review.tizen.org Git - platform/core/security/key-manager.git/commit

Fix backend selection logic

In some cases the backend selection was not working properly:
- Key derivation, wrapped key import: the backend compatibility was not
  checked at all. This resulted in a possibility of saving an exportable
  key in TZ backend which normally is not allowed.
- Encrypted initial values could have been imported to incompatible SW
  backend if the TZ backend fails to initialize or the SW backend is
  forced.

The Decider API was also unclear and different policies were in force
depending on the usecase.

This commit introduces following changes:
* Keep the policy in a single place.
* Return a prioritized list of backends compatible with given use case.
* Add backend check to key derivation and wrapped key import.
* Do not assume SW backend is suitable for all cases.
* Handle illegal cases by returning empty list of compatible backends.

Change-Id: I2d5dbbb3c4ba9385ac756eb419f95ac877cdd532

author	Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
	Tue, 16 May 2023 13:35:30 +0000 (15:35 +0200)
committer	Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
	Thu, 18 May 2023 12:54:31 +0000 (14:54 +0200)
commit	2bbadc1a86d85db0ad29ff26725e05c99629c312
tree	90ca7b5077799049a718685d1c1a3f43a4008643	tree \| snapshot
parent	eec9291ef51f719cf24d1f65cf7ed9ec63bf76d3	commit \| diff

src/manager/common/data-type.h		diff \| blob \| history
src/manager/crypto/platform/decider.cpp		diff \| blob \| history
src/manager/crypto/platform/decider.h		diff \| blob \| history
src/manager/service/ckm-logic.cpp		diff \| blob \| history