From: Jakub Wlostowski <j.wlostowski@samsung.com>
Date: Mon, 31 Mar 2025 14:17:31 +0000 (+0200)
Subject: Add SE backend functions
X-Git-Tag: accepted/tizen/unified/20250408.012201^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=c71ae304edb284eefbfca010fcd97cd334d97f49;p=platform%2Fhal%2Fapi%2Fsecurity.git

Add SE backend functions

Change-Id: I558d544e65807ec5789b6dc5008be66352b2fcab
---

diff --git a/doc/hal_security_keys_doc.h b/doc/hal_security_keys_doc.h
index dec7fb5..c1a8ee9 100644
--- a/doc/hal_security_keys_doc.h
+++ b/doc/hal_security_keys_doc.h
@@ -47,6 +47,8 @@
  * - Create and verify signatures
  * - Derive keys (ECDH, KBKDF, KBKDF hybrid)
  * - Get key chunk size
+ * - Create DBP key
+ * - Encrypt data with DBP key
  *
  * For more information on the Security Keys features and the macros, see HAL Security programming guides and tutorials.
  */
diff --git a/include/hal-security-keys-interface-1.h b/include/hal-security-keys-interface-1.h
index 058c2a4..f951e7d 100644
--- a/include/hal-security-keys-interface-1.h
+++ b/include/hal-security-keys-interface-1.h
@@ -322,6 +322,15 @@ typedef struct _hal_backend_security_keys_funcs {
     int (*get_max_chunk_size)(const hal_security_keys_context_s context,
                               size_t* chunk_size);
 
+    /** Create DBP key */
+    int (*create_key_dbp)(const bool destroy_old);
+
+    /** Encrypt data with DBP key */
+    int (*encrypt_data_dbp)(const hal_security_keys_dbp_scheme_version_e dbp_scheme_version,
+                            const hal_security_keys_data_s data,
+                            const hal_security_keys_data_s iv,
+                            hal_security_keys_data_s* out);
+
 } hal_backend_security_keys_funcs;
 
 /**
diff --git a/include/hal-security-keys-types.h b/include/hal-security-keys-types.h
index cb0a312..d277265 100644
--- a/include/hal-security-keys-types.h
+++ b/include/hal-security-keys-types.h
@@ -85,6 +85,8 @@ typedef enum {
     HAL_SECURITY_KEYS_ERROR_VERIFICATION_FAILED,      /**< Verification failed */
     HAL_SECURITY_KEYS_ERROR_INTERNAL_ERROR,           /**< Internal error */
     HAL_SECURITY_KEYS_ERROR_TARGET_DEAD,              /**< Target dead */
+    HAL_SECURITY_KEYS_ERROR_NO_KEY,                   /**< No key available */
+    HAL_SECURITY_KEYS_ERROR_NOT_PERMITTED,            /**< Operation not permitted */
 } hal_security_keys_error_e;
 
 /**
@@ -195,6 +197,14 @@ typedef struct {
     bool no_separator;                                      /**< Skip the zero octet separator between label and context */
 } hal_security_keys_kbkdf_params_s;
 
+/**
+ * @brief Enumeration for DBP scheme version.
+ * @since HAL_MODULE_SECURITY_KEYS 1.0
+ */
+typedef enum {
+    HAL_SECURITY_KEYS_DBP_SCHEME_VERSION_1 = 1,             /**< Database protection scheme version 1 (AES-256-CBC) */
+} hal_security_keys_dbp_scheme_version_e;
+
 /**
  * @}
  */
diff --git a/include/hal-security-keys.h b/include/hal-security-keys.h
index 939001e..aef6366 100644
--- a/include/hal-security-keys.h
+++ b/include/hal-security-keys.h
@@ -280,6 +280,13 @@ int hal_security_keys_derive_hybrid_kbkdf(const hal_security_keys_context_s cont
 int hal_security_keys_get_max_chunk_size(const hal_security_keys_context_s context,
                                          size_t* chunk_size);
 
+int hal_security_keys_create_key_dbp(const bool destroy_old);
+
+int hal_security_keys_encrypt_data_dbp(const hal_security_keys_dbp_scheme_version_e dbp_scheme_version,
+                                       const hal_security_keys_data_s data,
+                                       const hal_security_keys_data_s iv,
+                                       hal_security_keys_data_s* out);
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/hal-api-security-keys.c b/src/hal-api-security-keys.c
index ccc5f79..936e4fa 100644
--- a/src/hal-api-security-keys.c
+++ b/src/hal-api-security-keys.c
@@ -510,3 +510,20 @@ EXPORT int hal_security_keys_get_max_chunk_size(const hal_security_keys_context_
         return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
     return g_security_keys_funcs->get_max_chunk_size(context, chunk_size);
 }
+
+EXPORT int hal_security_keys_create_key_dbp(const bool destroy_old)
+{
+    if (!g_security_keys_funcs)
+        return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+    return g_security_keys_funcs->create_key_dbp(destroy_old);
+}
+
+EXPORT int hal_security_keys_encrypt_data_dbp(const hal_security_keys_dbp_scheme_version_e dbp_scheme_version,
+                                              const hal_security_keys_data_s data,
+                                              const hal_security_keys_data_s iv,
+                                              hal_security_keys_data_s* out)
+{
+    if (!g_security_keys_funcs)
+        return HAL_SECURITY_KEYS_ERROR_NOT_SUPPORTED;
+    return g_security_keys_funcs->encrypt_data_dbp(dbp_scheme_version, data, iv, out);
+}