Bartlomiej Grzelewski [Mon, 26 Oct 2015 12:10:50 +0000 (13:10 +0100)]
Protocol refactoring.
Introduce CryptoAlgorithm in internal socket protocol.
Change-Id: I70000a05e0a47d2b12af9b11324adf67da0f5e22
Krzysztof Jackiewicz [Thu, 24 Sep 2015 09:21:03 +0000 (11:21 +0200)]
Add encryption scheme tests
[Problem] We need tests that will verify correctness of old and new encryption
scheme support.
[Solution] Tests added.
[Verification] Run ckm-tests-internal -t ENCRYPTION_SCHEME_TEST
Change-Id: I9f4e24a9e06684d401540646d5560287e35b828d
Krzysztof Jackiewicz [Tue, 29 Sep 2015 07:07:21 +0000 (09:07 +0200)]
Use exportable=true when reading certificate from db
[Problem] Key manager allows creating a cert chain from not exportable
certificates.
[Solution] CKMLogic::readCertificateHelper modified to use exportable flag
equal to 'true'.
[Verification] Run ckm-tests-internal -t ENCRYPTION_SCHEME_TEST
Change-Id: Ib13811282eb9d1267c26741a578d8c2111bdecbb
Krzysztof Jackiewicz [Thu, 1 Oct 2015 06:32:54 +0000 (08:32 +0200)]
Return error if password is not empty and row is not password protected
[Problem] If old scheme row is not password protected and the user tries to
read it with non empty password it will get reencrypted with this password.
[Solution] Throw an authentication exception if password is not empty and row
is not password protected.
[Verification] Run ckm-tests-internal -t ENCRYPTION_SCHEME_TEST/T120_Read_wrong_pass
Change-Id: I44b270dbbefd043b6efb9371f0d7a81c1b234b31
Krzysztof Jackiewicz [Mon, 7 Sep 2015 11:19:54 +0000 (13:19 +0200)]
Modify encryption scheme
[Problem] Current encryption scheme makes it impossible to remove an entry
protected with custom user password from database.
[Solution] Encryption scheme modified. Store is responsible for encrypting data
with user password. Service encrypts it with app key. Data encrypted with old
scheme that is being read will be automatically reencrypted with new scheme.
[Verification] Run tests from upcoming commit:
ckm-tests-internal -t ENCRYPTION_SCHEME_TEST
Change-Id: I8ed514290d9e75bbc89d74b006939e3cbb0b8bd2
Krzysztof Jackiewicz [Thu, 24 Sep 2015 07:07:55 +0000 (09:07 +0200)]
Add scheme encryption test db generator
[Problem] A database filled with all kind of data is needed for encryption
scheme tests.
[Solution] Add tool that fills the database with different kinds of data.
[Verification] Run ckm-db-generator. Use ckm_db_tool 7654 db-pass to verify
that all types of data is present in db.
Change-Id: If2d912afdfe96a535df98c5a6c03a2acb1c84af5
Krzysztof Jackiewicz [Mon, 14 Sep 2015 13:05:44 +0000 (15:05 +0200)]
Add support for binary data to GStore
[Problem] Binary data can be imported into store but can't be retrieved from
it.
[Solution] Introduce another intermediate class in GKey hierarhy to support
binary data.
[Verification] Run tests
Change-Id: I45bf5d0a81188f13b0925e982243fdf37b569529
Kyungwook Tak [Mon, 19 Oct 2015 04:28:30 +0000 (13:28 +0900)]
Version 0.1.18
Change-Id: I33e245d9b8b6b6ca81caa326d24e725c1821987b
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Mon, 19 Oct 2015 02:43:03 +0000 (11:43 +0900)]
Don't check handle value when allocation
Change-Id: I3ab918652dc294107327bc3840bdd5c80bed0cc6
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 15 Oct 2015 05:01:13 +0000 (14:01 +0900)]
[ACR-429]Remove/Deprecated get cert chain with alias
Change-Id: Ib1f775c98c41ef89d10199c03d17a69b7be46008
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 15 Oct 2015 04:56:56 +0000 (13:56 +0900)]
Add gitignore file
Change-Id: I491e88d2454a672b77e207aaf95d945c0b464591
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Wed, 14 Oct 2015 08:30:23 +0000 (17:30 +0900)]
Version 0.1.17
Change-Id: I93d81a35d0bf4fccb4cafbd823014cdeb4939192
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Bartlomiej Grzelewski [Tue, 6 Oct 2015 10:41:38 +0000 (12:41 +0200)]
Remove warnings and performance problems reported by cppcheck.
Change-Id: I6c39ff383a19554da5e9f875db51864e0e5941d0
Kyungwook Tak [Wed, 14 Oct 2015 08:01:41 +0000 (17:01 +0900)]
Remove symbol : ckmc_label_shared_owner
Change-Id: I40ba69c4e64ed7d5c1f7f9750b0a161adbd1aa15
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Wed, 14 Oct 2015 07:58:23 +0000 (16:58 +0900)]
Fix API description of set param functions
* Set -> Sets in @brief
Change-Id: Icb573f4f535d98acdd5061a7e473a30237b28f32
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Thu, 1 Oct 2015 12:36:34 +0000 (21:36 +0900)]
Adjust API change request review result
* remove useless const keyword in ckmc_create_key_aes
* ckmc_generate_params allocates new ckmc_param_list_s inside of itself
* ckmc_generate_params is renamed to ckmc_generate_new_params
* ckmc_param_list_s is changed to ckmc_param_list_h (handle)
* handle is structure pointer : typedef struct __ckmc_param_list *ckmc_param_list_h
* ckmc_param_list_add_integer -> ckmc_param_list_set_integer
* ckmc_param_list_add_buffer -> ckmc_param_list_set_buffer
* new line for too long description
* use dot properly in description (Should not used in params and retvals)
Change-Id: I760465e1ae0d1665d596ff10d402c5f191a6f1d4
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 25 Aug 2015 06:59:56 +0000 (15:59 +0900)]
Fix spec file warnings & error after gbs build
Change-Id: I48fa8e4392c2cb0cdf32f56299701ce420ba042e
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Dongsun Lee [Mon, 31 Aug 2015 04:11:58 +0000 (13:11 +0900)]
Privilege are changed for ACR
Change-Id: Icb7b4856cf8908b7b4eb030f15a3a3ef78666b8e
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Bartlomiej Grzelewski [Mon, 21 Sep 2015 11:17:00 +0000 (13:17 +0200)]
API refactoring.
CKM::Manager uses private implementation pattern.
Remove most of virtual methods from CKM::Manager.
Change-Id: I171083a6f81716dc78155242989dd97528079554
Kyungwook Tak [Mon, 21 Sep 2015 07:05:48 +0000 (16:05 +0900)]
Revert "Old privileges restored"
This reverts commit
42a14dd9afaec7949cf4dec5d7be261a43b1e0a3.
Change-Id: Ibcea2dd233286e87cc7570f8cfa68e07b5a8e069
Bartlomiej Grzelewski [Thu, 17 Sep 2015 14:58:30 +0000 (16:58 +0200)]
Fix support of new error code: CKM_API_ERROR_NOT_SUPPORT.
Change-Id: I59545191904fce8ee9258861a5a579308ae05216
Krzysztof Jackiewicz [Fri, 4 Sep 2015 08:45:52 +0000 (10:45 +0200)]
Revert "Add functions required during db debug."
This reverts commit
4b4f7b9e045fadc3c5348e7ef8be628a742907e2.
Change-Id: Iac9f830b91a6ddfae1245a8b973ef51ed441738d
Krzysztof Jackiewicz [Mon, 14 Sep 2015 15:28:23 +0000 (17:28 +0200)]
Revert "Disable optional password protection temporary"
This reverts commit
ea896bbce6b7f21772de779faf0f0c29de845a24.
Change-Id: Iffa558fb3e9889acffb09d27d9b237b70cb01aea
Krzysztof Jackiewicz [Mon, 14 Sep 2015 15:23:45 +0000 (17:23 +0200)]
Ignore failing row decryption during data removal
[Problem] When data is removed we don't know the custom user password used to
protect the row. The row decryption is performed with empty password and may
fail.
[Solution] Because row will be deleted we can ignore the failing decryption.
This is a temporary solution. It won't work for tz-store. The problem will be
fixed when new encryption is applied.
[Verification] Run TCT tests.
Change-Id: I9c24704a83c5511bd53218738460f2b546c3dd05
Krzysztof Jackiewicz [Mon, 14 Sep 2015 08:02:08 +0000 (10:02 +0200)]
Move encrypted/decrypted rows instead of copying
[Problem] Rows are copied in CryptoLogic::decryptRow/encryptRow.
[Solution] Copying replaced with std::move
[Verification] Run tests
Change-Id: I362638d8981bbe8e511b417596f4cb67ae6f058e
Kyungwook Tak [Fri, 11 Sep 2015 03:01:42 +0000 (12:01 +0900)]
Disable optional password protection temporary
couldn't remove data which is protected by optional password
Change-Id: I0a0e67ddcf40bd0d0f90585d58469a950317a6f0
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Bartlomiej Grzelewski [Mon, 31 Aug 2015 15:15:41 +0000 (17:15 +0200)]
Secure control socket with DAC = 0700
Only root should be able to connect and use this socket.
Change-Id: I903de6f55e34c8a9fb8dbdbe99108ab501769f6e
Bartlomiej Grzelewski [Tue, 8 Sep 2015 15:39:02 +0000 (17:39 +0200)]
Add cynara mockup.
Change-Id: If423f8f88546f551ca35f849371343a37b46fe21
Krzysztof Jackiewicz [Tue, 8 Sep 2015 08:38:56 +0000 (10:38 +0200)]
Version 0.1.16
Change-Id: I123912571e4776580e2008bae362a75fc3672ae2
Kyungwook Tak [Mon, 7 Sep 2015 11:31:26 +0000 (20:31 +0900)]
Old privileges restored
Change-Id: I62335aa31fa14bf2712a72605c97ad5e9fed8a09
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Bartlomiej Grzelewski [Tue, 1 Sep 2015 13:23:52 +0000 (15:23 +0200)]
Integration with cynara.
Change-Id: I75f727890d37b39e7054db4c68baad922eef1fc3
Krzysztof Jackiewicz [Tue, 1 Sep 2015 11:05:10 +0000 (13:05 +0200)]
Add a tool for accessing encrypted database
[Problem] No way of debugging an encrypted database
[Solution] Tool added
[Verification] Run:
ckm_db_tool
ckm_db_tool 0
ckm_db_tool 0 <sql_command>
ckm_db_tool <uid> <password>
> .tables
> .schema
> <sql_command>
> help
> exit
ckm_db_tool <uid> <password> <sql_command>
Change-Id: I87662831808b0397b01db1e54c38b4dc4ad69129
Bartlomiej Grzelewski [Wed, 26 Aug 2015 11:35:19 +0000 (13:35 +0200)]
Reimplement security-manager mockup.
New version of mockup will try to translate smack label into
pkgId by removing prefix "User::App::".
Change-Id: I54316ec1c8e8061cedf09f19016576d202e1e9f1
Bartlomiej Grzelewski [Mon, 24 Aug 2015 09:39:02 +0000 (11:39 +0200)]
Add mockup for security-manager.
Security-manager mockup should be used with unit-tests.
CKM compilation with mockup:
gbs lb -A i586 --define "build_type DEBUG" --define "mockup_sm ON"
Note: It's not possible to compile RELEASE version of CKM with mockup.
Change-Id: I793ec55010b3826dd9d4157ce4e33f555dee14c0
Bartlomiej Grzelewski [Mon, 17 Aug 2015 12:31:36 +0000 (14:31 +0200)]
Replace smack label with pkgId.
Change-Id: I2775a65349bf2103cf7de4702572b031244d9f28
Kyungwook Tak [Tue, 25 Aug 2015 00:04:51 +0000 (09:04 +0900)]
Check platform feature(network) before check ocsp
Change-Id: I87c60238b0a1c67c853a5d60f635162bf9375e71
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 25 Aug 2015 02:55:49 +0000 (11:55 +0900)]
Fix ckmc headers grammar
Change-Id: I525de480255f5b41d39b4d892239a23cd1e28268
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 25 Aug 2015 00:23:27 +0000 (09:23 +0900)]
Remove temporary defined TIZEN_ERROR_KEY_MANAGER
TIZEN_ERROR_KEY_MANAGER is in tizen_error.h in platform/core/api/common package
Change-Id: I51b3907f8b73d74cd44a3439a49bfc7a55c8df56
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Kyungwook Tak [Tue, 25 Aug 2015 05:55:13 +0000 (14:55 +0900)]
Remove useless API : ckmc_remove_pkcs12
Change-Id: Ib56c522f649830eba35267e8b122d0268c5cdb66
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Bartlomiej Grzelewski [Wed, 12 Aug 2015 09:12:40 +0000 (11:12 +0200)]
Add functions required during db debug.
Add Crypto::getSchema() and Crypto::getContent()
Change-Id: I46739eaef891edaa5d4f190a8adcadd2958dcc24
Bartlomiej Grzelewski [Wed, 19 Aug 2015 10:34:04 +0000 (12:34 +0200)]
Replace read/write with send/recv.
New implementation does not require to mask SIGPIPE signal in client.
Change-Id: Ic2a920b56ed9a6e3dc6627fa026857f31d5c1630
Bartlomiej Grzelewski [Mon, 17 Aug 2015 10:05:18 +0000 (12:05 +0200)]
Remove deprecated logs from socket-manager.cpp file.
Change-Id: I13ffdbc0c195adba3c2374f4a4a925a87d07a032
Bartlomiej Grzelewski [Mon, 17 Aug 2015 10:04:21 +0000 (12:04 +0200)]
Cleaning environment from systemd flags.
Change-Id: I3065468d9948ccec19679de0eaa3a7e8046abc38
Krzysztof Jackiewicz [Fri, 3 Jul 2015 14:51:22 +0000 (16:51 +0200)]
Fix potential buffer overflow error CID: 40674
Change backported from security-server repository.
Change-Id: I7613de85e79bc5627336c70842c64bd35eb36468
Krzysztof Jackiewicz [Fri, 10 Jul 2015 10:31:40 +0000 (12:31 +0200)]
Extend asynchronous API socket timeout
[Problem] Encryption and decryption may take much longer than 10s. In such case it fails because of timeout.
[Solution] Extend timeout to 60s.
[Verification] Run ckm-tests --group=CKM_ENCRYPTION_DECRYPTION
Change-Id: I14c4084d7c44d310ab69649bd55e608f1b627204
Krzysztof Jackiewicz [Fri, 10 Jul 2015 09:05:42 +0000 (11:05 +0200)]
Call import & destroy on store
[Problem] Data is not imported to store during row creation and is not destroyed in
it during row removal.
[Solution] Import and destroy are called.
[Verification] Run ckm-tests --output=text
Change-Id: I364c98790fa4cffc408f05b641712aaec0d4955c
Bartlomiej Grzelewski [Tue, 4 Aug 2015 13:45:41 +0000 (15:45 +0200)]
Version 0.1.15
Change-Id: I52277c8cf9086d276379282971987d0fcead5ff0
Bartlomiej Grzelewski [Wed, 1 Jul 2015 14:02:45 +0000 (16:02 +0200)]
Update implementation of Stringify.
Change-Id: Id237fe33a435be9ab7b28ad223e00bca23a95fc9
Krzysztof Jackiewicz [Thu, 9 Jul 2015 13:18:01 +0000 (15:18 +0200)]
Remove unnecessary argument names in function typedef
[Problem] Unnecessary argument names in function typedef
[Solution] Names removed
[Verification] Successfull compilation
Change-Id: I32255580b6b9e9c386493adb94f50e2f77b48661
Krzysztof Jackiewicz [Thu, 9 Jul 2015 12:44:36 +0000 (14:44 +0200)]
Implement asynchronous encryption/decryption API
[Feature] Encryption/decryption API implementation
[Solution] Add asynchronous interface for encryption and decryption
[Verification] Run ckm-tests --group=CKM_ENCRYPTION_DECRYPTION
Change-Id: Ie18d80a47885895aabbedc51d8bdb8ff60172726
Krzysztof Jackiewicz [Tue, 7 Jul 2015 10:10:50 +0000 (12:10 +0200)]
Add RSA OAEP support
[Feature] Encryption service development
[Solution] Add support for RSA OAEP encryption/decryption
[Verification] Run ckm-tests --group=CKM_ENCRYPTION_DECRYPTION
Change-Id: Ieb78fcb65fbd6e2042c2b7effe1ef7b66429fcbd
Krzysztof Jackiewicz [Thu, 2 Jul 2015 13:34:47 +0000 (15:34 +0200)]
Add AAD support in AES GCM
[Feature] Encryption service development.
[Solution] Add AppendAAD method to EvpCipherWrapper. Use it to provide AAD in
AES GCM encryption/decryption.
[Verification] ckm-test --regexp=TED_1250_gcm_aad should pass.
Change-Id: If461a875490b3a6319eb5c78b914bd4df6591746
Krzysztof Jackiewicz [Thu, 2 Jul 2015 11:40:12 +0000 (13:40 +0200)]
Openssl: add thread support and fix initialization
[Problem] Openssl is used in multiple threads without proper thread support.
Openssl initialization is scattered across several threads/files.
[Solution] Lock and thread id callbacks registered. Openssl initialization
refactored and fixed.
[Verification] Run ckm-tests --output=text & ckm-tests-internal
Change-Id: Iff26af6a0afd67001155aac040949bfde9cc6d31
Dong Sun Lee [Tue, 28 Jul 2015 01:15:04 +0000 (18:15 -0700)]
Merge "Match schema file version to db version" into tizen
Kyungwook Tak [Fri, 17 Jul 2015 10:45:36 +0000 (19:45 +0900)]
Match schema file version to db version
Change-Id: I9379b1e4eb39125c0a421fc9655ce0f8c3641c4a
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Krzysztof Jackiewicz [Thu, 2 Jul 2015 14:05:41 +0000 (16:05 +0200)]
Fix segfault in getCertificateChain
[Problem] When getCertificateChain is called with empty certificate a segfault
occurs in client.
[Solution] Add param check in client.
[Verification] Run ckm-tests --regexp=T13122_get_chain_empty_cert &&
ckm-tests --regexp=T13121_get_chain_no_cert
Change-Id: I4f29ab1ca95166de261ef9120897ac85ac80c722
Krzysztof Jackiewicz [Fri, 3 Jul 2015 14:36:40 +0000 (16:36 +0200)]
Fix parameter validation in ocsp
[Problem] It's possible to pass invalid certificate chains to ocsp that will
cause segfault.
[Solution] Add argument check
[Verification] Run ckm-tests --regexp=ocsp_check
Change-Id: I267054f81780149a0512532a016c3f7caf30e900
Bartlomiej Grzelewski [Wed, 1 Jul 2015 13:47:27 +0000 (15:47 +0200)]
Reduce number of error logs in ckm.
Change-Id: Ibdf054bfa39723910dafd2eea64173b8e34f13e0
Kyungwook Tak [Fri, 3 Jul 2015 04:53:06 +0000 (13:53 +0900)]
Fix table name to add backendId
Change-Id: I5204529f11267f8df1b896435125108bc972bb63
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
Zbigniew Jasinski [Fri, 26 Jun 2015 13:13:35 +0000 (15:13 +0200)]
Klocwork fixes.
variable is used, but is uninitialized.
Change-Id: Ie7d1d1004479a48745b342c6a1f0914dfc919c3f
Dongsun Lee [Thu, 2 Jul 2015 02:30:22 +0000 (11:30 +0900)]
remove sockets' smack label to conform to 3 domain policy
Change-Id: Ic5907ada63c08f468cdc497b365e66b44176991c
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Krzysztof Jackiewicz [Tue, 30 Jun 2015 09:19:02 +0000 (11:19 +0200)]
Add support for AES CTR and AES CFB
[Feature] Implementation of encryption service
[Solution] CTR and CFB modes implemented
[Verification] Run ckm-tests --group=CKM_ENCRYPTION_DECRYPTION. Only rsa tests
and gcm aad test may fail.
Change-Id: I71f8c71a0fce536037da7653986c674c3a63499a
Krzysztof Jackiewicz [Mon, 29 Jun 2015 13:52:45 +0000 (15:52 +0200)]
Add support for different AES key sizes
[Problem] AES encryption/decryption supports only 256-bit key size.
[Solution] Add support for 128 and 192-bit key encryption/decryption.
[Verification] Run ckm-tests --group=CKM_ENCRYPTION_DECRYPTION. Only
TED_1250_gcm_aad may fail.
Change-Id: Ia949250b7f3597dee5360c3373c9164dc2e4d9e8
Krzysztof Jackiewicz [Fri, 26 Jun 2015 12:19:36 +0000 (14:19 +0200)]
Encryption service refactoring
[Problem] Unnecessary counter in communication manager. Request map name.
[Solution] Counter replaced by size(). Request map renamed.
[Verification] Successfull compilation. Run tests
Change-Id: I757d729de8f26a1bca8af65f1377d43afcc07d79
Krzysztof Jackiewicz [Fri, 19 Jun 2015 08:08:31 +0000 (10:08 +0200)]
Add algorithm param validation
[Problem] Algorithm param validation is quite complicated. We need a generic
mechanism for parameter constraints definition. Aes key generation algorithm is
missing. There's no validation of encryption params.
[Solution] Created generic parameter validation framework. Defined constraints
for all algorithms. Aes key algorithm added. Algorithm parameter validation
refactored.
[Verification] run ckm-tests --output=text
Change-Id: Ia1df8a3f4bcda835a736d5fe1e4fbc7157d1a26c
Krzysztof Jackiewicz [Mon, 29 Jun 2015 09:13:30 +0000 (11:13 +0200)]
Fix C compilation
[Problem] ckmc_param_list_s fails to compile when C compiler is used.
[Solution] Proper typedef added.
[Verification] Successfull compilation of security-tests (c-compilation.c).
Change-Id: I90cbd8a530707961d593f51e5bc0f2cc9b4b38d3
Dongsun Lee [Sat, 27 Jun 2015 07:12:53 +0000 (00:12 -0700)]
Merge "allow all clients to access storage socket and ocsp socket" into tizen
Dongsun Lee [Sat, 27 Jun 2015 07:12:42 +0000 (00:12 -0700)]
Merge "add a solution in case for no password set" into tizen
Dongsun Lee [Sat, 27 Jun 2015 06:29:24 +0000 (15:29 +0900)]
allow all clients to access storage socket and ocsp socket
Change-Id: I38dc270b4e58cc791a219fb2c46520650f2bba0b
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Dongsun Lee [Sat, 27 Jun 2015 06:27:54 +0000 (15:27 +0900)]
add a solution in case for no password set
Change-Id: Ie7d65c5165a2d0e162b4e990240c84e12d6227ed
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
Krzysztof Jackiewicz [Thu, 18 Jun 2015 14:24:20 +0000 (16:24 +0200)]
Encryption service calls proper encryption/decryption methods
[Feature] Encryption srevice development
[Solution] After key is retrieved it is used to perform encryption/decryption
of data and return the result to the client.
[Verification] Run ckm-tests --group=CKM_ENCRYPTION_DECRYPTION.
TED_1250_gcm_aad may fail.
Change-Id: Iaff45ac05df0470eabf3164c6fb427c68c9ef1a5
Maciej J. Karpiuk [Thu, 25 Jun 2015 12:34:09 +0000 (14:34 +0200)]
encrypted initial values: schema enhancements plus SW device key schema.
Change-Id: Ib0f47fc5c95a785a9d2263a2d0b16da2c1ea7460
Krzysztof Jackiewicz [Wed, 17 Jun 2015 12:19:50 +0000 (14:19 +0200)]
Implement key retrieval in encryption service
[Feature] Encryption/decryption service implementation
[Solution] Encryption service sends a key request, CKM service retrieves the
key and returns it to Encryption service.
[Verification] Run ckm-tests --group=CKM_ENCRYPTION_DECRYPTION and observe
journalctl -f. TED_0010_encrypt_invalid_param_list should print:
"Attempt to retrieve key failed with error: -15" (5 times)
other failing tests should print:
"Encryption/decryption not yet supported"
Change-Id: I56dc8a08ba211e996295f962da12193027c1a78c
Krzysztof Jackiewicz [Wed, 17 Jun 2015 12:17:57 +0000 (14:17 +0200)]
Add MessageService
[Feature] Inter-service communication development
[Solution] Add MessageService and ThreadMessageService classes to
support/simplify transferring inter service messages between services/threads.
[Verification] Verify together with next commit
Change-Id: Id205e299ffc186a5e6eae6563d9804ce61fdec21
Krzysztof Jackiewicz [Wed, 17 Jun 2015 11:12:39 +0000 (13:12 +0200)]
Add support for inter-service communication in SocketManager
[Feature] Inter-service communication development.
[Solution] Add CommunicationManager basing on existing messages to
SocketManager. Set communication manager in services.
[Verification] Successfull compilation. Run ckm-tests --output.
Change-Id: Ic22b3496f7f40a424cec4794513cec9211a752d1
Krzysztof Jackiewicz [Wed, 17 Jun 2015 11:07:58 +0000 (13:07 +0200)]
Add inter-service messages
[Feature] Development of inter-service communication
[Solution] Create inter-service communication message class hierarchy including
key request and response messages.
[Verification] Successfull compilation
Change-Id: I41de882a089560201395fbcfe0143c067c1aee1f
Krzysztof Jackiewicz [Wed, 17 Jun 2015 10:55:53 +0000 (12:55 +0200)]
CommunicationManager returns the number of called listeners
[Problem] There's no way to find out if inter-service message reached some
listeners.
[Solution] SendMessage returns the number of called listeners.
[Verification] Run ckm-tests-internal -t MESSAGE_MANAGER_TEST
Change-Id: I0f9cba13991cb79e2901a6784a6b18e3b87c7150
Krzysztof Jackiewicz [Fri, 29 May 2015 14:59:57 +0000 (16:59 +0200)]
Add encryption service
[Feature] Encryption/decryption implementation
[Solution] Encryption service added
[Verification] Run test: ckm-tests --group=CKM_ENCRYPTION_DECRYPTION
Change-Id: I3ff79b06eabb6957ef2bbbe9a5bf7e5e2a995a21
Bartlomiej Grzelewski [Fri, 12 Jun 2015 13:32:28 +0000 (15:32 +0200)]
Use new exception types in KeyProvider class.
This commit also removed exception throw in object destructor.
Change-Id: I55f58bd5e63261632404557f60caa7f0af393714
Bartlomiej Grzelewski [Thu, 25 Jun 2015 15:48:19 +0000 (17:48 +0200)]
Replace shared ptr with unique ptr.
Change-Id: I7542c03078dc449dfb925824e8e89d11fcffcde9
Maciej J. Karpiuk [Thu, 11 Jun 2015 13:21:52 +0000 (15:21 +0200)]
Move encryption from crypto-logic class to "internal module".
Change-Id: I60186591a9d3c188d9642b202be1bcab047fee61
Bartlomiej Grzelewski [Tue, 9 Jun 2015 13:09:59 +0000 (15:09 +0200)]
Introduce new (much simpler) Exception type.
This commit changes the exception class hierarhy. Exceptions class won't
be hidden inside classes. From now exceptions will be defined globally
per project.
It does not mean that you cannot create hidden exception inside class.
Change-Id: If10bc10154684de91ea1f82332860ef53bdd2d3a
Bartlomiej Grzelewski [Thu, 11 Jun 2015 15:33:50 +0000 (17:33 +0200)]
Fix serious bug that causes crash on CKM exit.
Change-Id: Idef7ad9a4606b16f293a1052c313fa045a2f5da5
Krzysztof Jackiewicz [Mon, 8 Jun 2015 14:05:47 +0000 (16:05 +0200)]
Update parameter list API
[Problem] Param name range check is needed. Support for param overwriting is
needed. Getters in CAPI are needed. IV param has to be added manually.
[Solution] Add predefined range for possible ParamName values. Add ParamName
value check. Support param overwriting. Add CAPI param getters. IV param is not
generated in ckmc_generate_params.
[Verification] Run ckm-tests --group=CKM_ALGO_PARAMS and
ckm-tests-internal -t SERIALIZATION_TEST
All should pass.
Change-Id: I72a2c603d7a8f60bab5cb0c18fdc3866a28c7a82
Maciej J. Karpiuk [Wed, 3 Jun 2015 07:14:16 +0000 (09:14 +0200)]
AES: add generation, save, get support.
[Verification] a copule of AES tests added along other key types tests:
https://review.tizen.org/gerrit/#/c/38195/
Change-Id: If6508811f874d438551a9d528b17d5719adc8ed0
Krzysztof Jackiewicz [Tue, 7 Apr 2015 08:36:24 +0000 (10:36 +0200)]
AES key creation API
[Issue#] N/A
[Feature] API allowing creation of AES key in key-manager database
[Problem] N/A
[Cause] N/A
[Solution] N/A
[Verification] Successfull compilation. Run tests.
Change-Id: I3ec358ce4a58afb657afaf110ca81bacea7dcd10
Maciej J. Karpiuk [Fri, 29 May 2015 11:51:15 +0000 (13:51 +0200)]
Key generation uses CryptoAlgorithm object provided by the client.
Protocol changed: single command to generate all types of asymetric keys.
Change-Id: Iafe2b593c3945ff0e3fcc31241faea3a542aca65
Krzysztof Jackiewicz [Thu, 28 May 2015 07:11:22 +0000 (09:11 +0200)]
Implement encryption/decryption API
[Feature] Implementation of encryption/decryption service.
[Solution] API implemented
[Verification] Run ckm-tests --group=CKM_ENCRYPTION_DECRYPTION
(TED_0040_encrypt_no_output_buffer passes, all other tests fail with
CKMC_ERROR_SOCKET)
Change-Id: Ib0ce85f031e92660713ae4f320a4fd3981a43ffc
Krzysztof Jackiewicz [Wed, 27 May 2015 12:47:07 +0000 (14:47 +0200)]
Algorithm types and param names updated
[Problem] ED_CTR can be replaced with ED_IV. We need a way to distinguish
asymmetric algorithms for different purposes (encryption, signing/verification,
key generation)
[Solution] ED_CTR replaced with ED_IV. New algorithm types added.
[Verification] Compile and run tests: ckm-tests-internal -t SERIALIZATION_TEST
Change-Id: Id7f5f805f25aa674023f6fc8c3631c8b7abcea64
Krzysztof Jackiewicz [Wed, 1 Apr 2015 09:45:48 +0000 (11:45 +0200)]
Encryption/decryption API
[Issue#] N/A
[Feature] Encryption decryption support
[Problem] N/A
[Cause] N/A
[Solution] API for encryption decryption
[Verification] Succesfull compilation. Run tests
ckm-tests --group=ALGO_PARAMS (all pass)
ckm-tests --group=ENCRYPTION_DECRYPTION (all fail with CKMC_ERROR_UNKNOWN)
Change-Id: I6cbb1fb56ad1d82f8d673ed27d22eade82e4e1d0
Maciej J. Karpiuk [Wed, 27 May 2015 13:01:48 +0000 (15:01 +0200)]
crypto-service key generation contents moved into SW backend.
Change-Id: Icf746f14b7bcbd4bc1ac847dae4de0e4ad23a194
Krzysztof Jackiewicz [Thu, 28 May 2015 07:28:09 +0000 (09:28 +0200)]
Make CryptoAlgorithm copyable.
[Problem] CryptoAlgorithm have to be copied on client side. One copy has to
remain on client side for decryption and the other has to be serialized in
client.
[Solution] Unique_ptr replaced with shared_ptr so that CryptoAlgorithm copying
is possible.
[Verification] Run ckm-tests-internal -t SERIALIZATION_TEST
Change-Id: Ied81a1414cc9c6b40206116895f713b779a685ac
Maciej J. Karpiuk [Mon, 25 May 2015 09:07:45 +0000 (11:07 +0200)]
Initial values XSD moved into read only directory.
Change-Id: I200465912b82eae0b75228273e0af7cafe53ec7d
Bartlomiej Grzelewski [Tue, 19 May 2015 15:18:30 +0000 (17:18 +0200)]
Add classes for Trust Zone backend.
Change-Id: I84d0fc46e0026e83903ead87285fb6f9fb5754db
Maciej J. Karpiuk [Fri, 8 May 2015 12:00:24 +0000 (14:00 +0200)]
Add initial values support - values to feed the shared database on first startup.
Change-Id: Iec81d8aa168dd30072aae86827124744798ef33d
Bartlomiej Grzelewski [Tue, 19 May 2015 14:41:11 +0000 (16:41 +0200)]
SW Backend initialization refactoring.
Random initialization from CryptoService was moved to
CKM::Crypto::SW::Internals namespace.
Change-Id: I47ff24a9af908a9856158ec32a402e09d9b163b2
Maciej J. Karpiuk [Wed, 6 May 2015 13:20:41 +0000 (15:20 +0200)]
Add generic XML parser + tests.
Change-Id: I44494b0e3034cb0e6e258bc9b8da8cadb5e2be70
Bartlomiej Grzelewski [Wed, 13 May 2015 14:56:08 +0000 (16:56 +0200)]
Use new classes to sign and verify messages.
Remove old implementation of sign/verify methods.
Change-Id: I391d29ffc3ae8a2fe49b09259387efa2023abec2
Krzysztof Jackiewicz [Fri, 15 May 2015 17:40:29 +0000 (19:40 +0200)]
Simplify CryptoAlgorithm interface
[Issue#] N/A
[Feature/Bug] N/A
[Problem] N/A
[Cause] CryptoAlgorithm interface was too complicated
[Solution] Add high level interface
[Verification] Run: ckm-tests-internal --run_test=SERIALIZATION_TEST
Change-Id: I9f02d6ea6f3cc37d46585e1460f2a02bdc107f3c
Krzysztof Jackiewicz [Fri, 15 May 2015 09:59:27 +0000 (11:59 +0200)]
Add backend id to database scheme
[Issue#] N/A
[Feature/Bug] N/A
[Problem] N/A
[Cause] We have to keep backend id in database.
[Solution] Schema updated
[Verification] Run migration tests:
ckm-tests-internal --run_test=DBCRYPTO_MIGRATION_TEST
ckm-tests-internal --run_test=DBCRYPTO_TEST/DBtestBackend
Change-Id: Ib33d6c360d655f7c7a01164385e284ec8f759837
projects / platform / core / security / key-manager.git / log