platform/core/security/key-manager.git
8 years agoAPIs since 3.0 for wearable profile 01/63101/2 accepted/tizen/common/20160324.172934 submit/tizen/20160324.041920
Kyungwook Tak [Tue, 22 Mar 2016 05:57:31 +0000 (14:57 +0900)]
APIs since 3.0 for wearable profile

Wearable profile doesn't have platform version 2.4
So APIs newly added on platform version 2.4 (on mobile profile)
should be shown as since 3.0 for wearable profile

Change-Id: I63d107740ac17b682fb2a06bbd3a59db0663e3e1
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoChange char unique_ptr to char vector 99/62999/1 accepted/tizen/common/20160322.150131 accepted/tizen/ivi/20160323.011052 accepted/tizen/mobile/20160323.011000 accepted/tizen/tv/20160323.011015 accepted/tizen/wearable/20160323.011033 submit/tizen/20160322.014817
Kyungwook Tak [Mon, 21 Mar 2016 11:55:45 +0000 (20:55 +0900)]
Change char unique_ptr to char vector

char vector can free resource naturally than unique_ptr
which should use delete [] explicitly by destructor.

Related SVACE defect id : 56526, 56527

Vericiation: ckm-tests-internal --run_test=ENCRYPTION_SCHEME_TEST

Change-Id: I508192c49557b9f980556e7a20d589be37390b3b
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoHotfix: build error by warning on 64bit arch 25/62425/1 accepted/tizen/common/20160317.155640 accepted/tizen/ivi/20160318.111629 accepted/tizen/mobile/20160318.111115 accepted/tizen/tv/20160318.111240 accepted/tizen/wearable/20160318.111325 submit/tizen/20160316.050624
Kyungwook Tak [Wed, 16 Mar 2016 04:50:35 +0000 (13:50 +0900)]
Hotfix: build error by warning on 64bit arch

unused return value of BIO_reset

Change-Id: If03759de08a0f5e67d8e344f0026032b3f16ccf3
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoVersion 0.1.23 10/62410/1 submit/tizen/20160316.043041
Kyungwook Tak [Wed, 16 Mar 2016 04:24:01 +0000 (13:24 +0900)]
Version 0.1.23

Remove unused internal functions in common lib
Refactor client-capi code as c++ style
Remove CKMC error -> CKMC error converter

Change-Id: I0f1a0b166720eec86821aa5cfbc80814c03ed66b
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoAdd internal TC: for Base64, DataType 90/62390/1
Kyungwook Tak [Tue, 15 Mar 2016 13:30:54 +0000 (22:30 +0900)]
Add internal TC: for Base64, DataType

Change-Id: Ic5bdcd1298e1b76c37ee69f58dff2b7dc39fbcdf
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoClean up move/copy assignment/constructor 89/62389/1
Kyungwook Tak [Tue, 15 Mar 2016 05:27:19 +0000 (14:27 +0900)]
Clean up move/copy assignment/constructor

Change-Id: If87eacaa85ac5b7d11cede5a256c62e4e71cc935
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoClean up old dpl core sources 88/62388/1
Kyungwook Tak [Tue, 15 Mar 2016 03:06:23 +0000 (12:06 +0900)]
Clean up old dpl core sources

errno to string function is too heavy. make it light-weighted
Use dpl log to print assert message and unhandled exception
dpl log can print to several provider(console, journal, dlog) already
by modify configuration file

Change-Id: Ib2e090a0e1c5aafa51bde40c73030b435ae1a1e8
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoRemove unused functions in certificate-impl 87/62387/1
Kyungwook Tak [Tue, 15 Mar 2016 02:47:09 +0000 (11:47 +0900)]
Remove unused functions in certificate-impl

Change-Id: I343f14a7fa076ea8c7f744b5aa6c2c4babe70633
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoRefactor client-capi manager as c++ style 86/62386/1
Kyungwook Tak [Tue, 15 Mar 2016 02:26:58 +0000 (11:26 +0900)]
Refactor client-capi manager as c++ style

Change-Id: If26aab66bc2b8e4fdfb14c62d9c79300d8af61e0
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoRemove useless CKMC error -> CKM error converter 85/62385/1
Kyungwook Tak [Tue, 15 Mar 2016 01:06:03 +0000 (10:06 +0900)]
Remove useless CKMC error -> CKM error converter

Change-Id: Ia8fcfd5424d2886ffcc535220b301c1bb9ea8078
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoAdd for_each files handling style when reading dir 46/62146/2
Kyungwook Tak [Mon, 14 Mar 2016 13:46:06 +0000 (22:46 +0900)]
Add for_each files handling style when reading dir

Change-Id: I41ecf62acf6277db6651fdbf3ac5b0eb4761f005
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoFix SVACE defects 36/61936/1
Kyungwook Tak [Fri, 11 Mar 2016 08:13:54 +0000 (17:13 +0900)]
Fix SVACE defects

Use thread-safe functions
Initialize values in constructor
Catch all exceptions

Change-Id: I7ce649b7ba1a11e45949e8f8fca257be4eb7f37d
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoHotfix: image creation failed 75/61875/1 accepted/tizen/common/20160311.051741 accepted/tizen/ivi/20160311.062223 accepted/tizen/mobile/20160311.062121 accepted/tizen/tv/20160311.062141 accepted/tizen/wearable/20160311.062157 submit/tizen/20160311.050745
Kyungwook Tak [Fri, 11 Mar 2016 05:03:09 +0000 (14:03 +0900)]
Hotfix: image creation failed

/usr/sbin/ldconfig cannot be found.
Use /sbin/ldconfig as it was.

Change-Id: Ieb38a62b2474ae3b89c0305c5bfb20bd9c4dbe9f
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoVersion 0.1.22 40/61140/1 accepted/tizen/common/20160304.195623 accepted/tizen/ivi/20160305.094038 accepted/tizen/ivi/20160310.052635 accepted/tizen/mobile/20160305.093950 accepted/tizen/mobile/20160310.052524 accepted/tizen/tv/20160305.094004 accepted/tizen/tv/20160310.052553 accepted/tizen/wearable/20160305.094023 accepted/tizen/wearable/20160310.052608 submit/tizen/20160304.072344 submit/tizen/20160305.131859
Kyungwook Tak [Fri, 4 Mar 2016 07:21:37 +0000 (16:21 +0900)]
Version 0.1.22

- Fix SVACE defects
- Remove hard-coded paths
- remove dependency from pwdutils -> user/group manage backup plan given up for now...

Change-Id: I91ede36bcbc017a067783fbbf46a6c919cf6c717
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoSync error code description with common package 37/61137/1
Kyungwook Tak [Fri, 4 Mar 2016 07:14:40 +0000 (16:14 +0900)]
Sync error code description with common package

platform/core/api/common error_message/key-manager.xml

Change-Id: Iae51652c580f4b3ccf4fbd2dec261e97a0a04bcd
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoAdd description of changed priv on ocsp check API 28/61128/2
Kyungwook Tak [Fri, 4 Mar 2016 06:32:48 +0000 (15:32 +0900)]
Add description of changed priv on ocsp check API

Change-Id: I8247cd2fd48c973528d801cd3347d963dfa8ade0
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoFix unsafe buffer usage 69/60969/5
Kyungwook Tak [Thu, 3 Mar 2016 03:08:04 +0000 (12:08 +0900)]
Fix unsafe buffer usage

- sprintf
- strcpy

Change-Id: I85716d6daabc149526146dfe375874a7057550a2
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoRemove all of hard coded paths 12/61112/3
Kyungwook Tak [Fri, 4 Mar 2016 04:36:03 +0000 (13:36 +0900)]
Remove all of hard coded paths

Change-Id: Ib829bab36e177d36c6093707e5212acc0a82bcf7
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoDeprecate key-manager user/group manage backup plan 21/60921/1
Kyungwook Tak [Thu, 3 Mar 2016 03:19:46 +0000 (12:19 +0900)]
Deprecate key-manager user/group manage backup plan

pwdutils package would be excluded from binary

Change-Id: Ia9bcd5c3e35f319f7ad9810ef5ebbd00a976c1bb
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoRemove usage of _datadir macro 80/60780/1 accepted/tizen/common/20160302.193206 submit/tizen/20160229.000000
Kyungwook Tak [Wed, 2 Mar 2016 07:40:14 +0000 (16:40 +0900)]
Remove usage of _datadir macro

TZ_SYS_SHARE is changed to /opt/share by tizen-platform-config commit:
Change: https://review.tizen.org/gerrit/#/c/59623
commit id: bde2d5558c63ce281ea85c294be1816783612f92

Change-Id: I6b00ba7b39e10b30e19ec0346a5aef20c931a9b8
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoVersion 0.1.21 72/60572/1 accepted/tizen/common/20160229.161126 accepted/tizen/common/20160301.120622 accepted/tizen/common/20160307.055005 accepted/tizen/ivi/20160229.100914 accepted/tizen/ivi/20160307.020105 accepted/tizen/mobile/20160229.100823 accepted/tizen/mobile/20160307.020004 accepted/tizen/tv/20160229.100839 accepted/tizen/tv/20160307.020031 accepted/tizen/wearable/20160229.100855 accepted/tizen/wearable/20160307.020050 submit/tizen/20160229.062547 submit/tizen/20160306.231523 submit/tizen_common/20160229.190608
Kyungwook Tak [Mon, 29 Feb 2016 06:24:24 +0000 (15:24 +0900)]
Version 0.1.21

- Translation of label <-> pkgid made by Security Manager
- Add BSD license for SQL Cipher

Change-Id: I40fadb12f5472a99624ddf342a8b480fc1bf3dba
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoAdd BSD-2.0 license for sqlcipher 70/60570/1
Kyungwook Tak [Mon, 29 Feb 2016 06:21:03 +0000 (15:21 +0900)]
Add BSD-2.0 license for sqlcipher

Refer SQL Cipher license info in https://www.zetetic.net/sqlcipher/license/

Change-Id: I54e9569cd529b65e4af8be857c7ac33dd822012b
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoChange log level when smacklabel isn't found by SM 15/60215/1
Kyungwook Tak [Wed, 24 Feb 2016 07:25:16 +0000 (16:25 +0900)]
Change log level when smacklabel isn't found by SM

Change-Id: Ic06d8346a2fa5e9181b5abbef97ecf49101b5ace
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoFix hard-coded paths and test res installation 98/60198/1
Kyungwook Tak [Wed, 24 Feb 2016 06:22:17 +0000 (15:22 +0900)]
Fix hard-coded paths and test res installation

Change-Id: Icaf1b070b8fbbc5368643d53755a759f98ed3245
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoAdd getting pkgId form socket using new SM API 79/50179/9
Adam Malinowski [Mon, 26 Oct 2015 13:25:31 +0000 (14:25 +0100)]
Add getting pkgId form socket using new SM API

Change-Id: Iabb1c021fd98c3998b4f7031f042d1c35a611fa6

8 years agoVersion 0.1.20 04/57704/1 accepted/tizen/ivi/20160218.023922 accepted/tizen/mobile/20160122.034950 accepted/tizen/tv/20160122.035007 accepted/tizen/wearable/20160122.035028 submit/tizen/20160122.022048 submit/tizen_common/20160218.142243 submit/tizen_ivi/20160217.000000 submit/tizen_ivi/20160217.000003
Kyungwook Tak [Fri, 22 Jan 2016 02:15:03 +0000 (11:15 +0900)]
Version 0.1.20

Hotfix: Smack label/type setting failed when installs rpm

Change-Id: I9029495356b1b9d4e5b0c09fdb48adf24b08115c
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoRemove '/' from the end of rw_data_dir for manifest 03/57703/1
Kyungwook Tak [Fri, 22 Jan 2016 02:11:42 +0000 (11:11 +0900)]
Remove '/' from the end of rw_data_dir for manifest

filesystem path attribute on manifest file cannot parse
corretcly with '/' at the end of path. Smack label/type couldn't
set with it.

Add %dir directive on file list on %files. It's for removing all
resources and directories clearly when rpm update/remove.

Change-Id: I6bca24de763cc6754cd3c5a77cbf7a4ac6e86970
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoVersion 0.1.19 08/57208/1 accepted/tizen/mobile/20160118.083751 accepted/tizen/tv/20160118.083920 accepted/tizen/wearable/20160118.083959 submit/tizen/20160118.045418
Kyungwook Tak [Mon, 18 Jan 2016 02:52:08 +0000 (11:52 +0900)]
Version 0.1.19

Change-Id: I10a96d85897401716a053a795de1d9d609416c3f
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoUse internal package manager client API 33/57133/4
Kyungwook Tak [Fri, 15 Jan 2016 08:31:11 +0000 (17:31 +0900)]
Use internal package manager client API

capi-package-manager API is for application layer.

Change-Id: Ia07e0e3514303a62df6d723303d46c5bec791876
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoRemove empty listener rpm 32/57132/3
Kyungwook Tak [Fri, 15 Jan 2016 06:03:55 +0000 (15:03 +0900)]
Remove empty listener rpm

Change-Id: I2dec628ffee5af467a5d31eb81a8b2e3909186f5
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoGet dir locations from environment 19/56619/10
Krzysztof Jackiewicz [Fri, 8 Jan 2016 12:32:28 +0000 (13:32 +0100)]
Get dir locations from environment

[Problem] Key manager data dir location was hardcoded to /opt/data/ckm/. On
common profile image key-manager fails to start because of lack of /opt/data.
[Solution] Get directory locations from tizen platform config. Copy files
from old location if necessary. Make installation fail if runtime and compile
time settings differ. Provide upgrade script.

[Verification] Install key-manager package. Make sure all the content from
/opt/data/ckm/ has been moved to new location (/usr/data/ckm). Run tests. Make
sure all data is placed in new location. Run upgrade scripts
(/etc/opt/upgrad/*key-manager*.sh) on old version of ckm and check results.

Change-Id: Idafbe0fe43f1140c137f87883273b609a499b4cc

8 years agoNot to set DKEK value to DEK struct salt attribute 18/56818/3 accepted/tizen/mobile/20160114.011900 accepted/tizen/tv/20160114.011913 accepted/tizen/wearable/20160114.011935 submit/tizen/20160113.071851
Kyungwook Tak [Wed, 13 Jan 2016 01:14:48 +0000 (10:14 +0900)]
Not to set DKEK value to DEK struct salt attribute

DEK struct salt value is derived from DKEK. It's not
clear to be stored on multiple data which is security-sensitive.

Change-Id: Ie3684e350d12dce132cb9425de3b075e25dbb63e
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agochange "protected by a user password" to "protected by Tizen platform" in a document... 29/56829/2
Dongsun Lee [Wed, 13 Jan 2016 04:39:48 +0000 (13:39 +0900)]
change "protected by a user password" to "protected by Tizen platform" in a document file

Change-Id: Ib303ef0596203e2dd5fe0ae7a89a517bad494a9a
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
8 years agoIntegrate glib loop with key-manager. 31/56131/7
Bartlomiej Grzelewski [Mon, 4 Jan 2016 14:50:12 +0000 (15:50 +0100)]
Integrate glib loop with key-manager.

Change-Id: I218d3794e4405ea668c513b3ba40a6e3f98e044c

8 years agoRemove key-manager-listener. 20/56220/4
Bartlomiej Grzelewski [Tue, 5 Jan 2016 10:48:56 +0000 (11:48 +0100)]
Remove key-manager-listener.

Change-Id: I5c56ebadc865ff61b18f7fa6235963aa0d3b4376

8 years agoMove data dir labeling & chowning to key-manager post 18/56618/2
Krzysztof Jackiewicz [Mon, 11 Jan 2016 10:48:23 +0000 (11:48 +0100)]
Move data dir labeling & chowning to key-manager post

[Problem] Key-manager data dir was labeled and chowned in key-manager-listener
post install section.
[Solution] Moved to key-manager post section

[Verification] Install key-manager. Smack shouldn't report any denials to data
directory.

Change-Id: I345716a676f6abaa8670911e1ec7af3e57e9cb54

8 years agoChange user from root to key-manager 46/54746/7
Bartlomiej Grzelewski [Wed, 16 Dec 2015 16:50:30 +0000 (17:50 +0100)]
Change user from root to key-manager

[Solution] User changed. Smack labels/manifests adjusted. Runtime directory
created. Tests adjusted.

Change-Id: I22b7ed01158b16ce3ac3d04110e4ab2ab3d46711

8 years agoFix file permissions. 19/56119/2
Bartlomiej Grzelewski [Mon, 4 Jan 2016 12:26:44 +0000 (13:26 +0100)]
Fix file permissions.

Change-Id: I8aa70dd580c192d7ec5d2b28ebbcb3d1ee0193a3

8 years agoAdd license header on tests srcs 87/56087/2
Kyungwook Tak [Mon, 4 Jan 2016 07:46:57 +0000 (16:46 +0900)]
Add license header on tests srcs

Change-Id: I9603ef02dec7d541ab0cbd13768ebc8fb0bdc12b
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoAdd boost license 94/55594/1 accepted/tizen/mobile/20151230.112505 accepted/tizen/tv/20151230.112606 accepted/tizen/wearable/20151230.112703 submit/tizen/20151229.090334
Kyungwook Tak [Mon, 28 Dec 2015 05:31:32 +0000 (14:31 +0900)]
Add boost license

Change-Id: I08f4157f1653afb7afcc17741ca90892831b39fd
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoApply coding rule 15/54015/13
sangwan.kwon [Thu, 10 Dec 2015 04:49:43 +0000 (13:49 +0900)]
Apply coding rule

covered Tizen C++ coding rule list

 - [R06] : Do not unnecessarily use braces where a single statement will do.
- Exception: if one branch of a conditional statement is a single statement,
 use braces in both branches.

 - [M08] : Keywords have following space rules
- Put a space after (most) keywords
- example: if, switch, case, for, do, while
- Do not put a space after function like keywords
- example: sizeof, typeof, alignof, __attribute__

 - [M09] : Operators have following space rules
- Put a space around(on each side of) most binary and ternary operators
- Example : = + -< > * / % | & ^ <= >= == != ? :
- Do not put a space after unary operators
- Example: & * + -~ !
- Unary "++" and unary "--" are allowed no space on one side
- Do not put a space around the "." and "->" structure member operators.
- Do not put a space after cast operator

 - [M10] : Seperators have following space rules
- Put a space after closing brace when it has anything on the line.
- Exception : comma after closing brace '},‘
- Put a space after comma
- Do not put space inside parenthesis '(', ')‘
- Do not put space before open square bracket '[‘ and inside square bracket '[', ']‘

 - [M12] : Functions have the opening brace at the beginning of the next line.

 - [M13] : The open brace last on the line. The closing brace is empty on a line of its own
- Exception : else, whileshould follow close brace '}’

 - [M14] : Open braces for enum, union and structgo on the same line

Change-Id: I6e59513ba121a25222e6e626792b3e115ebec1d3
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
8 years agoChange exception type in db-crypto.cpp 88/52688/5
Bartlomiej Grzelewski [Wed, 25 Nov 2015 15:52:45 +0000 (16:52 +0100)]
Change exception type in db-crypto.cpp

Change-Id: I537d47a4d6cb4d632a46f0527be17108e1353b4a

8 years agoRemove duplicated entries in spec 64/53964/3
Krzysztof Jackiewicz [Thu, 10 Dec 2015 11:33:34 +0000 (12:33 +0100)]
Remove duplicated entries in spec

[Problem] Duplicated entries in spec.
[Solution] Removed.

[Verification] Successfull compilation. Run tests.

Change-Id: I2c356b854bee089dc3675b84d7ea32930192dbd1

8 years agoFix file copying in scheme test 63/53963/2
Krzysztof Jackiewicz [Mon, 7 Dec 2015 14:27:03 +0000 (15:27 +0100)]
Fix file copying in scheme test

[Problem] Wrong creation flag was used. Wrong owner used. Files not closed.
[Solution] Change files owner and fix the flag. Close descriptors.

[Verification] Run ckm-tests-internal  -t ENCRYPTION_SCHEME_TEST

Change-Id: I9289f231fc27ff863552c65a1f76627189ed5bdb

8 years agoRevert "Add PASSWORD_PROTECTION_DISABLE feature" 61/53961/1
Bartlomiej Grzelewski [Tue, 24 Nov 2015 14:50:44 +0000 (15:50 +0100)]
Revert "Add PASSWORD_PROTECTION_DISABLE feature"

This reverts commit c960d5d61979802933b7cc44b66a118b5861edf7.

Change-Id: Ia3225c3a460f48dde93a272e931f6a53d461f48c

8 years agochange log level to warning in case for the failure of FIPS_mode_set 51/53351/1
Dongsun Lee [Fri, 4 Dec 2015 07:05:34 +0000 (16:05 +0900)]
change log level to warning in case for the failure of FIPS_mode_set

Change-Id: Ia2f99bf55b118d0967c0eeb2af86f39a7b567596
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
8 years agoRemove digest implementation. 89/52989/2
Bartlomiej Grzelewski [Mon, 30 Nov 2015 15:42:53 +0000 (16:42 +0100)]
Remove digest implementation.

Change-Id: Ib4c38cae9370e3f39ffb59e9d7602238d178c849

8 years agoFix implementation of sw-backend. 76/52676/3
Bartlomiej Grzelewski [Wed, 25 Nov 2015 13:20:37 +0000 (14:20 +0100)]
Fix implementation of sw-backend.

sw-backend cound not depend from certificate-impl.h and key-impl.h.

Change-Id: I7826f0c94bf18d1ad92ac59820120b6ee45531eb

8 years agoDetailed documentation for encryption/decryption API 42/52642/2
Krzysztof Jackiewicz [Wed, 25 Nov 2015 09:19:17 +0000 (10:19 +0100)]
Detailed documentation for encryption/decryption API

[Problem] The encryption/decryption API documentation in header file wasn't
detailed enough.
[Solution] Add more more details.

[Verification] Rate intelligibility of documentation

Change-Id: I2695651928ccf294e94fed2e4c2d0a4019365582

8 years agoLicense date updated 74/52174/2
Krzysztof Jackiewicz [Thu, 19 Nov 2015 12:50:20 +0000 (13:50 +0100)]
License date updated

[Problem] Wrong date in LICENSE file
[Solution] Date fixed

[Verification] Compare with current year

Change-Id: Ia9a4d2da70d6f01d5f036c376e220b9637f81870

8 years agoConversion PEM -> DER moved to store. 83/52483/5
Bartlomiej Grzelewski [Mon, 23 Nov 2015 10:09:34 +0000 (11:09 +0100)]
Conversion PEM -> DER moved to store.

Change-Id: Ia748520a828f1dfcb3097dbde0ac28aaf22a8c52

8 years agoLoad app key when importing initial values 36/51436/12
Krzysztof Jackiewicz [Mon, 16 Nov 2015 14:18:01 +0000 (15:18 +0100)]
Load app key when importing initial values

[Problem] Missing app key.
[Solution] Fixed.

[Verification] Run tests

Change-Id: If1a156094bb81a349af41f077443c6503b9cea04

8 years agoEncrypted Initial Values: decrypting items from XML files. 11/44411/22
Maciej J. Karpiuk [Tue, 21 Jul 2015 12:53:27 +0000 (14:53 +0200)]
Encrypted Initial Values: decrypting items from XML files.

Change-Id: I08d53475401407c76d8aafbefc0b4d2f4fd82204

8 years agoEncrypted Initial Values: parsing key values. 73/44273/23
Maciej J. Karpiuk [Mon, 20 Jul 2015 09:31:29 +0000 (11:31 +0200)]
Encrypted Initial Values: parsing key values.

Change-Id: Iecebe5cba1ce716e43fff09ddc442a57dcfdf976

8 years agoEncrypted Initial Values: re-factoring the schema to support new requirements. 56/43856/23
Maciej J. Karpiuk [Tue, 14 Jul 2015 09:31:28 +0000 (11:31 +0200)]
Encrypted Initial Values: re-factoring the schema to support new requirements.

New requirements are: support for encrypting data and certificate objects.
This requires providing hybrid encryption: device key encrypts AES key, which
is used to encrypt the values.
Device key cannot directly encrypt values due to block size limitation of RSA OAEP algorithm.

Change-Id: I61f52bad74d7cf2f6018a1e0e38cc852a932619e

8 years agoAdd DataContainer class to contain data, its type and encryption details. 36/46636/16
Maciej J. Karpiuk [Mon, 24 Aug 2015 08:52:09 +0000 (10:52 +0200)]
Add DataContainer class to contain data, its type and encryption details.

[Problem] Encrypted data details are kept separately to the data.
[Solution] Store provides an interface to handle data, type and encryption details in a single object.

Change-Id: Ic35a0a6205670c2a41a183e56b884be87179ebab

8 years agoMove call to xmlCleanupParser 60/51860/6
Krzysztof Jackiewicz [Mon, 16 Nov 2015 13:57:49 +0000 (14:57 +0100)]
Move call to xmlCleanupParser

[Problem] xmlCleanupParser should be called only before program exit.
[Solution] Moved to global object constructor.

[Verification] Successfull compilation

Change-Id: Id2fedd8b99c9b598eaef14f7c12d37282e74814a

8 years agoCKMLogic will not depend from InitialValues. 91/52491/3
Bartlomiej Grzelewski [Mon, 23 Nov 2015 15:59:34 +0000 (16:59 +0100)]
CKMLogic will not depend from InitialValues.

Change-Id: I91ce4dcadd49ae813c1ca59418ea8f730110718b

8 years agoMerge "Add PASSWORD_PROTECTION_DISABLE feature" into tizen
Dongsun Lee [Tue, 24 Nov 2015 01:46:22 +0000 (17:46 -0800)]
Merge "Add PASSWORD_PROTECTION_DISABLE feature" into tizen

8 years agoAdd PASSWORD_PROTECTION_DISABLE feature 15/52215/1
Dongsun Lee [Fri, 20 Nov 2015 02:55:02 +0000 (11:55 +0900)]
Add PASSWORD_PROTECTION_DISABLE feature

Change-Id: I58a8bde0e4424168a61590d6a5f12fb8e28f50b2
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
8 years agoFix character trimming in xml parser 61/51861/4
Krzysztof Jackiewicz [Mon, 16 Nov 2015 14:06:48 +0000 (15:06 +0100)]
Fix character trimming in xml parser

[Problem] ASCII tag content is being trimmed and it shouldn't be.
[Solution] Don't trim tag content in Characters() callback. If trimming is
necessary it can be done in End() callback. Exception will be thrown only if
non-whitespace characters are found within tags that shouldn't have any
character content (InitialValueHandler, PermissionHandler).

[Verification] Run ckm-tests --group=T60_INITIAL_VALUES

Change-Id: I39a928bf15be29ade96986d619c9023fb4cd3234

8 years agoFix bug found by Klocwork 61/52161/1
Krzysztof Jackiewicz [Thu, 19 Nov 2015 10:43:20 +0000 (11:43 +0100)]
Fix bug found by Klocwork

[Problem] The command received from encryption service is deserialized into a
variable hiding function argument of the same name. Also the received command
was ignored.
[Solution] Check if received command is equal to requested one.

[Verification] Run ckm-tests --group=CKM_ENCRYPTION_DECRYPTION

Change-Id: I16e14dbc8497a9b6ea11d93c8c0a48071562d684

8 years agotry-catch enclosed to be exception safe of CAPI 37/51737/1
Kyungwook Tak [Fri, 13 Nov 2015 08:54:10 +0000 (17:54 +0900)]
try-catch enclosed to be exception safe of CAPI

Change-Id: I8c88402c6ed8f73bb1e5510389fec2aa07cfd48c
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoRemove MDFPP related code 63/51463/2
Kyungwook Tak [Tue, 10 Nov 2015 02:53:18 +0000 (11:53 +0900)]
Remove MDFPP related code

Change-Id: I4b2078f2f2ebc8ebbd31fb3b7995eb1807fc3a49
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
9 years agoProtocol refactoring. 45/40145/5
Bartlomiej Grzelewski [Mon, 26 Oct 2015 12:10:50 +0000 (13:10 +0100)]
Protocol refactoring.

Introduce CryptoAlgorithm in internal socket protocol.

Change-Id: I70000a05e0a47d2b12af9b11324adf67da0f5e22

9 years agoAdd encryption scheme tests 67/48667/21
Krzysztof Jackiewicz [Thu, 24 Sep 2015 09:21:03 +0000 (11:21 +0200)]
Add encryption scheme tests

[Problem] We need tests that will verify correctness of old and new encryption
scheme support.
[Solution] Tests added.

[Verification] Run ckm-tests-internal -t ENCRYPTION_SCHEME_TEST

Change-Id: I9f4e24a9e06684d401540646d5560287e35b828d

9 years agoUse exportable=true when reading certificate from db 68/48768/14
Krzysztof Jackiewicz [Tue, 29 Sep 2015 07:07:21 +0000 (09:07 +0200)]
Use exportable=true when reading certificate from db

[Problem] Key manager allows creating a cert chain from not exportable
certificates.
[Solution] CKMLogic::readCertificateHelper modified to use exportable flag
equal to 'true'.

[Verification] Run ckm-tests-internal -t ENCRYPTION_SCHEME_TEST

Change-Id: Ib13811282eb9d1267c26741a578d8c2111bdecbb

9 years agoReturn error if password is not empty and row is not password protected 74/48874/9
Krzysztof Jackiewicz [Thu, 1 Oct 2015 06:32:54 +0000 (08:32 +0200)]
Return error if password is not empty and row is not password protected

[Problem] If old scheme row is not password protected and the user tries to
read it with non empty password it will get reencrypted with this password.
[Solution] Throw an authentication exception if password is not empty and row
is not password protected.

[Verification] Run ckm-tests-internal -t ENCRYPTION_SCHEME_TEST/T120_Read_wrong_pass

Change-Id: I44b270dbbefd043b6efb9371f0d7a81c1b234b31

9 years agoModify encryption scheme 41/48541/19
Krzysztof Jackiewicz [Mon, 7 Sep 2015 11:19:54 +0000 (13:19 +0200)]
Modify encryption scheme

[Problem] Current encryption scheme makes it impossible to remove an entry
protected with custom user password from database.
[Solution] Encryption scheme modified. Store is responsible for encrypting data
with user password. Service encrypts it with app key. Data encrypted with old
scheme that is being read will be automatically reencrypted with new scheme.

[Verification] Run tests from upcoming commit:
ckm-tests-internal -t ENCRYPTION_SCHEME_TEST

Change-Id: I8ed514290d9e75bbc89d74b006939e3cbb0b8bd2

9 years agoAdd scheme encryption test db generator 66/48666/12
Krzysztof Jackiewicz [Thu, 24 Sep 2015 07:07:55 +0000 (09:07 +0200)]
Add scheme encryption test db generator

[Problem] A database filled with all kind of data is needed for encryption
scheme tests.
[Solution] Add tool that fills the database with different kinds of data.

[Verification] Run ckm-db-generator. Use ckm_db_tool 7654 db-pass to verify
that all types of data is present in db.

Change-Id: If2d912afdfe96a535df98c5a6c03a2acb1c84af5

9 years agoAdd support for binary data to GStore 17/48117/5
Krzysztof Jackiewicz [Mon, 14 Sep 2015 13:05:44 +0000 (15:05 +0200)]
Add support for binary data to GStore

[Problem] Binary data can be imported into store but can't be retrieved from
it.
[Solution] Introduce another intermediate class in GKey hierarhy to support
binary data.

[Verification] Run tests

Change-Id: I45bf5d0a81188f13b0925e982243fdf37b569529

9 years agoVersion 0.1.18 89/49689/1 accepted/tizen/mobile/20151019.074017 accepted/tizen/tv/20151019.074026 accepted/tizen/wearable/20151019.074043 submit/tizen/20151019.043615 submit/tizen_common/20151229.142028 submit/tizen_common/20151229.144031 submit/tizen_common/20151229.154344 submit/tizen_common/20151229.154718 tizen_3.0.m2.a1_mobile_release tizen_3.0.m2.a1_tv_release
Kyungwook Tak [Mon, 19 Oct 2015 04:28:30 +0000 (13:28 +0900)]
Version 0.1.18

Change-Id: I33e245d9b8b6b6ca81caa326d24e725c1821987b
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
9 years agoDon't check handle value when allocation 86/49686/1
Kyungwook Tak [Mon, 19 Oct 2015 02:43:03 +0000 (11:43 +0900)]
Don't check handle value when allocation

Change-Id: I3ab918652dc294107327bc3840bdd5c80bed0cc6
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
9 years ago[ACR-429]Remove/Deprecated get cert chain with alias 56/49556/1
Kyungwook Tak [Thu, 15 Oct 2015 05:01:13 +0000 (14:01 +0900)]
[ACR-429]Remove/Deprecated get cert chain with alias

Change-Id: Ib1f775c98c41ef89d10199c03d17a69b7be46008
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
9 years agoAdd gitignore file 55/49555/1
Kyungwook Tak [Thu, 15 Oct 2015 04:56:56 +0000 (13:56 +0900)]
Add gitignore file

Change-Id: I491e88d2454a672b77e207aaf95d945c0b464591
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
9 years agoVersion 0.1.17 23/49523/1 accepted/tizen/mobile/20151014.093603 accepted/tizen/tv/20151014.093615 accepted/tizen/wearable/20151014.093628 submit/tizen/20151014.083752
Kyungwook Tak [Wed, 14 Oct 2015 08:30:23 +0000 (17:30 +0900)]
Version 0.1.17

Change-Id: I93d81a35d0bf4fccb4cafbd823014cdeb4939192
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
9 years agoRemove warnings and performance problems reported by cppcheck. 10/49110/3
Bartlomiej Grzelewski [Tue, 6 Oct 2015 10:41:38 +0000 (12:41 +0200)]
Remove warnings and performance problems reported by cppcheck.

Change-Id: I6c39ff383a19554da5e9f875db51864e0e5941d0

9 years agoRemove symbol : ckmc_label_shared_owner 21/49521/1
Kyungwook Tak [Wed, 14 Oct 2015 08:01:41 +0000 (17:01 +0900)]
Remove symbol : ckmc_label_shared_owner

Change-Id: I40ba69c4e64ed7d5c1f7f9750b0a161adbd1aa15
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
9 years agoFix API description of set param functions 20/49520/1
Kyungwook Tak [Wed, 14 Oct 2015 07:58:23 +0000 (16:58 +0900)]
Fix API description of set param functions

 * Set -> Sets in @brief

Change-Id: Icb573f4f535d98acdd5061a7e473a30237b28f32
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
9 years agoAdjust API change request review result 18/48918/9
Kyungwook Tak [Thu, 1 Oct 2015 12:36:34 +0000 (21:36 +0900)]
Adjust API change request review result

 * remove useless const keyword in ckmc_create_key_aes
 * ckmc_generate_params allocates new ckmc_param_list_s inside of itself
 * ckmc_generate_params is renamed to ckmc_generate_new_params
 * ckmc_param_list_s is changed to ckmc_param_list_h (handle)
 * handle is structure pointer : typedef struct __ckmc_param_list *ckmc_param_list_h
 * ckmc_param_list_add_integer -> ckmc_param_list_set_integer
 * ckmc_param_list_add_buffer  -> ckmc_param_list_set_buffer

 * new line for too long description
 * use dot properly in description (Should not used in params and retvals)

Change-Id: I760465e1ae0d1665d596ff10d402c5f191a6f1d4
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
9 years agoFix spec file warnings & error after gbs build 11/46711/4
Kyungwook Tak [Tue, 25 Aug 2015 06:59:56 +0000 (15:59 +0900)]
Fix spec file warnings & error after gbs build

Change-Id: I48fa8e4392c2cb0cdf32f56299701ce420ba042e
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
9 years agoPrivilege are changed for ACR 19/47119/5
Dongsun Lee [Mon, 31 Aug 2015 04:11:58 +0000 (13:11 +0900)]
Privilege are changed for ACR

Change-Id: Icb7b4856cf8908b7b4eb030f15a3a3ef78666b8e
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
9 years agoAPI refactoring. 45/48445/3
Bartlomiej Grzelewski [Mon, 21 Sep 2015 11:17:00 +0000 (13:17 +0200)]
API refactoring.

CKM::Manager uses private implementation pattern.
Remove most of virtual methods from CKM::Manager.

Change-Id: I171083a6f81716dc78155242989dd97528079554

9 years agoRevert "Old privileges restored" 92/48392/1
Kyungwook Tak [Mon, 21 Sep 2015 07:05:48 +0000 (16:05 +0900)]
Revert "Old privileges restored"

This reverts commit 42a14dd9afaec7949cf4dec5d7be261a43b1e0a3.

Change-Id: Ibcea2dd233286e87cc7570f8cfa68e07b5a8e069

9 years agoFix support of new error code: CKM_API_ERROR_NOT_SUPPORT. 65/48365/2
Bartlomiej Grzelewski [Thu, 17 Sep 2015 14:58:30 +0000 (16:58 +0200)]
Fix support of new error code: CKM_API_ERROR_NOT_SUPPORT.

Change-Id: I59545191904fce8ee9258861a5a579308ae05216

9 years agoRevert "Add functions required during db debug." 36/47536/4
Krzysztof Jackiewicz [Fri, 4 Sep 2015 08:45:52 +0000 (10:45 +0200)]
Revert "Add functions required during db debug."

This reverts commit 4b4f7b9e045fadc3c5348e7ef8be628a742907e2.

Change-Id: Iac9f830b91a6ddfae1245a8b973ef51ed441738d

9 years agoRevert "Disable optional password protection temporary" 24/48124/2
Krzysztof Jackiewicz [Mon, 14 Sep 2015 15:28:23 +0000 (17:28 +0200)]
Revert "Disable optional password protection temporary"

This reverts commit ea896bbce6b7f21772de779faf0f0c29de845a24.

Change-Id: Iffa558fb3e9889acffb09d27d9b237b70cb01aea

9 years agoIgnore failing row decryption during data removal 23/48123/2
Krzysztof Jackiewicz [Mon, 14 Sep 2015 15:23:45 +0000 (17:23 +0200)]
Ignore failing row decryption during data removal

[Problem] When data is removed we don't know the custom user password used to
protect the row. The row decryption is performed with empty password and may
fail.
[Solution] Because row will be deleted we can ignore the failing decryption.
This is a temporary solution. It won't work for tz-store. The problem will be
fixed when new encryption is applied.

[Verification] Run TCT tests.

Change-Id: I9c24704a83c5511bd53218738460f2b546c3dd05

9 years agoMove encrypted/decrypted rows instead of copying 90/48090/1
Krzysztof Jackiewicz [Mon, 14 Sep 2015 08:02:08 +0000 (10:02 +0200)]
Move encrypted/decrypted rows instead of copying

[Problem] Rows are copied in CryptoLogic::decryptRow/encryptRow.
[Solution] Copying replaced with std::move

[Verification] Run tests

Change-Id: I362638d8981bbe8e511b417596f4cb67ae6f058e

9 years agoDisable optional password protection temporary 06/48006/1 tizen_3.0.m1_mobile tizen_3.0.m1_tv accepted/tizen/mobile/20150911.091458 accepted/tizen/tv/20150911.091520 accepted/tizen/wearable/20150911.091531 submit/tizen/20150911.030630 submit/tizen_common/20151015.190624 submit/tizen_common/20151019.135620 submit/tizen_common/20151023.083358 submit/tizen_common/20151026.085049 tizen_3.0.m1_mobile_release tizen_3.0.m1_tv_release
Kyungwook Tak [Fri, 11 Sep 2015 03:01:42 +0000 (12:01 +0900)]
Disable optional password protection temporary

couldn't remove data which is protected by optional password

Change-Id: I0a0e67ddcf40bd0d0f90585d58469a950317a6f0
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
9 years agoSecure control socket with DAC = 0700 79/47179/4
Bartlomiej Grzelewski [Mon, 31 Aug 2015 15:15:41 +0000 (17:15 +0200)]
Secure control socket with DAC = 0700

Only root should be able to connect and use this socket.

Change-Id: I903de6f55e34c8a9fb8dbdbe99108ab501769f6e

9 years agoAdd cynara mockup. 73/47773/3
Bartlomiej Grzelewski [Tue, 8 Sep 2015 15:39:02 +0000 (17:39 +0200)]
Add cynara mockup.

Change-Id: If423f8f88546f551ca35f849371343a37b46fe21

9 years agoVersion 0.1.16 35/47735/1 accepted/tizen/mobile/20150908.231847 accepted/tizen/tv/20150908.231908 accepted/tizen/wearable/20150908.231855 submit/tizen/20150908.100356
Krzysztof Jackiewicz [Tue, 8 Sep 2015 08:38:56 +0000 (10:38 +0200)]
Version 0.1.16

Change-Id: I123912571e4776580e2008bae362a75fc3672ae2

9 years agoOld privileges restored 44/47644/6
Kyungwook Tak [Mon, 7 Sep 2015 11:31:26 +0000 (20:31 +0900)]
Old privileges restored

Change-Id: I62335aa31fa14bf2712a72605c97ad5e9fed8a09
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
9 years agoIntegration with cynara. 38/42538/14
Bartlomiej Grzelewski [Tue, 1 Sep 2015 13:23:52 +0000 (15:23 +0200)]
Integration with cynara.

Change-Id: I75f727890d37b39e7054db4c68baad922eef1fc3

9 years agoAdd a tool for accessing encrypted database 51/47251/5
Krzysztof Jackiewicz [Tue, 1 Sep 2015 11:05:10 +0000 (13:05 +0200)]
Add a tool for accessing encrypted database

[Problem] No way of debugging an encrypted database
[Solution] Tool added

[Verification] Run:
ckm_db_tool
ckm_db_tool 0
ckm_db_tool 0 <sql_command>
ckm_db_tool <uid> <password>
    > .tables
    > .schema
    > <sql_command>
    > help
    > exit
ckm_db_tool <uid> <password> <sql_command>

Change-Id: I87662831808b0397b01db1e54c38b4dc4ad69129

9 years agoReimplement security-manager mockup. 66/46866/4
Bartlomiej Grzelewski [Wed, 26 Aug 2015 11:35:19 +0000 (13:35 +0200)]
Reimplement security-manager mockup.

New version of mockup will try to translate smack label into
pkgId by removing prefix "User::App::".

Change-Id: I54316ec1c8e8061cedf09f19016576d202e1e9f1

9 years agoAdd mockup for security-manager. 27/46727/3
Bartlomiej Grzelewski [Mon, 24 Aug 2015 09:39:02 +0000 (11:39 +0200)]
Add mockup for security-manager.

Security-manager mockup should be used with unit-tests.
CKM compilation with mockup:
gbs lb -A i586 --define "build_type DEBUG" --define "mockup_sm ON"

Note: It's not possible to compile RELEASE version of CKM with mockup.

Change-Id: I793ec55010b3826dd9d4157ce4e33f555dee14c0

9 years agoReplace smack label with pkgId. 87/46187/6
Bartlomiej Grzelewski [Mon, 17 Aug 2015 12:31:36 +0000 (14:31 +0200)]
Replace smack label with pkgId.

Change-Id: I2775a65349bf2103cf7de4702572b031244d9f28

9 years agoCheck platform feature(network) before check ocsp 06/46706/1
Kyungwook Tak [Tue, 25 Aug 2015 00:04:51 +0000 (09:04 +0900)]
Check platform feature(network) before check ocsp

Change-Id: I87c60238b0a1c67c853a5d60f635162bf9375e71
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>