Security/Tizen 3.X Key Manager AES support
- Basic AES key operations:
- Random key generation
AES key type is supported in API and it's possible to store, extract and remove AES key in/from key-manager database but it's not possible to automatically detect the AES key basing on key data. Unlike asymmetric keys, symmetric keys are basically plain data and therefore KeyImpl and even Key interface is not appropriate for them. In symmetric keys there's no:
- Modify Key interface:
- Change getDER() to getBuffer() or sth. similar.
- Remove getCurve()
- Rename KeyImpl to AsymmetricKeyImpl and modify accordingly.
- Introduce SymmetricKeyImpl class deriving from Key
- Modify CAPI client code to use appropriate derivative depending on the key type.
- Add tests.
Key generation API
/** * @brief Creates AES key and stores it inside key manager based on the policy. * * @since_tizen 3.0 * @privlevel public * @privilege %http://tizen.org/privilege/keymanager * * @remarks If password in policy is provided, the key is additionally encrypted with the password * in policy. * * @param[in] size The size of key strength to be created. \n * @c 128, @c 192 and @c 256 are supported. * @param[in] key_alias The name of key to be stored * @param[in] key_policy The policy about how to store the key securely * * @return @c 0 on success, * otherwise a negative error value * * @retval #CKMC_ERROR_NONE Successful * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged * in) * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager * * @pre User is already logged in and the user key is already loaded into memory in plain text form. * * @see ckmc_create_key_pair_rsa() * @see ckmc_create_key_pair_dsa() * @see ckmc_create_key_pair_ecdsa() */ int ckmc_create_key_aes(const size_t size, const char *key_alias, const ckmc_policy_s key_policy);