Age | Commit message (Collapse) | Author | Files | Lines |
|
Openssl uses SHA1 if no hash algorithm is provided for DSA & ECDSA
signatures. TZ does not support that option at all. It's better to
forbid it.
This commit changes the API behavior and may lead to errors in clients
that used HashAlgorithm::NONE with DSA or ECDSA which is highly
unlikely.
Change-Id: I8522e8f157b5ef2d6599bb672ef790ee8ea48644
|
|
Verification API has no knowledge about the algorithm type. It has to be derived
from the key type.
Change-Id: I2e0d094372e4bf8c28275544204e431c4023e391
|
|
Deserialization may return an empty buffer with no error. Adjust code to handle
that case.
Change-Id: Ife80b4d35914eda700798e0515812b3b638e735e
|
|
Change-Id: Ie98b4e72addb257c2a8de1de57097fe077fff380
|
|
Change-Id: I304452444887de48d808a6aa11eb42a1de385bf0
|
|
When generating asymmetric keys, ckm-logic selected less restrictive
policy out of two provided and selected key store this way. Now, both
policies are supplied to Decider, which will allow for more complex
backend selection logic.
Change-Id: Id2b845326cae7bbf5d90bb575645c8af36c20d0f
|
|
During startup the key-manager attempts to read a table SCHEMA_INFO to get the
information about the database version. In older versions of the database that
table is missing. Key-manager properly handles that case but produces 3 lines of
error log which may suggest that something went wrong.
This commit checks the existence of the table before attempting to use it. Whole
operation is enclosed in a transaction.
Change-Id: Ie7f1fbe1182c2add5965f8e5ddada262ffcb42fe
|
|
|
|
When systemd's socket activaction is utilized, the default backlog
parameter passed to the listen() function is set to SOMAXCONN,
which is equal to 128. In distributions where systemd is not used
for socket activation, the default UNIX socket
implementation sets the backlog value to 5.
This may lead to rare overflow of an internal connection queue.
This manifests itself as the -EAGAIN error returned by connect().
To mitigate the issue, the backlog parameter has been set
to SOMAXCONN, which is a default value used by systemd.
Change-Id: I906cd4de478b0dac0eaf860550fccd2f9cd6e184
|
|
Change-Id: I3e087729762d16b84327863317643387c304ef88
|
|
va_start / va_end must be called in the same function
Change-Id: I5176fc2686a62eb0a21e6eb9a5f737dbc3880056
|
|
GetFd(os) on a non-existing file causes segfault.
Change-Id: I8365dfbddace160ae99b1e7d1f6070ee1032f6cd
|
|
bj.im@samsung.com is no longer a valid email address.
Change-Id: I81103542e0d23e80a71d5f1e86cc263f92ab78b0
|
|
Calculating timeout for socket connections should
use monotonic clock.
Change-Id: If9c3d573b70d1faa1cf46b9215048a5853abbaaa
|
|
Change-Id: Ib8fd0260527ed87bf0801e3cb7a24d2ca97f4c90
Signed-off-by: Ernest Borowski <e.borowski@partner.samsung.com>
|
|
Change-Id: I8f9bed07752fde26f629cca6931231dab5fd8980
|
|
In rare case when DB tool was used for db inspection,
and db could not be opened, the commandline interface
returned raw error code, without any explanation.
Change-Id: If7a29842ae5a7fc2e99a2d991545539704647f3c
|
|
Change-Id: I02ff75a9f6c60bdcd4b3450a135a4047bbbc05f0
Signed-off-by: Ernest Borowski <e.borowski@partner.samsung.com>
|
|
Change-Id: I045174602edd51dc7efcc8d79eb1beed76215b10
Signed-off-by: Ernest Borowski <e.borowski@partner.samsung.com>
|
|
Change-Id: I26207f412d5aeee68f6c90131d6c62978233c5f5
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
|
|
PKEK2 is used to derive both DB DEK and APP DEK. Currently, variable names and
comments are a bit misleading.
This commit refactors the variable names and comments to better describe the
actual purpose of this key.
Change-Id: If8ee266ec2da63c929f498f1ed009df5d79c134f
|
|
Encryption keys and passwords are sensitive data and as such should be cleared
when no longer used to prevent memory attacks.
According to the "as-if" rule, the compiler is allowed to perform any changes to
the program as long as the observable behavior of the program is not
changed. Since the contents of unused memory are not considered an observable
behavior the compiler is allowed to optimize out the call to memset(). The
following solutions were considered:
- Reading the memory after overwriting it with memset(). Since reading the
memory has no observable effects it's perfectly legal for the compiler to
remove both operations.
- Using volatile asembly code to prevent optimization. It may prevent some
compilers from optimizing but there's no guarantee.
- Using volatile funtion pointer to memset. Apparently, it can be optimized as
well during LTO.
- Using memcpy_s(). The function is not widely available yet. It may be missing
so we still need a fallback solution.
- Locally disabling optimization with #pragma GCC optimize("O0"). It's GCC
specific and it's not clear whether GCC will try to optimize it with
"O0". Empirical test showed that memset() call is not removed.
This commit applies the last solution adding a new unoptimized wrapper for
memset().
Note that this commit will not prevent the processor from creating another copy
of the sensitive data in registers, on the stack, in swap or in cache memory. It
will only limit the number of places in memory where the secret data can be
found.
Change-Id: I80fe8ce8ce3d808b423858254d6fd23f491d2674
|
|
Change-Id: Ia2e387f70a50b090641f6bf6fb509d7d54dfdd8f
|
|
Change-Id: I048649f8a9a3450f6cefcbd9d2d75c8445f46277
|
|
Change-Id: I657ac68ce8e9253ca63187132eef3fb769d8426a
|
|
Change-Id: I0dfceda850c69b09a92d26254642357838ea7cb5
|
|
Change-Id: Ic9c6286b3672836c2bde976adb1b79ba34793918
|
|
- Make sure that the length of the encrypted DKEK received in
WrapperKeyAndInfoContainer() does not exceed the size of the key
buffer.
- Check client id NULL termination.
- Get rid of unnecessary dynamic allocations.
- Update tests.
Change-Id: I9f5b494a8ea3d0d8f438a50bb49b55d57d1a3e67
|
|
Change-Id: Idfed338ad6f632556585e5749817bb882cbe0251
|
|
This key was used by example software implementation of encrypted initial-values
feature which has been replaced by hardware backed implementation.
Change-Id: Id8358a70459fb6ddd8ebb43fc8e987dc4d586f63
|
|
- pass TEEC_Context by reference, not by value.
- print return origin from TEEC_InvokeCommand
Change-Id: Ib26415d0dfb454540c0f0b85d2dc50466f63ae14
|
|
RO location will be processed before RW if a flag file is present. After import
the flag will be removed but xml files will be left untouched.
Change-Id: Id11c982ee4a055871e4af6841c23a11cbf139239
|
|
Delete any existing values of given name before saving new one.
Change-Id: I4cf23efad7cff6ef453f1ed7e4bfcda76d2fdc69
|
|
Add tag attribute in xml schema
Change-Id: Idc058e756ab6053103e1477292cacbacf57a9879
|
|
Change-Id: I44fe9737dd34d8b61d2ab099c3f611903a5cc9a1
|
|
Change-Id: I31dca502533360b759d6aea20e75a9e823eccc34
|
|
Version 1 of xml with initial values is not supported from now.
From now software backend will not support encrypted data.
Allow parser to accept xml version 2.
Initial values files will contain information about
type of backend that should be used to store data.
Change-Id: Ib3a73b14148a2476ab288ca364fffe9289400ebd
|
|
Add an intermediate Key class that removes the need to keep
credentials from binary data object (BData).
Change-Id: I638de81aedf47bc51421a7c362459ced801fd650
|
|
Change-Id: Idfd0909d03e40b7e5cd5aeb1116b844be1901cf1
|
|
- Use proper parameter for tag length
- Move default param values to TrustZoneContext where possible
- Remove unnecessary arguments
Change-Id: I00f8909ede4f80b77a937b52a5bce5698d4516a5
|
|
System services (uid < 5000) should always use "/System" owner id.
Eiter by explicitly adding it to the alias or by running with "System"
label. Add log to make the reason of the failure more apparent.
Change-Id: I1be9861eadcae6eadd6d682b4cc66972c93d1728
|
|
Get rid of all references to smack labels except database scheme.
alias = owner_id + name
Simplify db permissions processing
Change-Id: I36c3dbb3ee605fb00e5e4e6bcbada6400a0cbcab
|
|
Change-Id: I1fbcd7daf1674dd1ad6b9eaffdba76263bda370b
|
|
Change-Id: Ia61efbc57ce93ed3714dafe9edada7cb244c54d3
|
|
ckm_db_merge allows to read database and copy it's contents
to other one. ckm_db_merge supports db since versions 0.1.14.
Please note: both databases will be automatically migrated to
the newest schema.
Change-Id: I5cec9dfdc2ab75a2ccd5156b0bb05cb46d134480
|
|
- 120541 : improper use of nagative value
Change-Id: Ic93d890a08def810a8f09ed6bbb8171e440438df
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
|
|
Migration to VD causes build breaks because of missing optee dependency.
Relation between key-manager and key-manager-ta needs to be re-worked.
For now it will be disabled.
Change-Id: I5312db283e3514d7c54dfa7caffd6738b5568e2f
|
|
- 105284: Buffer not null terminated
- 108955: Big parameter passed by value
- 109815: Uncaught exception
Change-Id: I303a652d6ae0540f7d6daa833a30ef0fb691ffb8
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
|
|
Tef-simulator and optee use different TA file name formats. Key-manager was
detecting the presence of TA by checking the existence of TA file with
hardcoded format. It worked with tef-simulator but it failed to detect the TA
presence in case of optee.
This commit replaces the TA file presence checking with an attempt to open a
session using libteec. If an attempt succeeds the decider selects TZ backend.
Otherwise, it falls back to SW backend.
Change-Id: I840d6b58a1ffa39885a4b8ded0ff70f4147c3de0
|
|
openssl pkg-config requires libcrypto and libssl
Change-Id: I222e458a26e0dc15d82654d35fdccc126411000f
|