Security/Tizen 3.X Key Manager AES support

From Tizen Wiki
Jump to: navigation, search

Requirements

  • Basic AES key operations:
    • Storing
    • Getting
    • Removing
    • Random key generation

Current status

AES key type is supported in API and it's possible to store, extract and remove AES key in/from key-manager database but it's not possible to automatically detect the AES key basing on key data. Unlike asymmetric keys, symmetric keys are basically plain data and therefore KeyImpl and even Key interface is not appropriate for them. In symmetric keys there's no:

  • DERPUB
  • DERPRV
  • EVP_KEY
  • DER
  • Curve

Detailed Design

Required changes:

  • Modify Key interface:
    • Change getDER() to getBuffer() or sth. similar.
    • Remove getCurve()
  • Rename KeyImpl to AsymmetricKeyImpl and modify accordingly.
  • Introduce SymmetricKeyImpl class deriving from Key
  • Modify CAPI client code to use appropriate derivative depending on the key type.
  • Add tests.

Class diagram

AES support.png

Key generation API

/**
 * @brief Creates AES key and stores it inside key manager based on the policy.
 *
 * @since_tizen 3.0
 * @privlevel public
 * @privilege %http://tizen.org/privilege/keymanager
 *
 * @remarks If password in policy is provided, the key is additionally encrypted with the password
 *          in policy.
 *
 * @param[in] size                The size of key strength to be created. \n
 *                                @c 128, @c 192 and @c 256 are supported.
 * @param[in] key_alias           The name of key to be stored
 * @param[in] key_policy          The policy about how to store the key securely
 *
 * @return @c 0 on success,
 *         otherwise a negative error value
 *
 * @retval #CKMC_ERROR_NONE               Successful
 * @retval #CKMC_ERROR_INVALID_PARAMETER  Input parameter is invalid
 * @retval #CKMC_ERROR_DB_LOCKED          A user key is not loaded in memory (a user is not logged
 *                                        in)
 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS    Alias already exists
 * @retval #CKMC_ERROR_DB_ERROR           Failed due to other DB transaction unexpectedly
 * @retval #CKMC_ERROR_PERMISSION_DENIED  Failed to access key manager
 *
 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
 *
 * @see ckmc_create_key_pair_rsa()
 * @see ckmc_create_key_pair_dsa()
 * @see ckmc_create_key_pair_ecdsa()
 */
int ckmc_create_key_aes(const size_t size,
                        const char *key_alias,
                        const ckmc_policy_s key_policy);