Dariusz Michaluk [Tue, 25 Jun 2024 09:19:19 +0000 (11:19 +0200)]
Release 0.1.58.7
* Remove double checking of key type
* Documentation improvement for Escrow Vault 2.0 support
* Add EXTENDED_MODULE defgroup in docs
* Rename client extended module
Change-Id: I9f067d0371cb241143b0bf91cd17c571901ceb44
Filip Skrzeczkowski [Thu, 20 Jun 2024 10:30:51 +0000 (12:30 +0200)]
Rename client extended module
Change-Id: Iaf90c2081bd1e131b629c0dead037beb79df08ad
Filip Skrzeczkowski [Tue, 18 Jun 2024 10:59:40 +0000 (12:59 +0200)]
Add EXTENDED_MODULE defgroup in docs
Change-Id: I6e92dbeff5bc910f0bc9427babb7076e2a572d02
Filip Skrzeczkowski [Fri, 14 Jun 2024 14:56:01 +0000 (16:56 +0200)]
Documentation improvement for Escrow Vault 2.0 support
The following changes in the CAPI documentation were made according
to requests made during the ACR approval process:
- CAPI_KEY_MANAGER_CLIENT_EXTENDED_MODULE description
- concatenated data (un)wrapping: code examples of memory handling
- 3072 bit RSA clarification: minimum Tizen release
Change-Id: I095c088534e56d032041e46a263791877f1176e9
Dariusz Michaluk [Wed, 5 Jun 2024 11:11:18 +0000 (13:11 +0200)]
Remove double checking of key type
Change-Id: Iae2c23f0c8f8124d8c6cae843385cd8722019af8
Dariusz Michaluk [Thu, 6 Jun 2024 10:05:31 +0000 (12:05 +0200)]
Release 0.1.58.6
* Adjust coverage script after lcov upgrade
* Add RSA 3072 support
* Dont return aliases with only REMOVE permission
* Concatenated wrapping API & sw-backend & tz-backend implementation
* Allow using SHA384 & SHA512 with RSA OAEP
Change-Id: I78a9018590e80f9166565731d5d6fbcb6fc30cc1
Dariusz Michaluk [Thu, 9 May 2024 13:47:58 +0000 (15:47 +0200)]
Allow using SHA384 & SHA512 with RSA OAEP
Change-Id: I784c42ccd6d2cf8fb8452944e90d4234c299e121
Dariusz Michaluk [Fri, 10 May 2024 10:17:59 +0000 (12:17 +0200)]
Concatenated wrapping tz-backend implementation
Change-Id: I4e524f72b5cbc011c503f74172615e87e03fab18
Dariusz Michaluk [Fri, 19 Apr 2024 13:24:49 +0000 (15:24 +0200)]
Concatenated wrapping sw-backend implementation
Change-Id: I28856286c05c2ec1919674b0e7cf8add90cc20e1
Dariusz Michaluk [Tue, 16 Apr 2024 14:44:36 +0000 (16:44 +0200)]
Concatenated wrapping API draft
Change-Id: Ie154b19b3c59727ec9bf5b8ece91ce9a549d2feb
Andrei Vakulich [Tue, 14 May 2024 08:36:45 +0000 (10:36 +0200)]
Dont return aliases with only REMOVE permission
Change-Id: I6558ff299deb5166ef90f2ba8191521d901f0a24
Jan Wojtkowski [Thu, 18 Apr 2024 10:32:32 +0000 (12:32 +0200)]
Add RSA 3072 support
Change-Id: Ic6616d1e67bc612f0f168f3d1d628b2f86689132
Jan Wojtkowski [Thu, 18 Apr 2024 13:40:08 +0000 (15:40 +0200)]
Add vscode settings to .gitignore
Change-Id: Ic2d94c8cfc0de934ebe00774db6591c78625c46c
Dariusz Michaluk [Fri, 5 Apr 2024 10:15:39 +0000 (12:15 +0200)]
Adjust coverage script after lcov upgrade
Change-Id: I8d03eb3e0fc2092fb99bf5bf90fd037f1a9c3fe2
Krzysztof Jackiewicz [Tue, 19 Mar 2024 19:30:49 +0000 (20:30 +0100)]
Release 0.1.58.5
* Revert "Fix AES GCM IV setting in KeyProvider"
Change-Id: I584b432d9b73d270410a2d923332ef9ee13b37e7
Krzysztof Jackiewicz [Tue, 19 Mar 2024 19:28:10 +0000 (20:28 +0100)]
Revert "Fix AES GCM IV setting in KeyProvider"
This reverts commit
cb384fdaca572cabf03210b3e5219713b33ab9bd.
Change-Id: I34692b47da5a53d3969be087802f962d9bb84ccb
Krzysztof Jackiewicz [Wed, 6 Mar 2024 09:08:49 +0000 (10:08 +0100)]
Release 0.1.58.4
* Exit with error when file lock is busy
Change-Id: Ic29fbe2543e4711c76c289cbc2a298f34af11f3a
Krzysztof Jackiewicz [Tue, 5 Mar 2024 08:56:15 +0000 (09:56 +0100)]
Exit with error when file lock is busy
Change-Id: Iee78ef372a3315c8eedbf80b0579508edb1c3843
Krzysztof Jackiewicz [Wed, 11 Oct 2023 08:56:41 +0000 (10:56 +0200)]
Release 0.1.58.3
* Serialize AES key size as int
* Scheme tests fix
* Fix AES GCM IV setting in KeyProvider
Change-Id: I1d381796433a452148c2e15a23aa52b66174b363
Krzysztof Jackiewicz [Mon, 9 Oct 2023 07:42:02 +0000 (09:42 +0200)]
Serialize AES key size as int
It was converted to size_t at some point which led to errors on 64-bit
architectures.
Change-Id: Id905e9b06219642355050cfdb5a69d2cb2162ee7
Krzysztof Jackiewicz [Thu, 28 Sep 2023 09:42:26 +0000 (11:42 +0200)]
Scheme tests fix
Change-Id: I49b8fc6c24fde53e637e1431c2b49c9022249e66
Krzysztof Jackiewicz [Fri, 29 Sep 2023 05:09:19 +0000 (07:09 +0200)]
Fix AES GCM IV setting in KeyProvider
The proper order of setting an IV of custom length in GCM is to firstly
pass the length and then the IV during both encryption and decryption.
The KeyProvider code was doing the opposite which resulted in
truncating the IV to 12B. In openssl3.0 The effect is somewhat
diffferent but the output is also invalid.
Openssl silently ignores this issue allowing to call the API in wrong
order and get invalid encryption/decryption results.
The issue was not detected until now because the IV truncation was
working the same way during encryption and decryption and no other
module beside key-manager was accessing the encrypted keys.
This commit modifies KeyProvider code in 2 ways:
* Modify encryption and decryption to set the IV length properly.
* If decryption fails retry it with IV truncated to 12B to handle data
encrypted the old way.
Change-Id: I72e237b0842234d80579f3e93b5e1012a0613140
Krzysztof Jackiewicz [Tue, 26 Sep 2023 08:37:43 +0000 (10:37 +0200)]
Release 0.1.58.2
* Implement hash selection in RSA OAEP
* Prevent using public key for decryption
* Specify the RSA OAEP encryption padding
* Check mandatory KBKFD params in TZ
Change-Id: I05527d23f175ffd21cd3639a414b65ccec776373
Krzysztof Jackiewicz [Fri, 22 Sep 2023 09:34:00 +0000 (11:34 +0200)]
Implement hash selection in RSA OAEP
SW and TZ backend implementation
Unit-tests included
Change-Id: I6efd8a0477fe3137491c889d0c70eabc0d861097
Krzysztof Jackiewicz [Wed, 20 Sep 2023 10:57:56 +0000 (12:57 +0200)]
Prevent using public key for decryption
We could leave it for backends but since we have all the info, let's
fail early.
Change-Id: I7d3257370124ad19d423b859f380ce60f6da4d95
Krzysztof Jackiewicz [Wed, 20 Sep 2023 09:52:25 +0000 (11:52 +0200)]
Specify the RSA OAEP encryption padding
Change-Id: I88abe53b11230121f594728abf64c0cf1c38895f
Krzysztof Jackiewicz [Tue, 19 Sep 2023 12:56:06 +0000 (14:56 +0200)]
Check mandatory KBKFD params in TZ
Change-Id: I151207b55b1051ac3cc870c885a33b951331bc61
Krzysztof Jackiewicz [Wed, 13 Sep 2023 06:22:37 +0000 (08:22 +0200)]
Release version 0.1.58.1
* Revert "Test proper GCM IV length handling"
* Revert "Fix GCM IV length setting"
* Revert "Workaround for GCM IV length issue"
* Don't use IVs shorter than 12B in tests
* Fix key-wrapping documentation
* Adjust scheme tests to TZ
Change-Id: Ifd889aeabb0ee70aa73531189c465b360e6eb052
Krzysztof Jackiewicz [Tue, 12 Sep 2023 10:36:35 +0000 (12:36 +0200)]
Revert "Test proper GCM IV length handling"
This reverts commit
61b910797b706b3e8494eb5841e4462bf1356125.
Change-Id: Ifb7e276f1dee253c606800049ef97aea5c3bec77
Krzysztof Jackiewicz [Tue, 12 Sep 2023 10:36:11 +0000 (12:36 +0200)]
Revert "Fix GCM IV length setting"
This reverts commit
1e6e268703fc313a973f06581e21cf62c112e903.
Change-Id: Ibb87d42af732735413bdbffa9fadc15e7457eb59
Krzysztof Jackiewicz [Tue, 12 Sep 2023 10:31:15 +0000 (12:31 +0200)]
Revert "Workaround for GCM IV length issue"
This reverts commit
d6606535ac51bb3e574312106088f3f15843536e.
Change-Id: Iac1edf23290c19d0866f06138a31f6181093ba92
Krzysztof Jackiewicz [Tue, 12 Sep 2023 15:12:08 +0000 (17:12 +0200)]
Don't use IVs shorter than 12B in tests
Change-Id: I086fb913be53eeb0891a2a0a9013d768939f0b0a
Krzysztof Jackiewicz [Mon, 11 Sep 2023 12:03:30 +0000 (14:03 +0200)]
Fix key-wrapping documentation
Change-Id: I67d762c719e2fc1a7cae7f3537f69760fa9eef3f
Krzysztof Jackiewicz [Fri, 11 Aug 2023 11:29:45 +0000 (13:29 +0200)]
Adjust scheme tests to TZ
TZ does not support saving asymmetric keys with password.
Change-Id: Ia6ec92b610908a52079d2f22f32a9387237faee7
Dongsun Lee [Mon, 21 Aug 2023 06:41:03 +0000 (15:41 +0900)]
Release 0.1.58
* Add compiler flags for build warnings
* Check RSA padding in TZ
* Check KBKDF parameters on key-manager side
* Pass password to CMD_GET_DATA_SIZE
* Pass public key curve info to TZ's ECDH
* Use default CTR length in TZ encryption
Change-Id: Ibe2928a9b18bba49764a9779eaed1712b9bf5b36
Dongsun Lee [Mon, 21 Aug 2023 01:16:45 +0000 (10:16 +0900)]
Set initial values to remove build warnings
Change-Id: Icf793bed432aeb72de8471bd770feb9326450936
Krzysztof Jackiewicz [Thu, 10 Aug 2023 18:27:44 +0000 (20:27 +0200)]
Check RSA padding in TZ
The only supported padding method is PKCS1
Change-Id: I3cd769d68f67b3ee2afb959bca2e74db8e6295c4
Krzysztof Jackiewicz [Wed, 9 Aug 2023 15:39:38 +0000 (17:39 +0200)]
Check KBKDF parameters on key-manager side
Change-Id: I1afb107d6fd286f5524561c1631ef65c2043f3c2
Krzysztof Jackiewicz [Wed, 9 Aug 2023 15:31:21 +0000 (17:31 +0200)]
Pass password to CMD_GET_DATA_SIZE
In case of encrypted objects the password may be necessary do get the
actual size.
Change-Id: I5636325a8a120c0226ab5cc06ddef2aa05b96992
Krzysztof Jackiewicz [Wed, 9 Aug 2023 15:26:24 +0000 (17:26 +0200)]
Pass public key curve info to TZ's ECDH
This is needed to compare curve with private EC curve in TZ.
Change-Id: I5c42b7395683bd14c391415537e31efc3dcb6fc4
Krzysztof Jackiewicz [Tue, 8 Aug 2023 15:00:00 +0000 (17:00 +0200)]
Use default CTR length in TZ encryption
According to API documentation the counter length parameter is optional.
TZ implementation should not assume its existence.
Change-Id: I89ef3b78e95f2a3a8c79688ee21c9d04a43a5116
Krzysztof Jackiewicz [Fri, 4 Aug 2023 06:18:40 +0000 (08:18 +0200)]
Release 0.1.57
* Deserialize tags only if password was given
* Add context cleanup command for TZ
* Fix bugs during exporting a wrapped key
* Use default tag length for wrapping if not given
* Allow only symmetric key wraping/unwrapping
* Add type parameter to "get" commands
* Call TA to get the max chunk size
* Pass key length to KBKDF in TZ backend
* Fix secret pwd passing in TZ backend KBKDF
Change-Id: Ia17f64eacf32400ef0f53c0d2cf82ceb1c07e45c
Krzysztof Jackiewicz [Thu, 3 Aug 2023 08:55:48 +0000 (10:55 +0200)]
Deserialize tags only if password was given
Change-Id: I1c598e17740785e4bd49edc120b6844ebe65e88a
Krzysztof Jackiewicz [Tue, 1 Aug 2023 13:26:47 +0000 (15:26 +0200)]
Add context cleanup command for TZ
If encryption fails and the "finalize" is not called the context will
not removed on TA side. Fix it by adding new command.
Change-Id: Id6bfb6821ba2c83565eb79d825fa98c096a346fc
Dongsun Lee [Sat, 29 Jul 2023 07:26:10 +0000 (16:26 +0900)]
Fix bugs during exporting a wrapped key
- generous output size check
- enlarged encryption overhead for RSA
- use type of wrap to key
Change-Id: I64367edf00d58e67df62a682a05c58dae5e2327b
Krzysztof Jackiewicz [Fri, 28 Jul 2023 11:13:19 +0000 (13:13 +0200)]
Use default tag length for wrapping if not given
Change-Id: I2ad6e13383621522af2de8500814f6d01868c828
Krzysztof Jackiewicz [Mon, 24 Jul 2023 10:59:40 +0000 (12:59 +0200)]
Allow only symmetric key wraping/unwrapping
Change-Id: I36549b09d891d0d3e34667c71aa0294389441f76
Krzysztof Jackiewicz [Mon, 24 Jul 2023 10:44:00 +0000 (12:44 +0200)]
Add type parameter to "get" commands
CMD_GET_DATA
CMD_GET_DATA_SIZE
CMD_EXPORT_WRAPPED_KEY
This may be necessary if data is encrypted.
Change-Id: Ie34d33c11e9c55958cb44adcb0bf5371c36e8a68
Krzysztof Jackiewicz [Mon, 24 Jul 2023 09:42:18 +0000 (11:42 +0200)]
Call TA to get the max chunk size
Change-Id: Iec297646564b0a49d2966fcec1ec922bac1b7615
Krzysztof Jackiewicz [Thu, 20 Jul 2023 12:20:20 +0000 (14:20 +0200)]
Pass key length to KBKDF in TZ backend
Change-Id: I5cd90b8754b7aa89371e515ffac79cd35c9b5004
Krzysztof Jackiewicz [Thu, 20 Jul 2023 12:05:22 +0000 (14:05 +0200)]
Fix secret pwd passing in TZ backend KBKDF
Change-Id: I6f1a4d588a6a0679b88f967fdbc71b436329153f
Krzysztof Jackiewicz [Fri, 14 Jul 2023 12:39:59 +0000 (14:39 +0200)]
Release 0.1.56
* Documentation fixes
* Retrieve TZ raw key data only when needed
* Reserve enough space for GCM tag in TZ backend
* Use proper memory type in TZ backend's addGcmAAD()
Change-Id: I38b89ee3a76a62420f148a2dd836d7ffe1d1072d
Krzysztof Jackiewicz [Thu, 13 Jul 2023 07:55:15 +0000 (09:55 +0200)]
Documentation fixes
* Do not use @see inside other tags
* Add missing parenthesis
Change-Id: I4b7492eb410c6f510b6848689faf622dd0b8dc5b
Krzysztof Jackiewicz [Wed, 12 Jul 2023 08:59:31 +0000 (10:59 +0200)]
Retrieve TZ raw key data only when needed
Change-Id: Ia1ef537b9696e39c53c1f4972f96ead4cb0fb81a
Krzysztof Jackiewicz [Wed, 12 Jul 2023 06:58:38 +0000 (08:58 +0200)]
Reserve enough space for GCM tag in TZ backend
Change-Id: I36f9718cfdc37f7fdac1e47fc056aeaabdeee242
Krzysztof Jackiewicz [Tue, 11 Jul 2023 11:05:27 +0000 (13:05 +0200)]
Use proper memory type in TZ backend's addGcmAAD()
We need TEEC_VALUE_INOUT to properly read the return code from
op.params[0].value.a.
Change-Id: I95eb5fd757f9e3235bb855269dd0a804ac7bb135
Krzysztof Jackiewicz [Tue, 11 Jul 2023 10:07:18 +0000 (12:07 +0200)]
Release 0.1.55
* Fix TZ backend issues
* Fixed the build error using gcc 13
* Modify decider logic
* Allow EC keys to be imported to TZ backend
Change-Id: I409287a6d1b9f14deb34041dcce904bcbb43f7ba
Krzysztof Jackiewicz [Mon, 10 Jul 2023 15:31:33 +0000 (17:31 +0200)]
Fix TZ backend issues
* Add missing namespaces
* Include ctx.cpp in TZ source list
* Add missing operation id to internal TZ calls
Change-Id: I59e71b7af5a1c418f797e7d915b8a9d1fc456edf
wchang kim [Mon, 3 Jul 2023 23:06:34 +0000 (08:06 +0900)]
Fixed the build error using gcc 13
Change-Id: I716b3be00e9e2015591af34b33031726fa1b5969
Krzysztof Jackiewicz [Mon, 3 Jul 2023 11:59:21 +0000 (13:59 +0200)]
Modify decider logic
Allow importing of all types of asymmetric keys to TZ backend.
Add unit-test
Change-Id: Iebbd0d5f37b4568b8c2473cdfe178d1ddad85a86
Krzysztof Jackiewicz [Mon, 3 Jul 2023 12:32:23 +0000 (14:32 +0200)]
Allow EC keys to be imported to TZ backend
Change-Id: I54ab75a7d30817aea1054fd13b81f2519d0bdc13
Krzysztof Jackiewicz [Thu, 29 Jun 2023 08:32:17 +0000 (10:32 +0200)]
Release 0.1.54
* Implement public key extraction in TZ backend
* add ALGO_ECDSA_SV to MAX_KEY_SIZE in tz_backend
* Return proper error for wrong wrapped key type
* Update ckmc_import_wrapped_key description
* Add missing exception guard to C++ API
* Simplify serialization calls
* Fix wrong fuction name in the documentation
* Fix typo in ckmc-manager.h
* Enable -Wshadow and fix warnings
Change-Id: I1009a607df537d843cc59fa8148f4912262480cc
Krzysztof Jackiewicz [Wed, 28 Jun 2023 08:21:21 +0000 (10:21 +0200)]
Implement public key extraction in TZ backend
Public keys are not secrets and there are scenarios like ECDH when they
have to be extracted in raw form. Exportability logic still applies.
* Separate the object id and the raw data in TZ backend objects.
* Rename function arguments to make their meaning more adequate.
* Use object id when making operations using given key or binary data.
* Return raw data only to CKMLogic via getBinary() method.
* Make getBinary() return an empty buffer for private and symmetric keys.
* Move m_type to AKey where it's used.
Change-Id: Idf6db51387d98f6560f0da18e2fc1d9bbc3abc4f
Dongsun Lee [Thu, 29 Jun 2023 07:42:00 +0000 (16:42 +0900)]
add ALGO_ECDSA_SV to MAX_KEY_SIZE in tz_backend
Change-Id: I484312a778a8587d3197132e5182af8b842646ce
Krzysztof Jackiewicz [Tue, 27 Jun 2023 15:00:29 +0000 (17:00 +0200)]
Return proper error for wrong wrapped key type
Change-Id: I72e888e9808865c9ac3178ec8821dbf79aad9fd5
Krzysztof Jackiewicz [Tue, 27 Jun 2023 11:39:48 +0000 (13:39 +0200)]
Update ckmc_import_wrapped_key description
The remark allows passing a wrapped key without any type letting the
backend autodetect it. Current implementation in SW backend does not
support it. In case of TZ backend such autodetection would unnecessarily
complicate the code.
Since the feature is not actually needed, the value CKMC_KEY_NONE option
will be forbidden from now on.
Change-Id: I2396d03bd28b0eeef0a1e922029808061beb71c8
Krzysztof Jackiewicz [Thu, 22 Jun 2023 09:04:18 +0000 (11:04 +0200)]
Add missing exception guard to C++ API
Change-Id: Ie9164be51dbea8cf8b6f1524808fbb8841c2f2bf
Krzysztof Jackiewicz [Tue, 13 Jun 2023 14:47:07 +0000 (16:47 +0200)]
Simplify serialization calls
Remove unnecessary casts and use type deduction.
Change-Id: I88d8ae4b8060a509984a6883289c4bb05a9c1015
Krzysztof Jackiewicz [Wed, 21 Jun 2023 18:50:26 +0000 (20:50 +0200)]
Fix wrong fuction name in the documentation
Change-Id: Ib83d88de1d17bd32b86cd7c99b5dd12247d0aaf8
Krzysztof Jackiewicz [Wed, 21 Jun 2023 15:16:19 +0000 (17:16 +0200)]
Fix typo in ckmc-manager.h
Change-Id: I76c95dcf4c32f3fc70abea680f757edd45676c07
Krzysztof Jackiewicz [Tue, 20 Jun 2023 15:52:03 +0000 (17:52 +0200)]
Enable -Wshadow and fix warnings
The flag is used in products an our code causes warnings/errors. Fix
existing code and enable the flag to detect possible errors in future.
Change-Id: I830696231f9a6f1b80d390f7bf3df4fff1814691
Krzysztof Jackiewicz [Wed, 14 Jun 2023 10:33:41 +0000 (12:33 +0200)]
Release 0.1.53
* Add few remarks regarding chunk size limits
* Cipher API implementation in TZ backend
* Backend info API implementation
* Alias info refactoring
* Extend E2EE API support back to 6.0
* Refactor serialization code
* Cipher API unit tests
* Cipher API implementation (server part)
* Cipher API implementation (backend part)
* Cipher API implementation (client part)
* Drop all encryption requests upon disconnection
* Update cipher api description
* Improve AAD and GCM tag handling in cipher API
* Update ckmc_generate_new_params with new algorithms
* Allow generating unexportable binary data in TZ
* Add missing KBKDF params in TZ backend
* Workaround for GCM IV length issue
* Fix GCM IV length setting
* Test proper GCM IV length handling
* Rename DataType::isSKey
* Fix backend selection logic
* Fix default value for KBKDF LLEN parameter
* Backend info API
* Multi-stage encryption API
* Fix ckmc_key_derive API description
Change-Id: If9bfbaa1fe5169412441660df3bb1a055d22ce2a
Krzysztof Jackiewicz [Wed, 14 Jun 2023 10:30:49 +0000 (12:30 +0200)]
Merge branch e2ee into tizen
Change-Id: I856e57b604e87582948e250929817fd3b7c0dd8b
Krzysztof Jackiewicz [Wed, 14 Jun 2023 10:07:09 +0000 (12:07 +0200)]
Add few remarks regarding chunk size limits
Mention the possibility of backend imposing limits on the size of
processed data in all places where it may happen.
Change-Id: Id828f15b8692859a1efad015dcb3692c9c29432e
Krzysztof Jackiewicz [Fri, 9 Jun 2023 08:51:08 +0000 (10:51 +0200)]
Cipher API implementation in TZ backend
Change-Id: I2510dfb8f7e1722ee300edce6e983075a0c5303a
Krzysztof Jackiewicz [Wed, 7 Jun 2023 11:19:02 +0000 (13:19 +0200)]
Backend info API implementation
Change-Id: Ib47c16bf5d2255c71d538b9e1009cb54b8f842ba
Krzysztof Jackiewicz [Fri, 26 May 2023 13:00:58 +0000 (15:00 +0200)]
Alias info refactoring
To extract alias backend information, the current structures and
mechanisms meant for alias & password protection status extraction have
to be modified as follows:
* Modify 'join_all_tables' view in db to include 'backendId' and other
columns from OBJECTS table. It also requires a db version bump and a
migration script
* Modify db query that lists aliases to include 'backendId'.
* Move AliasSupport to common library so it can be used in DBCrypto.
* Replace OwnerNameVector and OwnerNameEncryptionStatusVector with a
vector of AliasInfo structures.
* Add AliasInfoSerializableVector wrapper to allow AliasInfo
(de)serialization.
* Modify client to get password protection status during
ckmc_alias_info_is_password_protected() instead of checking all
accessible aliases one by one.
* Modify client to get aliases from AliasInfo vector when other info is
not required.
* Update unit-tests
Change-Id: Ic6741f7329afe858d561cab89d9616a53327a6bd
Krzysztof Jackiewicz [Wed, 7 Jun 2023 08:32:58 +0000 (10:32 +0200)]
Extend E2EE API support back to 6.0
Change-Id: I7aff7fb9a35fa26804303a11a4cf0a8c03fb287c
Krzysztof Jackiewicz [Mon, 5 Jun 2023 12:36:55 +0000 (14:36 +0200)]
Refactor serialization code
* Remove unused overloads (pointers, stl).
* Unify primitive types (de)serialization.
* Modify Serializable interface to allow passing an existing object.
* Update serialization wrappers' implementations and move them to cpp.
Change-Id: I498f9dd9cca570a1a7eb424fb481d07a1297a279
Krzysztof Jackiewicz [Wed, 7 Jun 2023 08:36:57 +0000 (10:36 +0200)]
Release 0.1.52
* Extend E2EE API support back to 6.0
Change-Id: I6f05c59bdbaf7c34b6c71ffbfb1eeea3687abab4
Krzysztof Jackiewicz [Wed, 7 Jun 2023 08:32:58 +0000 (10:32 +0200)]
Extend E2EE API support back to 6.0
Change-Id: I7aff7fb9a35fa26804303a11a4cf0a8c03fb287c
Krzysztof Jackiewicz [Wed, 17 May 2023 16:01:32 +0000 (18:01 +0200)]
Cipher API unit tests
Change-Id: I9ef5e3db62a36043d6b5691a0aaff5ce7236c302
Krzysztof Jackiewicz [Fri, 5 May 2023 08:37:23 +0000 (10:37 +0200)]
Cipher API implementation (server part)
Change-Id: Ie4a9c50378d461e659401829863bbe32cf67f305
Krzysztof Jackiewicz [Thu, 11 May 2023 12:32:56 +0000 (14:32 +0200)]
Cipher API implementation (backend part)
Change-Id: I7d2e5ef36a539a34f7e93a7fd9c16c90534d6aad
Krzysztof Jackiewicz [Wed, 26 Apr 2023 21:11:33 +0000 (23:11 +0200)]
Cipher API implementation (client part)
Change-Id: I191f606819ae306f570fe538674f943e336ec86f
Krzysztof Jackiewicz [Wed, 17 May 2023 12:35:13 +0000 (14:35 +0200)]
Drop all encryption requests upon disconnection
If client disconnects before finishing the request the request should
be removed from the map.
Change-Id: I7bb0fa71b12f0a07bac5e62e5191bd9729829bfe
Krzysztof Jackiewicz [Wed, 24 May 2023 09:02:48 +0000 (11:02 +0200)]
Update cipher api description
Encryption may return an empty buffer. Specify the return value in such
case.
Change-Id: Iabcbe30dc002d4dc7eb932fdbd5418263488ba2a
Krzysztof Jackiewicz [Mon, 15 May 2023 12:44:43 +0000 (14:44 +0200)]
Improve AAD and GCM tag handling in cipher API
* AAD may also be a subject of backend chunk size limitation. Allow
calling ckmc_cipher_init multiple time do provide consecutive AAD
portions.
* When encrypted data is split in to chunks there's no way to locate
the trailing GCM tag part. Add optional buffer argument to
ckmc_cipher_finalize() to allow passing the tag explicitly. This
function will also return the tag in the output buffer during
encryption.
Change-Id: Ic9ddb86e294f8180fb44327c1f4ac4f4650b3e4c
Krzysztof Jackiewicz [Thu, 18 May 2023 10:16:03 +0000 (12:16 +0200)]
Update ckmc_generate_new_params with new algorithms
Change-Id: I094372d55a89a9fe5b7c212bd8c2e2dc7e325c11
Krzysztof Jackiewicz [Mon, 22 May 2023 20:12:35 +0000 (22:12 +0200)]
Allow generating unexportable binary data in TZ
TZ backend already supports importing exportable binary data. Follow
the same rule for secret derivation and allow storing an exportable
secret (binary data), derived from TZ key, in TZ.
Change-Id: I61d202469a3df43e5f35746a0c09ca179d823336
Krzysztof Jackiewicz [Thu, 18 May 2023 11:50:04 +0000 (13:50 +0200)]
Add missing KBKDF params in TZ backend
Change-Id: I4cadca649889190c30868c55a2e91c9f49252d84
Krzysztof Jackiewicz [Tue, 23 May 2023 09:07:23 +0000 (11:07 +0200)]
Workaround for GCM IV length issue
GCM implementation was ignoring IV bytes except first 12B. The issue has
been fixed but we need to support the decryption of the data encrypted
the old way.
This workaround retries the decryption with an IV truncated to 12B if
the decryption with original IV length fails.
Unit-test included.
Change-Id: Ia1c06d9a7c6f3b75a69c2e1cb3e5f0801776e057
Krzysztof Jackiewicz [Mon, 22 May 2023 19:29:17 +0000 (21:29 +0200)]
Fix GCM IV length setting
IV length was not properly set in case of GCM. The default 12B IV was
used at all times.
GCM supports 1 to 2^64-1 byte long IVs. Reflect it in the SW backend
implementation, its tests and client API description.
Change-Id: Idfa18c1c3cfd06de6618b4ac7632133ace6ab8dc
Krzysztof Jackiewicz [Tue, 23 May 2023 06:45:16 +0000 (08:45 +0200)]
Test proper GCM IV length handling
GCM implementation was using only the first 12B of IV regardless of its
actual length. This modification makes the test check if the remaining
bytes of the IV are ignored.
Change-Id: I94281747bbe9363854484844fa038ae9bcd47a19
Krzysztof Jackiewicz [Thu, 18 May 2023 12:50:41 +0000 (14:50 +0200)]
Rename DataType::isSKey
Change-Id: I59e553cbf067baf3ad7209e07e5376b6601c5a6a
Krzysztof Jackiewicz [Tue, 16 May 2023 13:35:30 +0000 (15:35 +0200)]
Fix backend selection logic
In some cases the backend selection was not working properly:
- Key derivation, wrapped key import: the backend compatibility was not
checked at all. This resulted in a possibility of saving an exportable
key in TZ backend which normally is not allowed.
- Encrypted initial values could have been imported to incompatible SW
backend if the TZ backend fails to initialize or the SW backend is
forced.
The Decider API was also unclear and different policies were in force
depending on the usecase.
This commit introduces following changes:
* Keep the policy in a single place.
* Return a prioritized list of backends compatible with given use case.
* Add backend check to key derivation and wrapped key import.
* Do not assume SW backend is suitable for all cases.
* Handle illegal cases by returning empty list of compatible backends.
Change-Id: I2d5dbbb3c4ba9385ac756eb419f95ac877cdd532
Krzysztof Jackiewicz [Mon, 8 May 2023 18:43:51 +0000 (20:43 +0200)]
Fix default value for KBKDF LLEN parameter
Change the default value of CKMC_PARAM_KBKDF_LLEN from 0 to 32
according to API description.
Change-Id: I972d95227b047394c5f59addc9242d43c9c68be7
Krzysztof Jackiewicz [Thu, 27 Apr 2023 09:33:20 +0000 (11:33 +0200)]
Backend info API
New API:
- getting backend associated with given object
- getting backend information for given backend
- getting max encryption chunk size from backend information
Change-Id: I8c66e623ba49ebda0a9fad28dcb3b48bd21b175f
Krzysztof Jackiewicz [Wed, 26 Apr 2023 10:17:14 +0000 (12:17 +0200)]
Multi-stage encryption API
Change-Id: If56a367a40f1ca3a6d4dcebfbb38543c7ec44fd5
Krzysztof Jackiewicz [Fri, 5 May 2023 12:38:16 +0000 (14:38 +0200)]
Fix ckmc_key_derive API description
Describe input and output key/secret types in detail.
Change-Id: I1f82fe45f4a8b5145b7236b9b8d5db998959b1ed
projects / platform / core / security / key-manager.git / log