AgeCommit message (Collapse)AuthorFilesLines
2019-05-20Release 0.1.30submit/tizen/20190529.045654submit/tizen/20190522.051353submit/tizen/20190520.091210accepted/tizen/unified/20190602.221856refs/changes/76/206476/1Tomasz Swierczek1-1/+1
* Forbid HashAlgorithm::NONE for DSA & ECDSA signatures * Setup verification algorithm if not provided * Be prepared for no data from TA * tz-backend: Implement asymmetric operations * tz-backend: Add serialization wrapper * decider: Allow multiple policies for more complex logic Change-Id: Ie09953ce89557b32fe036855f65329b1ed307996
2019-05-20Forbid HashAlgorithm::NONE for DSA & ECDSA signaturesrefs/changes/65/206265/3Krzysztof Jackiewicz3-3/+15
Openssl uses SHA1 if no hash algorithm is provided for DSA & ECDSA signatures. TZ does not support that option at all. It's better to forbid it. This commit changes the API behavior and may lead to errors in clients that used HashAlgorithm::NONE with DSA or ECDSA which is highly unlikely. Change-Id: I8522e8f157b5ef2d6599bb672ef790ee8ea48644
2019-05-20Setup verification algorithm if not providedrefs/changes/73/202873/3Krzysztof Jackiewicz1-1/+1
Verification API has no knowledge about the algorithm type. It has to be derived from the key type. Change-Id: I2e0d094372e4bf8c28275544204e431c4023e391
2019-05-20Be prepared for no data from TArefs/changes/37/202337/5Krzysztof Jackiewicz1-8/+18
Deserialization may return an empty buffer with no error. Adjust code to handle that case. Change-Id: Ife80b4d35914eda700798e0515812b3b638e735e
2019-05-20tz-backend: Implement asymmetric operationsrefs/changes/10/200310/9Lukasz Kostyra8-94/+753
Change-Id: Ie98b4e72addb257c2a8de1de57097fe077fff380
2019-05-20tz-backend: Add serialization wrapperrefs/changes/07/201207/7Krzysztof Jackiewicz6-179/+355
Change-Id: I304452444887de48d808a6aa11eb42a1de385bf0
2019-05-20decider: Allow multiple policies for more complex logicrefs/changes/44/199144/9Lukasz Kostyra7-112/+82
When generating asymmetric keys, ckm-logic selected less restrictive policy out of two provided and selected key store this way. Now, both policies are supplied to Decider, which will allow for more complex backend selection logic. Change-Id: Id2b845326cae7bbf5d90bb575645c8af36c20d0f
2019-05-17Release 0.1.29submit/tizen/20190517.091823refs/changes/58/206258/2Tomasz Swierczek1-1/+1
* Get rid of misleading SCHEMA_INFO error * Adjust to boost 1.65 * Fix file name in file header * Fix svace defects * Check fs errors before saving the file Change-Id: Ic90ecdd256a23cec9f9356a7e59c85be982cd8e9
2019-05-17Get rid of misleading SCHEMA_INFO errorrefs/changes/44/200244/9Krzysztof Jackiewicz2-39/+31
During startup the key-manager attempts to read a table SCHEMA_INFO to get the information about the database version. In older versions of the database that table is missing. Key-manager properly handles that case but produces 3 lines of error log which may suggest that something went wrong. This commit checks the existence of the table before attempting to use it. Whole operation is enclosed in a transaction. Change-Id: Ie7f1fbe1182c2add5965f8e5ddada262ffcb42fe
2019-05-15Merge "Increase backlog for listening sockets" into tizenKrzysztof Jackiewicz1-1/+1
2019-05-15Adjust to boost 1.65refs/changes/30/206230/1Tomasz Swierczek2-0/+41
Change-Id: I43e986a010030db949053a8e1b3669495fa1a986
2019-05-14Increase backlog for listening socketsrefs/changes/38/206138/1Dariusz Michaluk1-1/+1
When systemd's socket activaction is utilized, the default backlog parameter passed to the listen() function is set to SOMAXCONN, which is equal to 128. In distributions where systemd is not used for socket activation, the default UNIX socket implementation sets the backlog value to 5. This may lead to rare overflow of an internal connection queue. This manifests itself as the -EAGAIN error returned by connect(). To mitigate the issue, the backlog parameter has been set to SOMAXCONN, which is a default value used by systemd. Change-Id: I906cd4de478b0dac0eaf860550fccd2f9cd6e184
2019-05-13Fix file name in file headerrefs/changes/24/206024/1Tomasz Swierczek1-2/+2
Change-Id: I3e087729762d16b84327863317643387c304ef88
2019-05-08Fix svace defectsrefs/changes/82/205482/4Konrad Lipinski1-16/+18
va_start / va_end must be called in the same function Change-Id: I5176fc2686a62eb0a21e6eb9a5f737dbc3880056
2019-03-27Check fs errors before saving the filerefs/changes/61/199461/7Krzysztof Jackiewicz1-3/+10
GetFd(os) on a non-existing file causes segfault. Change-Id: I8365dfbddace160ae99b1e7d1f6070ee1032f6cd
2019-03-13Release 0.1.28submit/tizen/20190314.052726submit/tizen/20190313.095740accepted/tizen/unified/20190314.220513refs/changes/22/201222/5Tomasz Swierczek1-1/+1
* Change contact information to Dongsun Lee * Fix since_tizen tag in ckmc-type.h * Replace time(NULL) with monotonic clock usage * Fix memory leak/corruption * Add API for CKM return code descriptions * Add test for listing aliases with password protection statuses on old database schema * CKMC API: Add option to list aliases with information about password protection * Add option to list aliases with password protection statuses * replace strcpy with strncpy for fixing SVACE(WGID=411075,411076) Change-Id: If1b53e3dc88bcadbb32b40b8d89e5bc781d71e32
2019-03-13Change contact information to Mr Dongsun Leerefs/changes/21/201221/4Tomasz Swierczek12-23/+25 is no longer a valid email address. Change-Id: I81103542e0d23e80a71d5f1e86cc263f92ab78b0
2019-03-11Replace time(NULL) with monotonic clock usagerefs/changes/82/200882/3Tomasz Swierczek1-5/+15
Calculating timeout for socket connections should use monotonic clock. Change-Id: If9c3d573b70d1faa1cf46b9215048a5853abbaaa
2019-03-07Fix since_tizen tag in ckmc-type.hrefs/changes/38/201038/1Ernest Borowski1-5/+5
Change-Id: Ib8fd0260527ed87bf0801e3cb7a24d2ca97f4c90 Signed-off-by: Ernest Borowski <>
2019-03-01Fix memory leak/corruptionrefs/changes/97/198997/3Dariusz Michaluk1-12/+13
Change-Id: I8f9bed07752fde26f629cca6931231dab5fd8980
2019-02-26Add API for CKM return code descriptionsrefs/changes/29/200229/4Tomasz Swierczek5-8/+77
In rare case when DB tool was used for db inspection, and db could not be opened, the commandline interface returned raw error code, without any explanation. Change-Id: If7a29842ae5a7fc2e99a2d991545539704647f3c
2019-02-22Add test for listing aliases with password protectionrefs/changes/92/185892/18Ernest Borowski3-3/+80
statuses on old database schema Change-Id: I2e9e409a385744a0ed694023872cbd4b37cce523
2019-02-22CKMC API: Add option to list aliases with information about password protectionrefs/changes/17/171217/21Ernest Borowski5-9/+310
Change-Id: I02ff75a9f6c60bdcd4b3450a135a4047bbbc05f0 Signed-off-by: Ernest Borowski <>
2019-02-22Add option to list aliases with password protection statusesrefs/changes/91/170391/24Ernest Borowski11-20/+277
Change-Id: I045174602edd51dc7efcc8d79eb1beed76215b10 Signed-off-by: Ernest Borowski <>
2019-02-22replace strcpy with strncpy for fixing SVACE(WGID=411075,411076)submit/tizen/20190222.041951accepted/tizen/unified/20190222.134051refs/changes/48/200348/1Dongsun Lee1-2/+2
Change-Id: I26207f412d5aeee68f6c90131d6c62978233c5f5 Signed-off-by: Dongsun Lee <>
2019-02-19Release 0.1.27submit/tizen/20190219.163203accepted/tizen/unified/20190220.071637refs/changes/71/200171/1Tomasz Swierczek1-1/+1
* Encode blobs with Base64 in ckm tools * Refactor PKEK2 related functions * Add a common function for zeroing sensitive data * Free the context in case of openssl failure * Add helpers for domain KEK encryption/decryption * Add helper randomization function in key-provider.cpp * Make encrypt/decrypt local functions of key-provider.cpp * Use common function for PKEK1&2 generation * Make username shorter in KeyProvider tests * Remove outdated tz_backend test * Validate encrypted DKEK * Fix SVACE and C++ issues * Add gbs option to enable the TZ backend support * Update log formatter in tests * Fix internal migration tests * Fix internal scheme tests * Remove secret key for software backend * Some TZ backend fixes. * Remove unnecessary BSD license * Add allowed values for -b option of initial values tool * Add RO location for initial values * Overwrite existing initial values * Initial values tool * Support for encrypted initial-values * Reduce number of import methods in tz-backend * Unification of import methods in gstore * Add parser support of new schema version * Add backend attribute in xml schema * Introduce Key class in tz backend * Add support for TrustZone backend data storage * Simplify key related functions in tz-backend * Fix buildbreak caused by improper rebase * Add log for invalid system service owner id * Unify alias naming * Fix TYPO in key-manager_doc.h * Make spec compliant with gbs --incremental * Add protection against memory leaking during deserialization * Add Apache 2.0 license headers Change-Id: I05a9b6bdf376f6bdc58542fb023528ac122f619f
2019-02-19Encode blobs with Base64 in ckm toolsrefs/changes/17/199917/4Krzysztof Jackiewicz1-1/+20
If an unprintable data is returned as a result of sqlite query execution it will be encoded in base64 and prefixed with "b64:". This is to make binary data readable in ckm_db_tool/merge. Also extend the maximum size of printed row to 64 characters. Change-Id: I4471090977b19ded9b1bea76f26ff1b98d5ba826
2019-02-19Refactor PKEK2 related functionsrefs/changes/39/200139/1Krzysztof Jackiewicz2-11/+12
PKEK2 is used to derive both DB DEK and APP DEK. Currently, variable names and comments are a bit misleading. This commit refactors the variable names and comments to better describe the actual purpose of this key. Change-Id: If8ee266ec2da63c929f498f1ed009df5d79c134f
2019-02-19Add a common function for zeroing sensitive datarefs/changes/14/199814/3Krzysztof Jackiewicz8-10/+83
Encryption keys and passwords are sensitive data and as such should be cleared when no longer used to prevent memory attacks. According to the "as-if" rule, the compiler is allowed to perform any changes to the program as long as the observable behavior of the program is not changed. Since the contents of unused memory are not considered an observable behavior the compiler is allowed to optimize out the call to memset(). The following solutions were considered: - Reading the memory after overwriting it with memset(). Since reading the memory has no observable effects it's perfectly legal for the compiler to remove both operations. - Using volatile asembly code to prevent optimization. It may prevent some compilers from optimizing but there's no guarantee. - Using volatile funtion pointer to memset. Apparently, it can be optimized as well during LTO. - Using memcpy_s(). The function is not widely available yet. It may be missing so we still need a fallback solution. - Locally disabling optimization with #pragma GCC optimize("O0"). It's GCC specific and it's not clear whether GCC will try to optimize it with "O0". Empirical test showed that memset() call is not removed. This commit applies the last solution adding a new unoptimized wrapper for memset(). Note that this commit will not prevent the processor from creating another copy of the sensitive data in registers, on the stack, in swap or in cache memory. It will only limit the number of places in memory where the secret data can be found. Change-Id: I80fe8ce8ce3d808b423858254d6fd23f491d2674
2019-02-13Free the context in case of openssl failurerefs/changes/96/198796/3Krzysztof Jackiewicz1-20/+19
Change-Id: Ia2e387f70a50b090641f6bf6fb509d7d54dfdd8f
2019-02-13Add helpers for domain KEK encryption/decryptionrefs/changes/95/198795/5Krzysztof Jackiewicz2-118/+73
Change-Id: I048649f8a9a3450f6cefcbd9d2d75c8445f46277
2019-02-13Add helper randomization function in key-provider.cpprefs/changes/94/198794/5Krzysztof Jackiewicz1-5/+12
Change-Id: I657ac68ce8e9253ca63187132eef3fb769d8426a
2019-02-13Make encrypt/decrypt local functions of key-provider.cpprefs/changes/93/198793/5Krzysztof Jackiewicz2-96/+80
Change-Id: I0dfceda850c69b09a92d26254642357838ea7cb5
2019-02-13Use common function for PKEK1&2 generationrefs/changes/92/198792/5Krzysztof Jackiewicz2-156/+70
Change-Id: Ic9c6286b3672836c2bde976adb1b79ba34793918
2019-02-13Make username shorter in KeyProvider testsrefs/changes/99/197099/6Krzysztof Jackiewicz1-1/+4
USERNAME_LONG used in KeyProvider tests is 43 characters long while the structure used for storing it has only 32 characters. After adding a size check in WrappedKeyAndInfoContainer::setKeyInfoClient the tests started to fail. This commit makes the passed string fit 32 characters and adds new test. Change-Id: Ida8a574f805c9518d00ee810dbd3c2daed9ace55
2019-02-13Remove outdated tz_backend testrefs/changes/74/192674/7Krzysztof Jackiewicz2-40/+0
TZ backend is now supported. The test is no longer valid and has been removed. Change-Id: Ia36f684442a91edde924786944ebf4f926119344
2019-02-13Validate encrypted DKEKrefs/changes/44/192144/6Krzysztof Jackiewicz3-27/+49
- Make sure that the length of the encrypted DKEK received in WrapperKeyAndInfoContainer() does not exceed the size of the key buffer. - Check client id NULL termination. - Get rid of unnecessary dynamic allocations. - Update tests. Change-Id: I9f5b494a8ea3d0d8f438a50bb49b55d57d1a3e67
2018-12-03Fix SVACE and C++ issuesrefs/changes/27/193827/2Krzysztof Jackiewicz6-6/+14
Change-Id: Idfed338ad6f632556585e5749817bb882cbe0251
2018-12-03Add gbs option to enable the TZ backend supportPawel Kowalski1-3/+3
To enable the TZ backend support add following option to the gbs build: --define "tz_backend ON". If the option is not set or is set to value different than ON, the TZ backend support is disabled (it is disabled by default). Change-Id: If6ebd2625ea7b559df52c8fc6da659a99e53a9f9
2018-11-28Update log formatter in testsrefs/changes/73/192673/2Krzysztof Jackiewicz6-200/+138
Apparently the boost unit_test_log_formatter interface has changed. The colour_log_formatter has been updated to match the new version. Thanks to that it is now possible to properly observe uncaught exceptions in unit tests. As a result the assert wrapper is no longer necessary and it has been removed. Change-Id: Ifbf0b8b2f1234e1d77fa695b145c50d65e87624a
2018-10-19Fix internal migration testsrefs/changes/87/189887/5Krzysztof Jackiewicz2-5/+5
Migration tests use existing databases so test alias names must not be changed Change-Id: I4277125a9031d822d1666e51a8ee54466901e2a0
2018-10-19Fix internal scheme testsrefs/changes/03/191503/2Krzysztof Jackiewicz7-232/+231
1. Regular std::exception is not reported as error by boost test. Std::runtime_error is used because a part of the test code is also used in a tool for database generation. This commit replaces calls to boost test macros with calls to a wrapper macro which is expanded to std::runtime_error or boost test assert depending on a compilation flag. 2. Test binaries are modifying process labels which requires onlycap. This commit modifies exec label and adds onlycap fixture to disable onlycap for scheme tests. Change-Id: Ibbe44c2bca6e12b5ade360b267c281ef18294258
2018-10-19Remove "secret" key for software backendrefs/changes/07/191007/4Bartlomiej Grzelewski10-351/+2
This key was used by example software implementation of encrypted initial-values feature which has been replaced by hardware backed implementation. Change-Id: Id8358a70459fb6ddd8ebb43fc8e987dc4d586f63
2018-10-12Some TZ backend fixes.refs/changes/69/177269/7r.tyminski3-6/+8
- pass TEEC_Context by reference, not by value. - print return origin from TEEC_InvokeCommand Change-Id: Ib26415d0dfb454540c0f0b85d2dc50466f63ae14
2018-10-10Remove unnecessary BSD licenserefs/changes/05/190905/2Krzysztof Jackiewicz2-26/+1
Base64 code licensed under BSD 2-clause has been removed. This license is no longer necessary. Change-Id: I91a3df5d282b81df19699afee9028c0dc27783d1
2018-10-08Add allowed values for -b option of initial values toolrefs/changes/76/190876/2Krzysztof Jackiewicz1-1/+2
Change-Id: Ib52a86548462ef1c7e59ca446b0733e5291017f8
2018-10-08Add RO location for initial valuesrefs/changes/26/190826/3Krzysztof Jackiewicz4-13/+36
RO location will be processed before RW if a flag file is present. After import the flag will be removed but xml files will be left untouched. Change-Id: Id11c982ee4a055871e4af6841c23a11cbf139239
2018-10-08Overwrite existing initial valuesrefs/changes/24/190824/3Krzysztof Jackiewicz1-0/+3
Delete any existing values of given name before saving new one. Change-Id: I4cf23efad7cff6ef453f1ed7e4bfcda76d2fdc69
2018-10-05Initial values toolrefs/changes/94/190494/16Krzysztof Jackiewicz7-0/+828
Add a tool able to create and/or update an initial values xml. It is also possible to add encrypted ininial values. Add rpm package for potential use in gbs buildroot during image creation. Limitations: - Hardcoded IV & tag length - Hardcoded Data format Testing: dd if=/dev/random of=/tmp/key bs=32 count=1 dd if=/dev/random of=/tmp/data bs=32 count=1 ckm_initial_values -k /tmp/key -d /tmp/data -n name -t Key -s AES -p pass -e -b hardware -a acc1,acc2,acc3 Change-Id: Id29d0eb58d9dba3e78b3437534cb566046a39877
2018-10-04Support for encrypted initial-valuesrefs/changes/70/190270/3Bartlomiej Grzelewski20-218/+128
Add tag attribute in xml schema Change-Id: Idc058e756ab6053103e1477292cacbacf57a9879