Adjust SE backend functions to HAL API

author Jakub Wlostowski <j.wlostowski@samsung.com>

Mon, 31 Mar 2025 14:28:51 +0000 (16:28 +0200)

committer Dariusz Michaluk <d.michaluk@samsung.com>

Tue, 8 Apr 2025 08:35:10 +0000 (10:35 +0200)
author Jakub Wlostowski <j.wlostowski@samsung.com>
Mon, 31 Mar 2025 14:28:51 +0000 (16:28 +0200)
committer Dariusz Michaluk <d.michaluk@samsung.com>
Tue, 8 Apr 2025 08:35:10 +0000 (10:35 +0200)
diff --git a/CMakeLists.txt b/CMakeLists.txt

index 4eac45634538920d878a242beb0f0a5b94ae6cff..4bf3647c94dbf370e9ab494b5ea5c7236c30430c 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -77,9 +77,12 @@ IF(NOT DEFINED COVERAGE_DIR)
  ENDIF(NOT DEFINED COVERAGE_DIR)
  ADD_DEFINITIONS("-DCOVERAGE_DIR=\"${COVERAGE_DIR}\"")
  
+IF (TZ_BACKEND_ENABLED OR SE_BACKEND_ENABLED)
+    SET(EXTRA_KM_DEPS ${EXTRA_KM_DEPS} hal-api-security)
+ENDIF()
+
  IF (TZ_BACKEND_ENABLED)
      ADD_DEFINITIONS("-DTZ_BACKEND_ENABLED")
-    PKG_CHECK_MODULES(HAL_DEP REQUIRED hal-api-security)
  
      SET(TZ_BACKEND_SOURCES
          ${KEY_MANAGER_PATH}/crypto/tz-backend/internals.cpp
@@ -92,10 +95,10 @@ ENDIF()
  
  IF (SE_BACKEND_ENABLED)
      ADD_DEFINITIONS("-DSE_BACKEND_ENABLED")
+
      SET(SE_BACKEND_SOURCES
          ${KEY_MANAGER_PATH}/crypto/se-backend/internals.cpp
      )
-    SET(EXTRA_KM_DEPS ${EXTRA_KM_DEPS} key-manager-se-backend)
  ENDIF()
  
  IF (DEFINED WATCHDOG_ENABLED)
@@ -142,6 +145,8 @@ PKG_CHECK_MODULES(KEY_MANAGER_DEP
      ${EXTRA_KM_DEPS}
  )
  
+LINK_DIRECTORIES(${KEY_MANAGER_DEP_LIBRARY_DIRS})
+
  IF (NOT DEFINED COVERAGE_ONLY)
  ADD_SUBDIRECTORY(data)
  ADD_SUBDIRECTORY(doc)
diff --git a/misc/ckm_db_tool/CMakeLists.txt b/misc/ckm_db_tool/CMakeLists.txt

index c77c370a3827224800658cad8a30a9bc5d9afd11..d0a6d075a6668af12edfa71e0e310cb4d7ebc843 100644 (file)
--- a/misc/ckm_db_tool/CMakeLists.txt
+++ b/misc/ckm_db_tool/CMakeLists.txt
@@ -8,7 +8,6 @@ FIND_PACKAGE(Threads REQUIRED)
  
  INCLUDE_DIRECTORIES(
      ${KEY_MANAGER_DEP_INCLUDE_DIRS}
-    ${HAL_DEP_INCLUDE_DIRS}
      ${CMAKE_CURRENT_SOURCE_DIR}
      ${PROJECT_SOURCE_DIR}/common
      ${KEY_MANAGER_PATH}/main
@@ -69,15 +68,12 @@ SET(CKM_DB_TOOLS_SOURCES
      ${SE_BACKEND_SOURCES}
      )
  
-LINK_DIRECTORIES(${CKM_DB_TOOL_DEP_LIBRARY_DIRS} ${HAL_DEP_LIBRARY_DIRS})
-
  ADD_EXECUTABLE(${CKM_DB_TOOL} ${CKM_DB_TOOLS_SOURCES} ${CMAKE_CURRENT_SOURCE_DIR}/ckm_db_tool.cpp)
  
  TARGET_LINK_LIBRARIES(${CKM_DB_TOOL}
      ${CMAKE_THREAD_LIBS_INIT}
      ${KEY_MANAGER_DEP_LIBRARIES}
      ${TARGET_KEY_MANAGER_COMMON}
-    ${HAL_DEP_LIBRARIES}
      -ldl
      )
  
@@ -87,7 +83,6 @@ TARGET_LINK_LIBRARIES(${CKM_DB_MERGE}
      ${CMAKE_THREAD_LIBS_INIT}
      ${KEY_MANAGER_DEP_LIBRARIES}
      ${TARGET_KEY_MANAGER_COMMON}
-    ${HAL_DEP_LIBRARIES}
      -ldl
      )
  
diff --git a/misc/encryption_scheme/CMakeLists.txt b/misc/encryption_scheme/CMakeLists.txt

index ca322e89b67d9998dc034ab7160f51790370e112..2eac231cab151e862e8512e8e4e90087bf7ee08d 100644 (file)
--- a/misc/encryption_scheme/CMakeLists.txt
+++ b/misc/encryption_scheme/CMakeLists.txt
@@ -20,8 +20,6 @@ INCLUDE_DIRECTORIES(
      ${CMAKE_CURRENT_SOURCE_DIR}
  )
  
-LINK_DIRECTORIES(${KEY_MANAGER_DEP_LIBRARY_DIRS})
-
  SET(ENCRYPTION_SCHEME_COMMON_LINK_OPTIONS
      ${TARGET_KEY_MANAGER_CLIENT}
      ${TARGET_KEY_MANAGER_CONTROL_CLIENT}
diff --git a/misc/encryption_scheme/test_encryption-scheme.cpp b/misc/encryption_scheme/test_encryption-scheme.cpp

index 439b79aefac43a371bece212bfd7694a4736ee71..77eeb2f83bf43a1876d6b7fec9efa184fffc8fdb 100644 (file)
--- a/misc/encryption_scheme/test_encryption-scheme.cpp
+++ b/misc/encryption_scheme/test_encryption-scheme.cpp
@@ -33,6 +33,9 @@
  #include <key-provider.h>
  #include <dpl/log/log.h>
  #include <log-setup.h>
+#ifdef SE_BACKEND_ENABLED
+#include <hal/hal-security-keys.h>
+#endif
  
  #include <colour_log_formatter.h>
  #include "scheme-test.h"
@@ -72,6 +75,10 @@ private:
  struct TestConfig {
         TestConfig()
         {
+#ifdef SE_BACKEND_ENABLED
+               if (hal_security_keys_get_backend())
+                       LogError("Can't get Security Keys backend");
+#endif
                 boost::unit_test::unit_test_log.set_threshold_level(
                         boost::unit_test::log_test_units);
                 boost::unit_test::results_reporter::set_level(boost::unit_test::SHORT_REPORT);
@@ -79,6 +86,9 @@ struct TestConfig {
         }
         ~TestConfig()
         {
+#ifdef SE_BACKEND_ENABLED
+               hal_security_keys_put_backend();
+#endif
         }
  };
  
diff --git a/packaging/key-manager.spec b/packaging/key-manager.spec

index 276900452bdcde7e33c16bdce386f6f3ea0df523..9be29d3d9bb4a408d28ce786e558203dc156b6f8 100644 (file)
--- a/packaging/key-manager.spec
+++ b/packaging/key-manager.spec
@@ -43,12 +43,9 @@ BuildRequires: pkgconfig(argos_watchdog)
  %endif
  BuildRequires: boost-devel
  BuildRequires: ca-certificates-devel
-%if %{tz_backend_enabled} == ON
+%if %{tz_backend_enabled} == ON || %{se_backend_enabled} == ON
  BuildRequires: pkgconfig(hal-api-security)
  %endif
-%if %{se_backend_enabled} == ON
-BuildRequires: pkgconfig(key-manager-se-backend)
-%endif
  Requires: libkey-manager-common = %{version}-%{release}
  %if "%{build_type}" == "COVERAGE"
  BuildRequires: lcov
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt

index c9d9b30d0b80fa748bc21c4c2db866384e187137..2c82fe42d5398af4c32b27f64fd3c92d9ab5f0bc 100644 (file)
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -62,10 +62,7 @@ SET_SOURCE_FILES_PROPERTIES(
      PROPERTIES
          COMPILE_FLAGS "-D_GNU_SOURCE -fvisibility=hidden")
  
-INCLUDE_DIRECTORIES(SYSTEM
-    ${KEY_MANAGER_DEP_INCLUDE_DIRS}
-    ${HAL_DEP_INCLUDE_DIRS}
-    )
+INCLUDE_DIRECTORIES(SYSTEM ${KEY_MANAGER_DEP_INCLUDE_DIRS})
  
  INCLUDE_DIRECTORIES(
      ${KEY_MANAGER_SRC_PATH}/include
@@ -80,15 +77,12 @@ INCLUDE_DIRECTORIES(
      ${KEY_MANAGER_PATH}/crypto
      )
  
-LINK_DIRECTORIES(${KEY_MANAGER_DEP_LIBRARY_DIRS} ${HAL_DEP_LIBRARY_DIRS})
-
  ADD_EXECUTABLE(${TARGET_KEY_MANAGER} ${KEY_MANAGER_SOURCES})
  
  TARGET_LINK_LIBRARIES(${TARGET_KEY_MANAGER}
      ${CMAKE_THREAD_LIBS_INIT}
      ${KEY_MANAGER_DEP_LIBRARIES}
      ${TARGET_KEY_MANAGER_COMMON}
-    ${HAL_DEP_LIBRARIES}
      -ldl
      )
  ################################################################################
diff --git a/src/manager/crypto/se-backend/internals.cpp b/src/manager/crypto/se-backend/internals.cpp

index 871dcc9f2677abb7bd7e9844a9a056027d5e7dfa..b3aebb1aab758b8658c65fe288e6999ac8f80c1a 100644 (file)
--- a/src/manager/crypto/se-backend/internals.cpp
+++ b/src/manager/crypto/se-backend/internals.cpp
@@ -13,210 +13,153 @@
   *  See the License for the specific language governing permissions and
   *  limitations under the License
   */
-/*
- * @file       internals.cpp
- * @author     isaac2.lee (isaac2.lee@samsung.com)
- * @version    1.0
- */
  
  #include <functional>
  #include <unistd.h>
  #include <generic-backend/exception.h>
-#include <generic-backend/algo-validation.h>
-#include <generic-backend/crypto-params.h>
  #include <dpl/log/log.h>
  #include <ckm/ckm-type.h>
  
+#include <hal/hal-security-keys.h>
  #include <se-backend/internals.h>
-#include <key-manager-se-backend.h>
-#include <key-provider.h>
  
-#ifndef UNUSED_PARAMETER
-#define UNUSED_PARAMETER(x) (void)(x)
-#endif
+struct data_free_deleter {
+       void operator()(hal_security_keys_data_s* p) const {
+               if (p->buffer)
+                       free(p->buffer);
+               delete p;
+       }
+};
  
-namespace CKM {
-namespace Crypto {
-namespace SE {
-namespace Internals {
+class security_keys_data_ptr {
+public:
+       security_keys_data_ptr() : data(new hal_security_keys_data_s{nullptr, 0}) {}
  
-RawBuffer toRawBuffer(unsigned char* buf, uint32_t buf_len)
-{
-       RawBuffer output;
-       output.assign(buf, buf + buf_len);
-       return output;
-}
+       hal_security_keys_data_s* Get() {
+               return data.get();
+       }
  
-kmsb_hash_algo_e getHashType(const CryptoAlgorithm &alg)
-{
-       HashAlgorithm hash = unpack<HashAlgorithm>(alg, ParamName::SV_HASH_ALGO);
-       switch (hash)
-       {
-       case HashAlgorithm::SHA1:
-               return KMSB_HASH_SHA1;
-       case HashAlgorithm::SHA256:
-               return KMSB_HASH_SHA256;
-       case HashAlgorithm::SHA384:
-               return KMSB_HASH_SHA384;
-       case HashAlgorithm::SHA512:
-               return KMSB_HASH_SHA512;
-       default:
-               break;
+       unsigned char* GetBuffer() {
+               return data->buffer;
         }
-       return KMSB_HASH_SHA256;
-}
  
-kmsb_ec_type_e getEcType(const ElipticCurve ecType)
-{
-       if (ecType == ElipticCurve::prime192v1)
-               return KMSB_EC_PRIME192V1;
-       else if (ecType == ElipticCurve::prime256v1)
-               return KMSB_EC_PRIME256V1;
-       else if (ecType == ElipticCurve::secp384r1)
-               return KMSB_EC_SECP384R1;
-       return KMSB_EC_PRIME256V1;
-}
+       size_t GetLength() {
+               return data->length;
+       }
+
+private:
+       std::unique_ptr<hal_security_keys_data_s, data_free_deleter> data;
+};
  
-int kmsb_failure_retry(std::function<int()> func)
+namespace CKM {
+namespace Crypto {
+namespace SE {
+namespace Internals {
+
+int retry_on_failure(std::function<int()> func)
  {
-       int result = KMSB_ERROR_NONE;
+       int result = HAL_SECURITY_KEYS_ERROR_NONE;
         for (size_t attempt = 0; attempt < 3; ++attempt) {
                 result = func();
-               if (result == KMSB_ERROR_NONE || result == KMSB_ERROR_NO_KEY)
+               if (result == HAL_SECURITY_KEYS_ERROR_NONE || result == HAL_SECURITY_KEYS_ERROR_NO_KEY)
                         break;
-               LogError("occured err inside SE(errcode:" << result << ")");
+               LogError("SE backend error: " << result);
                 usleep(100000);
         }
         return result;
  }
  
-void generateSKey(const CryptoAlgorithm &alg,
-                               const uint32_t key_idx)
+void generateSKey(const CryptoAlgorithm&,
+                                 const uint32_t)
  {
-       UNUSED_PARAMETER(alg);
-       UNUSED_PARAMETER(key_idx);
-
-       ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend not supported");
+       ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend does not support symmetric key generation");
  }
  
-void generateAKey(const CryptoAlgorithm &alg,
-                               const uint32_t key_idx)
+void generateAKey(const CryptoAlgorithm&,
+                                 const uint32_t)
  {
-       UNUSED_PARAMETER(alg);
-       UNUSED_PARAMETER(key_idx);
-
-       ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend not supported");
+       ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend does not support asymmetric key generation");
  }
  
-/// @brief encrypt key data using SE api for DB metadata
-/// @param key: target data for encryption
-/// @param key_len: target data length
-/// @param iv: iv data
-/// @param iv_len: iv data length
-/// @return Rawbuffer encrypted output
-RawBuffer encryptWithDbpKey(const unsigned char* key, const uint32_t key_len,
-                                               const unsigned char* iv, const uint32_t iv_len)
+RawBuffer encryptWithDbpKey(const unsigned char* key,
+                                                       const uint32_t key_len,
+                                                       const unsigned char* iv,
+                                                       const uint32_t iv_len)
  {
-       unsigned char* output_data = NULL;
-       uint32_t output_len = 0;
         LogDebug("DBP Key will be encrypted on SE backend");
  
-       int ret = kmsb_failure_retry(std::bind(kmsb_encrypt_with_dbp_key,
-                                                               SE_BACKEND_DBP_SCHEME_VERSION,
-                                                               key, key_len,
-                                                               iv, iv_len,
-                                                               &output_data, &output_len));
-       if (ret == KMSB_ERROR_NO_KEY) {
-               ret = kmsb_failure_retry(std::bind(kmsb_generate_dbp_key,
-                                                               false));
-               if (ret != KMSB_ERROR_NONE) {
+       hal_security_keys_data_s hal_data = {const_cast<unsigned char*>(key), key_len};
+       hal_security_keys_data_s hal_iv = {const_cast<unsigned char*>(iv), iv_len};
+       security_keys_data_ptr hal_out;
+       int ret = retry_on_failure(std::bind(hal_security_keys_encrypt_data_dbp,
+                                                          HAL_SECURITY_KEYS_DBP_SCHEME_VERSION_1,
+                                                          hal_data,
+                                                          hal_iv,
+                                                          hal_out.Get()));
+
+       if (ret == HAL_SECURITY_KEYS_ERROR_NO_KEY) {
+               ret = retry_on_failure(std::bind(hal_security_keys_create_key_dbp, false));
+               if (ret != HAL_SECURITY_KEYS_ERROR_NONE) {
                         LogError("Generate Key: SE Internal error: " << ret);
                         ThrowErr(Exc::Crypto::InternalError, "Generate Key: SE Internal error");
                 }
-               ret = kmsb_failure_retry(std::bind(kmsb_encrypt_with_dbp_key,
-                                                               SE_BACKEND_DBP_SCHEME_VERSION,
-                                                               key, key_len,
-                                                               iv, iv_len,
-                                                               &output_data, &output_len));
+
+               ret = retry_on_failure(std::bind(hal_security_keys_encrypt_data_dbp,
+                                                          HAL_SECURITY_KEYS_DBP_SCHEME_VERSION_1,
+                                                          hal_data,
+                                                          hal_iv,
+                                                          hal_out.Get()));
         }
-       if (ret != KMSB_ERROR_NONE) {
+
+       if (ret != HAL_SECURITY_KEYS_ERROR_NONE) {
                 LogError("Encrypt Key: SE Internal error: " << ret);
                 ThrowErr(Exc::Crypto::InternalError, "Encrypt key: SE Internal error");
         }
-       return toRawBuffer(output_data, output_len);
-}
-
-RawBuffer halAES(const uint32_t key_idx,
-                               const CryptoAlgorithm &alg,
-                               RawBuffer &data,
-                               const bool isEncrypt) 
-{
-       UNUSED_PARAMETER(key_idx);
-       UNUSED_PARAMETER(alg);
-       UNUSED_PARAMETER(data);
-       UNUSED_PARAMETER(isEncrypt);
  
-       ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend not supported AES yet");
+       return RawBuffer(hal_out.GetBuffer(), hal_out.GetBuffer() + hal_out.GetLength());
  }
  
-RawBuffer symmetricEncrypt(const uint32_t key_idx,
-                                               const CryptoAlgorithm &alg,
-                                               RawBuffer &data)
+RawBuffer symmetricEncrypt(const uint32_t,
+                                                  const CryptoAlgorithm&,
+                                                  RawBuffer&)
  {
-       return halAES(key_idx, alg, data, true);
+       ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend does not support AES");
  }
  
-RawBuffer symmetricDecrypt(const uint32_t key_idx,
-                                               const CryptoAlgorithm &alg,
-                                               RawBuffer &data)
+RawBuffer symmetricDecrypt(const uint32_t,
+                                                  const CryptoAlgorithm&,
+                                                  RawBuffer&)
  {
-       return halAES(key_idx, alg, data, false);
+       ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend does not support AES");
  }
  
-RawBuffer asymmetricEncrypt(const uint32_t key_idx,
-                                                       const CryptoAlgorithm &alg,
-                                                       RawBuffer &data)
+RawBuffer asymmetricEncrypt(const uint32_t,
+                                                       const CryptoAlgorithm&,
+                                                       RawBuffer&)
  {
-       UNUSED_PARAMETER(key_idx);
-       UNUSED_PARAMETER(alg);
-       UNUSED_PARAMETER(data);
-
-       ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend not supported RSA");
+       ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend does not support RSA");
  }
  
-RawBuffer asymmetricDecrypt(const uint32_t key_idx,
-                                                       const CryptoAlgorithm &alg,
-                                                       RawBuffer &data)
+RawBuffer asymmetricDecrypt(const uint32_t,
+                                                       const CryptoAlgorithm&,
+                                                       RawBuffer&)
  {
-       UNUSED_PARAMETER(key_idx);
-       UNUSED_PARAMETER(alg);
-       UNUSED_PARAMETER(data);
-
-       ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend not supported RSA");
+       ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend does not support RSA");
  }
  
-RawBuffer sign(const uint32_t key_idx,
-                       const CryptoAlgorithm &alg,
-                       RawBuffer &message)
+RawBuffer sign(const uint32_t,
+                          const CryptoAlgorithm&,
+                          RawBuffer&)
  {
-       UNUSED_PARAMETER(key_idx);
-       UNUSED_PARAMETER(alg);
-       UNUSED_PARAMETER(message);
-
-       ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend not supported signing yet");
+       ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend does not support signing");
  }
  
-int verify(const uint32_t key_idx,
-               const CryptoAlgorithm &alg,
-               RawBuffer &hash,
-               RawBuffer &signature)
+int verify(const uint32_t,
+                  const CryptoAlgorithm&,
+                  RawBuffer&,
+                  RawBuffer&)
  {
-       UNUSED_PARAMETER(key_idx);
-       UNUSED_PARAMETER(alg);
-       UNUSED_PARAMETER(hash);
-       UNUSED_PARAMETER(signature);
-
-       ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend not supported verifying yet");
+       ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend does not support verifying");
  }
  
  } // namespace Internals
diff --git a/src/manager/service/ckm-service.cpp b/src/manager/service/ckm-service.cpp

index ccc8b9877f3bde17277d0a653506b06e9c20bf3f..396270a8d19141a6ff7cdf173acfac1b2b0b7e78 100644 (file)
--- a/src/manager/service/ckm-service.cpp
+++ b/src/manager/service/ckm-service.cpp
@@ -28,7 +28,7 @@
  #include <ckm-service.h>
  #include <ckm-logic.h>
  #include <initial-value-loader.h>
-#ifdef TZ_BACKEND_ENABLED
+#if defined TZ_BACKEND_ENABLED || defined SE_BACKEND_ENABLED
  #include <hal/hal-security-keys.h>
  #endif
  
@@ -43,7 +43,7 @@ namespace CKM {
  CKMService::CKMService() :
         m_logic(new CKMLogic)
  {
-#ifdef TZ_BACKEND_ENABLED
+#if defined TZ_BACKEND_ENABLED || defined SE_BACKEND_ENABLED
         if (hal_security_keys_get_backend())
                 LogError("Can't get Security Keys backend");
  #endif
@@ -52,7 +52,7 @@ CKMService::CKMService() :
  
  CKMService::~CKMService()
  {
-#ifdef TZ_BACKEND_ENABLED
+#if defined TZ_BACKEND_ENABLED || defined SE_BACKEND_ENABLED
         hal_security_keys_put_backend();
  #endif
         delete m_logic;
diff --git a/unit-tests/CMakeLists.txt b/unit-tests/CMakeLists.txt

index 79c3fbc028a3d59ac2b54f6f84a2c59d06df5da6..bea207aad9fde2a0c345cb2d1b3e413f08f1b926 100644 (file)
--- a/unit-tests/CMakeLists.txt
+++ b/unit-tests/CMakeLists.txt
@@ -40,7 +40,7 @@ ADD_DEFINITIONS("-Wno-stringop-truncation")
  
  SET(MANAGER_PATH ${PROJECT_SOURCE_DIR}/src/manager)
  
-INCLUDE_DIRECTORIES(SYSTEM ${KEY_MANAGER_DEP_INCLUDE_DIRS} ${HAL_DEP_INCLUDE_DIRS})
+INCLUDE_DIRECTORIES(SYSTEM ${KEY_MANAGER_DEP_INCLUDE_DIRS})
  
  INCLUDE_DIRECTORIES(
      ${MANAGER_PATH}/dpl/db/include
@@ -60,8 +60,6 @@ INCLUDE_DIRECTORIES(
      ${CMAKE_CURRENT_SOURCE_DIR}
  )
  
-LINK_DIRECTORIES(${KEY_MANAGER_DEP_LIBRARY_DIRS} ${HAL_DEP_LIBRARY_DIRS})
-
  SET(UNIT_TESTS_SOURCES
      ${PROJECT_SOURCE_DIR}/common/base64_generic.cpp
      ${PROJECT_SOURCE_DIR}/common/colour_log_formatter.cpp
@@ -165,7 +163,6 @@ TARGET_LINK_LIBRARIES(
      ${TARGET_UNIT_TESTS}
      ${KEY_MANAGER_DEP_LIBRARIES}
      ${CMAKE_THREAD_LIBS_INIT}
-    ${HAL_DEP_LIBRARIES}
      boost_unit_test_framework
      liboqs.a
      -ldl
diff --git a/unit-tests/test_key-provider.cpp b/unit-tests/test_key-provider.cpp

index a44824b27141f37494e966389bde2550093d9c07..2bf1c3c3c2a154b4f152533d98f9341bb833cf58 100644 (file)
--- a/unit-tests/test_key-provider.cpp
+++ b/unit-tests/test_key-provider.cpp
@@ -26,6 +26,9 @@
  #include <key-provider.h>
  #include <test_common.h>
  #include <iostream>
+#ifdef SE_BACKEND_ENABLED
+#include <hal/hal-security-keys.h>
+#endif
  
  #include "crypto-backend.h"
  
@@ -112,6 +115,21 @@ RawBuffer convertToOldFormat(const RawBuffer& wrappedDKEKbuffer)
  
  BOOST_AUTO_TEST_SUITE(KEY_PROVIDER_TEST)
  
+#ifdef SE_BACKEND_ENABLED
+struct SeBackendFixture {
+       SeBackendFixture() {
+               if (hal_security_keys_get_backend())
+                       LogError("Can't get Security Keys backend");
+       }
+
+       ~SeBackendFixture() {
+               hal_security_keys_put_backend();
+       }
+};
+
+BOOST_GLOBAL_FIXTURE(SeBackendFixture);
+#endif
+
  NEGATIVE_TEST_CASE(KeyAndInfo_ctor_wrong_size)
  {
         RawBuffer buffer(sizeof(DomainKEKAndInfo) + 1, 0);
author	Jakub Wlostowski <j.wlostowski@samsung.com>
	Mon, 31 Mar 2025 14:28:51 +0000 (16:28 +0200)
committer	Dariusz Michaluk <d.michaluk@samsung.com>
	Tue, 8 Apr 2025 08:35:10 +0000 (10:35 +0200)
CMakeLists.txt		patch \| blob \| history
misc/ckm_db_tool/CMakeLists.txt		patch \| blob \| history
misc/encryption_scheme/CMakeLists.txt		patch \| blob \| history
misc/encryption_scheme/test_encryption-scheme.cpp		patch \| blob \| history
packaging/key-manager.spec		patch \| blob \| history
src/CMakeLists.txt		patch \| blob \| history
src/manager/crypto/se-backend/internals.cpp		patch \| blob \| history
src/manager/service/ckm-service.cpp		patch \| blob \| history
unit-tests/CMakeLists.txt		patch \| blob \| history
unit-tests/test_key-provider.cpp		patch \| blob \| history