Krzysztof Jackiewicz [Thu, 2 Jan 2025 09:27:27 +0000 (10:27 +0100)]
Release 0.1.75
* Catch exceptions in test fixture destructors
Change-Id: Icd5e00bcbfb8ec70de21eddea8452e49c9532f88
Krzysztof Jackiewicz [Mon, 30 Dec 2024 11:54:28 +0000 (12:54 +0100)]
Catch exceptions in test fixture destructors
Change-Id: I3803ade9c4fbbfa2eb70181246ecc5cc5ac49198
Tomasz Swierczek [Thu, 12 Dec 2024 10:20:10 +0000 (11:20 +0100)]
Release 0.1.74
* Add dev_wos build option for permissive mode
* Properly handle same alias case
* Implemented Update API for key, certificate, pkcs12, data.
* Improve argument checking
Change-Id: I85572f1e0c95cac2d17d69c594144fb4038da66f
Dongsun Lee [Mon, 22 Apr 2024 04:14:54 +0000 (13:14 +0900)]
Add dev_wos build option for permissive mode
Usage: gbs <your favourite flags> --define "dev_wos 1".
In the permissive mode, the smack label of a client will be set to "/System".
So no sandboxing is applied to data stored in key-manager.
If flag is not set, is disabled by default.
Change-Id: I0d13049f6bc0cf74b88c15633f2564593bdcdb56
Krzysztof Jackiewicz [Fri, 15 Nov 2024 10:21:54 +0000 (11:21 +0100)]
Properly handle same alias case
If the same alias is given during asymmetric key creation, a database
constraint gets violated. State it clearly that aliases must be
different and return proper error.
Also move the parameter check to the beginning of the request handling
method.
Change-Id: I51b43dae4022588de46f33ec238f0b65c80874fe
Andrei Vakulich [Thu, 18 Jul 2024 12:34:15 +0000 (14:34 +0200)]
Implemented Update API for key, certificate, pkcs12, data.
Update API includes following functions:
ckmc_update_key, ckmc_update_cert,
ckmc_update_pkcs12, ckmc_update_data
Change-Id: Ib1809a9d86b9744465240a2e730fe047d334cf9e
Jakub Wlostowski [Wed, 9 Oct 2024 08:33:04 +0000 (10:33 +0200)]
Improve argument checking
Change-Id: I0a33791f77795985a1402ed32270a920a39d2144
Tomasz Swierczek [Mon, 21 Oct 2024 07:44:06 +0000 (09:44 +0200)]
Release 0.1.73
* Fix typos
* Remove unnecessary condition
Change-Id: I4ee9aa92af1dfb2f2d8599e3f73a7128615af9cf
Tomasz Swierczek [Mon, 21 Oct 2024 07:35:35 +0000 (09:35 +0200)]
Fix typos
Change-Id: Ifddc335c51e8db00f7d77c18b6d97ee570d9721f
Krzysztof Jackiewicz [Fri, 11 Oct 2024 09:56:03 +0000 (11:56 +0200)]
Remove unnecessary condition
Change-Id: I36e1c3f45181c7d1b81615cab8e7f62bef2daa4b
Krzysztof Jackiewicz [Thu, 10 Oct 2024 10:08:29 +0000 (12:08 +0200)]
Release 0.1.72
* Add more 32 to 64bit migration issue tests
* Fix 32-bit/64-bit compatibility issue
* Add database 32/64-bit compatibility check
* Remove unused DataCommand&DataCommandHandler methods
Change-Id: I80d174a5a9f04b73f602fe6318ab8182d77f80df
Jan Wojtkowski [Tue, 1 Oct 2024 13:52:33 +0000 (15:52 +0200)]
Add more 32 to 64bit migration issue tests
Change-Id: Ide0ed57a1c6aa905487b03063eff29c8719be863
Krzysztof Jackiewicz [Fri, 27 Sep 2024 08:30:59 +0000 (10:30 +0200)]
Fix 32-bit/64-bit compatibility issue
Message serialization uses size_t to represent the size of the complete message
On 32-bit and 64-bit architecture this will produce buffers of different sizes:
MessageSerializer::Writer::Writer(size_t size)
{
m_buffer.reserve(sizeof(size_t) + size);
Serialization::Serialize(*this, size);
}
Message serialization is used to pack/unpack the binary data stored in the
database. See Store::unpack and Store::pack in SW and TZ backend.
To support both formats regardless of the architecture we have to detect the
format somehow.
* SW backend case
32-bit (12 bytes):
4B size(size_t) | 4B Enc. scheme | 4B data size(int) | ...
64-bit (16 bytes)
8B size(size_t) | 4B Enc. scheme | 4B data size(int) | ...
Reading 32-bit data as 64-bit -> may get huge size value if encryption
scheme > 0 leading to overflows.
Reading 64-bit data as 32-bit -> will get 0 encryption scheme and 0B or 1B
data size (depending on the scheme) and there will be at least 1B left in the
buffer.
To handle it, the packed buffer size must always be written and read as a
32-bit number. If there is some data left in the buffer after the read, it
means it's a 64-bit buffer and we have to re-read it using the 64-bit method.
* TZ backend case
32-bit:
4B size(size_t) | 4B Enc. scheme | 4B keyId size | ...
64-bit
8B size(size_t) | 4B Enc. scheme | 4B keyId size | ...
To handle it, the packed buffer size must always be written and read as a
32-bit number. The keyId size is fixed (64B). If after deserialization the
size is different, we can assume that it's a 64-bit format and we have to
re-read it using 64-bit method.
Change-Id: I149bcf0691a56ccdbb8ddbe7106cca48f03d5614
Jan Wojtkowski [Mon, 7 Oct 2024 12:35:41 +0000 (14:35 +0200)]
Add database 32/64-bit compatibility check
* Reading a 64bit database on 32bit architecture
and reading a 32bit database on 64bit architecture
should work after the fix
Change-Id: Ibe9b23fc0b9dcf374707822aa72b31cca2c31563
Daniel Kita [Fri, 20 Sep 2024 11:23:14 +0000 (13:23 +0200)]
Remove unused DataCommand&DataCommandHandler methods
Change-Id: I95874df17a9073dfd5430de2bb2fc961e97358ee
Krzysztof Jackiewicz [Wed, 25 Sep 2024 06:00:29 +0000 (08:00 +0200)]
Release 0.1.71
* Fix typo in ckmc-extended.h
* Add unit test for errorDump() for increased coverage
* Remove unused code
* Add unit tests for increased code coverage
* Reuse prepared sqlite3_stmt when possible
* Fix typo in doc
* Key-manager documentation enhancements for code.i
* Add efficiency test
Change-Id: I1bf92734ce24ed52ee7fa50c6a0eadd2c0c46fba
Krzysztof Jackiewicz [Wed, 25 Sep 2024 05:59:07 +0000 (07:59 +0200)]
Fix typo in ckmc-extended.h
Change-Id: I4fa0d8a790e133330217cbed64ed105be0c393db
Tomasz Swierczek [Tue, 17 Sep 2024 12:52:35 +0000 (14:52 +0200)]
Add unit test for errorDump() for increased coverage
Change-Id: I5e2d35e82d0a057db781a373cad57768183b32f7
Tomasz Swierczek [Tue, 17 Sep 2024 12:42:10 +0000 (14:42 +0200)]
Remove unused code
Change-Id: Ic843e8e8512837e1aed3d6d8ef1a6cc2e9249308
Tomasz Swierczek [Tue, 17 Sep 2024 10:40:05 +0000 (12:40 +0200)]
Add unit tests for increased code coverage
Change-Id: I5ac2ce309cf55e0d98220f3d4525cbb440ea0fc2
Daniel Kita [Wed, 26 Jun 2024 15:34:16 +0000 (17:34 +0200)]
Reuse prepared sqlite3_stmt when possible
Efficiency test results (tested on 2024/08/13 tizen image on RPi4):
-Average insert statement preparation time: 7[µs]
-Average select statement preparation time: 4[µs]
-Average delete statement preparation time: 4[µs]
-Average insert statement preparation&execution time: 1811[µs]
-Average select statement preparation&execution time: 56[µs]
-Average delete statement preparation&execution time: 1481[µs]
-Average new insert statement preparation time: 20[µs]
-Average new select statement preparation time: 30[µs]
-Average new delete statement preparation time: 51[µs]
Each average was calculated on the basis of 100 measurements.
Change-Id: Iba3b14ef693837fbb0330c356c4438761dc6cb8c
Krzysztof Jackiewicz [Fri, 20 Sep 2024 06:15:17 +0000 (08:15 +0200)]
Fix typo in doc
Change-Id: Iddd2b8a7f2e4e6f2ea267bbda47a45d81340503e
Jan Wojtkowski [Wed, 11 Sep 2024 13:23:36 +0000 (15:23 +0200)]
Key-manager documentation enhancements for code.i
Change-Id: I56823951ecd923a0a8aa21131e36149cca267fd4
Daniel Kita [Fri, 9 Aug 2024 10:27:48 +0000 (12:27 +0200)]
Add efficiency test
Efficiency test results (tested on 2024/08/13 tizen image on RPi4):
-Average insert statement preparation time: 18[µs]
-Average select statement preparation time: 22[µs]
-Average delete statement preparation time: 44[µs]
-Average insert statement preparation&execution time: 1802[µs]
-Average select statement preparation&execution time: 81[µs]
-Average delete statement preparation&execution time: 1520[µs]
Each average was calculated on the basis of 100 measurements.
Change-Id: I256e515899b31a47d20ee9988253510b84794dfa
Dariusz Michaluk [Tue, 10 Sep 2024 09:10:05 +0000 (11:10 +0200)]
Release 0.1.70
* Update PQC API comments
Change-Id: I032dd2e3bdab34e07b48844c2db1803970d9fdd4
Jakub Wlostowski [Wed, 4 Sep 2024 07:31:08 +0000 (09:31 +0200)]
Update PQC API comments
Change-Id: If37bedea064de53d4b45808faa64a1e54e9d5e5d
Dariusz Michaluk [Tue, 6 Aug 2024 11:26:32 +0000 (13:26 +0200)]
Release 0.1.69
* Allow saving exportable public keys in TZ
* Ensure async thread join
* Update SAM exclude configuration to new SAM requirements
* Allow adding new data types
* PQC API sw-backend implementation
* PQC API tz-backend implementation
Change-Id: Idef13f3d952e63c5637bde79c8794ac7c3abd797
Dariusz Michaluk [Thu, 22 Aug 2024 11:44:31 +0000 (13:44 +0200)]
Add ML-KEM derive hybrid tz-backend implementation
Change-Id: I1b807e0fcef017c9ee8725230eb7430a49f74d39
Jan Wojtkowski [Thu, 1 Aug 2024 15:08:49 +0000 (17:08 +0200)]
Add ML-KEM (en/de)capsulation tz-backend implementation
Change-Id: Ibf4edadd8ef700030880edd27a0e41741b151c9b
Jan Wojtkowski [Fri, 19 Jul 2024 13:55:30 +0000 (15:55 +0200)]
Add ML-KEM keypair creation tz-backend implementation
Change-Id: If3d92ed99ff4dffd5cea930354b8463246880b8a
Jan Wojtkowski [Fri, 19 Jul 2024 13:55:30 +0000 (15:55 +0200)]
Add ML-KEM derive hybrid sw-backend implementation
Change-Id: Ica9e6e6a778d293ff8d0ca66e06a3d2299ad6e64
Jan Wojtkowski [Thu, 27 Jun 2024 10:04:13 +0000 (12:04 +0200)]
Add ML-KEM (en/de)capsulation sw-backend implementation
Change-Id: I50f72fec57e89f8898ff904d94a77236f131506f
Jan Wojtkowski [Thu, 27 Jun 2024 10:04:13 +0000 (12:04 +0200)]
Add ML-KEM keypair creation sw-backend implementation
Change-Id: I9102452d64ef09b82b09aad0da287f247bad729e
Jan Wojtkowski [Thu, 27 Jun 2024 10:04:13 +0000 (12:04 +0200)]
PQC API draft
Change-Id: I6260b0d410e26af5c42c60a54c62c8b776822cd4
Jakub Wlostowski [Tue, 20 Aug 2024 09:49:11 +0000 (11:49 +0200)]
Allow adding new data types
Change-Id: I5416aa02045af3448c19c5c66a90ee0c2f165f04
Tomasz Swierczek [Wed, 28 Aug 2024 04:15:28 +0000 (06:15 +0200)]
Update SAM exclude configuration to new SAM requirements
Change-Id: I10928c78395ce94129c61213af9a9b086e7db3e0
Krzysztof Jackiewicz [Tue, 2 Jul 2024 12:59:59 +0000 (14:59 +0200)]
Ensure async thread join
ConnectionThread destructor calls EventFd::notify() which may throw. In
such case the thread will be destroyed before joining, which will
result in program termination. Make sure that the std::thread::join()
is called even if EventFd::notify throws.
Change-Id: Ieb5cbcf4440b2c9d22c2d30410fd2b9263070b2f
Andrei Vakulich [Fri, 14 Jun 2024 13:13:40 +0000 (15:13 +0200)]
Allow saving exportable public keys in TZ
Save RSA and ECDSA keys in TZ if only private key is unexportable.
Save DSA key pair in TZ if only both keys are unexportable.
Change-Id: I2cfd6a22386e265a1bb65b3d3e0dfe052f5b0aaa
Dariusz Michaluk [Tue, 2 Jul 2024 10:35:34 +0000 (12:35 +0200)]
Release 0.1.68
* Protect concatenated data (un)wrapping
with the keymanager.extended privilege
Change-Id: I243419ec7860d99d7cec504e68bb11019f90809f
Filip Skrzeczkowski [Tue, 25 Jun 2024 14:24:28 +0000 (16:24 +0200)]
Protect concatenated data (un)wrapping with the keymanager.extended privilege
Create an additional socket for processing requests made with the
extended API and check the keymanager.extended privilege
Change-Id: Ic548d195012ab2d4fd8d5a888bf20c45602b8bd2
Dariusz Michaluk [Tue, 25 Jun 2024 07:10:19 +0000 (09:10 +0200)]
Release 0.1.67
* Remove double checking of key type
* Fix warning & issues from gcc14 compiler
* Fix CMakeLists.txt for sqlcipher
* Documentation improvement for Escrow Vault 2.0 support
* Add EXTENDED_MODULE defgroup in docs
* Rename client extended module
Change-Id: If7de33fc74baad801b2327edd2a26b729a552068
Filip Skrzeczkowski [Thu, 20 Jun 2024 10:30:51 +0000 (12:30 +0200)]
Rename client extended module
Change-Id: Iaf90c2081bd1e131b629c0dead037beb79df08ad
Filip Skrzeczkowski [Tue, 18 Jun 2024 10:59:40 +0000 (12:59 +0200)]
Add EXTENDED_MODULE defgroup in docs
Change-Id: I6e92dbeff5bc910f0bc9427babb7076e2a572d02
Filip Skrzeczkowski [Fri, 14 Jun 2024 14:56:01 +0000 (16:56 +0200)]
Documentation improvement for Escrow Vault 2.0 support
The following changes in the CAPI documentation were made according
to requests made during the ACR approval process:
- CAPI_KEY_MANAGER_CLIENT_EXTENDED_MODULE description
- concatenated data (un)wrapping: code examples of memory handling
- 3072 bit RSA clarification: minimum Tizen release
Change-Id: I095c088534e56d032041e46a263791877f1176e9
Dongsun Lee [Fri, 7 Jun 2024 01:15:15 +0000 (10:15 +0900)]
Fix CMakeLists.txt for sqlcipher
Change-Id: I54f85c10ebd430c83ed7b2fdf059f4b3b6f57827
Tomasz Swierczek [Wed, 5 Jun 2024 11:18:07 +0000 (13:18 +0200)]
Fix warning & issues from gcc14 compiler
Change-Id: Ia762c409607ae39a74f5b6af1e5a987579719465
Dariusz Michaluk [Wed, 5 Jun 2024 11:11:18 +0000 (13:11 +0200)]
Remove double checking of key type
Change-Id: Iae2c23f0c8f8124d8c6cae843385cd8722019af8
Tomasz Swierczek [Fri, 31 May 2024 04:41:42 +0000 (06:41 +0200)]
Release 0.1.66
* Adjust coverage script after lcov upgrade
* Add RSA 3072 support
* Dont return aliases with only REMOVE permission
* Concatenated wrapping API & sw-backend & tz-backend implementation
* Allow using SHA384 & SHA512 with RSA OAEP
Change-Id: I4d3ac695d10cd0fe2aa0bf16dc9bdae6830e40b0
Dariusz Michaluk [Thu, 9 May 2024 13:47:58 +0000 (15:47 +0200)]
Allow using SHA384 & SHA512 with RSA OAEP
Change-Id: I784c42ccd6d2cf8fb8452944e90d4234c299e121
Dariusz Michaluk [Fri, 10 May 2024 10:17:59 +0000 (12:17 +0200)]
Concatenated wrapping tz-backend implementation
Change-Id: I4e524f72b5cbc011c503f74172615e87e03fab18
Dariusz Michaluk [Fri, 19 Apr 2024 13:24:49 +0000 (15:24 +0200)]
Concatenated wrapping sw-backend implementation
Change-Id: I28856286c05c2ec1919674b0e7cf8add90cc20e1
Dariusz Michaluk [Tue, 16 Apr 2024 14:44:36 +0000 (16:44 +0200)]
Concatenated wrapping API draft
Change-Id: Ie154b19b3c59727ec9bf5b8ece91ce9a549d2feb
Andrei Vakulich [Tue, 14 May 2024 08:36:45 +0000 (10:36 +0200)]
Dont return aliases with only REMOVE permission
Change-Id: I6558ff299deb5166ef90f2ba8191521d901f0a24
Jan Wojtkowski [Thu, 18 Apr 2024 10:32:32 +0000 (12:32 +0200)]
Add RSA 3072 support
Change-Id: Ic6616d1e67bc612f0f168f3d1d628b2f86689132
Jan Wojtkowski [Thu, 18 Apr 2024 13:40:08 +0000 (15:40 +0200)]
Add vscode settings to .gitignore
Change-Id: Ic2d94c8cfc0de934ebe00774db6591c78625c46c
Dariusz Michaluk [Fri, 5 Apr 2024 10:15:39 +0000 (12:15 +0200)]
Adjust coverage script after lcov upgrade
Change-Id: I8d03eb3e0fc2092fb99bf5bf90fd037f1a9c3fe2
Krzysztof Jackiewicz [Wed, 6 Mar 2024 09:08:49 +0000 (10:08 +0100)]
Release 0.1.65
* Exit with error when file lock is busy
Change-Id: Ic29fbe2543e4711c76c289cbc2a298f34af11f3a
Krzysztof Jackiewicz [Tue, 5 Mar 2024 08:56:15 +0000 (09:56 +0100)]
Exit with error when file lock is busy
Change-Id: Iee78ef372a3315c8eedbf80b0579508edb1c3843
Dariusz Michaluk [Wed, 21 Feb 2024 12:31:57 +0000 (13:31 +0100)]
Release 0.1.64
* Adjust openssl error handling to latest release
* Remove conditional statements from Native API headers
Change-Id: Ie0f9e216ce81aeec28e087476eea3112fd69208e
Dariusz Michaluk [Wed, 21 Feb 2024 12:29:07 +0000 (13:29 +0100)]
Adjust openssl error handling to latest release
Change-Id: I90b63bb4610ef02904b4f048e0259f72ff39b6ef
Krzysztof Malysa [Thu, 7 Dec 2023 15:03:09 +0000 (16:03 +0100)]
Remove conditional statements from Native API headers
Part of 9.0 Native API Public Header.
Change-Id: I960fc582ec9ccfa141a975054cb80911d2959294
Krzysztof Jackiewicz [Tue, 21 Nov 2023 08:50:46 +0000 (09:50 +0100)]
Release 0.1.63
* Implement cpu inheritance
Change-Id: Ic642ea116ca2e55a7e7c6370cd026dd824239204
Krzysztof Jackiewicz [Thu, 16 Nov 2023 21:42:25 +0000 (22:42 +0100)]
Implement cpu inheritance
Apply CPU boosting to server for high priority clients.
Change-Id: I6493362020eee6b43534166bc8442d5931cc450d
Krzysztof Jackiewicz [Wed, 11 Oct 2023 09:00:43 +0000 (11:00 +0200)]
Release 0.1.62
* Serialize AES key size as int
Change-Id: I85df03b1a4fe60a70796a405c6400188719b20c0
Krzysztof Jackiewicz [Mon, 9 Oct 2023 07:42:02 +0000 (09:42 +0200)]
Serialize AES key size as int
It was converted to size_t at some point which led to errors on 64-bit
architectures.
Change-Id: Id905e9b06219642355050cfdb5a69d2cb2162ee7
Krzysztof Jackiewicz [Tue, 3 Oct 2023 08:05:35 +0000 (10:05 +0200)]
Release 0.1.61
* Fix openssl3.0 migration code in sqlcipher
Change-Id: I5e19982b2b78362c5193ea1fd855a42d28d686db
Krzysztof Jackiewicz [Tue, 3 Oct 2023 07:32:12 +0000 (09:32 +0200)]
Fix openssl3.0 migration code in sqlcipher
Calculate the string size using strlen.
Change-Id: I541b656995bdf4f0dada21e6b4b61f91360c8eee
Krzysztof Jackiewicz [Mon, 2 Oct 2023 08:22:31 +0000 (10:22 +0200)]
Release 0.1.60
* Scheme tests fix
* Migrate to openssl3.0
* Fix AES GCM IV setting in KeyProvider
Change-Id: I133daec935c08e7dc0867357ae9a111fa95e7670
Krzysztof Jackiewicz [Thu, 28 Sep 2023 09:42:26 +0000 (11:42 +0200)]
Scheme tests fix
Change-Id: I49b8fc6c24fde53e637e1431c2b49c9022249e66
Krzysztof Jackiewicz [Thu, 21 Sep 2023 10:41:17 +0000 (12:41 +0200)]
Migrate to openssl3.0
* Update RPM and CMake dependencies.
* Replace deprecated HMAC functions in sqlcipher.
* Update openssl error handling. We can't rely on function codes any
more (all are 0 in openssl3.0).
* Adjust to argument constness changes.
* Get rid of FIPS_mode_set(). FIPS mode can be enabled in openssl
configuration.
* Fix sk_X509_free visibility issue.
* Openssl3.0 does not allow X9.31 padding withraw messages (no digest).
Update doc and tests accordingly.
* Handle new openssl errors.
* Ignore deprecation warnings.
Change-Id: I7dee7d3aa6e8b364553405202acde8f848621d4a
Krzysztof Jackiewicz [Fri, 29 Sep 2023 05:09:19 +0000 (07:09 +0200)]
Fix AES GCM IV setting in KeyProvider
The proper order of setting an IV of custom length in GCM is to firstly
pass the length and then the IV during both encryption and decryption.
The KeyProvider code was doing the opposite which resulted in
truncating the IV to 12B. In openssl3.0 The effect is somewhat
diffferent but the output is also invalid.
Openssl silently ignores this issue allowing to call the API in wrong
order and get invalid encryption/decryption results.
The issue was not detected until now because the IV truncation was
working the same way during encryption and decryption and no other
module beside key-manager was accessing the encrypted keys.
This commit modifies KeyProvider code in 2 ways:
* Modify encryption and decryption to set the IV length properly.
* If decryption fails retry it with IV truncated to 12B to handle data
encrypted the old way.
Change-Id: I72e237b0842234d80579f3e93b5e1012a0613140
Krzysztof Jackiewicz [Tue, 26 Sep 2023 08:33:44 +0000 (10:33 +0200)]
Release 0.1.59
* Implement hash selection in RSA OAEP
* Prevent using public key for decryption
* Specify the RSA OAEP encryption padding
* Check mandatory KBKFD params in TZ
* Fix key-wrapping documentation
* Adjust scheme tests to TZ
Change-Id: I08c3f15e53e569e6dcbdface9cde5f5411699847
Krzysztof Jackiewicz [Fri, 22 Sep 2023 09:34:00 +0000 (11:34 +0200)]
Implement hash selection in RSA OAEP
SW and TZ backend implementation
Unit-tests included
Change-Id: I6efd8a0477fe3137491c889d0c70eabc0d861097
Krzysztof Jackiewicz [Wed, 20 Sep 2023 10:57:56 +0000 (12:57 +0200)]
Prevent using public key for decryption
We could leave it for backends but since we have all the info, let's
fail early.
Change-Id: I7d3257370124ad19d423b859f380ce60f6da4d95
Krzysztof Jackiewicz [Wed, 20 Sep 2023 09:52:25 +0000 (11:52 +0200)]
Specify the RSA OAEP encryption padding
Change-Id: I88abe53b11230121f594728abf64c0cf1c38895f
Krzysztof Jackiewicz [Tue, 19 Sep 2023 12:56:06 +0000 (14:56 +0200)]
Check mandatory KBKFD params in TZ
Change-Id: I151207b55b1051ac3cc870c885a33b951331bc61
Krzysztof Jackiewicz [Mon, 11 Sep 2023 12:03:30 +0000 (14:03 +0200)]
Fix key-wrapping documentation
Change-Id: I67d762c719e2fc1a7cae7f3537f69760fa9eef3f
Krzysztof Jackiewicz [Fri, 11 Aug 2023 11:29:45 +0000 (13:29 +0200)]
Adjust scheme tests to TZ
TZ does not support saving asymmetric keys with password.
Change-Id: Ia6ec92b610908a52079d2f22f32a9387237faee7
Dongsun Lee [Mon, 21 Aug 2023 06:41:03 +0000 (15:41 +0900)]
Release 0.1.58
* Add compiler flags for build warnings
* Check RSA padding in TZ
* Check KBKDF parameters on key-manager side
* Pass password to CMD_GET_DATA_SIZE
* Pass public key curve info to TZ's ECDH
* Use default CTR length in TZ encryption
Change-Id: Ibe2928a9b18bba49764a9779eaed1712b9bf5b36
Dongsun Lee [Mon, 21 Aug 2023 01:16:45 +0000 (10:16 +0900)]
Set initial values to remove build warnings
Change-Id: Icf793bed432aeb72de8471bd770feb9326450936
Krzysztof Jackiewicz [Thu, 10 Aug 2023 18:27:44 +0000 (20:27 +0200)]
Check RSA padding in TZ
The only supported padding method is PKCS1
Change-Id: I3cd769d68f67b3ee2afb959bca2e74db8e6295c4
Krzysztof Jackiewicz [Wed, 9 Aug 2023 15:39:38 +0000 (17:39 +0200)]
Check KBKDF parameters on key-manager side
Change-Id: I1afb107d6fd286f5524561c1631ef65c2043f3c2
Krzysztof Jackiewicz [Wed, 9 Aug 2023 15:31:21 +0000 (17:31 +0200)]
Pass password to CMD_GET_DATA_SIZE
In case of encrypted objects the password may be necessary do get the
actual size.
Change-Id: I5636325a8a120c0226ab5cc06ddef2aa05b96992
Krzysztof Jackiewicz [Wed, 9 Aug 2023 15:26:24 +0000 (17:26 +0200)]
Pass public key curve info to TZ's ECDH
This is needed to compare curve with private EC curve in TZ.
Change-Id: I5c42b7395683bd14c391415537e31efc3dcb6fc4
Krzysztof Jackiewicz [Tue, 8 Aug 2023 15:00:00 +0000 (17:00 +0200)]
Use default CTR length in TZ encryption
According to API documentation the counter length parameter is optional.
TZ implementation should not assume its existence.
Change-Id: I89ef3b78e95f2a3a8c79688ee21c9d04a43a5116
Krzysztof Jackiewicz [Fri, 4 Aug 2023 06:18:40 +0000 (08:18 +0200)]
Release 0.1.57
* Deserialize tags only if password was given
* Add context cleanup command for TZ
* Fix bugs during exporting a wrapped key
* Use default tag length for wrapping if not given
* Allow only symmetric key wraping/unwrapping
* Add type parameter to "get" commands
* Call TA to get the max chunk size
* Pass key length to KBKDF in TZ backend
* Fix secret pwd passing in TZ backend KBKDF
Change-Id: Ia17f64eacf32400ef0f53c0d2cf82ceb1c07e45c
Krzysztof Jackiewicz [Thu, 3 Aug 2023 08:55:48 +0000 (10:55 +0200)]
Deserialize tags only if password was given
Change-Id: I1c598e17740785e4bd49edc120b6844ebe65e88a
Krzysztof Jackiewicz [Tue, 1 Aug 2023 13:26:47 +0000 (15:26 +0200)]
Add context cleanup command for TZ
If encryption fails and the "finalize" is not called the context will
not removed on TA side. Fix it by adding new command.
Change-Id: Id6bfb6821ba2c83565eb79d825fa98c096a346fc
Dongsun Lee [Sat, 29 Jul 2023 07:26:10 +0000 (16:26 +0900)]
Fix bugs during exporting a wrapped key
- generous output size check
- enlarged encryption overhead for RSA
- use type of wrap to key
Change-Id: I64367edf00d58e67df62a682a05c58dae5e2327b
Krzysztof Jackiewicz [Fri, 28 Jul 2023 11:13:19 +0000 (13:13 +0200)]
Use default tag length for wrapping if not given
Change-Id: I2ad6e13383621522af2de8500814f6d01868c828
Krzysztof Jackiewicz [Mon, 24 Jul 2023 10:59:40 +0000 (12:59 +0200)]
Allow only symmetric key wraping/unwrapping
Change-Id: I36549b09d891d0d3e34667c71aa0294389441f76
Krzysztof Jackiewicz [Mon, 24 Jul 2023 10:44:00 +0000 (12:44 +0200)]
Add type parameter to "get" commands
CMD_GET_DATA
CMD_GET_DATA_SIZE
CMD_EXPORT_WRAPPED_KEY
This may be necessary if data is encrypted.
Change-Id: Ie34d33c11e9c55958cb44adcb0bf5371c36e8a68
Krzysztof Jackiewicz [Mon, 24 Jul 2023 09:42:18 +0000 (11:42 +0200)]
Call TA to get the max chunk size
Change-Id: Iec297646564b0a49d2966fcec1ec922bac1b7615
Krzysztof Jackiewicz [Thu, 20 Jul 2023 12:20:20 +0000 (14:20 +0200)]
Pass key length to KBKDF in TZ backend
Change-Id: I5cd90b8754b7aa89371e515ffac79cd35c9b5004
Krzysztof Jackiewicz [Thu, 20 Jul 2023 12:05:22 +0000 (14:05 +0200)]
Fix secret pwd passing in TZ backend KBKDF
Change-Id: I6f1a4d588a6a0679b88f967fdbc71b436329153f
Krzysztof Jackiewicz [Fri, 14 Jul 2023 12:39:59 +0000 (14:39 +0200)]
Release 0.1.56
* Documentation fixes
* Retrieve TZ raw key data only when needed
* Reserve enough space for GCM tag in TZ backend
* Use proper memory type in TZ backend's addGcmAAD()
Change-Id: I38b89ee3a76a62420f148a2dd836d7ffe1d1072d
Krzysztof Jackiewicz [Thu, 13 Jul 2023 07:55:15 +0000 (09:55 +0200)]
Documentation fixes
* Do not use @see inside other tags
* Add missing parenthesis
Change-Id: I4b7492eb410c6f510b6848689faf622dd0b8dc5b
Krzysztof Jackiewicz [Wed, 12 Jul 2023 08:59:31 +0000 (10:59 +0200)]
Retrieve TZ raw key data only when needed
Change-Id: Ia1ef537b9696e39c53c1f4972f96ead4cb0fb81a
Krzysztof Jackiewicz [Wed, 12 Jul 2023 06:58:38 +0000 (08:58 +0200)]
Reserve enough space for GCM tag in TZ backend
Change-Id: I36f9718cfdc37f7fdac1e47fc056aeaabdeee242
Krzysztof Jackiewicz [Tue, 11 Jul 2023 11:05:27 +0000 (13:05 +0200)]
Use proper memory type in TZ backend's addGcmAAD()
We need TEEC_VALUE_INOUT to properly read the return code from
op.params[0].value.a.
Change-Id: I95eb5fd757f9e3235bb855269dd0a804ac7bb135
projects / platform / core / security / key-manager.git / log