7ec5d2b28ebbcb3d1ee0193a3
Kyungwook Tak [Mon, 4 Jan 2016 07:46:57 +0000 (16:46 +0900)]
Add license header on tests srcs
Change-Id: I9603ef02dec7d541ab0cbd13768ebc8fb0bdc12b
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 28 Dec 2015 05:31:32 +0000 (14:31 +0900)]
Add boost license
Change-Id: I08f4157f1653afb7afcc17741ca90892831b39fd
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
sangwan.kwon [Thu, 10 Dec 2015 04:49:43 +0000 (13:49 +0900)]
Apply coding rule
covered Tizen C++ coding rule list
- [R06] : Do not unnecessarily use braces where a single statement will do.
- Exception: if one branch of a conditional statement is a single statement,
use braces in both branches.
- [M08] : Keywords have following space rules
- Put a space after (most) keywords
- example: if, switch, case, for, do, while
- Do not put a space after function like keywords
- example: sizeof, typeof, alignof, __attribute__
- [M09] : Operators have following space rules
- Put a space around(on each side of) most binary and ternary operators
- Example : = + -< > * / % | & ^ <= >= == != ? :
- Do not put a space after unary operators
- Example: & * + -~ !
- Unary "++" and unary "--" are allowed no space on one side
- Do not put a space around the "." and "->" structure member operators.
- Do not put a space after cast operator
- [M10] : Seperators have following space rules
- Put a space after closing brace when it has anything on the line.
- Exception : comma after closing brace '},‘
- Put a space after comma
- Do not put space inside parenthesis '(', ')‘
- Do not put space before open square bracket '[‘ and inside square bracket '[', ']‘
- [M12] : Functions have the opening brace at the beginning of the next line.
- [M13] : The open brace last on the line. The closing brace is empty on a line of its own
- Exception : else, whileshould follow close brace '}’
- [M14] : Open braces for enum, union and structgo on the same line
Change-Id: I6e59513ba121a25222e6e626792b3e115ebec1d3
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
Bartlomiej Grzelewski [Wed, 25 Nov 2015 15:52:45 +0000 (16:52 +0100)]
Change exception type in db-crypto.cpp
Change-Id: I537d47a4d6cb4d632a46f0527be17108e1353b4a
Krzysztof Jackiewicz [Thu, 10 Dec 2015 11:33:34 +0000 (12:33 +0100)]
Remove duplicated entries in spec
[Problem] Duplicated entries in spec.
[Solution] Removed.
[Verification] Successfull compilation. Run tests.
Change-Id: I2c356b854bee089dc3675b84d7ea32930192dbd1
Krzysztof Jackiewicz [Mon, 7 Dec 2015 14:27:03 +0000 (15:27 +0100)]
Fix file copying in scheme test
[Problem] Wrong creation flag was used. Wrong owner used. Files not closed.
[Solution] Change files owner and fix the flag. Close descriptors.
[Verification] Run ckm-tests-internal -t ENCRYPTION_SCHEME_TEST
Change-Id: I9289f231fc27ff863552c65a1f76627189ed5bdb
Bartlomiej Grzelewski [Tue, 24 Nov 2015 14:50:44 +0000 (15:50 +0100)]
Revert "Add PASSWORD_PROTECTION_DISABLE feature"
This reverts commit
c960d5d61979802933b7cc44b66a118b5861edf7.
Change-Id: Ia3225c3a460f48dde93a272e931f6a53d461f48c
Dongsun Lee [Fri, 4 Dec 2015 07:05:34 +0000 (16:05 +0900)]
change log level to warning in case for the failure of FIPS_mode_set
Change-Id: Ia2f99bf55b118d0967c0eeb2af86f39a7b567596
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Bartlomiej Grzelewski [Mon, 30 Nov 2015 15:42:53 +0000 (16:42 +0100)]
Remove digest implementation.
Change-Id: Ib4c38cae9370e3f39ffb59e9d7602238d178c849
Bartlomiej Grzelewski [Wed, 25 Nov 2015 13:20:37 +0000 (14:20 +0100)]
Fix implementation of sw-backend.
sw-backend cound not depend from certificate-impl.h and key-impl.h.
Change-Id: I7826f0c94bf18d1ad92ac59820120b6ee45531eb
Krzysztof Jackiewicz [Wed, 25 Nov 2015 09:19:17 +0000 (10:19 +0100)]
Detailed documentation for encryption/decryption API
[Problem] The encryption/decryption API documentation in header file wasn't
detailed enough.
[Solution] Add more more details.
[Verification] Rate intelligibility of documentation
Change-Id: I2695651928ccf294e94fed2e4c2d0a4019365582
Krzysztof Jackiewicz [Thu, 19 Nov 2015 12:50:20 +0000 (13:50 +0100)]
License date updated
[Problem] Wrong date in LICENSE file
[Solution] Date fixed
[Verification] Compare with current year
Change-Id: Ia9a4d2da70d6f01d5f036c376e220b9637f81870
Bartlomiej Grzelewski [Mon, 23 Nov 2015 10:09:34 +0000 (11:09 +0100)]
Conversion PEM -> DER moved to store.
Change-Id: Ia748520a828f1dfcb3097dbde0ac28aaf22a8c52
Krzysztof Jackiewicz [Mon, 16 Nov 2015 14:18:01 +0000 (15:18 +0100)]
Load app key when importing initial values
[Problem] Missing app key.
[Solution] Fixed.
[Verification] Run tests
Change-Id: If1a156094bb81a349af41f077443c6503b9cea04
Maciej J. Karpiuk [Tue, 21 Jul 2015 12:53:27 +0000 (14:53 +0200)]
Encrypted Initial Values: decrypting items from XML files.
Change-Id: I08d53475401407c76d8aafbefc0b4d2f4fd82204
Maciej J. Karpiuk [Mon, 20 Jul 2015 09:31:29 +0000 (11:31 +0200)]
Encrypted Initial Values: parsing key values.
Change-Id: Iecebe5cba1ce716e43fff09ddc442a57dcfdf976
Maciej J. Karpiuk [Tue, 14 Jul 2015 09:31:28 +0000 (11:31 +0200)]
Encrypted Initial Values: re-factoring the schema to support new requirements.
New requirements are: support for encrypting data and certificate objects.
This requires providing hybrid encryption: device key encrypts AES key, which
is used to encrypt the values.
Device key cannot directly encrypt values due to block size limitation of RSA OAEP algorithm.
Change-Id: I61f52bad74d7cf2f6018a1e0e38cc852a932619e
Maciej J. Karpiuk [Mon, 24 Aug 2015 08:52:09 +0000 (10:52 +0200)]
Add DataContainer class to contain data, its type and encryption details.
[Problem] Encrypted data details are kept separately to the data.
[Solution] Store provides an interface to handle data, type and encryption details in a single object.
Change-Id: Ic35a0a6205670c2a41a183e56b884be87179ebab
Krzysztof Jackiewicz [Mon, 16 Nov 2015 13:57:49 +0000 (14:57 +0100)]
Move call to xmlCleanupParser
[Problem] xmlCleanupParser should be called only before program exit.
[Solution] Moved to global object constructor.
[Verification] Successfull compilation
Change-Id: Id2fedd8b99c9b598eaef14f7c12d37282e74814a
Bartlomiej Grzelewski [Mon, 23 Nov 2015 15:59:34 +0000 (16:59 +0100)]
CKMLogic will not depend from InitialValues.
Change-Id: I91ce4dcadd49ae813c1ca59418ea8f730110718b
Dongsun Lee [Tue, 24 Nov 2015 01:46:22 +0000 (17:46 -0800)]
Merge "Add PASSWORD_PROTECTION_DISABLE feature" into tizen
Dongsun Lee [Fri, 20 Nov 2015 02:55:02 +0000 (11:55 +0900)]
Add PASSWORD_PROTECTION_DISABLE feature
Change-Id: I58a8bde0e4424168a61590d6a5f12fb8e28f50b2
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Krzysztof Jackiewicz [Mon, 16 Nov 2015 14:06:48 +0000 (15:06 +0100)]
Fix character trimming in xml parser
[Problem] ASCII tag content is being trimmed and it shouldn't be.
[Solution] Don't trim tag content in Characters() callback. If trimming is
necessary it can be done in End() callback. Exception will be thrown only if
non-whitespace characters are found within tags that shouldn't have any
character content (InitialValueHandler, PermissionHandler).
[Verification] Run ckm-tests --group=T60_INITIAL_VALUES
Change-Id: I39a928bf15be29ade96986d619c9023fb4cd3234
Krzysztof Jackiewicz [Thu, 19 Nov 2015 10:43:20 +0000 (11:43 +0100)]
Fix bug found by Klocwork
[Problem] The command received from encryption service is deserialized into a
variable hiding function argument of the same name. Also the received command
was ignored.
[Solution] Check if received command is equal to requested one.
[Verification] Run ckm-tests --group=CKM_ENCRYPTION_DECRYPTION
Change-Id: I16e14dbc8497a9b6ea11d93c8c0a48071562d684
Kyungwook Tak [Fri, 13 Nov 2015 08:54:10 +0000 (17:54 +0900)]
try-catch enclosed to be exception safe of CAPI
Change-Id: I8c88402c6ed8f73bb1e5510389fec2aa07cfd48c
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 10 Nov 2015 02:53:18 +0000 (11:53 +0900)]
Remove MDFPP related code
Change-Id: I4b2078f2f2ebc8ebbd31fb3b7995eb1807fc3a49
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Bartlomiej Grzelewski [Mon, 26 Oct 2015 12:10:50 +0000 (13:10 +0100)]
Protocol refactoring.
Introduce CryptoAlgorithm in internal socket protocol.
Change-Id: I70000a05e0a47d2b12af9b11324adf67da0f5e22
Krzysztof Jackiewicz [Thu, 24 Sep 2015 09:21:03 +0000 (11:21 +0200)]
Add encryption scheme tests
[Problem] We need tests that will verify correctness of old and new encryption
scheme support.
[Solution] Tests added.
[Verification] Run ckm-tests-internal -t ENCRYPTION_SCHEME_TEST
Change-Id: I9f4e24a9e06684d401540646d5560287e35b828d
Krzysztof Jackiewicz [Tue, 29 Sep 2015 07:07:21 +0000 (09:07 +0200)]
Use exportable=true when reading certificate from db
[Problem] Key manager allows creating a cert chain from not exportable
certificates.
[Solution] CKMLogic::readCertificateHelper modified to use exportable flag
equal to 'true'.
[Verification] Run ckm-tests-internal -t ENCRYPTION_SCHEME_TEST
Change-Id: Ib13811282eb9d1267c26741a578d8c2111bdecbb
Krzysztof Jackiewicz [Thu, 1 Oct 2015 06:32:54 +0000 (08:32 +0200)]
Return error if password is not empty and row is not password protected
[Problem] If old scheme row is not password protected and the user tries to
read it with non empty password it will get reencrypted with this password.
[Solution] Throw an authentication exception if password is not empty and row
is not password protected.
[Verification] Run ckm-tests-internal -t ENCRYPTION_SCHEME_TEST/T120_Read_wrong_pass
Change-Id: I44b270dbbefd043b6efb9371f0d7a81c1b234b31
Krzysztof Jackiewicz [Mon, 7 Sep 2015 11:19:54 +0000 (13:19 +0200)]
Modify encryption scheme
[Problem] Current encryption scheme makes it impossible to remove an entry
protected with custom user password from database.
[Solution] Encryption scheme modified. Store is responsible for encrypting data
with user password. Service encrypts it with app key. Data encrypted with old
scheme that is being read will be automatically reencrypted with new scheme.
[Verification] Run tests from upcoming commit:
ckm-tests-internal -t ENCRYPTION_SCHEME_TEST
Change-Id: I8ed514290d9e75bbc89d74b006939e3cbb0b8bd2
Krzysztof Jackiewicz [Thu, 24 Sep 2015 07:07:55 +0000 (09:07 +0200)]
Add scheme encryption test db generator
[Problem] A database filled with all kind of data is needed for encryption
scheme tests.
[Solution] Add tool that fills the database with different kinds of data.
[Verification] Run ckm-db-generator. Use ckm_db_tool 7654 db-pass to verify
that all types of data is present in db.
Change-Id: If2d912afdfe96a535df98c5a6c03a2acb1c84af5
Krzysztof Jackiewicz [Mon, 14 Sep 2015 13:05:44 +0000 (15:05 +0200)]
Add support for binary data to GStore
[Problem] Binary data can be imported into store but can't be retrieved from
it.
[Solution] Introduce another intermediate class in GKey hierarhy to support
binary data.
[Verification] Run tests
Change-Id: I45bf5d0a81188f13b0925e982243fdf37b569529
Kyungwook Tak [Mon, 19 Oct 2015 04:28:30 +0000 (13:28 +0900)]
Version 0.1.18
Change-Id: I33e245d9b8b6b6ca81caa326d24e725c1821987b
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 19 Oct 2015 02:43:03 +0000 (11:43 +0900)]
Don't check handle value when allocation
Change-Id: I3ab918652dc294107327bc3840bdd5c80bed0cc6
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 15 Oct 2015 05:01:13 +0000 (14:01 +0900)]
[ACR-429]Remove/Deprecated get cert chain with alias
Change-Id: Ib1f775c98c41ef89d10199c03d17a69b7be46008
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 15 Oct 2015 04:56:56 +0000 (13:56 +0900)]
Add gitignore file
Change-Id: I491e88d2454a672b77e207aaf95d945c0b464591
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Wed, 14 Oct 2015 08:30:23 +0000 (17:30 +0900)]
Version 0.1.17
Change-Id: I93d81a35d0bf4fccb4cafbd823014cdeb4939192
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Bartlomiej Grzelewski [Tue, 6 Oct 2015 10:41:38 +0000 (12:41 +0200)]
Remove warnings and performance problems reported by cppcheck.
Change-Id: I6c39ff383a19554da5e9f875db51864e0e5941d0
Kyungwook Tak [Wed, 14 Oct 2015 08:01:41 +0000 (17:01 +0900)]
Remove symbol : ckmc_label_shared_owner
Change-Id: I40ba69c4e64ed7d5c1f7f9750b0a161adbd1aa15
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Wed, 14 Oct 2015 07:58:23 +0000 (16:58 +0900)]
Fix API description of set param functions
* Set -> Sets in @brief
Change-Id: Icb573f4f535d98acdd5061a7e473a30237b28f32
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 1 Oct 2015 12:36:34 +0000 (21:36 +0900)]
Adjust API change request review result
* remove useless const keyword in ckmc_create_key_aes
* ckmc_generate_params allocates new ckmc_param_list_s inside of itself
* ckmc_generate_params is renamed to ckmc_generate_new_params
* ckmc_param_list_s is changed to ckmc_param_list_h (handle)
* handle is structure pointer : typedef struct __ckmc_param_list *ckmc_param_list_h
* ckmc_param_list_add_integer -> ckmc_param_list_set_integer
* ckmc_param_list_add_buffer -> ckmc_param_list_set_buffer
* new line for too long description
* use dot properly in description (Should not used in params and retvals)
Change-Id: I760465e1ae0d1665d596ff10d402c5f191a6f1d4
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 25 Aug 2015 06:59:56 +0000 (15:59 +0900)]
Fix spec file warnings & error after gbs build
Change-Id: I48fa8e4392c2cb0cdf32f56299701ce420ba042e
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Dongsun Lee [Mon, 31 Aug 2015 04:11:58 +0000 (13:11 +0900)]
Privilege are changed for ACR
Change-Id: Icb7b4856cf8908b7b4eb030f15a3a3ef78666b8e
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Bartlomiej Grzelewski [Mon, 21 Sep 2015 11:17:00 +0000 (13:17 +0200)]
API refactoring.
CKM::Manager uses private implementation pattern.
Remove most of virtual methods from CKM::Manager.
Change-Id: I171083a6f81716dc78155242989dd97528079554
Kyungwook Tak [Mon, 21 Sep 2015 07:05:48 +0000 (16:05 +0900)]
Revert "Old privileges restored"
This reverts commit
42a14dd9afaec7949cf4dec5d7be261a43b1e0a3.
Change-Id: Ibcea2dd233286e87cc7570f8cfa68e07b5a8e069
Bartlomiej Grzelewski [Thu, 17 Sep 2015 14:58:30 +0000 (16:58 +0200)]
Fix support of new error code: CKM_API_ERROR_NOT_SUPPORT.
Change-Id: I59545191904fce8ee9258861a5a579308ae05216
Krzysztof Jackiewicz [Fri, 4 Sep 2015 08:45:52 +0000 (10:45 +0200)]
Revert "Add functions required during db debug."
This reverts commit
4b4f7b9e045fadc3c5348e7ef8be628a742907e2.
Change-Id: Iac9f830b91a6ddfae1245a8b973ef51ed441738d
Krzysztof Jackiewicz [Mon, 14 Sep 2015 15:28:23 +0000 (17:28 +0200)]
Revert "Disable optional password protection temporary"
This reverts commit
ea896bbce6b7f21772de779faf0f0c29de845a24.
Change-Id: Iffa558fb3e9889acffb09d27d9b237b70cb01aea
Krzysztof Jackiewicz [Mon, 14 Sep 2015 15:23:45 +0000 (17:23 +0200)]
Ignore failing row decryption during data removal
[Problem] When data is removed we don't know the custom user password used to
protect the row. The row decryption is performed with empty password and may
fail.
[Solution] Because row will be deleted we can ignore the failing decryption.
This is a temporary solution. It won't work for tz-store. The problem will be
fixed when new encryption is applied.
[Verification] Run TCT tests.
Change-Id: I9c24704a83c5511bd53218738460f2b546c3dd05
Krzysztof Jackiewicz [Mon, 14 Sep 2015 08:02:08 +0000 (10:02 +0200)]
Move encrypted/decrypted rows instead of copying
[Problem] Rows are copied in CryptoLogic::decryptRow/encryptRow.
[Solution] Copying replaced with std::move
[Verification] Run tests
Change-Id: I362638d8981bbe8e511b417596f4cb67ae6f058e
Kyungwook Tak [Fri, 11 Sep 2015 03:01:42 +0000 (12:01 +0900)]
Disable optional password protection temporary
couldn't remove data which is protected by optional password
Change-Id: I0a0e67ddcf40bd0d0f90585d58469a950317a6f0
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Bartlomiej Grzelewski [Mon, 31 Aug 2015 15:15:41 +0000 (17:15 +0200)]
Secure control socket with DAC = 0700
Only root should be able to connect and use this socket.
Change-Id: I903de6f55e34c8a9fb8dbdbe99108ab501769f6e
Bartlomiej Grzelewski [Tue, 8 Sep 2015 15:39:02 +0000 (17:39 +0200)]
Add cynara mockup.
Change-Id: If423f8f88546f551ca35f849371343a37b46fe21
Krzysztof Jackiewicz [Tue, 8 Sep 2015 08:38:56 +0000 (10:38 +0200)]
Version 0.1.16
Change-Id: I123912571e4776580e2008bae362a75fc3672ae2
Kyungwook Tak [Mon, 7 Sep 2015 11:31:26 +0000 (20:31 +0900)]
Old privileges restored
Change-Id: I62335aa31fa14bf2712a72605c97ad5e9fed8a09
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Bartlomiej Grzelewski [Tue, 1 Sep 2015 13:23:52 +0000 (15:23 +0200)]
Integration with cynara.
Change-Id: I75f727890d37b39e7054db4c68baad922eef1fc3
Krzysztof Jackiewicz [Tue, 1 Sep 2015 11:05:10 +0000 (13:05 +0200)]
Add a tool for accessing encrypted database
[Problem] No way of debugging an encrypted database
[Solution] Tool added
[Verification] Run:
ckm_db_tool
ckm_db_tool 0
ckm_db_tool 0 <sql_command>
ckm_db_tool <uid> <password>
> .tables
> .schema
> <sql_command>
> help
> exit
ckm_db_tool <uid> <password> <sql_command>
Change-Id: I87662831808b0397b01db1e54c38b4dc4ad69129
Bartlomiej Grzelewski [Wed, 26 Aug 2015 11:35:19 +0000 (13:35 +0200)]
Reimplement security-manager mockup.
New version of mockup will try to translate smack label into
pkgId by removing prefix "User::App::".
Change-Id: I54316ec1c8e8061cedf09f19016576d202e1e9f1
Bartlomiej Grzelewski [Mon, 24 Aug 2015 09:39:02 +0000 (11:39 +0200)]
Add mockup for security-manager.
Security-manager mockup should be used with unit-tests.
CKM compilation with mockup:
gbs lb -A i586 --define "build_type DEBUG" --define "mockup_sm ON"
Note: It's not possible to compile RELEASE version of CKM with mockup.
Change-Id: I793ec55010b3826dd9d4157ce4e33f555dee14c0
Bartlomiej Grzelewski [Mon, 17 Aug 2015 12:31:36 +0000 (14:31 +0200)]
Replace smack label with pkgId.
Change-Id: I2775a65349bf2103cf7de4702572b031244d9f28
Kyungwook Tak [Tue, 25 Aug 2015 00:04:51 +0000 (09:04 +0900)]
Check platform feature(network) before check ocsp
Change-Id: I87c60238b0a1c67c853a5d60f635162bf9375e71
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>