platform/core/security/key-manager.git
4 years agoImprove KeyProvider tests 42/238842/2
Krzysztof Jackiewicz [Fri, 17 Jul 2020 20:32:21 +0000 (22:32 +0200)]
Improve KeyProvider tests

More negative tests added. Existing tests refactored and fixed where necessary.
Redundant check removed from KeyProvider ctor.

Change-Id: I5210c0f4c79851543c0f9dcb532a30aa7dc8168f

4 years agoRemove KeyProvider lib initialization from tests 41/238841/2
Krzysztof Jackiewicz [Fri, 17 Jul 2020 14:57:46 +0000 (16:57 +0200)]
Remove KeyProvider lib initialization from tests

It's a NOOP on tizen.org.

Change-Id: I915bba5e55a6f21925c363687b1990d24bf2f2cf

4 years agoAdd negative forEachFile tests 12/238812/2
Krzysztof Jackiewicz [Fri, 17 Jul 2020 12:11:56 +0000 (14:11 +0200)]
Add negative forEachFile tests

Change-Id: Ic4869009234676967e3571868ad2fa1e1d950c6a

4 years agoException tests refactoring 09/238809/2
Krzysztof Jackiewicz [Fri, 17 Jul 2020 11:52:17 +0000 (13:52 +0200)]
Exception tests refactoring

* Positive tests merged into one.
* Macros replaced with templates.
* Missing exceptions added.

Change-Id: Ia2da4262e874119a70940c1005d7c018aea9641b

4 years agoAdd negative DescriptorSet tests 04/238804/2
Krzysztof Jackiewicz [Fri, 17 Jul 2020 10:12:29 +0000 (12:12 +0200)]
Add negative DescriptorSet tests

Change-Id: Idfb7dcd64c17aab418380a8fdb5b807a67710239

4 years agoMove db perf tests to a separate exec 27/238627/2
Krzysztof Jackiewicz [Wed, 15 Jul 2020 19:25:26 +0000 (21:25 +0200)]
Move db perf tests to a separate exec

Performance tests are not unit tests and do not improve code coverage. Also
they are all "positive". This commit moves them to a separate binary.

Also fixed performance calculation and few other minor issues.

Code slightly refactored.

Change-Id: Ifcf2463be28001a0e88e5127dd95ee081771382a

4 years agoImprove DB::Crypto negative test ratio 26/238626/1
Krzysztof Jackiewicz [Wed, 15 Jul 2020 14:57:51 +0000 (16:57 +0200)]
Improve DB::Crypto negative test ratio

Redundant positive tests removed.
Negative constructor tests added.

Change-Id: Ic1c2d30d4121c4e901485cae63cb7a203865af7d

4 years agoGet rid of the openssl 1.0.2 specific code 11/238511/1
Krzysztof Jackiewicz [Tue, 14 Jul 2020 16:21:34 +0000 (18:21 +0200)]
Get rid of the openssl 1.0.2 specific code

Also move entropy initialization to key-manager-main.cpp where it is used.

Change-Id: I187c76565b3864b6042a31a6eb71ac5921dc1ffd

4 years agoMake BeginTransaction exclusive and use it 10/238510/1
Krzysztof Jackiewicz [Tue, 14 Jul 2020 15:32:32 +0000 (17:32 +0200)]
Make BeginTransaction exclusive and use it

Change-Id: Ie37fb0a36c25079eadab374093065f1e466d22f9

4 years agoRemove unused SqlConnection::DataCommand::Reset 09/238509/1
Krzysztof Jackiewicz [Tue, 14 Jul 2020 15:31:44 +0000 (17:31 +0200)]
Remove unused SqlConnection::DataCommand::Reset

Change-Id: Ib4279ccd14c6066efc980ec00bd63e76b699ca6a

4 years agoImprove DB::Crypto code coverage 12/238412/2
Krzysztof Jackiewicz [Tue, 7 Jul 2020 07:14:35 +0000 (09:14 +0200)]
Improve DB::Crypto code coverage

Change-Id: I0fcb65833641ef75ab2af3c265e15df4d45231b6

4 years agoReturn if there are no rows to save 08/238508/1
Krzysztof Jackiewicz [Tue, 14 Jul 2020 14:35:48 +0000 (16:35 +0200)]
Return if there are no rows to save

Before this change, an attempt to save an empty list of objects would populate
the NAME and PERMISSIONS table but insert no objects into the OBJECTS table.

Change-Id: I08a2b68831ed51564e43ef4a01fca28d2c789641

4 years agoRemove unused DB::Crypto methods 13/237913/5
Krzysztof Jackiewicz [Mon, 6 Jul 2020 10:55:32 +0000 (12:55 +0200)]
Remove unused DB::Crypto methods

Change-Id: Ie9f54b02736f1eebd72a496f87e250bbdd48b7aa

4 years agoAdd unit tests related to Pkcs 12 02/237602/6
Krzysztof Jackiewicz [Wed, 1 Jul 2020 20:53:14 +0000 (22:53 +0200)]
Add unit tests related to Pkcs 12

* Implement unit tests.
* Add p12 test files for different types of keys.
* Slightly refactor PKCS12Serializable API.

Change-Id: I87e4d9ee50e75aff8cc4e042bb239983a1f3c4d9

4 years agoSW backend unit tests 78/235778/14
Krzysztof Jackiewicz [Tue, 9 Jun 2020 16:27:23 +0000 (18:27 +0200)]
SW backend unit tests

Also:
* Hide SW::Internals functions unused outside and add few asserts.
* Add missing openssl errors.
* Properly handle rsa encryption output.
* Properly handle missing asymmetric key.
* Old partial tests replaced.
* Minor code cleanup.

Change-Id: I1f83f6dc6bcdc99708b2f1f081b4be6fef8a4b08

4 years agoUnwrap 4 lines in SW::Internals to make them covered 66/237366/2
Krzysztof Jackiewicz [Mon, 29 Jun 2020 16:33:32 +0000 (18:33 +0200)]
Unwrap 4 lines in SW::Internals to make them covered

Seriously.

Also remove one duplicated line exposed thanks to the lcov flaw.

Change-Id: If2c9ac01db6bbccf2e30a7d9ccecfbda9c2994ee

4 years agoInstall all source files with coverage package 65/237365/2
Krzysztof Jackiewicz [Mon, 29 Jun 2020 16:09:33 +0000 (18:09 +0200)]
Install all source files with coverage package

We only need to calculate code coverage for code in src subdirectory. However,
if unit-tests sourcess are not provided, the lcov fails to notice some of the
covered code paths in header files.

This commit installs all the sources, but removes irrelevant ones from the
report. It adds ~ +5% and +10% to line and function coverage respectively.

Change-Id: If17259ee4b8b76b8c7060c8d49ec92577d997eaf

4 years agoCoverage only mode 68/235868/3
Krzysztof Jackiewicz [Fri, 22 May 2020 14:47:26 +0000 (16:47 +0200)]
Coverage only mode

Additional "COVERAGE_ONLY" build type for skipping key-manager binaries and
RPMs. Translates to debug build with additional "coverage_only" flag.

Build key-manager with --define "build_type COVERAGE_ONLY".

Change-Id: I1e4a762b14d611ea6ad170f8b63f13af541fd8b1

4 years agoRemove key-manager requirement from unit tests 15/236215/1
Krzysztof Jackiewicz [Mon, 15 Jun 2020 15:06:26 +0000 (17:06 +0200)]
Remove key-manager requirement from unit tests

Unit tests package does not require key-manager anymore.

Change-Id: Ia9de48c188b4b9ca63cc53721c58f25ccc4ec4fc

4 years agoAutomate code coverage measurement 67/235867/2
Krzysztof Jackiewicz [Fri, 22 May 2020 14:47:26 +0000 (16:47 +0200)]
Automate code coverage measurement

* Unit-tests built and linked with coverage flags in debug mode only.
* Separate rpm for code coverage built in debug mode only, including:
** All the *.cpp and *.h files in /home/abuild/... in case lcov needs them
   (missing files issue).
** All the key-manager's *.gcno files produced during compilation
   (test/tools/misc files skipped).
** A helper script taking care of whole code coverage measurement, that is:
*** Removing old *.gcda files.
*** Launching internal test.
*** Gathering runtime *.gcda files.
*** Preparing a report with lcov. Fails if any error or warning is reported
    (e.g. a missing file warning). Files external to the project are excluded.
*** Preparing an html report based on lcov output.

Usage:
* Build key-manager in debug mode mode.
* Install the key-manager-unit-tests and key-manager-coverage RPMs.
* Execute ckm-coverage.sh to produce lcov html report.

Change-Id: I5118b8ffba05e40d05e732c5162bd924a2f24120

4 years agoImprove KeyImpl & KeyAesImpl code coverage 73/235573/7
Krzysztof Jackiewicz [Fri, 5 Jun 2020 19:50:34 +0000 (21:50 +0200)]
Improve KeyImpl & KeyAesImpl code coverage

Also unify key API.

KeyAesImpl() will now return an empty object instead of throwing. This will
unify the error code returned for symmetric and asymmetric keys from
ckmc_get_key(). It will also fix asynchronous C++ API. Observer will receive
an empty key instead of not being called at all.

Unify the type returned from empty keys. C++ API is a platform one and
getType() function is not used in tizen.org according to CodeGrok.

Change-Id: I7de8f32dfe59b1c5af441dfb9a0b8bee5c0d0bcf

4 years agoReorganize project structure and RPM packages 36/234236/12
Krzysztof Jackiewicz [Fri, 22 May 2020 14:47:26 +0000 (16:47 +0200)]
Reorganize project structure and RPM packages

* Internal tests package and binary renamed.
* Scheme test moved to a separate binary as they are not actual unit tests.
  They use internal API, client library and need a running server. These tests
  should be rewritten.
* New key-manager-misc RPM containing scheme test binary and helper tools.
* Project structure reorganized to better fit rpm packages.
* CMakeFiles.txt refactoring.

Change-Id: I4875f0a7189a960f193747591cc917fd5b9e2799

4 years agoUpdate DataType unit-tests 30/232730/2
Krzysztof Jackiewicz [Thu, 7 May 2020 09:18:02 +0000 (11:18 +0200)]
Update DataType unit-tests

Change-Id: I1a15e4fa665fc8be551eea23bb997bd4aa869c82

4 years agoRefactor DataType related code 22/232722/6
Krzysztof Jackiewicz [Thu, 7 May 2020 08:27:08 +0000 (10:27 +0200)]
Refactor DataType related code

* Remove unnecessary DataType methods.
* Remove unnecessary Type enumeration scope.
* Make DataType serializable to avoid static casts.
* Use DataType checker methods instead of explicit DataType::Type comparison.

Change-Id: I01dc355050326ad1e40c34c869acbc07613c57db

4 years agoDon't return command in client-server communication 46/233046/3
Krzysztof Jackiewicz [Mon, 11 May 2020 18:49:53 +0000 (20:49 +0200)]
Don't return command in client-server communication

Client already has an id of the message sent to the server. There's no
point in returning the command from server and checking in on the
client's side.

* Stop returning command from server.
* Stop receiving and checking the command in the client.
* Unify naming.

Change-Id: I74bde065c5edcf414820b9c398d18e6bc0d299dd

4 years agoFix async symmetric key getter 26/233026/1
Krzysztof Jackiewicz [Mon, 11 May 2020 09:22:05 +0000 (11:22 +0200)]
Fix async symmetric key getter

Symmetric keys were not properly returned to the caller.

Change-Id: Ibe0f6a98d57250f8d29cde8b16abce0270fb59b3

4 years agoRelease 0.1.38 90/230290/1 accepted/tizen_6.0_unified_hotfix tizen_6.0_hotfix accepted/tizen/6.0/unified/20201030.115139 accepted/tizen/6.0/unified/hotfix/20201103.003619 accepted/tizen/unified/20200410.122750 submit/tizen/20200409.195446 submit/tizen_6.0/20201029.205104 submit/tizen_6.0_hotfix/20201102.192504 submit/tizen_6.0_hotfix/20201103.114804 tizen_6.0.m2_release
Krzysztof Jackiewicz [Thu, 9 Apr 2020 07:08:43 +0000 (09:08 +0200)]
Release 0.1.38

* Annotate fallthru switch statements

Change-Id: I03b7eb50af98adbbb51581769bf59c2ab8d3d22d

4 years agoAnnotate fallthru switch statements 57/230057/2
Konrad Lipinski [Tue, 7 Apr 2020 11:17:21 +0000 (13:17 +0200)]
Annotate fallthru switch statements

As of gcc 7:
* -Wimplicit-fallthrough is enabled via -Wextra
* the standard statement attribute [[fallthrough]] is supported

Change-Id: Iea6809980b5cb6c9abe28cbded74bcaa8997650d

4 years agoRelease 0.1.37 49/229249/1 accepted/tizen/unified/20200402.155653 submit/tizen/20200330.133957
Dariusz Michaluk [Mon, 30 Mar 2020 13:19:19 +0000 (15:19 +0200)]
Release 0.1.37

* Switch to sqlcipher library
* [NOT COMPILING] Append 4.3.0 dbdump.c to sqlcipher
* [NOT COMPILING] Replace sqlcipher with upstream 4.3.0
* Improve CryptoLogic tests code coverage
* Relax FileSystem::removeUserData and check its return value
* Properly report unaught exceptions in latest boost test
* Add negative CommunicationManager test
* Refactor BinaryQueue and tests
* Replace dpl asserts with libc ones
* Implement negative cert tests
* Categorize tests into positive and negative

Change-Id: Ic15444e23a95e1f40a78a19c51613ea05af57857

4 years agoSwitch to sqlcipher library 99/227099/27
Konrad Lipinski [Thu, 21 Nov 2019 15:51:31 +0000 (16:51 +0100)]
Switch to sqlcipher library

Prior to this change, a modified sqlcipher 1.1.9 amalgamation bundled
with key-manager was being used. A push to externalize sqlcipher has
emerged as a result of wise men running SAM (a metrics tool) on the
entire key-manager repo to find that a 130k loc file scores badly.

Problem is, the bundled 1.1.9 sqlcipher had meta-tables renamed as
a result of an oversight, ex. sqlite_master was renamed to
sqlcipher_master. Result: binary incompatibility with upstream.
Running upstream sqlcipher on our legacy db files was found to corrupt
the files after running a single query.

Backward compatibility with existing db files is achieved by:
* bundling sqlcipher 4.3.0 amalgamation with key-manager
* renaming meta tables in the bundled sqlcipher so it's capable of
  opening legacy db files
* adding a textual sql db dump functionality to the bundled sqlcipher,
  based on an upstream extension; it would not work correctly with
  1.1.9, thus the bump to upstream version 4.3.0
* correcting meta table names on the fly when dumping, for instance
  printing sqlite_sequence instead of sqlcipher_sequence
* keeping legacy db filenames as db-$uid
* introducing upstream db filenames as db0-$uid
* converting legacy db files to upstream by using sql dumps of legacy
  files to seed freshly created upstream files
* removing respective legacy files after successful conversion

The bundled amalgamation is factored out into a separate .so library
exporting only one function: dumpLegacyDb. The library is huge and never
needed once the initial conversion is done, thus dlopen/dlsym/dlclose
are employed to mitigate the overhead.

Room for improvement:
* sqlcipher_master meta table contains arbitrary sql that is output
  verbatim when dumping; I have not been able able to prove that those
  statements are free of misnamed meta table references; key-manager
  database dumps appear to be clean
* the entire thing seems fragile; author of the upstream sql dump code
  very nearly disclaims responsibility for its correctness so I believe
  I should too; no sqlcipher tests were imported, just the amalgamation;
  however, a few migration tests were added to ckm-tests-internal
* as before, no additional preprocessor definitions were specified when
  compiling bundled amalgamation; it may be possible to make the
  resulting binary leaner by judicious use of optimization options;
  regardless, that falls out of scope of this change, i.e. doing the
  bare minimum to make things work
* the current solution is unlikely to satisfy the SAM crowd - the
  amalgamation is still here and it's grown to 230k loc

Change-Id: Ia6b25e29151f7957598b68657d083c064cc44ac9

4 years ago[NOT COMPILING] Append 4.3.0 dbdump.c to sqlcipher 60/227960/10
Konrad Lipinski [Tue, 17 Mar 2020 11:17:47 +0000 (12:17 +0100)]
[NOT COMPILING] Append 4.3.0 dbdump.c to sqlcipher

Change-Id: Ic397ecd980e61dd03c12eb8ca68063ebdd4c9272

4 years ago[NOT COMPILING] Replace sqlcipher with upstream 4.3.0 59/227959/10
Konrad Lipinski [Tue, 17 Mar 2020 11:10:54 +0000 (12:10 +0100)]
[NOT COMPILING] Replace sqlcipher with upstream 4.3.0

Change-Id: I4340f95a11afdcd06263c7eb73a5530c4210171f

4 years agoImprove CryptoLogic tests code coverage 75/228975/4
Krzysztof Jackiewicz [Thu, 26 Mar 2020 20:10:05 +0000 (21:10 +0100)]
Improve CryptoLogic tests code coverage

Change-Id: I14d50f0269166931e7d4b9a7591c8186eff7d16a

4 years agoRelax FileSystem::removeUserData and check its return value
Konrad Lipinski [Fri, 27 Mar 2020 10:47:39 +0000 (11:47 +0100)]
Relax FileSystem::removeUserData and check its return value

Said function no longer returns errors on ENOENT.

Change-Id: I10051ab71028d02b5c6708e20f1f91b45ff67457

4 years agoProperly report unaught exceptions in latest boost test 62/229062/1
Krzysztof Jackiewicz [Fri, 27 Mar 2020 10:51:53 +0000 (11:51 +0100)]
Properly report unaught exceptions in latest boost test

Change-Id: Ib9a517bf88f56aa7fddb3d0260282d62f0af7888

4 years agoAdd negative CommunicationManager test 97/228797/2
Krzysztof Jackiewicz [Wed, 25 Mar 2020 15:31:51 +0000 (16:31 +0100)]
Add negative CommunicationManager test

Invalid usage simply won't compile. Not much that can be done to reach the 50%
ratio except for merging all positive tests into one.

Change-Id: I99b8b97397a7d4ccdf762fc96dbf7d8648ad9a17

4 years agoRefactor BinaryQueue and tests 63/227963/13
Krzysztof Jackiewicz [Tue, 17 Mar 2020 12:56:58 +0000 (13:56 +0100)]
Refactor BinaryQueue and tests

- Increase code coverage by removing code
- Check NULL/0 argument values
- Simplify buckets
- Adjust tests
- 50% negative tests

Change-Id: I39bc58b0809798313a26cf13a35668028bbf3be4

4 years agoReplace dpl asserts with libc ones 80/228680/3
Krzysztof Jackiewicz [Tue, 24 Mar 2020 16:32:26 +0000 (17:32 +0100)]
Replace dpl asserts with libc ones

- Libc asserts were already used in few places. Now it's unified.
- Libc asserts are disabled in release builds unlike dpl ones.
- Code coverage is improved.

Change-Id: Ie241b997433b2286d1b6c3f5e24571af5bf5809f

4 years agoImplement negative cert tests 40/228540/1
Krzysztof Jackiewicz [Mon, 23 Mar 2020 19:44:41 +0000 (20:44 +0100)]
Implement negative cert tests

- 50% negative tests for CertificateImpl
- Positive OCSP test updated
- Minor changes in CertificateImpl

Change-Id: I6bdb9e6140694357cba93b8efe26f622744ce927

4 years agoCategorize tests into positive and negative 33/227833/5
Krzysztof Jackiewicz [Mon, 16 Mar 2020 14:54:45 +0000 (15:54 +0100)]
Categorize tests into positive and negative

Wise men said:
"Thou shalt not covet positive tests more than the negative ones"

To easily distinguish between positive and negative tests their names will be
prefixed with "POSITIVE_" and "NEGATIVE_" string respectively.

Boost test macros wrappers included.

Existing tests have been categorized.

Change-Id: Ifb21077437ebf82d2a2f4b4c70c53ab61b320c49

4 years agoRelease 0.1.36 21/228021/2 submit/tizen/20200318.082708
Tomasz Swierczek [Wed, 18 Mar 2020 07:03:36 +0000 (08:03 +0100)]
Release 0.1.36

* Fixed build break in some environments
* Store DB::Crypto::m_connection as unique_ptr
* Move to -std=c++14

Change-Id: I8a1982b8f4f22f22ce5a460f4a85f2e7197a3637

4 years agoFix build break 20/228020/2
Tomasz Swierczek [Wed, 18 Mar 2020 06:52:14 +0000 (07:52 +0100)]
Fix build break

Previously, log_build_info was not having additional bool parameter.

When new parameter was added, new function was added that overridden
previous one but had no chance of being properly used (ambiguity
introduced). This failed at compile time in some envs, depending on
options used.

Change-Id: Icb8ffeae5c0c51bca2e9a6f2a0956fc6fe1590ec

4 years agoStore DB::Crypto::m_connection as unique_ptr 70/227970/1
Konrad Lipinski [Tue, 17 Mar 2020 16:31:45 +0000 (17:31 +0100)]
Store DB::Crypto::m_connection as unique_ptr

Change-Id: I289c8c7c62af72ae34ac1692f89af1d2bfd813f6

4 years agoMove to -std=c++14 58/227958/2
Konrad Lipinski [Tue, 17 Mar 2020 11:09:20 +0000 (12:09 +0100)]
Move to -std=c++14

Change-Id: Id2f9eaa0ab2237aa8a8da379949cd239ec69d565

4 years agoRelease 0.1.35 27/223527/1 accepted/tizen/unified/20200131.050503 submit/tizen/20200130.113336
Tomasz Swierczek [Thu, 30 Jan 2020 11:31:20 +0000 (12:31 +0100)]
Release 0.1.35

* Fix build break with boost 1.71.0

Change-Id: Ib4ea4024a5751d78bed1effd6c52753a333cd985

4 years agoFix build break with boost 1.71.0 01/223501/2
Tomasz Swierczek [Thu, 30 Jan 2020 09:05:39 +0000 (10:05 +0100)]
Fix build break with boost 1.71.0

Change-Id: I539f28540d327b4cd87a63f39b84a2a36a35e34a

4 years agoRelease 0.1.34 78/222478/1 accepted/tizen/unified/20200116.101956 submit/tizen/20200115.083445
Tomasz Swierczek [Wed, 15 Jan 2020 08:33:24 +0000 (09:33 +0100)]
Release 0.1.34

* Fix build for gcc 9
* Fix documentation error(This function points to itself in the @see tag)

Change-Id: Ica82caa211fa8005183a1834f860aff6b42ad3c0

4 years agoFix build for gcc 9 04/222204/3
Tomasz Swierczek [Fri, 10 Jan 2020 09:11:23 +0000 (10:11 +0100)]
Fix build for gcc 9

Change-Id: I2d5eb654f7e7ab6fa9145d902542b5fe1984da64

4 years agoFix documentation error(This function points to itself in the @see tag) 61/218861/1
Dongsun Lee [Fri, 29 Nov 2019 02:42:59 +0000 (11:42 +0900)]
Fix documentation error(This function points to itself in the @see tag)

Change-Id: I464677cf7e23d41a133e3ea83a71754a17ca8541
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
4 years agoRelease 0.1.33 accepted/tizen/unified/20191125.135522 submit/tizen/20191121.085900 submit/tizen/20191125.082655
Tomasz Swierczek [Thu, 21 Nov 2019 08:56:55 +0000 (09:56 +0100)]
Release 0.1.33

* Implement asymmetric key initial value import
* Add key-manager script for platform upgrade
* Make some single arg constructors explicit
* Refactor Decider, route all encrypted storage to tz backend
* Devirtualize DescriptorSet
* Refactor RawBuffer hex dumps
* ckmc_alias_new: replace str* calls with memcpy
* [ocsp] Fix static string length calculation
* Improve ckm deserialization errors detection
* Treat pwd data deserialization as an error

Change-Id: I60f2fe6d0a3d539e2a63743f9b3a61ae31287bd9

4 years agoImplement asymmetric key initial value import 56/216256/2
Konrad Lipinski [Tue, 22 Oct 2019 16:52:52 +0000 (18:52 +0200)]
Implement asymmetric key initial value import

Change-Id: I0f5e4ab9b156abc3ab97a59f32b4adef9779eb98

5 years agoAdd key-manager script for platform upgrade 11/216711/1 accepted/tizen/unified/20191106.124739 submit/tizen/20191105.052254
Dongsun Lee [Thu, 31 Oct 2019 04:24:46 +0000 (13:24 +0900)]
Add key-manager script for platform upgrade

Change-Id: Icd62bd0f79ba7accab6acd5ee5e5527eac580fb8
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
5 years agoMake some single arg constructors explicit 16/214616/4
Konrad Lipinski [Tue, 24 Sep 2019 14:45:41 +0000 (16:45 +0200)]
Make some single arg constructors explicit

Change-Id: Id5023fef37dd0b84a83a90fb0a3c52b0be31974c

5 years agoRefactor Decider, route all encrypted storage to tz backend 77/214377/4
Konrad Lipinski [Fri, 20 Sep 2019 13:48:03 +0000 (15:48 +0200)]
Refactor Decider, route all encrypted storage to tz backend

Change-Id: Iaf00f5a2a09792586f59fbc726c22fcccbb8ca7d

5 years agoDevirtualize DescriptorSet 19/214619/4
Konrad Lipinski [Tue, 24 Sep 2019 12:58:06 +0000 (14:58 +0200)]
Devirtualize DescriptorSet

Change-Id: I985ab5279078ffde6686390a1d3284a3e93ff92d

5 years agoRefactor RawBuffer hex dumps 17/214617/2
Konrad Lipinski [Tue, 24 Sep 2019 14:36:36 +0000 (16:36 +0200)]
Refactor RawBuffer hex dumps

Change-Id: I2d52c63c908e3a69c8de5f20e275fecda0165a66

5 years agockmc_alias_new: replace str* calls with memcpy 18/214618/2
Konrad Lipinski [Tue, 24 Sep 2019 13:11:32 +0000 (15:11 +0200)]
ckmc_alias_new: replace str* calls with memcpy

Change-Id: I7b8d340f7ce2ce1f5867065cf65650733ef1c44a

5 years ago[ocsp] Fix static string length calculation 20/214620/1
Konrad Lipinski [Tue, 24 Sep 2019 12:40:58 +0000 (14:40 +0200)]
[ocsp] Fix static string length calculation

Change-Id: I13d6c6f825a9340bfd54462d7d6c9cbd46008dd2

5 years agoImprove ckm deserialization errors detection 63/213463/4
Alicja Kluczek [Tue, 3 Sep 2019 10:10:13 +0000 (12:10 +0200)]
Improve ckm deserialization errors detection

Add a check to TZSerializableBinary::Deserialize making sure
that deserialized buffer has adequate size.
    * In case of fixed-size data, buffer size should be equal to the
      size given in constructor.
    * In case of variable-size data, buffer size should be less or equal
      to the size given in constructor.

Change-Id: Ie0f80169adb8b758cb7aa2370551bd30410dc8b0

5 years agoTreat pwd data deserialization as an error 60/213260/1
Krzysztof Jackiewicz [Tue, 3 Sep 2019 09:33:13 +0000 (11:33 +0200)]
Treat pwd data deserialization as an error

The KM_PwdData structure keeps an authentication data needed to access
an item on the TA side. As such it should only be transferred from
key-manager to the TA.

Expecting such structure in an output buffer of the TA command
execution is a programmer error. It is now dealt with accordingly.

Change-Id: I209957a05700052eefc694d82b881c8aae96abb5

5 years agoRelease 0.1.32 41/212841/1 accepted/tizen_5.5_unified accepted/tizen_5.5_unified_mobile_hotfix accepted/tizen_5.5_unified_wearable_hotfix tizen_5.5_mobile_hotfix tizen_5.5_tv tizen_5.5_wearable_hotfix accepted/tizen/5.5/unified/20191031.022623 accepted/tizen/5.5/unified/mobile/hotfix/20201027.090416 accepted/tizen/5.5/unified/wearable/hotfix/20201027.113058 accepted/tizen/unified/20190830.052632 submit/tizen/20190827.083251 submit/tizen_5.5/20191031.000004 submit/tizen_5.5_mobile_hotfix/20201026.185104 submit/tizen_5.5_wearable_hotfix/20201026.184304 tizen_5.5.m2_release
Tomasz Swierczek [Tue, 27 Aug 2019 08:23:55 +0000 (10:23 +0200)]
Release 0.1.32

* Change serialization in TZ backend to match km-ta changes
* Refactoring central-key-manager.service and central-key-manager-OOO.socket
* Assume http if no protocol is given in proxy url

Change-Id: I6ee197d13561231aed8f584463397b088456e1f1

5 years agoChange serialization in TZ backend to match km-ta changes 24/211824/7
Tomasz Swierczek [Mon, 5 Aug 2019 14:47:47 +0000 (16:47 +0200)]
Change serialization in TZ backend to match km-ta changes

Changed functions:

* CMD_GENERATE_KEY
* CMD_ENCRYPT
* CMD_DECRYPT
* CMD_SIGN
* CMD_VERIFY
* CMD_GENERATE_IV
* CMD_GENERATE_KEY_PWD
* CMD_DESTROY_KEY

Change-Id: I3d4789b895ca66245f1e700a98f177f56e7a3e28

5 years agoRefactoring central-key-manager.service and central-key-manager-OOO.socket 54/210654/3
INSUN PYO [Tue, 23 Jul 2019 11:11:59 +0000 (20:11 +0900)]
Refactoring central-key-manager.service and central-key-manager-OOO.socket

 - "central-key-manager.target" is a typo mistaken for "central-key-manager.service"
 - All four sockets are required for central-key-manager.service. So, "Requires=OOO.socket" must be in central-key-manager.service.
 - "Sockets=" in the central-key-manager.service is replaced by "Requires=OOO.socket".

Change-Id: I547431abead19ae5a0f9ae3680318a476de269dd

5 years agoAssume http if no protocol is given in proxy url 92/211392/2
Krzysztof Jackiewicz [Fri, 2 Aug 2019 09:11:02 +0000 (11:11 +0200)]
Assume http if no protocol is given in proxy url

Change-Id: I080f5afe373e23376b07518485a41d62edd4a130

5 years agoRelease 0.1.31 03/209303/1 accepted/tizen/unified/20190708.052439 submit/tizen/20190705.101352
Dariusz Michaluk [Thu, 4 Jul 2019 14:00:47 +0000 (16:00 +0200)]
Release 0.1.31

* Migrate tz_backend to openssl 1.1
* Make GStore members pure virtual
* Remove unnecessary settings on central-key-manager.target
* Turn backends into Decider members
* Build key-manager with openssl-1.1
* Adapt key-manager to work with OpenSSL 1.1 preserving 1.0 compatibility
* Add minor fixes for listing aliases from db

Change-Id: Ie9814d7505077f37246a76f405238fb5064d6cf4

5 years agoMigrate tz_backend to openssl 1.1 30/208130/3
Konrad Lipinski [Tue, 18 Jun 2019 15:05:40 +0000 (17:05 +0200)]
Migrate tz_backend to openssl 1.1

Change-Id: Ib6b50de235f00c268e423cd5fd05f1b49ae0e902

5 years agoMake GStore members pure virtual
Konrad Lipinski [Wed, 5 Jun 2019 12:55:16 +0000 (14:55 +0200)]
Make GStore members pure virtual

Change-Id: I88347d7c7fcab49e97398d3d4878a4d448123a54

5 years agoRemove unnecessary settings on central-key-manager.target 49/204849/2
INSUN PYO [Mon, 29 Apr 2019 00:11:42 +0000 (09:11 +0900)]
Remove unnecessary settings on central-key-manager.target

Change-Id: I62a5d6f857de9874323a18b8772fcb509f94a443

5 years agoTurn backends into Decider members 28/208128/1
Konrad Lipinski [Wed, 5 Jun 2019 12:41:20 +0000 (14:41 +0200)]
Turn backends into Decider members

Change-Id: If42fff63e2946f299cac23e81d2edb4b663db644

5 years agoBuild key-manager with openssl-1.1 75/194375/7
Dariusz Michaluk [Fri, 23 Feb 2018 12:07:14 +0000 (13:07 +0100)]
Build key-manager with openssl-1.1

Change-Id: I3b928d509d88479b0a2c37f2c05fe9316544b1c4

5 years agoAdapt key-manager to work with OpenSSL 1.1 preserving 1.0 compatibility 97/172597/9
Dariusz Michaluk [Fri, 23 Feb 2018 12:04:02 +0000 (13:04 +0100)]
Adapt key-manager to work with OpenSSL 1.1 preserving 1.0 compatibility

Change-Id: Ia62003a44d3dcb6d8c076706387e88399bf6cfb1

5 years agoAdd minor fixes for listing aliases from db 93/207393/3
Tomasz Swierczek [Tue, 4 Jun 2019 06:55:09 +0000 (08:55 +0200)]
Add minor fixes for listing aliases from db

* update list out pointer to null if there are no aliases to list

This is in accordance to official header documentation; in such case, the code
returns CKMC_ERROR_DB_ALIAS_UNKNOWN but also the list should be properly null'ed.

Change-Id: I2861e67ae80fe0ce73b0e2e180aba393f66e255c

5 years agoRelease 0.1.30 76/206476/1 accepted/tizen/unified/20190602.221856 submit/tizen/20190520.091210 submit/tizen/20190522.051353 submit/tizen/20190529.045654
Tomasz Swierczek [Mon, 20 May 2019 09:08:27 +0000 (11:08 +0200)]
Release 0.1.30

* Forbid HashAlgorithm::NONE for DSA & ECDSA signatures
* Setup verification algorithm if not provided
* Be prepared for no data from TA
* tz-backend: Implement asymmetric operations
* tz-backend: Add serialization wrapper
* decider: Allow multiple policies for more complex logic

Change-Id: Ie09953ce89557b32fe036855f65329b1ed307996

5 years agoForbid HashAlgorithm::NONE for DSA & ECDSA signatures 65/206265/3
Krzysztof Jackiewicz [Wed, 15 May 2019 15:46:58 +0000 (17:46 +0200)]
Forbid HashAlgorithm::NONE for DSA & ECDSA signatures

Openssl uses SHA1 if no hash algorithm is provided for DSA & ECDSA
signatures. TZ does not support that option at all. It's better to
forbid it.

This commit changes the API behavior and may lead to errors in clients
that used HashAlgorithm::NONE with DSA or ECDSA which is highly
unlikely.

Change-Id: I8522e8f157b5ef2d6599bb672ef790ee8ea48644

5 years agoSetup verification algorithm if not provided 73/202873/3
Krzysztof Jackiewicz [Fri, 5 Apr 2019 09:44:10 +0000 (11:44 +0200)]
Setup verification algorithm if not provided

Verification API has no knowledge about the algorithm type. It has to be derived
from the key type.

Change-Id: I2e0d094372e4bf8c28275544204e431c4023e391

5 years agoBe prepared for no data from TA 37/202337/5
Krzysztof Jackiewicz [Thu, 21 Mar 2019 14:21:02 +0000 (15:21 +0100)]
Be prepared for no data from TA

Deserialization may return an empty buffer with no error. Adjust code to handle
that case.

Change-Id: Ife80b4d35914eda700798e0515812b3b638e735e

5 years agotz-backend: Implement asymmetric operations 10/200310/9
Lukasz Kostyra [Wed, 20 Feb 2019 11:27:33 +0000 (12:27 +0100)]
tz-backend: Implement asymmetric operations

Change-Id: Ie98b4e72addb257c2a8de1de57097fe077fff380

5 years agotz-backend: Add serialization wrapper 07/201207/7
Krzysztof Jackiewicz [Fri, 1 Mar 2019 16:11:55 +0000 (17:11 +0100)]
tz-backend: Add serialization wrapper

Change-Id: I304452444887de48d808a6aa11eb42a1de385bf0

5 years agodecider: Allow multiple policies for more complex logic 44/199144/9
Lukasz Kostyra [Tue, 5 Feb 2019 11:13:56 +0000 (12:13 +0100)]
decider: Allow multiple policies for more complex logic

When generating asymmetric keys, ckm-logic selected less restrictive
policy out of two provided and selected key store this way. Now, both
policies are supplied to Decider, which will allow for more complex
backend selection logic.

Change-Id: Id2b845326cae7bbf5d90bb575645c8af36c20d0f

5 years agoRelease 0.1.29 58/206258/2 submit/tizen/20190517.091823
Tomasz Swierczek [Wed, 15 May 2019 12:22:54 +0000 (14:22 +0200)]
Release 0.1.29

* Get rid of misleading SCHEMA_INFO error
* Adjust to boost 1.65
* Fix file name in file header
* Fix svace defects
* Check fs errors before saving the file

Change-Id: Ic90ecdd256a23cec9f9356a7e59c85be982cd8e9

5 years agoGet rid of misleading SCHEMA_INFO error 44/200244/9
Krzysztof Jackiewicz [Wed, 20 Feb 2019 11:40:21 +0000 (12:40 +0100)]
Get rid of misleading SCHEMA_INFO error

During startup the key-manager attempts to read a table SCHEMA_INFO to get the
information about the database version. In older versions of the database that
table is missing. Key-manager properly handles that case but produces 3 lines of
error log which may suggest that something went wrong.

This commit checks the existence of the table before attempting to use it. Whole
operation is enclosed in a transaction.

Change-Id: Ie7f1fbe1182c2add5965f8e5ddada262ffcb42fe

5 years agoMerge "Increase backlog for listening sockets" into tizen
Krzysztof Jackiewicz [Wed, 15 May 2019 12:23:57 +0000 (12:23 +0000)]
Merge "Increase backlog for listening sockets" into tizen

5 years agoAdjust to boost 1.65 30/206230/1
Tomasz Swierczek [Wed, 15 May 2019 08:05:49 +0000 (10:05 +0200)]
Adjust to boost 1.65

Change-Id: I43e986a010030db949053a8e1b3669495fa1a986

5 years agoIncrease backlog for listening sockets 38/206138/1
Dariusz Michaluk [Tue, 14 May 2019 13:53:58 +0000 (15:53 +0200)]
Increase backlog for listening sockets

When systemd's socket activaction is utilized, the default backlog
parameter passed to the listen() function is set to SOMAXCONN,
which is equal to 128. In distributions where systemd is not used
for socket activation, the default UNIX socket
implementation sets the backlog value to 5.
This may lead to rare overflow of an internal connection queue.
This manifests itself as the -EAGAIN error returned by connect().

To mitigate the issue, the backlog parameter has been set
to SOMAXCONN, which is a default value used by systemd.

Change-Id: I906cd4de478b0dac0eaf860550fccd2f9cd6e184

5 years agoFix file name in file header 24/206024/1
Tomasz Swierczek [Mon, 13 May 2019 09:14:00 +0000 (11:14 +0200)]
Fix file name in file header

Change-Id: I3e087729762d16b84327863317643387c304ef88

5 years agoFix svace defects 82/205482/4
Konrad Lipinski [Mon, 6 May 2019 18:24:55 +0000 (20:24 +0200)]
Fix svace defects

va_start / va_end must be called in the same function

Change-Id: I5176fc2686a62eb0a21e6eb9a5f737dbc3880056

5 years agoCheck fs errors before saving the file 61/199461/7
Krzysztof Jackiewicz [Mon, 11 Feb 2019 16:04:46 +0000 (17:04 +0100)]
Check fs errors before saving the file

GetFd(os) on a non-existing file causes segfault.

Change-Id: I8365dfbddace160ae99b1e7d1f6070ee1032f6cd

5 years agoRelease 0.1.28 22/201222/5 accepted/tizen/unified/20190314.220513 submit/tizen/20190313.095740 submit/tizen/20190314.052726
Tomasz Swierczek [Mon, 11 Mar 2019 10:42:02 +0000 (11:42 +0100)]
Release 0.1.28

* Change contact information to Dongsun Lee
* Fix since_tizen tag in ckmc-type.h
* Replace time(NULL) with monotonic clock usage
* Fix memory leak/corruption
* Add API for CKM return code descriptions
* Add test for listing aliases with password protection statuses on old database schema
* CKMC API: Add option to list aliases with information about password protection
* Add option to list aliases with password protection statuses
* replace strcpy with strncpy for fixing SVACE(WGID=411075,411076)

Change-Id: If1b53e3dc88bcadbb32b40b8d89e5bc781d71e32

5 years agoChange contact information to Mr Dongsun Lee 21/201221/4
Tomasz Swierczek [Mon, 11 Mar 2019 10:40:35 +0000 (11:40 +0100)]
Change contact information to Mr Dongsun Lee

bj.im@samsung.com is no longer a valid email address.

Change-Id: I81103542e0d23e80a71d5f1e86cc263f92ab78b0

5 years agoReplace time(NULL) with monotonic clock usage 82/200882/3
Tomasz Swierczek [Tue, 5 Mar 2019 09:34:36 +0000 (10:34 +0100)]
Replace time(NULL) with monotonic clock usage

Calculating timeout for socket connections should
use monotonic clock.

Change-Id: If9c3d573b70d1faa1cf46b9215048a5853abbaaa

5 years agoFix since_tizen tag in ckmc-type.h 38/201038/1
Ernest Borowski [Thu, 7 Mar 2019 10:39:16 +0000 (11:39 +0100)]
Fix since_tizen tag in ckmc-type.h

Change-Id: Ib8fd0260527ed87bf0801e3cb7a24d2ca97f4c90
Signed-off-by: Ernest Borowski <e.borowski@partner.samsung.com>
5 years agoFix memory leak/corruption 97/198997/3
Dariusz Michaluk [Thu, 31 Jan 2019 13:41:09 +0000 (14:41 +0100)]
Fix memory leak/corruption

Change-Id: I8f9bed07752fde26f629cca6931231dab5fd8980

5 years agoAdd API for CKM return code descriptions 29/200229/4
Tomasz Swierczek [Wed, 20 Feb 2019 09:08:14 +0000 (10:08 +0100)]
Add API for CKM return code descriptions

In rare case when DB tool was used for db inspection,
and db could not be opened, the commandline interface
returned raw error code, without any explanation.

Change-Id: If7a29842ae5a7fc2e99a2d991545539704647f3c

5 years agoAdd test for listing aliases with password protection 92/185892/18
Ernest Borowski [Thu, 2 Aug 2018 10:19:31 +0000 (12:19 +0200)]
Add test for listing aliases with password protection
statuses on old database schema

Change-Id: I2e9e409a385744a0ed694023872cbd4b37cce523

5 years agoCKMC API: Add option to list aliases with information about password protection 17/171217/21
Ernest Borowski [Tue, 27 Feb 2018 14:38:34 +0000 (15:38 +0100)]
CKMC API: Add option to list aliases with information about password protection

Change-Id: I02ff75a9f6c60bdcd4b3450a135a4047bbbc05f0
Signed-off-by: Ernest Borowski <e.borowski@partner.samsung.com>
5 years agoAdd option to list aliases with password protection statuses 91/170391/24
Ernest Borowski [Mon, 19 Feb 2018 18:52:07 +0000 (19:52 +0100)]
Add option to list aliases with password protection statuses

Change-Id: I045174602edd51dc7efcc8d79eb1beed76215b10
Signed-off-by: Ernest Borowski <e.borowski@partner.samsung.com>
5 years agoreplace strcpy with strncpy for fixing SVACE(WGID=411075,411076) 48/200348/1 accepted/tizen/unified/20190222.134051 submit/tizen/20190222.041951
Dongsun Lee [Fri, 22 Feb 2019 04:15:36 +0000 (13:15 +0900)]
replace strcpy with strncpy for fixing SVACE(WGID=411075,411076)

Change-Id: I26207f412d5aeee68f6c90131d6c62978233c5f5
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
5 years agoRelease 0.1.27 71/200171/1 accepted/tizen/unified/20190220.071637 submit/tizen/20190219.163203
Tomasz Swierczek [Tue, 19 Feb 2019 16:20:50 +0000 (17:20 +0100)]
Release 0.1.27

* Encode blobs with Base64 in ckm tools
* Refactor PKEK2 related functions
* Add a common function for zeroing sensitive data
* Free the context in case of openssl failure
* Add helpers for domain KEK encryption/decryption
* Add helper randomization function in key-provider.cpp
* Make encrypt/decrypt local functions of key-provider.cpp
* Use common function for PKEK1&2 generation
* Make username shorter in KeyProvider tests
* Remove outdated tz_backend test
* Validate encrypted DKEK
* Fix SVACE and C++ issues
* Add gbs option to enable the TZ backend support
* Update log formatter in tests
* Fix internal migration tests
* Fix internal scheme tests
* Remove secret key for software backend
* Some TZ backend fixes.
* Remove unnecessary BSD license
* Add allowed values for -b option of initial values tool
* Add RO location for initial values
* Overwrite existing initial values
* Initial values tool
* Support for encrypted initial-values
* Reduce number of import methods in tz-backend
* Unification of import methods in gstore
* Add parser support of new schema version
* Add backend attribute in xml schema
* Introduce Key class in tz backend
* Add support for TrustZone backend data storage
* Simplify key related functions in tz-backend
* Fix buildbreak caused by improper rebase
* Add log for invalid system service owner id
* Unify alias naming
* Fix TYPO in key-manager_doc.h
* Make spec compliant with gbs --incremental
* Add protection against memory leaking during deserialization
* Add Apache 2.0 license headers

Change-Id: I05a9b6bdf376f6bdc58542fb023528ac122f619f

5 years agoEncode blobs with Base64 in ckm tools 17/199917/4
Krzysztof Jackiewicz [Fri, 15 Feb 2019 12:40:39 +0000 (13:40 +0100)]
Encode blobs with Base64 in ckm tools

If an unprintable data is returned as a result of sqlite query
execution it will be encoded in base64 and prefixed with "b64:". This
is to make binary data readable in ckm_db_tool/merge.

Also extend the maximum size of printed row to 64 characters.

Change-Id: I4471090977b19ded9b1bea76f26ff1b98d5ba826

5 years agoRefactor PKEK2 related functions 39/200139/1
Krzysztof Jackiewicz [Tue, 19 Feb 2019 11:39:17 +0000 (12:39 +0100)]
Refactor PKEK2 related functions

PKEK2 is used to derive both DB DEK and APP DEK. Currently, variable names and
comments are a bit misleading.

This commit refactors the variable names and comments to better describe the
actual purpose of this key.

Change-Id: If8ee266ec2da63c929f498f1ed009df5d79c134f