projects / platform / hal / api / security.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a81a8f9)
Add SE backend functions 92/321892/3 accepted/tizen/unified/20250408.012201 accepted/tizen/unified/x/20250408.113225
authorJakub Wlostowski <j.wlostowski@samsung.com>
Mon, 31 Mar 2025 14:17:31 +0000 (16:17 +0200)
committerJakub Wlostowski <j.wlostowski@samsung.com>
Tue, 1 Apr 2025 07:04:39 +0000 (09:04 +0200)
Change-Id: I558d544e65807ec5789b6dc5008be66352b2fcab

doc/hal_security_keys_doc.h patch | blob | history
include/hal-security-keys-interface-1.h patch | blob | history
include/hal-security-keys-types.h patch | blob | history
include/hal-security-keys.h patch | blob | history
src/hal-api-security-keys.c patch | blob | history

diff --git a/doc/hal_security_keys_doc.h b/doc/hal_security_keys_doc.h
index dec7fb5a0ee0925537ef5c7b44b3be42b07fcc56..c1a8ee9b34657e8e4b03c2ab9c19b7294f568129 100644 (file)
--- a/doc/hal_security_keys_doc.h
+++ b/doc/hal_security_keys_doc.h
@@ -47,6 +47,8 @@
  * - Create and verify signatures
  * - Derive keys (ECDH, KBKDF, KBKDF hybrid)
  * - Get key chunk size
+ * - Create DBP key
+ * - Encrypt data with DBP key
  *
  * For more information on the Security Keys features and the macros, see HAL Security programming guides and tutorials.
  */
diff --git a/include/hal-security-keys-interface-1.h b/include/hal-security-keys-interface-1.h
index 058c2a4b692743fcee3fbef77be8c726176798ac..f951e7d1c3e9363259020dcb11fa1187d58bf7fc 100644 (file)
--- a/include/hal-security-keys-interface-1.h
+++ b/include/hal-security-keys-interface-1.h
@@ -322,6 +322,15 @@ typedef struct _hal_backend_security_keys_funcs {
     int (*get_max_chunk_size)(const hal_security_keys_context_s context,
                               size_t* chunk_size);
 
+    /** Create DBP key */
+    int (*create_key_dbp)(const bool destroy_old);
+
+    /** Encrypt data with DBP key */
+    int (*encrypt_data_dbp)(const hal_security_keys_dbp_scheme_version_e dbp_scheme_version,
+                            const hal_security_keys_data_s data,
+                            const hal_security_keys_data_s iv,
+                            hal_security_keys_data_s* out);
+
 } hal_backend_security_keys_funcs;
 
 /**
diff --git a/include/hal-security-keys-types.h b/include/hal-security-keys-types.h
index cb0a31273ece37b307f2decbb27ba9efb998176a..d2772650e26151faaae06468d0ee7fadae0f2fdb 100644 (file)
--- a/include/hal-security-keys-types.h
+++ b/include/hal-security-keys-types.h
@@ -85,6 +85,8 @@ typedef enum {
     HAL_SECURITY_KEYS_ERROR_VERIFICATION_FAILED,      /**< Verification failed */
     HAL_SECURITY_KEYS_ERROR_INTERNAL_ERROR,           /**< Internal error */
     HAL_SECURITY_KEYS_ERROR_TARGET_DEAD,              /**< Target dead */
+    HAL_SECURITY_KEYS_ERROR_NO_KEY,                   /**< No key available */
+    HAL_SECURITY_KEYS_ERROR_NOT_PERMITTED,            /**< Operation not permitted */
 } hal_security_keys_error_e;
 
 /**
@@ -195,6 +197,14 @@ typedef struct {
     bool no_separator;                                      /**< Skip the zero octet separator between label and context */
 } hal_security_keys_kbkdf_params_s;
 
+/**
+ * @brief Enumeration for DBP scheme version.
+ * @since HAL_MODULE_SECURITY_KEYS 1.0
+ */
+typedef enum {
+    HAL_SECURITY_KEYS_DBP_SCHEME_VERSION_1 = 1,             /**< Database protection scheme version 1 (AES-256-CBC) */
+} hal_security_keys_dbp_scheme_version_e;
+
 /**
  * @}
  */
diff --git a/include/hal-security-keys.h b/include/hal-security-keys.h
index 939001e1e79d8ab78213390d83ccf0913d1b398b..aef6366ebf16914f496ecfa107f3ee363e8ab76f 100644 (file)
--- a/include/hal-security-keys.h
+++ b/include/hal-security-keys.h
@@ -280,6 +280,13 @@ int hal_security_keys_derive_hybrid_kbkdf(const hal_security_keys_context_s cont
 int hal_security_keys_get_max_chunk_size(const hal_security_keys_context_s context,
                                          size_t* chunk_size);
 
+int hal_security_keys_create_key_dbp(const bool destroy_old);
+
+int hal_security_keys_encrypt_data_dbp(const hal_security_keys_dbp_scheme_version_e dbp_scheme_version,
+                                       const hal_security_keys_data_s data,
+                                       const hal_security_keys_data_s iv,
+                                       hal_security_keys_data_s* out);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/hal-api-security-keys.c b/src/hal-api-security-keys.c
index ccc5f792d7847e26058ff16f2bbd3fc0539b0258..936e4faad7d82b382b8b07f154f8dc174434c414 100644 (file)
--- a/src/hal-api-security-keys.c
+++ b/src/hal-api-security-keys.c
@@ -510,3 +510,20 @@ EXPORT int hal_security_keys_get_max_chunk_size(const hal_security_keys_context_
         return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
     return g_security_keys_funcs->get_max_chunk_size(context, chunk_size);
 }
+
+EXPORT int hal_security_keys_create_key_dbp(const bool destroy_old)
+{
+    if (!g_security_keys_funcs)
+        return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+    return g_security_keys_funcs->create_key_dbp(destroy_old);
+}
+
+EXPORT int hal_security_keys_encrypt_data_dbp(const hal_security_keys_dbp_scheme_version_e dbp_scheme_version,
+                                              const hal_security_keys_data_s data,
+                                              const hal_security_keys_data_s iv,
+                                              hal_security_keys_data_s* out)
+{
+    if (!g_security_keys_funcs)
+        return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+    return g_security_keys_funcs->encrypt_data_dbp(dbp_scheme_version, data, iv, out);
+}
Domain: Security / Utilities