* @defgroup CAPI_KEY_MANAGER_MODULE Key Manager
* @brief The key manager provides a secure repository protected by Tizen platform for keys, certificates, and sensitive data of users and/or their APPs.
* Additionally, the key manager provides secure cryptographic operations for non-exportable keys without revealing key values to clients.
+ * Since Tizen 5.0 on chosen system images, module may use ARM TrustZone technology and may rely on particular TEE (Trusted Execution Environment) implementation.
* @section CAPI_KEY_MANAGER_MODULE_OVERVIEW Overview
* <table>
* <tr><th>API</th><th>Description</th></tr>
* - The client can specify only its own package id in the alias when storing a key, certificate, or data.
* - A client should specify the package id of the owner in the alias to retrieve a a key, certificate, or data shared by other applications.
* - Aliases are returned as the format of "package_id name" from the key-manager.
+ * Supported features
+ * Since Tizen 5.0 on chosen images, the realization of module functionality can be implemented using ARM TrustZone technology.
+ * Differences in standards governing TrustZone implementation and previous software-based implementation cause following differences in module operation:
+ * - When using TrustZone-based backend, GCM modes with 32 and 64 bit tag lengths are not supported.
+ * Global Platform TEE specification treats these configurations as unsafe and not supported.
+ * - When using TrustZone-based backend, passing big amounts of data (encryption/decryption) to the module has additional size restriction.
+ * Now it depends on the TEEC_CONFIG_SHAREDMEM_MAX_SIZE definition, specific for given TEE implementation, minus size of key-information needed to be passed to TEE.
+ * Minimum supported value for passing data to the module is at 500 kB.
*/
projects / platform / core / security / key-manager.git / blobdiff