platform/core/security/key-manager.git
5 years agoRemove outdated tz_backend test 74/192674/7
Krzysztof Jackiewicz [Wed, 7 Nov 2018 15:04:06 +0000 (16:04 +0100)]
Remove outdated tz_backend test

TZ backend is now supported. The test is no longer valid and has been removed.

Change-Id: Ia36f684442a91edde924786944ebf4f926119344

5 years agoValidate encrypted DKEK 44/192144/6
Krzysztof Jackiewicz [Tue, 30 Oct 2018 13:26:12 +0000 (14:26 +0100)]
Validate encrypted DKEK

- Make sure that the length of the encrypted DKEK received in
  WrapperKeyAndInfoContainer() does not exceed the size of the key
  buffer.
- Check client id NULL termination.
- Get rid of unnecessary dynamic allocations.
- Update tests.

Change-Id: I9f5b494a8ea3d0d8f438a50bb49b55d57d1a3e67

5 years agoFix SVACE and C++ issues 27/193827/2
Krzysztof Jackiewicz [Mon, 26 Nov 2018 16:16:51 +0000 (17:16 +0100)]
Fix SVACE and C++ issues

Change-Id: Idfed338ad6f632556585e5749817bb882cbe0251

5 years agoAdd gbs option to enable the TZ backend support
Pawel Kowalski [Wed, 28 Nov 2018 10:39:49 +0000 (11:39 +0100)]
Add gbs option to enable the TZ backend support

To enable the TZ backend support add following option to the gbs build:
--define "tz_backend ON". If the option is not set or is set to value
different than ON, the TZ backend support is disabled (it is disabled by
default).

Change-Id: If6ebd2625ea7b559df52c8fc6da659a99e53a9f9

5 years agoUpdate log formatter in tests 73/192673/2
Krzysztof Jackiewicz [Wed, 7 Nov 2018 13:14:31 +0000 (14:14 +0100)]
Update log formatter in tests

Apparently the boost unit_test_log_formatter interface has changed. The
colour_log_formatter has been updated to match the new version. Thanks to that
it is now possible to properly observe uncaught exceptions in unit tests.

As a result the assert wrapper is no longer necessary and it has been removed.

Change-Id: Ifbf0b8b2f1234e1d77fa695b145c50d65e87624a

6 years agoFix internal migration tests 87/189887/5
Krzysztof Jackiewicz [Fri, 21 Sep 2018 09:48:11 +0000 (11:48 +0200)]
Fix internal migration tests

Migration tests use existing databases so test alias names must not be changed

Change-Id: I4277125a9031d822d1666e51a8ee54466901e2a0

6 years agoFix internal scheme tests 03/191503/2
Krzysztof Jackiewicz [Wed, 17 Oct 2018 15:02:10 +0000 (17:02 +0200)]
Fix internal scheme tests

1. Regular std::exception is not reported as error by boost test.
   Std::runtime_error is used because a part of the test code is also used in
   a tool for database generation.

   This commit replaces calls to boost test macros with calls to a wrapper macro
   which is expanded to std::runtime_error or boost test assert depending on a
   compilation flag.

2. Test binaries are modifying process labels which requires onlycap.

   This commit modifies exec label and adds onlycap fixture to disable onlycap
   for scheme tests.

Change-Id: Ibbe44c2bca6e12b5ade360b267c281ef18294258

6 years agoRemove "secret" key for software backend 07/191007/4
Bartlomiej Grzelewski [Wed, 10 Oct 2018 10:00:58 +0000 (12:00 +0200)]
Remove "secret" key for software backend

This key was used by example software implementation of encrypted initial-values
feature which has been replaced by hardware backed implementation.

Change-Id: Id8358a70459fb6ddd8ebb43fc8e987dc4d586f63

6 years agoSome TZ backend fixes. 69/177269/7
r.tyminski [Thu, 26 Apr 2018 13:23:53 +0000 (15:23 +0200)]
Some TZ backend fixes.

- pass TEEC_Context by reference, not by value.
- print return origin from TEEC_InvokeCommand

Change-Id: Ib26415d0dfb454540c0f0b85d2dc50466f63ae14

6 years agoRemove unnecessary BSD license 05/190905/2
Krzysztof Jackiewicz [Mon, 8 Oct 2018 12:22:28 +0000 (14:22 +0200)]
Remove unnecessary BSD license

Base64 code licensed under BSD 2-clause has been removed. This license is no
longer necessary.

Change-Id: I91a3df5d282b81df19699afee9028c0dc27783d1

6 years agoAdd allowed values for -b option of initial values tool 76/190876/2
Krzysztof Jackiewicz [Mon, 8 Oct 2018 07:24:08 +0000 (09:24 +0200)]
Add allowed values for -b option of initial values tool

Change-Id: Ib52a86548462ef1c7e59ca446b0733e5291017f8

6 years agoAdd RO location for initial values 26/190826/3
Krzysztof Jackiewicz [Fri, 5 Oct 2018 15:24:01 +0000 (17:24 +0200)]
Add RO location for initial values

RO location will be processed before RW if a flag file is present. After import
the flag will be removed but xml files will be left untouched.

Change-Id: Id11c982ee4a055871e4af6841c23a11cbf139239

6 years agoOverwrite existing initial values 24/190824/3
Krzysztof Jackiewicz [Fri, 5 Oct 2018 14:17:44 +0000 (16:17 +0200)]
Overwrite existing initial values

Delete any existing values of given name before saving new one.

Change-Id: I4cf23efad7cff6ef453f1ed7e4bfcda76d2fdc69

6 years agoInitial values tool 94/190494/16
Krzysztof Jackiewicz [Tue, 2 Oct 2018 12:27:27 +0000 (14:27 +0200)]
Initial values tool

Add a tool able to create and/or update an initial values xml. It is also
possible to add encrypted ininial values.

Add rpm package for potential use in gbs buildroot during image creation.

Limitations:
- Hardcoded IV & tag length
- Hardcoded Data format

Testing:
dd if=/dev/random of=/tmp/key bs=32 count=1
dd if=/dev/random of=/tmp/data bs=32 count=1
ckm_initial_values -k /tmp/key -d /tmp/data -n name -t Key -s AES -p pass -e
-b hardware -a acc1,acc2,acc3

Change-Id: Id29d0eb58d9dba3e78b3437534cb566046a39877

6 years agoSupport for encrypted initial-values 70/190270/3
Bartlomiej Grzelewski [Fri, 28 Sep 2018 11:46:21 +0000 (13:46 +0200)]
Support for encrypted initial-values

Add tag attribute in xml schema

Change-Id: Idc058e756ab6053103e1477292cacbacf57a9879

6 years agoReduce number of import methods in tz-backend 87/189987/8
Bartlomiej Grzelewski [Tue, 25 Sep 2018 11:39:22 +0000 (13:39 +0200)]
Reduce number of import methods in tz-backend

Change-Id: I44fe9737dd34d8b61d2ab099c3f611903a5cc9a1

6 years agoUnification of import methods in gstore 05/189905/7
Bartlomiej Grzelewski [Fri, 21 Sep 2018 10:41:37 +0000 (12:41 +0200)]
Unification of import methods in gstore

Change-Id: I31dca502533360b759d6aea20e75a9e823eccc34

6 years agoAdd parser support of new schema version 60/189560/11
Bartlomiej Grzelewski [Tue, 18 Sep 2018 13:49:00 +0000 (15:49 +0200)]
Add parser support of new schema version

Version 1 of xml with initial values is not supported from now.
From now software backend will not support encrypted data.
Allow parser to accept xml version 2.
Initial values files will contain information about
type of backend that should be used to store data.

Change-Id: Ib3a73b14148a2476ab288ca364fffe9289400ebd

6 years agoAdd backend attribute in xml schema 32/189432/6
Bartlomiej Grzelewski [Mon, 17 Sep 2018 15:09:47 +0000 (17:09 +0200)]
Add backend attribute in xml schema

Initial values may be saved in two locations: software backend and
hardware backend. Until now there were no way to choose backend of
to store initial values.

Change-Id: Iaee057e8c78f6d3066e119adcf4e6fe174846990

6 years agoIntroduce Key class in tz backend 39/190039/1
Krzysztof Jackiewicz [Wed, 26 Sep 2018 15:14:20 +0000 (17:14 +0200)]
Introduce Key class in tz backend

Add an intermediate Key class that removes the need to keep
credentials from binary data object (BData).

Change-Id: I638de81aedf47bc51421a7c362459ced801fd650

6 years agoAdd support for TrustZone backend data storage 56/189656/12
Tomasz Swierczek [Wed, 26 Sep 2018 09:18:43 +0000 (11:18 +0200)]
Add support for TrustZone backend data storage

Change-Id: Idfd0909d03e40b7e5cd5aeb1116b844be1901cf1

6 years agoSimplify key related functions in tz-backend 82/189782/3
Krzysztof Jackiewicz [Thu, 20 Sep 2018 11:26:06 +0000 (13:26 +0200)]
Simplify key related functions in tz-backend

- Use proper parameter for tag length
- Move default param values to TrustZoneContext where possible
- Remove unnecessary arguments

Change-Id: I00f8909ede4f80b77a937b52a5bce5698d4516a5

6 years agoFix buildbreak caused by improper rebase 22/187822/1
Krzysztof Jackiewicz [Tue, 28 Aug 2018 15:16:36 +0000 (17:16 +0200)]
Fix buildbreak caused by improper rebase

Refactoring commit has been improperly rebased which led to buildbreak.

Change-Id: I2d04143cf1eb929c8f8226826336b2e825996149

6 years agoAdd log for invalid system service owner id 19/184919/5
Krzysztof Jackiewicz [Tue, 24 Jul 2018 08:44:23 +0000 (10:44 +0200)]
Add log for invalid system service owner id

System services (uid < 5000) should always use "/System" owner id.
Eiter by explicitly adding it to the alias or by running with "System"
label. Add log to make the reason of the failure more apparent.

Change-Id: I1be9861eadcae6eadd6d682b4cc66972c93d1728

6 years agoUnify alias naming 21/184821/6
Krzysztof Jackiewicz [Thu, 19 Jul 2018 14:31:27 +0000 (16:31 +0200)]
Unify alias naming

Get rid of all references to smack labels except database scheme.
alias = owner_id + name
Simplify db permissions processing

Change-Id: I36c3dbb3ee605fb00e5e4e6bcbada6400a0cbcab

6 years agoFix TYPO in key-manager_doc.h 15/187715/1
Dongsun Lee [Tue, 28 Aug 2018 04:51:14 +0000 (13:51 +0900)]
Fix TYPO in key-manager_doc.h

Change-Id: I11dbc3468e8277f0cef978f722ecbe275e1048f6
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
6 years agoMake spec compliant with gbs --incremental 01/185801/2
Konrad Lipinski [Thu, 2 Aug 2018 10:44:44 +0000 (12:44 +0200)]
Make spec compliant with gbs --incremental

According to [1], %prep section of the spec file should contain a single
%setup macro, nothing else. According to [2], manifest %files are best
copied to %{buildroot}%{_datadir} in the %install section.

Moved manifest copy operations from %prep to %install accordingly.

References
[1] https://source.tizen.org/documentation/reference/git-build-system/usage/gbs-build
[2] https://wiki.tizen.org/Security/Application_installation_and_Manifest

Change-Id: Iacf755558636f939a540482f849e810780c19a51

6 years agoAdd protection against memory leaking during deserialization 05/184505/5
Tomasz Swierczek [Tue, 17 Jul 2018 12:14:18 +0000 (14:14 +0200)]
Add protection against memory leaking during deserialization

Change-Id: I1fbcd7daf1674dd1ad6b9eaffdba76263bda370b

6 years agoAdd Apache 2.0 license headers 84/186884/1
Pawel Kowalski [Thu, 16 Aug 2018 08:19:14 +0000 (10:19 +0200)]
Add Apache 2.0 license headers

Change-Id: Ia61efbc57ce93ed3714dafe9edada7cb244c54d3

6 years agoAdd RequiresMountsFor=/opt to central-key-manager.service. 27/186327/1 accepted/tizen_5.0_unified accepted/tizen/5.0/unified/20181102.021410 accepted/tizen/unified/20180810.132542 submit/tizen/20180810.004851 submit/tizen_5.0/20181101.000004
INSUN PYO [Thu, 9 Aug 2018 03:53:46 +0000 (12:53 +0900)]
Add RequiresMountsFor=/opt to central-key-manager.service.

In order to apply User/Group to .service, we need /opt/etc/{passwd,group}.

Signed-off-by: INSUN PYO <insun.pyo@samsung.com>
Change-Id: I0ff03a7bc65565605ac43754349979b351c16796

6 years agoTest version of ckm_db_merge 21/142121/10
Bartlomiej Grzelewski [Wed, 2 Aug 2017 12:21:44 +0000 (14:21 +0200)]
Test version of ckm_db_merge

ckm_db_merge allows to read database and copy it's contents
to other one. ckm_db_merge supports db since versions 0.1.14.

Please note: both databases will be automatically migrated to
the newest schema.

Change-Id: I5cec9dfdc2ab75a2ccd5156b0bb05cb46d134480

6 years agoMake key-manager build with boost 1.65 62/183562/1 accepted/tizen/unified/20180719.063028 submit/tizen/20180709.095722 submit/tizen/20180718.062500
Krzysztof Jackiewicz [Fri, 6 Jul 2018 13:13:50 +0000 (15:13 +0200)]
Make key-manager build with boost 1.65

Add dummy implementation of newly added abstract methods.

Change-Id: If491af391431a769a2e84360425852a53be25f16

6 years agoFix coverity defect 75/178075/1 accepted/tizen/unified/20180508.134803 submit/tizen/20180508.050430
Dongsun Lee [Tue, 8 May 2018 04:56:48 +0000 (13:56 +0900)]
Fix coverity defect

- 120541 : improper use of nagative value

Change-Id: Ic93d890a08def810a8f09ed6bbb8171e440438df
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
6 years agoDisable default build with tz-backend 44/176344/2 accepted/tizen/unified/20180502.111600 submit/tizen/20180419.050559 submit/tizen/20180430.063346 submit/tizen/20180502.043224
Tomasz Swierczek [Wed, 18 Apr 2018 11:25:37 +0000 (13:25 +0200)]
Disable default build with tz-backend

Migration to VD causes build breaks because of missing optee dependency.
Relation between key-manager and key-manager-ta needs to be re-worked.
For now it will be disabled.

Change-Id: I5312db283e3514d7c54dfa7caffd6738b5568e2f

6 years agoFix coverity defects 84/173584/2 submit/tizen/20180403.094824 submit/tizen/20180413.092019 submit/tizen/20180416.041718 submit/tizen/20180418.034402
Dongsun Lee [Thu, 22 Mar 2018 07:50:00 +0000 (16:50 +0900)]
Fix coverity defects

- 105284: Buffer not null terminated
- 108955: Big parameter passed by value
- 109815: Uncaught exception

Change-Id: I303a652d6ae0540f7d6daa833a30ef0fb691ffb8
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
6 years agoProperly detect the presence of TA
Krzysztof Jackiewicz [Fri, 2 Mar 2018 14:35:04 +0000 (15:35 +0100)]
Properly detect the presence of TA

Tef-simulator and optee use different TA file name formats. Key-manager was
detecting the presence of TA by checking the existence of TA file with
hardcoded format. It worked with tef-simulator but it failed to detect the TA
presence in case of optee.

This commit replaces the TA file presence checking with an attempt to open a
session using libteec. If an attempt succeeds the decider selects TZ backend.
Otherwise, it falls back to SW backend.

Change-Id: I840d6b58a1ffa39885a4b8ded0ff70f4147c3de0

6 years agoRemove unnecessary dependencies 46/171846/1
Dariusz Michaluk [Wed, 7 Mar 2018 16:56:41 +0000 (17:56 +0100)]
Remove unnecessary dependencies

Do not expose unnecessary libraries to the program
that is linking with key-manager library.
If the program will not be using the symbols of the required library,
it should not be linking directly to that library.

Change-Id: I07264f35d023881be8b104307941565047813688

6 years agoRemove redundant libcrypto dependency 45/171845/1
Dariusz Michaluk [Wed, 7 Mar 2018 16:49:11 +0000 (17:49 +0100)]
Remove redundant libcrypto dependency

openssl pkg-config requires libcrypto and libssl

Change-Id: I222e458a26e0dc15d82654d35fdccc126411000f

6 years agoUpdated documentation headers - typos fix 16/171816/1 submit/tizen/20180308.062734
Tomasz Swierczek [Wed, 7 Mar 2018 10:50:22 +0000 (11:50 +0100)]
Updated documentation headers - typos fix

Change-Id: I8ad994a7164f6d85573030e0aeb340c1f0e50d14

6 years agoUpdated documentation to match supported features when key-manager-ta is present. 49/166649/8
Tomasz Swierczek [Thu, 11 Jan 2018 09:38:00 +0000 (10:38 +0100)]
Updated documentation to match supported features when key-manager-ta is present.

GP API specification has subtle impact on features supported by key-manager:
* passing data chunks bigger than TEEC_CONFIG_SHAREDMEM_MAX_SIZE is not supported by TEE
  Subtracting few kB for passing keys, options/cipher, at least 500 kB is left for user-data
* GCM modes with tag lengths 32 and 64 bits are treated as insecure and are also not supported

Change-Id: I9634531dbbfea153a2f4f45bc790521eff014e83

6 years agoAdd openssl error handling in key-manager 03/152203/27
Pawel Kowalski [Mon, 25 Sep 2017 08:36:02 +0000 (10:36 +0200)]
Add openssl error handling in key-manager

There was no distinction between different types of errors returned
by OpenSSL functions. Because of that the information returned to
a developer could be not complete and misleading.

In order to solve this problem, translator of OpenSSL errors to CKM
errors was written. Now, macro OPENSSL_ERROR_HANDLE may be used to
handle OpenSSL errors and provide full error information into log
system.

Change-Id: I63b54f76faaa5b36385bed167db03d97f034402f

6 years agoFix out of bound access 44/167444/1
Bartlomiej Grzelewski [Wed, 17 Jan 2018 15:21:28 +0000 (16:21 +0100)]
Fix out of bound access

Change-Id: I830cdc82351b18a670c4950a720f18433532a966

6 years agoAdd backend field in policy 17/162217/1 accepted/tizen/unified/20171205.155557 submit/tizen/20171204.124944 submit/tizen/20180312.095815
Bartlomiej Grzelewski [Wed, 29 Nov 2017 15:32:28 +0000 (16:32 +0100)]
Add backend field in policy

New field will allow user to force usage of software/hardwere backend
during runtime.

Change-Id: I6f3c575fa979807f456a32a70b278942cdb28b04

6 years agotz-backend: Implement symmetric encryption through TA 17/118617/8
Lukasz Kostyra [Tue, 25 Jul 2017 12:59:49 +0000 (14:59 +0200)]
tz-backend: Implement symmetric encryption through TA

Change-Id: Id1b563f099e1671fb5fbcca9ca08757b34b1dfd8

6 years agoChange GID of key-manager 08/157808/3
Lukasz Kostyra [Thu, 26 Oct 2017 09:05:21 +0000 (11:05 +0200)]
Change GID of key-manager

Key-manager main group ID was changed to security_fw
to workaround the issue with TrustZone backend - client
application created shared memory segments inaccessible
by TEF Simulator Daemon.

Change-Id: I8da3dacfb5001cc4b230219820acc53b287f6cfb

6 years agoMerge branches 'tizen' and 'tizen_4.0' 67/161267/1 tizen_4.0_tv accepted/tizen/4.0/unified/20171207.070809 submit/tizen_4.0/20171206.144625 tizen_4.0.IoT.p2_release
Krzysztof Jackiewicz [Wed, 22 Nov 2017 10:37:53 +0000 (11:37 +0100)]
Merge branches 'tizen' and 'tizen_4.0'

Change-Id: I0e30db44df252ac6a5629542dfd9cea022a04971

6 years agoFix SVACE defects 80/159680/3
Krzysztof Jackiewicz [Fri, 10 Nov 2017 12:53:17 +0000 (13:53 +0100)]
Fix SVACE defects

- Initialize required members in default Row ctor
- Remove unused Row objects
- Refactor string memcpy'ing so that SVACE stops complaining
- Fix memory leak in DescriptorSet

Change-Id: I8a22a3c5388b0c17b6f44ebaf89d32e9065526dd

6 years agoAdd host parameter in HTTP header 57/159557/4
Bartlomiej Grzelewski [Thu, 9 Nov 2017 13:21:13 +0000 (14:21 +0100)]
Add host parameter in HTTP header

Change-Id: Iacd8d8e244df289af8c4ab0fe87a26fcb91b5644

6 years agoRemove debug logs from framework files 90/159690/3
Bartlomiej Grzelewski [Fri, 10 Nov 2017 14:03:23 +0000 (15:03 +0100)]
Remove debug logs from framework files

This logs were used during framework test and are useless now.

Change-Id: I4425bc4ab0229cd9430491767a18cc43e7748b6b

6 years agoRemove dlog file info information from log 89/159689/2
Bartlomiej Grzelewski [Fri, 10 Nov 2017 13:55:34 +0000 (14:55 +0100)]
Remove dlog file info information from log

Change-Id: I7a961beae5943d6ce670c94c52f4d8cd1a47f989

6 years agoOCSP implementation update 30/159030/1 accepted/tizen/4.0/unified/20171107.054741 submit/tizen_3.0/20171106.133218 submit/tizen_4.0/20171106.133313
Bartlomiej Grzelewski [Thu, 2 Nov 2017 13:40:12 +0000 (14:40 +0100)]
OCSP implementation update

Add support for OCSP responses that does not contain
issuer certificate.

Change-Id: I7fd5367c4c5f34c1d672fcf8506af6a2e9b9d2f7

7 years agoOCSP implementation update 34/158734/2 accepted/tizen/unified/20171107.055250 submit/tizen/20171106.133424
Bartlomiej Grzelewski [Thu, 2 Nov 2017 13:40:12 +0000 (14:40 +0100)]
OCSP implementation update

Add support for OCSP responses that does not contain
issuer certificate.

Change-Id: I7fd5367c4c5f34c1d672fcf8506af6a2e9b9d2f7

7 years agoSupport for http proxy during ocsp check 35/156335/1 accepted/tizen/4.0/unified/20171019.081711 submit/tizen_4.0/20171018.060143 tizen_4.0.m2_release
Bartlomiej Grzelewski [Tue, 17 Oct 2017 14:47:59 +0000 (16:47 +0200)]
Support for http proxy during ocsp check

Change-Id: I4966c6dc08411491b419809be402ac8808027478

7 years agoSupport for http proxy during ocsp check 55/156255/3
Bartlomiej Grzelewski [Tue, 17 Oct 2017 14:47:59 +0000 (16:47 +0200)]
Support for http proxy during ocsp check

Change-Id: I4966c6dc08411491b419809be402ac8808027478

7 years agoPrevent key-manager client crash 20/152020/1 accepted/tizen/4.0/unified/20170926.171701 submit/tizen_4.0/20170925.010818 submit/tizen_4.0/20170925.224717 submit/tizen_4.0/20170926.044845 tizen_4.0.IoT.p1_release
Bartlomiej Grzelewski [Wed, 20 Sep 2017 09:19:33 +0000 (11:19 +0200)]
Prevent key-manager client crash

Key-manager client crashed during pthread_cancel because
try catch sections did not support stack unwind correctly.

Change-Id: I7089160603394a11d94b437bb4f80cf19b632da0
(cherry picked from commit 3eb9315f621035b8ea237096506e77dfb232d842)

7 years agoPrevent key-manager client crash 57/151357/2
Bartlomiej Grzelewski [Wed, 20 Sep 2017 09:19:33 +0000 (11:19 +0200)]
Prevent key-manager client crash

Key-manager client crashed during pthread_cancel because
try catch sections did not support stack unwind correctly.

Change-Id: I7089160603394a11d94b437bb4f80cf19b632da0

7 years agoRemove old update script 36/150536/1
Sunmin Lee [Tue, 5 Sep 2017 01:03:43 +0000 (10:03 +0900)]
Remove old update script

RW update script for Tizen 2.4 (to 3.0) is not necessary in Tizen 4.0.
Remove this file to avoid being executed during Tizen 4.0 update.

Change-Id: I3eef635dec6a8712d74d83fb6dce96e604dd1bb4
(cherry picked from commit a8a5076372d8473663ed565eac3a14503f4c99b2)

7 years agoRemove old update script 69/147669/3 accepted/tizen/4.0/unified/20170919.172501 submit/tizen_4.0/20170918.010139
Sunmin Lee [Tue, 5 Sep 2017 01:03:43 +0000 (10:03 +0900)]
Remove old update script

RW update script for Tizen 2.4 (to 3.0) is not necessary in Tizen 4.0.
Remove this file to avoid being executed during Tizen 4.0 update.

Change-Id: I3eef635dec6a8712d74d83fb6dce96e604dd1bb4

7 years agosetPermissions should succeed when called with empty permissions & no permissions... 66/147666/2 accepted/tizen/4.0/unified/20170914.235210 submit/tizen_4.0/20170907.063156 submit/tizen_4.0/20170914.025855 submit/tizen_4.0/20170915.073846
Tomasz Swierczek [Tue, 5 Sep 2017 06:01:02 +0000 (08:01 +0200)]
setPermissions should succeed when called with empty permissions & no permissions exist

Change-Id: Ibe94959942b300779adb1ab82bd794791b33630d
Signed-off-by: Tomasz Swierczek <t.swierczek@samsung.com>
7 years agosetPermissions should succeed when called with empty permissions & no permissions... 63/147663/2 accepted/tizen/unified/20170918.153040 submit/tizen/20170907.063301 submit/tizen/20170915.073906 submit/tizen/20170925.011608
Tomasz Swierczek [Tue, 5 Sep 2017 06:01:02 +0000 (08:01 +0200)]
setPermissions should succeed when called with empty permissions & no permissions exist

Change-Id: Ibe94959942b300779adb1ab82bd794791b33630d
Signed-off-by: Tomasz Swierczek <t.swierczek@samsung.com>
7 years agoEnsure key/cert pointer validity before accessing the DER 57/145657/2
Krzysztof Jackiewicz [Wed, 23 Aug 2017 07:45:21 +0000 (09:45 +0200)]
Ensure key/cert pointer validity before accessing the DER

In many cases the getDER() function is called on a shared_ptr to a key or
certficiate without checking the pointer validity which may lead to segfaults.
Add proper checks before calling the getDER() function.

Change-Id: Ifb209737f14a13f6e7946e21c9d7c1cf5791973e

7 years agoForce PIE compilation flags in CMakeLists 24/144324/4 accepted/tizen/4.0/unified/20170829.020247 accepted/tizen/unified/20170818.083433 submit/tizen/20170817.234357 submit/tizen_4.0/20170828.100004 submit/tizen_4.0/20170828.110004
Igor Kotrasinski [Wed, 16 Aug 2017 08:21:26 +0000 (10:21 +0200)]
Force PIE compilation flags in CMakeLists

Fixes ckm_tool executable not being PIE.

Change-Id: I5bfd915171cb0f9a9b6a17cc8fbec921c4bfb127
Signed-off-by: Igor Kotrasinski <i.kotrasinsk@partner.samsung.com>
7 years agoRemove unused m_reason from Exception 07/140007/3
Krzysztof Jackiewicz [Fri, 21 Jul 2017 09:21:42 +0000 (11:21 +0200)]
Remove unused m_reason from Exception

Change-Id: If58cc6d4db141b92ee169b8f3cc5ee9f745c8c67

7 years agoFix segfault in internal tests 85/139785/3
Krzysztof Jackiewicz [Thu, 20 Jul 2017 09:13:09 +0000 (11:13 +0200)]
Fix segfault in internal tests

Unregister libxml2 callbacks in parser destructor.

Change-Id: Ieeeaebc9299df55325612800304c32f55708091c

7 years agoFix defects reported by SVACE
Krzysztof Jackiewicz [Mon, 17 Jul 2017 12:59:06 +0000 (14:59 +0200)]
Fix defects reported by SVACE

Change-Id: Ia890a846836d2c7cf9657a889b304ec1e0171ead

7 years agoprevent buffer overflow at strncat 11/140211/3 accepted/tizen/4.0/unified/20170816.013625 accepted/tizen/4.0/unified/20170816.020055 accepted/tizen/unified/20170725.173916 submit/tizen/20170725.005058 submit/tizen_4.0/20170811.094300 submit/tizen_4.0/20170814.115522 submit/tizen_4.0_unified/20170814.115522
Dongsun Lee [Mon, 24 Jul 2017 07:13:29 +0000 (16:13 +0900)]
prevent buffer overflow at strncat

- The third argument of strncat is the string length to be copied, not buffer size.
  So the last byte should be left for NULL character which terminates string.
- The alias arguemnt is under control of a client,
  this alias variable can be manipulated maliciouly by the client.

Change-Id: Iff4677af36b91d02b7127eb46360033a301b5f87
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
7 years agoDetect invalid rsa padding parameter 82/137082/1
Krzysztof Jackiewicz [Tue, 4 Jul 2017 09:00:05 +0000 (11:00 +0200)]
Detect invalid rsa padding parameter

Return proper error in case of wrong RSA padding parameter. Add more detailed
description of valid parameter combinations.

Change-Id: I100f0b900566dbb17bd66c62fabe278baf83c1ff

7 years agoFix casting of AbstractLogProvider::LogLevel to int 63/134463/1 accepted/tizen/unified/20170620.174038 submit/tizen/20170619.051653
Rafal Krypa [Fri, 16 Jun 2017 17:05:59 +0000 (19:05 +0200)]
Fix casting of AbstractLogProvider::LogLevel to int

When DPL dlog provider prints error message about unsupported log level, it must
explicitly cast LogLevel to int before printing it with %d.
This fixes KONA issue RQ170612-01344 reported by VD.

Change-Id: I31f298550d4ebe2888a82878489fa061b93c2995

7 years agoRelease 0.1.26 35/129335/1 accepted/tizen/unified/20170517.080128 submit/tizen/20170517.012418 tizen_4.0.m1_release
Tomasz Swierczek [Tue, 16 May 2017 06:31:19 +0000 (08:31 +0200)]
Release 0.1.26

* Adjust tests to boost 1.62

Change-Id: I6ab59675a2f11cf34cff4c0fb2902038e6d799c1

7 years agoAdjust tests to boost 1.62 02/127002/2
Zofia Abramowska [Wed, 19 Apr 2017 12:09:13 +0000 (14:09 +0200)]
Adjust tests to boost 1.62

* Fix missing file
* Fix missing virtual methods
* Fix missing semicolons after macros
* Support boost version before 1.59

Change-Id: If4032191c662d365571d961d87a97ff88658778e

7 years agoVersion 0.1.25 12/127912/1
Piotr Sawicki [Tue, 2 May 2017 09:29:57 +0000 (11:29 +0200)]
Version 0.1.25

- Fix defects detected by SVACE

Change-Id: I433ec7ed94b0afc6030e41e3f9ef5a6d29ee85a9

7 years agoFix defects detected by SVACE 69/125669/1
Piotr Sawicki [Tue, 18 Apr 2017 09:42:01 +0000 (11:42 +0200)]
Fix defects detected by SVACE

Use a dedicated ckmc_cert_free() function to safely destroy ckmc_cert_s struct.

Change-Id: Icd6ac4faef597d93e7b617c3e4e5dce8449baa92

7 years agoVersion 0.1.24 45/124745/2 accepted/tizen/unified/20170413.161130 submit/tizen/20170412.224043
Piotr Sawicki [Tue, 11 Apr 2017 14:35:58 +0000 (16:35 +0200)]
Version 0.1.24

- Fix issues detected by the SVACE tool
- Add internal test cases
- Replace stringify template with macro
- Update API documentation
- CryptoLogic: Fix function name (CLEAR_FLAGS) and set max schema version
- CryptoLogic: Clean up bit masking ENCR
- Fix issues associated with OpenSSL and locking functions
- Map System subdomains to System for sharing data between system services
- Enable privilege check on control API
- Use argos_watchdog
- Add upgrade script for moving rw data
- Return incomplete PKCS12 with exportable parts only
- CAPI: add ckmc_alias_new()
- Fix buffer overflow in sqlcipher.c
- Adjust smack labels on ipc unix sockets
- Add secure-storage data migration
- Replace old exceptions with new ones
- CAPI: Fix memory leak
- Apply coding style rules
- Change priorities of temporary directories used by sqlcipher.c
- Change API visibility for mobile and wearable profiles
- Hotfix: build error by warning on 64bit arch

Change-Id: I40c4199a6c48392db0d79a91680048ad148959db

7 years agoFix issues detected by SVACE 02/123702/2
Piotr Sawicki [Thu, 6 Apr 2017 13:50:20 +0000 (15:50 +0200)]
Fix issues detected by SVACE

Fix possible memory leak in _toNewCkmCertList()

Change-Id: I706332a37a48fb720b693b526425c03d2d04e0aa

7 years agoAdd %license macro for each sub package 60/121860/1 accepted/tizen_common accepted/tizen_ivi accepted/tizen_mobile accepted/tizen_tv accepted/tizen_wearable accepted/tizen/common/20170330.151544 accepted/tizen/ivi/20170330.224153 accepted/tizen/mobile/20170330.223903 accepted/tizen/tv/20170330.223923 accepted/tizen/unified/20170330.224208 accepted/tizen/wearable/20170330.224112 submit/tizen/20170330.004841
Dongsun Lee [Wed, 29 Mar 2017 08:18:37 +0000 (17:18 +0900)]
Add %license macro for each sub package

Change-Id: Iab00d7a0f4b4e19e30ab37d9bfe3dde755981fe2
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
7 years agoAdd internal test cases 65/111965/2
Kyungwook Tak [Fri, 13 Jan 2017 11:06:41 +0000 (20:06 +0900)]
Add internal test cases

Change-Id: Ifd6b70245a8210f17097cd47d7739c8d19ab1819
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
(cherry picked from commit 925c8d123fd9ece130ccf359446ad9e0e63906e3)

7 years agoReplace stringify template to macro 25/111925/5
Kyungwook Tak [Wed, 25 Jan 2017 04:12:44 +0000 (13:12 +0900)]
Replace stringify template to macro

Change-Id: Ifc6e0d65d903ec17c2669ddfa32c3b3b23a7bcb0
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
7 years agoUpdate documents in doc/ 12/112812/1
Kyungwook Tak [Fri, 3 Feb 2017 02:13:09 +0000 (11:13 +0900)]
Update documents in doc/

Change-Id: I3de73523d2a51f8508482247eddb2bc2a0078ad7
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
7 years agoApply the reviewed API documentation 31/109631/1
Dongsun Lee [Thu, 5 Jan 2017 11:11:57 +0000 (20:11 +0900)]
Apply the reviewed API documentation

Change-Id: Ifab4e5d251ce90642b07a5c5274adcf58e3083f7
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
(cherry picked from commit edf7e603070dedac237898a9c60ec5205a44d4d3)

7 years agogcc version condition check on using pragma 47/108947/1 accepted/tizen/common/20170109.202449 accepted/tizen/ivi/20170109.084943 accepted/tizen/mobile/20170109.084839 accepted/tizen/tv/20170109.084906 accepted/tizen/unified/20170309.034038 accepted/tizen/wearable/20170109.084923 submit/tizen/20170109.064234 submit/tizen_unified/20170308.100409
Kyungwook Tak [Fri, 6 Jan 2017 08:52:44 +0000 (17:52 +0900)]
gcc version condition check on using pragma

pragma dianogstic ignored makes warning on gcc version 4
so define it when gcc version is 6 or upper

Change-Id: I0a62af50418ae4f11d7396fc52bbc770143e037f
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
7 years agoSuppress warning on sqlcipher(unused-const-variable) 90/107990/1 submit/tizen/20170106.082227 submit/tizen/20170106.082921
Kyungwook Tak [Mon, 2 Jan 2017 08:13:25 +0000 (17:13 +0900)]
Suppress warning on sqlcipher(unused-const-variable)

unused-const-variable warning occurs in sqlcipher when it built with
gcc version 6.2. sqlcipher code is hard to touch and not recommended so
just suppress the warning on that file only by pragma

Change-Id: Icc29d829ed460592b8d883497b69bd9dc9df2a3f
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
7 years ago[CryptoLogic] Fix func name and set max schema version 06/105906/3 accepted/tizen/common/20161227.192124 accepted/tizen/ivi/20161226.131245 accepted/tizen/mobile/20161226.131146 accepted/tizen/tv/20161226.131212 accepted/tizen/wearable/20161226.131222 submit/tizen/20161226.013211
Kyungwook Tak [Tue, 20 Dec 2016 04:10:16 +0000 (13:10 +0900)]
[CryptoLogic] Fix func name and set max schema version

Change function name: CLEAR_FLAG => CLEAR_FLAGS

Define maximum variable of schema version available.
To changing encryption schema bitmask from int to std::bitset
makes some backward compatability issue because it resides in
DB::Row::encryptionScheme as int already which is in DB.
But std::bitset cannot support converting to int (only ulong & ulong
long) so it's hard to use.

Change-Id: Ia27ec252f67c61fece9b34b1458724476b653b77
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
7 years agoReplace deprecated readdir_r with readdir 42/105342/4
Kyungwook Tak [Fri, 16 Dec 2016 04:22:32 +0000 (13:22 +0900)]
Replace deprecated readdir_r with readdir

Change-Id: I10857c628068c2a53978c16670fab1f9f9d23033
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
7 years agoClean up bit masking ENCR in CryptoLogic 97/105397/2
Kyungwook Tak [Fri, 16 Dec 2016 10:35:18 +0000 (19:35 +0900)]
Clean up bit masking ENCR in CryptoLogic

Clean up some variables are double declared in anonymous
namespace and class member.
Make inline private member function for bit masking
operations for encryption scheme/version to clean up related codes.

Change-Id: I7bccdccd3f80fd259fa54b95d1906e1f386b2116
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
7 years agoFix shift overflow which makes build err in gcc6.2 41/105341/1
Kyungwook Tak [Fri, 16 Dec 2016 08:31:08 +0000 (17:31 +0900)]
Fix shift overflow which makes build err in gcc6.2

Change-Id: I17a1c729b83442e90ff91f0771ea845d09140873
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
7 years agoC++11 destructor should not throw exception 40/105340/1
Kyungwook Tak [Fri, 16 Dec 2016 04:11:00 +0000 (13:11 +0900)]
C++11 destructor should not throw exception

Change-Id: If6e3e469acec69bd0a4c2678348d92af607b39d2
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
7 years agoAdd missing header 39/105339/1
Kyungwook Tak [Fri, 16 Dec 2016 08:27:58 +0000 (17:27 +0900)]
Add missing header

Change-Id: Ic9660e80708abb71c293245755912c1bf4bdd438
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
7 years agoStatic cast enum value to int 38/105338/1
Kyungwook Tak [Fri, 16 Dec 2016 04:10:39 +0000 (13:10 +0900)]
Static cast enum value to int

Change-Id: I738b0a745725c47a0608c58396df79f745ccd412
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
7 years agoReplace deprecated auto_ptr with unique_ptr 37/105337/1
Kyungwook Tak [Fri, 16 Dec 2016 04:04:15 +0000 (13:04 +0900)]
Replace deprecated auto_ptr with unique_ptr

Change-Id: Ib0ebc0f297f51a4cc3335a7d1c9033a37edea016
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
7 years agoRemove to add openssl locking function on client 84/104984/1
Kyungwook Tak [Thu, 15 Dec 2016 04:19:28 +0000 (13:19 +0900)]
Remove to add openssl locking function on client

To add locking function in client library side is dangerous of occuring
segmentation fault because it can be used in some dynamic loaded
plugins. If multiple plugins are adding locking function, there is race
condition issue that symbol is unloaded out from the plugin so it makes
segmentation fault.

Change-Id: I1ac443c5d2e166cf05c65b3d937dae64472c713b
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
7 years agoUpgrade: cp instead of mv 23/102223/1
Sunmin Lee [Wed, 30 Nov 2016 04:37:38 +0000 (13:37 +0900)]
Upgrade: cp instead of mv

Because RO partition shouldn't be modified,
use cp instead of mv.

Change-Id: If852002611569ebc5146c73b82617ee9e14975c4
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
(cherry picked from commit 592432e551bd61800d488a0bf6b4a52762445e58)

7 years agoUse valid group tag 65/100365/1
Kyungwook Tak [Mon, 28 Nov 2016 02:37:47 +0000 (11:37 +0900)]
Use valid group tag

Based on gbs build errorcode and groups are listed here:
https://wiki.tizen.org/wiki/Packaging/Guidelines#Group_Tag

Change-Id: I81e416b30454a951a51cd6f9fe9ca832e700ff6d
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
7 years agoLicense name changed: BSD-2.0 -> BSD-3.0-Clause 60/100360/1
Kyungwook Tak [Mon, 28 Nov 2016 02:26:41 +0000 (11:26 +0900)]
License name changed: BSD-2.0 -> BSD-3.0-Clause

Change-Id: Id415803d99a9bad4f89adae3c8d5030e8920f438
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoRemove socket-2-id-wrapper and socket-2-id-mockup 45/92345/1
Bartlomiej Grzelewski [Fri, 14 Oct 2016 12:08:49 +0000 (14:08 +0200)]
Remove socket-2-id-wrapper and socket-2-id-mockup

Change-Id: I3637563d2e7869041693887c96697a495a26d3b5

8 years agoMerge "Map System subdomains to System" into tizen accepted/tizen/3.0/common/20161114.105958 accepted/tizen/3.0/ivi/20161011.044322 accepted/tizen/3.0/mobile/20161015.033458 accepted/tizen/3.0/tv/20161016.004614 accepted/tizen/3.0/wearable/20161015.082655 accepted/tizen/common/20160926.154122 accepted/tizen/ivi/20160927.020903 accepted/tizen/mobile/20160927.020845 accepted/tizen/tv/20160927.020701 accepted/tizen/wearable/20160927.020827 submit/tizen/20160926.005548 submit/tizen_3.0_common/20161104.104000 submit/tizen_3.0_ivi/20161010.000003 submit/tizen_3.0_mobile/20161015.000003 submit/tizen_3.0_tv/20161015.000002 submit/tizen_3.0_wearable/20161015.000002
Dong Sun Lee [Mon, 26 Sep 2016 01:40:57 +0000 (18:40 -0700)]
Merge "Map System subdomains to System" into tizen

8 years agoMap System subdomains to System 38/89338/2
Kyungwook Tak [Fri, 23 Sep 2016 06:32:07 +0000 (15:32 +0900)]
Map System subdomains to System

e.g., System::Privileged -> System
This is for sharing data between system services regardless subdomain
like System::Privileged which has special subdomain label for onlycap

Change-Id: Ibd6f99c8ced3b7bbb3ba3da6e7bd7ee39cd2bfe2
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoEnable privilege check on control API 86/89386/1
Kyungwook Tak [Fri, 23 Sep 2016 08:46:59 +0000 (17:46 +0900)]
Enable privilege check on control API

privilege: http://tizen.org/privilege/internal/service

storage API is still disabled because it's non-privileged

Change-Id: I89cfa8f11181d0a89280d204f2bf611a3a237d78
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoFix typo in link_directories 40/89340/1
Kyungwook Tak [Fri, 23 Sep 2016 06:48:45 +0000 (15:48 +0900)]
Fix typo in link_directories

Change-Id: I273107afabcf2bb95db7a35906618fd01b207928
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoUse argos_watchdog 57/87957/9
Kyungwook Tak [Fri, 23 Sep 2016 05:55:26 +0000 (14:55 +0900)]
Use argos_watchdog

argos watchdog is watchdog lib which has systemd backend
on platform and backend can be reimplemented by product developer

argos watchdog provides per-process watchdog registration
(systemd allows per-thread but it's not guaranteed by other
backends for now)

This feature is on discussion with multiple product divisions
so it would be easily enabled/disabled by build feature
in compile time

Change-Id: Idb28caa52f3d20a2e0030c84852ad101fdbb6623
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoFix doxygen warnings 03/89303/2
Kyungwook Tak [Fri, 23 Sep 2016 05:14:14 +0000 (14:14 +0900)]
Fix doxygen warnings

Change-Id: I7ed6f71aaa631510622ea8d934dfb7d25a57611b
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>