Age | Commit message (Collapse) | Author | Files | Lines |
|
* Forbid HashAlgorithm::NONE for DSA & ECDSA signatures
* Setup verification algorithm if not provided
* Be prepared for no data from TA
* tz-backend: Implement asymmetric operations
* tz-backend: Add serialization wrapper
* decider: Allow multiple policies for more complex logic
Change-Id: Ie09953ce89557b32fe036855f65329b1ed307996
|
|
Openssl uses SHA1 if no hash algorithm is provided for DSA & ECDSA
signatures. TZ does not support that option at all. It's better to
forbid it.
This commit changes the API behavior and may lead to errors in clients
that used HashAlgorithm::NONE with DSA or ECDSA which is highly
unlikely.
Change-Id: I8522e8f157b5ef2d6599bb672ef790ee8ea48644
|
|
Verification API has no knowledge about the algorithm type. It has to be derived
from the key type.
Change-Id: I2e0d094372e4bf8c28275544204e431c4023e391
|
|
Deserialization may return an empty buffer with no error. Adjust code to handle
that case.
Change-Id: Ife80b4d35914eda700798e0515812b3b638e735e
|
|
Change-Id: Ie98b4e72addb257c2a8de1de57097fe077fff380
|
|
Change-Id: I304452444887de48d808a6aa11eb42a1de385bf0
|
|
When generating asymmetric keys, ckm-logic selected less restrictive
policy out of two provided and selected key store this way. Now, both
policies are supplied to Decider, which will allow for more complex
backend selection logic.
Change-Id: Id2b845326cae7bbf5d90bb575645c8af36c20d0f
|
|
* Get rid of misleading SCHEMA_INFO error
* Adjust to boost 1.65
* Fix file name in file header
* Fix svace defects
* Check fs errors before saving the file
Change-Id: Ic90ecdd256a23cec9f9356a7e59c85be982cd8e9
|
|
During startup the key-manager attempts to read a table SCHEMA_INFO to get the
information about the database version. In older versions of the database that
table is missing. Key-manager properly handles that case but produces 3 lines of
error log which may suggest that something went wrong.
This commit checks the existence of the table before attempting to use it. Whole
operation is enclosed in a transaction.
Change-Id: Ie7f1fbe1182c2add5965f8e5ddada262ffcb42fe
|
|
|
|
Change-Id: I43e986a010030db949053a8e1b3669495fa1a986
|
|
When systemd's socket activaction is utilized, the default backlog
parameter passed to the listen() function is set to SOMAXCONN,
which is equal to 128. In distributions where systemd is not used
for socket activation, the default UNIX socket
implementation sets the backlog value to 5.
This may lead to rare overflow of an internal connection queue.
This manifests itself as the -EAGAIN error returned by connect().
To mitigate the issue, the backlog parameter has been set
to SOMAXCONN, which is a default value used by systemd.
Change-Id: I906cd4de478b0dac0eaf860550fccd2f9cd6e184
|
|
Change-Id: I3e087729762d16b84327863317643387c304ef88
|
|
va_start / va_end must be called in the same function
Change-Id: I5176fc2686a62eb0a21e6eb9a5f737dbc3880056
|
|
GetFd(os) on a non-existing file causes segfault.
Change-Id: I8365dfbddace160ae99b1e7d1f6070ee1032f6cd
|
|
* Change contact information to Dongsun Lee
* Fix since_tizen tag in ckmc-type.h
* Replace time(NULL) with monotonic clock usage
* Fix memory leak/corruption
* Add API for CKM return code descriptions
* Add test for listing aliases with password protection statuses on old database schema
* CKMC API: Add option to list aliases with information about password protection
* Add option to list aliases with password protection statuses
* replace strcpy with strncpy for fixing SVACE(WGID=411075,411076)
Change-Id: If1b53e3dc88bcadbb32b40b8d89e5bc781d71e32
|
|
bj.im@samsung.com is no longer a valid email address.
Change-Id: I81103542e0d23e80a71d5f1e86cc263f92ab78b0
|
|
Calculating timeout for socket connections should
use monotonic clock.
Change-Id: If9c3d573b70d1faa1cf46b9215048a5853abbaaa
|
|
Change-Id: Ib8fd0260527ed87bf0801e3cb7a24d2ca97f4c90
Signed-off-by: Ernest Borowski <e.borowski@partner.samsung.com>
|
|
Change-Id: I8f9bed07752fde26f629cca6931231dab5fd8980
|
|
In rare case when DB tool was used for db inspection,
and db could not be opened, the commandline interface
returned raw error code, without any explanation.
Change-Id: If7a29842ae5a7fc2e99a2d991545539704647f3c
|
|
statuses on old database schema
Change-Id: I2e9e409a385744a0ed694023872cbd4b37cce523
|
|
Change-Id: I02ff75a9f6c60bdcd4b3450a135a4047bbbc05f0
Signed-off-by: Ernest Borowski <e.borowski@partner.samsung.com>
|
|
Change-Id: I045174602edd51dc7efcc8d79eb1beed76215b10
Signed-off-by: Ernest Borowski <e.borowski@partner.samsung.com>
|
|
Change-Id: I26207f412d5aeee68f6c90131d6c62978233c5f5
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
|
|
* Encode blobs with Base64 in ckm tools
* Refactor PKEK2 related functions
* Add a common function for zeroing sensitive data
* Free the context in case of openssl failure
* Add helpers for domain KEK encryption/decryption
* Add helper randomization function in key-provider.cpp
* Make encrypt/decrypt local functions of key-provider.cpp
* Use common function for PKEK1&2 generation
* Make username shorter in KeyProvider tests
* Remove outdated tz_backend test
* Validate encrypted DKEK
* Fix SVACE and C++ issues
* Add gbs option to enable the TZ backend support
* Update log formatter in tests
* Fix internal migration tests
* Fix internal scheme tests
* Remove secret key for software backend
* Some TZ backend fixes.
* Remove unnecessary BSD license
* Add allowed values for -b option of initial values tool
* Add RO location for initial values
* Overwrite existing initial values
* Initial values tool
* Support for encrypted initial-values
* Reduce number of import methods in tz-backend
* Unification of import methods in gstore
* Add parser support of new schema version
* Add backend attribute in xml schema
* Introduce Key class in tz backend
* Add support for TrustZone backend data storage
* Simplify key related functions in tz-backend
* Fix buildbreak caused by improper rebase
* Add log for invalid system service owner id
* Unify alias naming
* Fix TYPO in key-manager_doc.h
* Make spec compliant with gbs --incremental
* Add protection against memory leaking during deserialization
* Add Apache 2.0 license headers
Change-Id: I05a9b6bdf376f6bdc58542fb023528ac122f619f
|
|
If an unprintable data is returned as a result of sqlite query
execution it will be encoded in base64 and prefixed with "b64:". This
is to make binary data readable in ckm_db_tool/merge.
Also extend the maximum size of printed row to 64 characters.
Change-Id: I4471090977b19ded9b1bea76f26ff1b98d5ba826
|
|
PKEK2 is used to derive both DB DEK and APP DEK. Currently, variable names and
comments are a bit misleading.
This commit refactors the variable names and comments to better describe the
actual purpose of this key.
Change-Id: If8ee266ec2da63c929f498f1ed009df5d79c134f
|
|
Encryption keys and passwords are sensitive data and as such should be cleared
when no longer used to prevent memory attacks.
According to the "as-if" rule, the compiler is allowed to perform any changes to
the program as long as the observable behavior of the program is not
changed. Since the contents of unused memory are not considered an observable
behavior the compiler is allowed to optimize out the call to memset(). The
following solutions were considered:
- Reading the memory after overwriting it with memset(). Since reading the
memory has no observable effects it's perfectly legal for the compiler to
remove both operations.
- Using volatile asembly code to prevent optimization. It may prevent some
compilers from optimizing but there's no guarantee.
- Using volatile funtion pointer to memset. Apparently, it can be optimized as
well during LTO.
- Using memcpy_s(). The function is not widely available yet. It may be missing
so we still need a fallback solution.
- Locally disabling optimization with #pragma GCC optimize("O0"). It's GCC
specific and it's not clear whether GCC will try to optimize it with
"O0". Empirical test showed that memset() call is not removed.
This commit applies the last solution adding a new unoptimized wrapper for
memset().
Note that this commit will not prevent the processor from creating another copy
of the sensitive data in registers, on the stack, in swap or in cache memory. It
will only limit the number of places in memory where the secret data can be
found.
Change-Id: I80fe8ce8ce3d808b423858254d6fd23f491d2674
|
|
Change-Id: Ia2e387f70a50b090641f6bf6fb509d7d54dfdd8f
|
|
Change-Id: I048649f8a9a3450f6cefcbd9d2d75c8445f46277
|
|
Change-Id: I657ac68ce8e9253ca63187132eef3fb769d8426a
|
|
Change-Id: I0dfceda850c69b09a92d26254642357838ea7cb5
|
|
Change-Id: Ic9c6286b3672836c2bde976adb1b79ba34793918
|
|
USERNAME_LONG used in KeyProvider tests is 43 characters long while the
structure used for storing it has only 32 characters. After adding a size check
in WrappedKeyAndInfoContainer::setKeyInfoClient the tests started to fail.
This commit makes the passed string fit 32 characters and adds new test.
Change-Id: Ida8a574f805c9518d00ee810dbd3c2daed9ace55
|
|
TZ backend is now supported. The test is no longer valid and has been removed.
Change-Id: Ia36f684442a91edde924786944ebf4f926119344
|
|
- Make sure that the length of the encrypted DKEK received in
WrapperKeyAndInfoContainer() does not exceed the size of the key
buffer.
- Check client id NULL termination.
- Get rid of unnecessary dynamic allocations.
- Update tests.
Change-Id: I9f5b494a8ea3d0d8f438a50bb49b55d57d1a3e67
|
|
Change-Id: Idfed338ad6f632556585e5749817bb882cbe0251
|
|
To enable the TZ backend support add following option to the gbs build:
--define "tz_backend ON". If the option is not set or is set to value
different than ON, the TZ backend support is disabled (it is disabled by
default).
Change-Id: If6ebd2625ea7b559df52c8fc6da659a99e53a9f9
|
|
Apparently the boost unit_test_log_formatter interface has changed. The
colour_log_formatter has been updated to match the new version. Thanks to that
it is now possible to properly observe uncaught exceptions in unit tests.
As a result the assert wrapper is no longer necessary and it has been removed.
Change-Id: Ifbf0b8b2f1234e1d77fa695b145c50d65e87624a
|
|
Migration tests use existing databases so test alias names must not be changed
Change-Id: I4277125a9031d822d1666e51a8ee54466901e2a0
|
|
1. Regular std::exception is not reported as error by boost test.
Std::runtime_error is used because a part of the test code is also used in
a tool for database generation.
This commit replaces calls to boost test macros with calls to a wrapper macro
which is expanded to std::runtime_error or boost test assert depending on a
compilation flag.
2. Test binaries are modifying process labels which requires onlycap.
This commit modifies exec label and adds onlycap fixture to disable onlycap
for scheme tests.
Change-Id: Ibbe44c2bca6e12b5ade360b267c281ef18294258
|
|
This key was used by example software implementation of encrypted initial-values
feature which has been replaced by hardware backed implementation.
Change-Id: Id8358a70459fb6ddd8ebb43fc8e987dc4d586f63
|
|
- pass TEEC_Context by reference, not by value.
- print return origin from TEEC_InvokeCommand
Change-Id: Ib26415d0dfb454540c0f0b85d2dc50466f63ae14
|
|
Base64 code licensed under BSD 2-clause has been removed. This license is no
longer necessary.
Change-Id: I91a3df5d282b81df19699afee9028c0dc27783d1
|
|
Change-Id: Ib52a86548462ef1c7e59ca446b0733e5291017f8
|
|
RO location will be processed before RW if a flag file is present. After import
the flag will be removed but xml files will be left untouched.
Change-Id: Id11c982ee4a055871e4af6841c23a11cbf139239
|
|
Delete any existing values of given name before saving new one.
Change-Id: I4cf23efad7cff6ef453f1ed7e4bfcda76d2fdc69
|
|
Add a tool able to create and/or update an initial values xml. It is also
possible to add encrypted ininial values.
Add rpm package for potential use in gbs buildroot during image creation.
Limitations:
- Hardcoded IV & tag length
- Hardcoded Data format
Testing:
dd if=/dev/random of=/tmp/key bs=32 count=1
dd if=/dev/random of=/tmp/data bs=32 count=1
ckm_initial_values -k /tmp/key -d /tmp/data -n name -t Key -s AES -p pass -e
-b hardware -a acc1,acc2,acc3
Change-Id: Id29d0eb58d9dba3e78b3437534cb566046a39877
|
|
Add tag attribute in xml schema
Change-Id: Idc058e756ab6053103e1477292cacbacf57a9879
|