summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2018-10-03Reduce number of import methods in tz-backendBartlomiej Grzelewski5-177/+90
Change-Id: I44fe9737dd34d8b61d2ab099c3f611903a5cc9a1
2018-10-03Unification of import methods in gstoreBartlomiej Grzelewski15-65/+49
Change-Id: I31dca502533360b759d6aea20e75a9e823eccc34
2018-10-03Add parser support of new schema versionBartlomiej Grzelewski13-95/+68
Version 1 of xml with initial values is not supported from now. From now software backend will not support encrypted data. Allow parser to accept xml version 2. Initial values files will contain information about type of backend that should be used to store data. Change-Id: Ib3a73b14148a2476ab288ca364fffe9289400ebd
2018-10-03Add backend attribute in xml schemaBartlomiej Grzelewski2-24/+28
Initial values may be saved in two locations: software backend and hardware backend. Until now there were no way to choose backend of to store initial values. Change-Id: Iaee057e8c78f6d3066e119adcf4e6fe174846990
2018-09-26Introduce Key class in tz backendKrzysztof Jackiewicz2-10/+19
Add an intermediate Key class that removes the need to keep credentials from binary data object (BData). Change-Id: I638de81aedf47bc51421a7c362459ced801fd650
2018-09-26Add support for TrustZone backend data storageTomasz Swierczek6-13/+367
Change-Id: Idfd0909d03e40b7e5cd5aeb1116b844be1901cf1
2018-09-26Simplify key related functions in tz-backendKrzysztof Jackiewicz3-22/+12
- Use proper parameter for tag length - Move default param values to TrustZoneContext where possible - Remove unnecessary arguments Change-Id: I00f8909ede4f80b77a937b52a5bce5698d4516a5
2018-08-28Fix buildbreak caused by improper rebaseKrzysztof Jackiewicz1-2/+2
Refactoring commit has been improperly rebased which led to buildbreak. Change-Id: I2d04143cf1eb929c8f8226826336b2e825996149
2018-08-28Add log for invalid system service owner idKrzysztof Jackiewicz1-1/+3
System services (uid < 5000) should always use "/System" owner id. Eiter by explicitly adding it to the alias or by running with "System" label. Add log to make the reason of the failure more apparent. Change-Id: I1be9861eadcae6eadd6d682b4cc66972c93d1728
2018-08-28Unify alias namingKrzysztof Jackiewicz54-767/+798
Get rid of all references to smack labels except database scheme. alias = owner_id + name Simplify db permissions processing Change-Id: I36c3dbb3ee605fb00e5e4e6bcbada6400a0cbcab
2018-08-28Fix TYPO in key-manager_doc.hDongsun Lee1-1/+1
Change-Id: I11dbc3468e8277f0cef978f722ecbe275e1048f6 Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
2018-08-27Make spec compliant with gbs --incrementalKonrad Lipinski1-8/+5
According to [1], %prep section of the spec file should contain a single %setup macro, nothing else. According to [2], manifest %files are best copied to %{buildroot}%{_datadir} in the %install section. Moved manifest copy operations from %prep to %install accordingly. References [1] https://source.tizen.org/documentation/reference/git-build-system/usage/gbs-build [2] https://wiki.tizen.org/Security/Application_installation_and_Manifest Change-Id: Iacf755558636f939a540482f849e810780c19a51
2018-08-16Add protection against memory leaking during deserializationTomasz Swierczek1-25/+35
Change-Id: I1fbcd7daf1674dd1ad6b9eaffdba76263bda370b
2018-08-16Add Apache 2.0 license headersPawel Kowalski3-0/+48
Change-Id: Ia61efbc57ce93ed3714dafe9edada7cb244c54d3
2018-08-09Add RequiresMountsFor=/opt to central-key-manager.service.submit/tizen_5.0/20181101.000004submit/tizen/20180810.004851accepted/tizen/unified/20180810.132542accepted/tizen/5.0/unified/20181102.021410accepted/tizen_5.0_unifiedINSUN PYO1-0/+1
In order to apply User/Group to .service, we need /opt/etc/{passwd,group}. Signed-off-by: INSUN PYO <insun.pyo@samsung.com> Change-Id: I0ff03a7bc65565605ac43754349979b351c16796
2018-08-06Test version of ckm_db_mergeBartlomiej Grzelewski11-186/+520
ckm_db_merge allows to read database and copy it's contents to other one. ckm_db_merge supports db since versions 0.1.14. Please note: both databases will be automatically migrated to the newest schema. Change-Id: I5cec9dfdc2ab75a2ccd5156b0bb05cb46d134480
2018-07-06Make key-manager build with boost 1.65submit/tizen/20180718.062500submit/tizen/20180709.095722accepted/tizen/unified/20180719.063028Krzysztof Jackiewicz2-0/+19
Add dummy implementation of newly added abstract methods. Change-Id: If491af391431a769a2e84360425852a53be25f16
2018-05-08Fix coverity defectsubmit/tizen/20180508.050430accepted/tizen/unified/20180508.134803Dongsun Lee1-3/+8
- 120541 : improper use of nagative value Change-Id: Ic93d890a08def810a8f09ed6bbb8171e440438df Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
2018-04-19Disable default build with tz-backendsubmit/tizen/20180502.043224submit/tizen/20180430.063346submit/tizen/20180419.050559accepted/tizen/unified/20180502.111600Tomasz Swierczek6-22/+100
Migration to VD causes build breaks because of missing optee dependency. Relation between key-manager and key-manager-ta needs to be re-worked. For now it will be disabled. Change-Id: I5312db283e3514d7c54dfa7caffd6738b5568e2f
2018-03-30Fix coverity defectssubmit/tizen/20180418.034402submit/tizen/20180416.041718submit/tizen/20180413.092019submit/tizen/20180403.094824Dongsun Lee3-4/+12
- 105284: Buffer not null terminated - 108955: Big parameter passed by value - 109815: Uncaught exception Change-Id: I303a652d6ae0540f7d6daa833a30ef0fb691ffb8 Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
2018-03-12Properly detect the presence of TAKrzysztof Jackiewicz1-23/+10
Tef-simulator and optee use different TA file name formats. Key-manager was detecting the presence of TA by checking the existence of TA file with hardcoded format. It worked with tef-simulator but it failed to detect the TA presence in case of optee. This commit replaces the TA file presence checking with an attempt to open a session using libteec. If an attempt succeeds the decider selects TZ backend. Otherwise, it falls back to SW backend. Change-Id: I840d6b58a1ffa39885a4b8ded0ff70f4147c3de0
2018-03-07Remove unnecessary dependenciesDariusz Michaluk1-1/+1
Do not expose unnecessary libraries to the program that is linking with key-manager library. If the program will not be using the symbols of the required library, it should not be linking directly to that library. Change-Id: I07264f35d023881be8b104307941565047813688
2018-03-07Remove redundant libcrypto dependencyDariusz Michaluk4-4/+0
openssl pkg-config requires libcrypto and libssl Change-Id: I222e458a26e0dc15d82654d35fdccc126411000f
2018-03-07Updated documentation headers - typos fixsubmit/tizen/20180308.062734Tomasz Swierczek2-3/+3
Change-Id: I8ad994a7164f6d85573030e0aeb340c1f0e50d14
2018-03-07Updated documentation to match supported features when key-manager-ta is ↵Tomasz Swierczek5-3/+39
present. GP API specification has subtle impact on features supported by key-manager: * passing data chunks bigger than TEEC_CONFIG_SHAREDMEM_MAX_SIZE is not supported by TEE Subtracting few kB for passing keys, options/cipher, at least 500 kB is left for user-data * GCM modes with tag lengths 32 and 64 bits are treated as insecure and are also not supported Change-Id: I9634531dbbfea153a2f4f45bc790521eff014e83
2018-02-07Add openssl error handling in key-managerPawel Kowalski12-137/+346
There was no distinction between different types of errors returned by OpenSSL functions. Because of that the information returned to a developer could be not complete and misleading. In order to solve this problem, translator of OpenSSL errors to CKM errors was written. Now, macro OPENSSL_ERROR_HANDLE may be used to handle OpenSSL errors and provide full error information into log system. Change-Id: I63b54f76faaa5b36385bed167db03d97f034402f
2018-01-17Fix out of bound accessBartlomiej Grzelewski1-0/+7
Change-Id: I830cdc82351b18a670c4950a720f18433532a966
2017-11-29Add backend field in policysubmit/tizen/20180312.095815submit/tizen/20171204.124944accepted/tizen/unified/20171205.155557Bartlomiej Grzelewski6-15/+42
New field will allow user to force usage of software/hardwere backend during runtime. Change-Id: I6f3c575fa979807f456a32a70b278942cdb28b04
2017-11-28tz-backend: Implement symmetric encryption through TALukasz Kostyra19-49/+1900
Change-Id: Id1b563f099e1671fb5fbcca9ca08757b34b1dfd8
2017-11-22Change GID of key-managerLukasz Kostyra2-1/+4
Key-manager main group ID was changed to security_fw to workaround the issue with TrustZone backend - client application created shared memory segments inaccessible by TEF Simulator Daemon. Change-Id: I8da3dacfb5001cc4b230219820acc53b287f6cfb
2017-11-22Merge branches 'tizen' and 'tizen_4.0'tizen_4.0.IoT.p2_releasesubmit/tizen_4.0/20171206.144625accepted/tizen/4.0/unified/20171207.070809tizen_4.0_tvKrzysztof Jackiewicz16-125/+188
Change-Id: I0e30db44df252ac6a5629542dfd9cea022a04971
2017-11-22Fix SVACE defectsKrzysztof Jackiewicz4-39/+21
- Initialize required members in default Row ctor - Remove unused Row objects - Refactor string memcpy'ing so that SVACE stops complaining - Fix memory leak in DescriptorSet Change-Id: I8a22a3c5388b0c17b6f44ebaf89d32e9065526dd
2017-11-16Add host parameter in HTTP headerBartlomiej Grzelewski1-3/+59
Change-Id: Iacd8d8e244df289af8c4ab0fe87a26fcb91b5644
2017-11-10Remove debug logs from framework filesBartlomiej Grzelewski2-7/+1
This logs were used during framework test and are useless now. Change-Id: I4425bc4ab0229cd9430491767a18cc43e7748b6b
2017-11-10Remove dlog file info information from logBartlomiej Grzelewski1-5/+5
Change-Id: I7a961beae5943d6ce670c94c52f4d8cd1a47f989
2017-11-06OCSP implementation updatesubmit/tizen_4.0/20171106.133313submit/tizen_3.0/20171106.133218accepted/tizen/4.0/unified/20171107.054741Bartlomiej Grzelewski2-3/+15
Add support for OCSP responses that does not contain issuer certificate. Change-Id: I7fd5367c4c5f34c1d672fcf8506af6a2e9b9d2f7
2017-11-02OCSP implementation updatesubmit/tizen/20171106.133424accepted/tizen/unified/20171107.055250Bartlomiej Grzelewski2-3/+15
Add support for OCSP responses that does not contain issuer certificate. Change-Id: I7fd5367c4c5f34c1d672fcf8506af6a2e9b9d2f7
2017-10-18Support for http proxy during ocsp checktizen_4.0.m2_releasesubmit/tizen_4.0/20171018.060143accepted/tizen/4.0/unified/20171019.081711Bartlomiej Grzelewski3-32/+43
Change-Id: I4966c6dc08411491b419809be402ac8808027478
2017-10-18Support for http proxy during ocsp checkBartlomiej Grzelewski3-32/+43
Change-Id: I4966c6dc08411491b419809be402ac8808027478
2017-09-25Prevent key-manager client crashtizen_4.0.IoT.p1_releasesubmit/tizen_4.0/20170926.044845submit/tizen_4.0/20170925.224717submit/tizen_4.0/20170925.010818accepted/tizen/4.0/unified/20170926.171701Bartlomiej Grzelewski1-0/+10
Key-manager client crashed during pthread_cancel because try catch sections did not support stack unwind correctly. Change-Id: I7089160603394a11d94b437bb4f80cf19b632da0 (cherry picked from commit 3eb9315f621035b8ea237096506e77dfb232d842)
2017-09-21Prevent key-manager client crashBartlomiej Grzelewski1-0/+10
Key-manager client crashed during pthread_cancel because try catch sections did not support stack unwind correctly. Change-Id: I7089160603394a11d94b437bb4f80cf19b632da0
2017-09-18Remove old update scriptSunmin Lee10-309/+1
RW update script for Tizen 2.4 (to 3.0) is not necessary in Tizen 4.0. Remove this file to avoid being executed during Tizen 4.0 update. Change-Id: I3eef635dec6a8712d74d83fb6dce96e604dd1bb4 (cherry picked from commit a8a5076372d8473663ed565eac3a14503f4c99b2)
2017-09-14Remove old update scriptsubmit/tizen_4.0/20170918.010139accepted/tizen/4.0/unified/20170919.172501Sunmin Lee10-309/+1
RW update script for Tizen 2.4 (to 3.0) is not necessary in Tizen 4.0. Remove this file to avoid being executed during Tizen 4.0 update. Change-Id: I3eef635dec6a8712d74d83fb6dce96e604dd1bb4
2017-09-05setPermissions should succeed when called with empty permissions & no ↵submit/tizen_4.0/20170915.073846submit/tizen_4.0/20170914.025855submit/tizen_4.0/20170907.063156accepted/tizen/4.0/unified/20170914.235210Tomasz Swierczek1-6/+0
permissions exist Change-Id: Ibe94959942b300779adb1ab82bd794791b33630d Signed-off-by: Tomasz Swierczek <t.swierczek@samsung.com>
2017-09-05setPermissions should succeed when called with empty permissions & no ↵submit/tizen/20170925.011608submit/tizen/20170915.073906submit/tizen/20170907.063301accepted/tizen/unified/20170918.153040Tomasz Swierczek1-6/+0
permissions exist Change-Id: Ibe94959942b300779adb1ab82bd794791b33630d Signed-off-by: Tomasz Swierczek <t.swierczek@samsung.com>
2017-08-23Ensure key/cert pointer validity before accessing the DERKrzysztof Jackiewicz8-71/+102
In many cases the getDER() function is called on a shared_ptr to a key or certficiate without checking the pointer validity which may lead to segfaults. Add proper checks before calling the getDER() function. Change-Id: Ifb209737f14a13f6e7946e21c9d7c1cf5791973e
2017-08-17Force PIE compilation flags in CMakeListssubmit/tizen_4.0/20170828.110004submit/tizen_4.0/20170828.100004submit/tizen/20170817.234357accepted/tizen/unified/20170818.083433accepted/tizen/4.0/unified/20170829.020247Igor Kotrasinski3-12/+8
Fixes ckm_tool executable not being PIE. Change-Id: I5bfd915171cb0f9a9b6a17cc8fbec921c4bfb127 Signed-off-by: Igor Kotrasinski <i.kotrasinsk@partner.samsung.com>
2017-08-01Remove unused m_reason from ExceptionKrzysztof Jackiewicz1-50/+0
Change-Id: If58cc6d4db141b92ee169b8f3cc5ee9f745c8c67
2017-08-01Fix segfault in internal testsKrzysztof Jackiewicz1-5/+8
Unregister libxml2 callbacks in parser destructor. Change-Id: Ieeeaebc9299df55325612800304c32f55708091c
2017-08-01Fix defects reported by SVACEKrzysztof Jackiewicz7-63/+60
Change-Id: Ia890a846836d2c7cf9657a889b304ec1e0171ead