Support for encrypted initial-values

Add tag attribute in xml schema Change-Id: Idc058e756ab6053103e1477292cacbacf57a9879
author: Bartlomiej Grzelewski <b.grzelewski@samsung.com> 2018-09-28 13:46:21 +0200
committer: Bartlomiej Grzelewski <b.grzelewski@samsung.com> 2018-10-04 15:00:19 +0200
commit: f0a0b4b6f6f5047df98a75ec999a964ce772b012 (patch)
tree: 21f6e26843a4fcd758f5f0410356e053a5db0a2d
parent: 78b884add004bc306a81bb79e91aacab44cb98a9 (diff)
download: key-manager-f0a0b4b6f6f5047df98a75ec999a964ce772b012.tar.gz
key-manager-f0a0b4b6f6f5047df98a75ec999a964ce772b012.tar.bz2
key-manager-f0a0b4b6f6f5047df98a75ec999a964ce772b012.zip
20 files changed, 128 insertions, 218 deletions
diff --git a/doc/example.xml b/doc/example.xml
index cccc2142..3c6eb2ac 100644
--- a/doc/example.xml
+++ b/doc/example.xml
@@ -76,183 +76,19 @@
     <Permission accessor="web_app1"/>
     <Permission accessor="web_app2"/>
   </Key>
-  <!-- key below is encrypted using AES-CBC algorithm.
-     The key used is decrypted <EncryptionKey> provided above.
-     IV is Base64 encoded.
-     Encryption:
-       * encrypt AES CBC: openssl aes-256-cbc -K `xxd -p -c 64 encryption_AES_key` -iv `xxd -p -c 64 encryption_AES_IV` -e -in data -out data.enc
-  -->
-  <Key name="test-encryption-prv" type="RSA_PRV">
-    <EncryptedDER IV="X1RoaXNJc0lWRm9yQUVTXw==">
-      BflJyNgOcGyJSqTegG+y7MJXI1crgsGY3PjFfMpbmMbwJkVexvxoEPdf2yE5Z7da
-      6Vp4Qo2WOCUv/hllNTfm/dH7kOJOjcs/vaV1eRIfzEx3hvgKOyP82Hhkm1POynsF
-      0GyMm/VwtJFwFHA5DaJzwLln2/AoD//vC731Qhucw0Zvi2hi74d6igPog9EugIj/
-      tStvpgiNE6/Hb2ZRMDswgZ8o+tKCn+QHktR/YoZ19HfX7nDVRkMQxsiA8P4zO9Do
-      +iuiu/mGPVavlZA3df47TLG0kz+sz72jzPeEbfmvQo3gHWSuJ87TUwIcIoXDvaxY
-      xE8/On5OTqJy8HZ+jGvEThKI/96LQsFqKlEeGGenvzVJ+BVAF9x65uOkRll9yE6v
-      FIQcqbgipuBkdC6XLLaWTMgs5iiWvMn/lpNYrfZr52/TKqr09mNdei6yGvy+YuG8
-      vu/xN7/3An/zE4FOIJadgI5eADj+Dz7exml3tKTuuDpR9fhxiXd7HmZhCCf11C3r
-      54S6X9bZb7335L/5UfLxs4jMMfGhYD+1UF1Qb5zVW9IVMZ+owGeC6QQPUiX6HAxy
-      Rx7kLzd78uSbLNqeuiUeGiprxnuwMY2BgSqLq4WNCDWxY4hGTdkC7yg6DgY+L9Lz
-      wqVuJ6STmK9Hj9bL9YUe0KrzmVUfmsaq5PL+gfcv+S5lp2YlKw1cIVP9utw1ZuOo
-      j25EozWU8J+tuEa3l60Mmmh/sKzH9SH7C9EscwTYWOYjYYPwfCM9UIlNE9lnbl9s
-      bzkqJvaaXpB/HVY/b4wrldr1rK73+y9LOOzfNpV4L+R4spZXXjZ2HIW/iKQj/c14
+
+  <!--
+    Example of trust zone (hardware) encrypted key:
+    * Data below are encrypted with AES_GCM and encoded with base64.
+    * The Data in plain form have value (in acscii): "ThisIsATopSecretAESKeyUsedInTest"
+    * Encyption key = decodeBase64("THIS/STRING/MUST/BE/REPLACED/IN/REAL/DEVICE=")
+    * IV is base64 encoded.
+    * tag is base64 encoded.
+  //-->
+
+  <Key name="very-important-key" type="AES" backend="hardware">
+    <EncryptedDER IV="5NQJ2cY7xQHQYs9EOflmvFG3JP7kCA3CCp2duiVcx30=" tag="RcRtXSrBOZyNQGgyT1m/LQ==">
+      pawxDIglDfneINm8O7Nv6jxm21G9UEgDXK3yG6VK0fw=
     </EncryptedDER>
   </Key>
-  <Cert name="test-encryption-certificate" exportable="true">
-    <!-- Note IV differs between items -->
-    <EncryptedDER IV="SVZkaWZmZXJzRnJJdGVtcw==">
-      pPjY7wULPaBIwPKkgwKyKSZPa6NVJN3312q829KaXcNdQSoNJmsyyPDMqLr1W3Nw
-      /5DSfstMCh/MiUq4Dc1VCaHbVkRFVZMvitg7nfjDVkI9HGLpSGWzz1dc6kxn/rPv
-      l1Ox3sVog96Ebss+Givm4cKKYSQihCLTxcQcP6v4RGvTMhXIZmlz8n4Tr3MgyRB7
-      XTWdoowosEUWrzPMSD39y18gRJVZ/ZKv68o5mntatSE8FS1L6dgb2TdKEFdydVd2
-      /ob9GVwRkMxpBsQeUvPRYXnZS2f1L18IRPrKLKLKsDB+FysyXMAHMaxGWWil29/d
-      osOwMt34i6Bv21132lGt08t2LebmDJViZRVjzz9edIChBzsoG/E/3hX6v32ruJGU
-      2kq5l0bOmpQFs9M0TTNNWnaZKvpFPA8b3ywaDRWeKAPHsNQpnrx0WygCmvbjUChf
-      TP1E5BVm6YjWxptvFvEINcotCj2+0fvG3zIcq01O/MpSFWbGdu9MLZtFl1rTRt8e
-      ER8+nOKZNi9JUOfsYJyrZmtwm56LXTPjgNYY+a8yp2EXFtHjO62QKYr8zAi98PxL
-      oiELHLF2xwFufvBAssSOPwRmDSIhljPbUy4UKUxFCeMJzdxgK0DMZw4FtcyBXGgG
-      ABP57OQ60HomoZZDwAQ/4B8unuOCp7uERsQH5Z4Ns+PiIM4Tk8j9Qg4YVN43FJtJ
-      tCsfagBPuQM+Cm5law0Y01asMr0wq/VlILMKX0KXpwgnVmQClRfcYBLHQmDTyCos
-      kYSWrSYDesvXJnB1j/hn1puCQHfyrmPH5fQTzanD5whyed7DeXBl+F5+f73uj9pC
-      DrtqG+YEOeJNj0PCAMq9B4Qe6xi06P6D/sG17Phl9wH5DSzfxxlst1xeaPBko9Bo
-      LM6Sh6echKIh0HddStmaBICXNeVKz958tD0piVYMVipZm5/+cpDxdGSuemUxWXJO
-      XAuYydZkuLksYjLyXDO5vEaqcVMtu54tjfdFS7vO87a9IF+mI7HHHdnNaDRHaAFi
-      4rXdaGQr8zohq91NE3JYgSMbk1DlGfL1m9GN6IEUjqMQlAkGWal1Et9uwO98PpOk
-      a+r+N4lsYPKJbX2ywUvDHg==
-    </EncryptedDER>
-  </Cert>
-  <Data name="test-ascii-data-encryption">
-    <!-- this below decrypts to ASCII: "My secret data" -->
-    <EncryptedASCII IV="X19hbm90aGVyX0lWXzJfXw==">zuBDjp8ptFthrU69Ua5cfg==</EncryptedASCII>
-  </Data>
-  <Data name="test-binary-data-encryption">
-    <!-- this below decrypts to small PNG image -->
-    <EncryptedBinary IV="UE5HSVZQTkdJVlBOR0lWUA==">
-      weK/LmGIPHeNA2YipqJa4K1+KPkE/Jl5EtfJjzP5x5ZGhf/OOTYe+fj4p2Wx47AC
-      Nd/heOAi3MkFrwu5x+swFMIeQMCMzQpRbXeCvTEuTXWnmRMoyMbHlPd7Nnk9xooF
-      oYfbKhVd5DOcHN3pwc+5DQkrRy/XaD1faj3YR3JEYSfOLq4F6hLlj4U7rYJyyFuf
-      kSBOTAQOXs0q83cc2L7RaK7OzFJPKYJjDkVYIakpIHXUcvNrb2DrJ13se4pcX6Zk
-      KARviziVu4x9r7hTRErU8SNEWrO6E63oDfyetWvtymT17MEhRsRKS39zhrVLHzGy
-      iWx2Igh6eH6t4UNkMIHZvJW4j8hxdmbRwhQstXrVq7Uyne0B1Fl2w7Lpn48jYEq8
-      gaNlTZDzd8Pjz2ByrRq3/jln/xWnFwEY9oV/H53j6ctoJ2KUMiVYKej8anan8Fju
-      yO86HVEIYx++LblhqzuaqBhveVfB/feMYWpP8hi4AeWKcAGdM3L9QOYxbQ9OAOuC
-      Totu55NULkrzb5b+Rr+exTFpdEyic7sSEpBRV0vi6t/Lz72ebBq1oY3kn0dzZ6Ps
-      ia6ccITSdHW1MmW7cOkiA4XtyfvXtZtEJgmVnAnRrj4Qh0Oa9gxNOZrY/tlyyJod
-      v8JLYeBi3HRSlm2TME5hCHpBShVCRpkjLMQQ/nTPHvRNqr/BlPoXZg2FbJwreEzW
-      NZ2BaiKylRds5gnmmSnqnYUl4QtVSGsJPn8Hx0bNWwUeImjrXO9Nm01P8e5Iy+Ti
-      udxXTwpxZGyK2pbTs6EVxFY+fRF3SB4xcpup5fB6NHVPjiSrWABN848OReny3iS0
-      FXwimWaVzmA5Ppnfqx1HGopmhH++oZyKt8W/f8GbhOffON0Gg3bsewhysW5Rz+Rx
-      IAGqzV5RR1lOb+UKPBI2OPXqYUWZ9ipicSw1LC39olImBZbDmmxLDEjX5r+rg77h
-      ss0hG/6847KQybmemJ7zUVE2oxmic2fONpgjn3OLecOZpUY/5n/1cvN8utLBJ2nx
-      asan7zBT+nW5RjAny8pOyyV1Ux2qga/CyV46LajHJiFPokAAl6JnDYRmahtA5BM0
-      +jBvvnvSDGSM5qTh0EBLIN50WmN2TeEy/u2ZjuHFwJ41gtB6pARdJ1OT59+g5TcA
-      Ffc8twDzdbPbmWq8CGXVQHCvfS+2N2ECjwgnfVL1UZF69d5t9b5ysK17pU+ITPyI
-      Bxxde23I6U7sh2owrZgRAOVoA804flRg6g6rDJyVfu00oDkuui+Z/3RAsu6EiqiK
-      XISmLg236iumsxXcdAtOYyXn0nPZolsZnxzY2/bI0Df7rNSQ7RF5SSqhkFg1+OYT
-      gM4wMYYU0ts9jqr3ckJRWMRMdJxRsVVqSBo4fz8M5/dXMsOvGbLfnbwrqZSPCXrg
-      g+MX3QQdemmOgiEAGE+hxFBQMyQ6nIrDP061F4TVVhu4kGkZGxs/2W+CcQJT0aF8
-      DC0EwfEBVP8yq4ytCU7Js72KkA4YsK2udUsQF/90cuzPSgT8FPDEOzszKsLGuct4
-      T7Fj2Du1bVeVq4gPfdLgOdVRrZLab6vS5GFbli8UO0oAbM/Srxfh2Ghn4zS7Ol3q
-      MnwX36r3+KFNJYkBxCDMNEnj/QrSWpOlKo8LfAyGdvP/29CpmzPIGTUc1u8xZpJ0
-      CmFOaxjaAFJH3BjW625QbcicOnN02p0Pv00andcDNEO4k3b3MgW6yjkDBKqQ61dz
-      traH19g0fFa0pjXycMqy2uwq7PhLW0QqYt4Q7cfvWRMnAOwJqhHOGGyzEixB1U5c
-      q4d8izdqb0JacE6px+WJ44a530L1nhy2O5jpaKVQmNYIKTBM+HYVuHNWTWmnauKP
-      ag4q8G+9EI/SRp9wKoGy81W5GwonV3D6/4N9hnQfqqRKUrbrhWc9NcUciWKh4b1n
-      Om499jdDw+7qXipi3ggPCFq0H3b9CPkKMFh4Y/YDy1SvXEDSlwJ4bXXakOpVzW9t
-      gDxk/fvZ8AHrFAYzW1wiDFZ8H5ZnhgBMyfztLOYBbjr5YSGej++Sq0DYoOkrK4X3
-      7+2nMrrhqmlukI7ufoP+8nsJjHdQK8yoQYGmwEEw9QHLyupqPVIQrO/VDgSN+6mW
-      YsulTKW9wPhk6dvsSMOscLUdDiOTeK0jGH7Qa6QQwk/u/agHSPWh7qLpEICjKBxx
-      pOMbZ3mGqTXIj+7tG0yO1/y2UXE6JTIXiMEvMmdCEiRcz1RJ6xx/aBwC2//tfiys
-      nNMswTCXePtv5P9Zn+ibIiOhpm0napHopQcqmevn/DSkxSuDfwevae3bgEcJ1gN9
-      pkTnOm22CQzoGJY/b0wgNvxXdWhAAfeRhzpdh3V1C4dZEF8VXHDDt5gdjb0s1fNI
-      2LiSruLVdAWmRNX5mrkUFfBOzWwsN3D34pG2Vaj6GuH8mAoko68oy6fUdjCjZooY
-      hn+u5bGm1T8Mf/YYloTWg4hlOWIEfOiLP7nCdCgRdsg+y0Gi5MY04fS29SlfffUp
-      VUdLzQAij+a/wbBLJZMLzJiYeHv+pFY6m1SbMoUsDbAo4PTRaLHmMOFKa6s/hlka
-      lfN408DHSNs63Gd6s3W+Owe5hMccfKyRvWdNRVrXBe39I101Sci7GwWAvHhhS9EP
-      2HxxNyiwF1OCovnRHcm1b8Fcd42gbAveRVuFdI96dbFIeP0Z4I2gj+nk/yzlsG32
-      LYYzE9D4WR2zjrTyVnylsJN76lyvjvkYjMt7fPt7lFYz7QLdZX8riGxqeFmim6Sk
-      UQ4RXxw/ObCw4omILxvgigW+eAhgng63Yb9mRDOrqk/cL5XECiahSs3VWTjV9sy2
-      rNSPViWZW/LFOjuC3cT5rWEbc64cl0eKJTivEangOXxirRGW1ltTlzQo5kA933l/
-      sRMr2tBSrX/+LqfPWNA8UZWSdMBcc0oDvDGrpTUtLcor5kshYN7PPdaR9TAf8ikY
-      631mOef0HkQFsBUCFp9sr6QJD0/cfLlK5iLlyt+qFo2IgX2boddFwMtpYCt1+Uy1
-      H2u6FuItIfpRu9lZ7MZf24HGibGx5/fzTXjqGMObPOaoLxI4eh1GGhIfVqmT9ntv
-      e2xHoNH+tLxOHPRNHEkKRtJoB1HH20+mT6JzEdPNPmsdTcN4R0xjw0ZHTha2iBkt
-      ocGow+1nYgkoieq1QweEbbCbF71XtUpyMxMSd+BAPIJJReRGvt3mD9RZ54HqlczW
-      MA0LYe1rUX0Mh2Ic0x1rXZuo33PXcsKsUpfb+EIPhBjpx2vCNMiFPcM+F0NVh/PP
-      zgbdjlnHr6DXn3rut6Y9fTau6UY8BmeOjG4LcNzcvcHHr9/8jXyW9wWAYYVRUI3J
-      89/GR+YxW4WGuRBIV+wMkzBJmP7QDwAedSNBSAKa+08GKfJJRL2zIVgjffeBO+Un
-      TMTT7Q/a3bm+yekGsM6bchWTpY2ywdYQr936D55THonqCGlvPKyVHQaEa4U2eFDb
-      aIH84kP4olPCcC+TmWHBeBwMGvbW160hRCr3kSGY7hHcD0aXkdZPh1bYyWsIz/yS
-      eyUYCR+4Abu9lT1rTwHiSeo4YjNHOwQcfzBN9BwFUs6G1R81oC3qCwTYuJS2Eo09
-      +sii/oH/o/7VjvewMmUzDHVJ4iMa8yRXtfOObrM9MfsQ0p9GnP7UTG3VwleIenFZ
-      43DhvDl+kolw9phRuyCuCy7fSI8e7ejcQ3gSYWcIcgIIA5y/KdoCJDNdTjj3xDdo
-      p+hzg0OTjK57Fw286IVdzO5e5zznX0SPqXnZYncHHl2OmGZ+DT8ftkvD4BUJ74aO
-      fLsVwAZYJT1tSG2ymzu9yJR5p+hPTScpPi8HUDCnL4xL304Lmj3UfDauNJQcM/gT
-      mAJ/bfEtRqldMtN1EuH1TexvSkwkPrTUkryq2TYcw7vS72tNi+g6aZ7NdrQ8l4KZ
-      ZmrfwFnKNiVWus+zrffSDooEFZ3mj/vsFvV6fhw/Ni4QD1XAb0fJawUHvt0WHqZA
-      YnszBOzdmd8coJI17XbcwcP7DEoKIhLbPl1n0KNjL6j4EEoClwxZC+hAhi8kKMB3
-      aWj4zpeIExYST8NgtCz44SoBTv5U0iCR19mhdcTnafGyRK82dGiBNguk8//siUiC
-      jt3Aa7chapoiQNwZGDCmSrZOxOoxMYlBuPRVQqeokPinsw5rkLh8+arz1XRDyuTK
-      vQ+jttyIVA9OFI5+e/hN0ryn4GPbiCG5wV5SKweRUCcX9m8TK5u6A3rhMvlcls3T
-      INn9/XjCX6HhVGgZ47LSmcZ5ojtWzOKpad0v8qjD3z2BWzUlbalgYsdWrsRPSeDA
-      wiGpKbqb9u0S1e6hMmGyNa8UbzhYtJ/AQ0qh003YR7j+nlfJXffNkt2B4DkDdsG3
-      Alfhalwn5YUdcgm/6E+gnIg7JR4gXZhBL1R5SV1mzUgzyDEq5w2LBOx+TU33a3qf
-      ld0dJDJl0cG22n+GzQmm/6nPMnWX1ymK49h0tO9fLBLZsL8T1muo/PshhjhIv5VR
-      9ET5UN5I+9d0nHWAv2DjNwetyD3WGZDHnuq0mpti58xzkOr4jfYqy9qKwFk/coAu
-      Briwv8OJ2U5XEOuU/9fEL+NdYWkHga++oObyxJUU5Qgfs6OWUXERyPwzgXHkbDqm
-      q6+GP1AxBAP32zD0XyGUht1nl+L5qpnbOpISJjMMrl7wuKezWbFAE8VzQNbbp62O
-      eI1GEX2c2resPXZ/tS5LtoZ2TrT8TKYRZ0k1qLuQhOTXXNYQhP8i4PGOAL6BMZsZ
-      USAEHcAZnlByBS8i49IlvJMewPfHmm7ceLu8aYlm3yOAr1QBNRMkxoJBXjAAnCCx
-      qCGIQtINrVIJNQDSogMPXa4JQzCRSsT0Hz8ejQeQ9xmaK4VjM64VRj11RWsHFexk
-      p+GdAGVteipz1xEQHBvnUdOVm/5ULHK+8w+5LgEwN0jGXlsQ6KhUX5BLQMWob0jL
-      1np3Hml3MDxsPJPJjT4OKxNdWyyyP6PIDZj7DFqEa6+9Eg5Io7TSNk4e+LylfpPS
-      orsF2xaUzCaKOXjyXwPrW57UH8HtjnaeWh03qqdZCozCDdQ0pNpPk2vJYStZR/rY
-      BpQHZ6kZyLFdqLs+wMoPphF7q4bhjYk6MXwdHp5Q9q+MWPuM916g6vKaHUX+q6pL
-      YM8s13NkuUX1hEHaOC8I2dEsgcVPk++kDAR7JL5tn5hfJ06K8u5IHwuLUMtLKPt5
-      ZA3LfrnXxqlZD164blhAvb1qPlRTh79+Tj+3zfwaUPma3PmTY12fvJiOn1aD4aYm
-      HgA0yrl2cApzB3C6M1S2QllsoJ/KrWVeSg16XuC+vjSnsRWgIj3PSvSwh9YVZT0h
-      TQlD/PoxrMOlPtQnpHzryQ8YKrTBc4SAuO23wKGkfUBkaBDFrUeprO2p0K9Eeus9
-      jLkIgwTBwmF9bWMi214VdAI3I2BrJkGnx8Rb11C6rEu/5ZeI7g2dACSO27OhckNQ
-      ex490kQvqs1OJ6Fb/CyO8BsLBIyOhkEtglJsVibbcZrHnvoRYeRaWZj9TNdN6I3B
-      Dj0SwxDK9XAwGgWb+E4iwFUUg6yGrbBhUDWv5K7/ncgXz8iESXFKRowuD/J7rriU
-      V/s+yZ8URntBrZ35unuKu4xRieOEkn/JZg+HP0Grs5q3OQumEvZVjHqeJt40WaZ5
-      RJ3NiiHGwWVa6Db/1q0cfETbTn5Qcy2k8ZE+OnRzAmI14nr6lt4eJRnMJ63k4nGc
-      Xj0WpVm7vhVWAQ9gfiYCcbYrR31dUeOBxsRtF+Lvg3TNEx8/x4LeGfxC9c5Ho1Sc
-      Z7fz+/ZycHFx+08W5Mb6PlKhI44uY8bed2Xz5gQhZ1hyXk6Y41uxabUryeCvrLrh
-      PJX25FkOcLhZnWDcyCQ1Rt4JltnZcZzHq12Ipgovos3lPOarySOzSHjs1TjB6Bv1
-      zfBrCAGiY3rrG/W5gXs5eb97dWn5P8CD2uuZCBbTo0GVHdSHV9+JFHQO/0udmnEV
-      e9KRka43HU7AC+3aLeCq1KMoW/anl4DwPXdBCV6hj75TZ0EaA7Q51ETYFCLtyXzt
-      eiU9PE+bEymV6nk927wg7v38GLmdLTJ0F/G4MV0T4UxAdUrsAW33MGXC9/8YyOAz
-      zGh36fBdxTpM6hb1FHJl/tdboIAcTBJRobgmvhaDDVhsJiMJMwRhSFqcE7Q04c3c
-      6rLNGZQ3/u5/Atj5ApZ60ZMH0N5LYcTm98HOROGiFbrYSiSqUyeoIPvME5FwijLw
-      eCxbwjP3WvUSw8XTeIoAf5QwzdI6GRX+6ontCvw6m3l1TohH/ACA+MK+qV1cTgMV
-      HdjywH4SKs3KfwCcTF4gxkHdYlNYDW63Z0lhAtDBXMxUNM/u215Wo+zX0gaSUqeu
-      by47hfhTHP5mW6ITRFvKcS/qUqo3iELljwSXhdw7PwM0whLnSEMGsYh27YVxEzBT
-      n9vcM5tqGykKs1wwmpXpEa6Zliu9swprpQCL5TcOVFKVMjSmDH2OwmaDwcFeTM50
-      mg7BpiA5xLyQFphs8BPbyzkxNlbSI20S67Gx6yScrjsDxcEcVqmcyVVPwn/SqzVL
-      PyklAUbvRcRzkhvibBngIaFUfXXdCOrdQc8Ym/5kKeQ+QLiXxfIYmYKa2uyvMeTe
-      xoag7cmuUnICIYBrmHnVDNxXtC9mNiooUaX2S1lH2ct4s/NwRJm2c5O/igKO/byg
-      wQjiGqDZHyLlPSRxXbxG+tTf3qx8thYbJAO0r+AXYRj+sjJ+MtRozgY0nUeFEJb0
-      ZeYQGlvtoXlGo876JWJ/e7JMatHxGGQ58vJApMTphe/PPh3WTJTE02Bs3Ylft2bp
-      EK5ODopXJ0UmQTn6T1hUwBRu9RO5rICr34XnFav06WekBT5/QTqHEvZ4k4//hvGr
-      d7PQS/EVLApiYWySLg56svmjn4RwfPSPHOwGagU311QOx7woYJD/vb4NBxXb99Qb
-      7z42exUoZgqX+uKwHCuTzH/OVxhqrSoMX2yj09V6ZDUVHU11GOtDzVv07OU+u2vi
-      F0wPdrbedpmIr5BMCdCmqlIPYeBiaMVa/2+q3ud4o6/TeWmQpDZJCQ3xtxrNORQ7
-      HTlY0MDp7G+sdPWJCN5OJ0Ac7uKW72ZC/5yHBJY7Lmrhi3V3vA+DH7A4GgPAphQM
-      yWlBP7sQqVWcA1XlgTycRzkfffXEUoS6qef+IgU/3i/kXmeNnf2kSvmtbiO4GRhC
-      Nhk2s71NUtYXNFJPav5/ZPXI3qOuySow5GYp3njGYmDhO45IzFCcQu40FqiOeyoV
-      lRYTS/BrybkMCu2S3VmIY9/2e7gguYigmyZRvvqOUED9JRqOfC14n5+wtxzSj/nw
-      xFFukVHQRNF6jcZLUNs0SoeFS/obPCE+QiDYBKVrTeT54LuwNLpTrgTnTkDE5VIm
-      LpX9ERh0Yh8HAO7eLHIPAiU/G1Etlc43GcDLN7bbGPQbCvKRzWKSUrLwKmryvTPi
-      eC36fh/yZEWtT2zEtddwbncRgXT20opzMJxB3qF5ZMQ1qLIsQbGYeUsRl9lxsT7A
-      CE6vCP235+urdA9IaBRPN1VpWDpV7YDbF/ZIkRDJevSnSSrBTed4WcXcSe7JNGFb
-      U3eFPi2vsekvb59CHqHPD8QvvqF3N/3Xp1uQZV+eBOCtRpMOZduBJ6QdZlGBaGrB
-      +RKJEl9ziqGkiqiQzw8MR2kSrRVKIs5cISbl/dOEqfkbp2A1Siy4kWt+2Zk5V+Sw
-      IPJDrjYIZKSzV6XhhN+fhMNOYJjByxEXXLvHRTydIUQpS5JPe3T1sMJCN8o41uKx
-      4g+oPomYfJzKSbdpP84fVC4WQCMj+CiMGz/dWV27LgKPF0X9wel5s5gke4UDYQKe
-      FDf/4n3+neMgKohFUIcnqGnBTtThXqvK637m37WfQTIqNWkRH4pU/Acl/djkd+TD
-      yYRBt5UqwGovABM08jYkuA==
-    </EncryptedBinary>
-  </Data>
 </InitialValues>
diff --git a/doc/initial_values.xsd b/doc/initial_values.xsd
index 54672d9c..74b33a6a 100644
--- a/doc/initial_values.xsd
+++ b/doc/initial_values.xsd
@@ -148,11 +148,12 @@
 	<xsd:complexType name="EncryptedBase64Type">
 		<xsd:simpleContent>
 			<xsd:extension base="EncodingRawType">
-				<xsd:attribute name="IV" type="IV_Base64_string" use="required"/>
+				<xsd:attribute name="IV" type="Base64_string" use="required"/>
+				<xsd:attribute name="tag" type="Base64_string" use="required"/>
 			</xsd:extension>
 		</xsd:simpleContent>
 	</xsd:complexType>
-	<xsd:simpleType name="IV_Base64_string">
+	<xsd:simpleType name="Base64_string">
 		<xsd:restriction base="xsd:string"></xsd:restriction>
 	</xsd:simpleType>
 
diff --git a/src/manager/crypto/generic-backend/encryption-params.h b/src/manager/crypto/generic-backend/encryption-params.h
new file mode 100644
index 00000000..5fa8e9c9
--- /dev/null
+++ b/src/manager/crypto/generic-backend/encryption-params.h
@@ -0,0 +1,42 @@
+/*
+ *  Copyright (c) 2018 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License
+ */
+/*
+ * @file       encryption-params.h
+ * @author     Bartłomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version    1.0
+ */
+#pragma once
+
+#include <ckm/ckm-type.h>
+
+namespace CKM {
+namespace Crypto {
+
+struct EncryptionParams {
+	EncryptionParams() {}
+
+	EncryptionParams(RawBuffer iv, RawBuffer tag) :
+		iv(std::move(iv)),
+		tag(std::move(tag))
+	{}
+
+	RawBuffer iv;
+	RawBuffer tag;
+};
+
+} // namespace Crypto
+} // namespace CKM
+
diff --git a/src/manager/crypto/generic-backend/gstore.h b/src/manager/crypto/generic-backend/gstore.h
index 2984fdc1..638532d6 100644
--- a/src/manager/crypto/generic-backend/gstore.h
+++ b/src/manager/crypto/generic-backend/gstore.h
@@ -24,6 +24,7 @@
 
 #include <generic-backend/exception.h>
 #include <generic-backend/gobj.h>
+#include <generic-backend/encryption-params.h>
 #include <ckm/ckm-type.h>
 #include <crypto-backend.h>
 #include <token.h>
@@ -57,11 +58,11 @@ public:
 	}
 
 	/*
-	 * IV parameter makes sense only on device with built in key.
-	 * IV parameter is used for decryption of Data.
-	 * If Data is not encrypted it's ok to pass empty IV.
+	 * EncryptionParams parameter makes sense only on device with built-in key.
+	 * EncryptionParams parameter is used for decryption of Data.
+	 * If Data is not encrypted it's ok to pass empty EncryptionParams.
 	 */
-	virtual Token import(const Data &, const Password &, const RawBuffer & /* iv */)
+	virtual Token import(const Data &, const Password &, const EncryptionParams &)
 	{
 		ThrowErr(Exc::Crypto::OperationNotSupported);
 	}
diff --git a/src/manager/crypto/sw-backend/store.cpp b/src/manager/crypto/sw-backend/store.cpp
index b41b8fdb..b4fd718a 100644
--- a/src/manager/crypto/sw-backend/store.cpp
+++ b/src/manager/crypto/sw-backend/store.cpp
@@ -219,9 +219,9 @@ Token Store::generateSKey(const CryptoAlgorithm &algorithm,
 	return Token(m_backendId, ret.type, pack(ret.buffer, pass));
 }
 
-Token Store::import(const Data &data, const Password &pass, const RawBuffer &iv)
+Token Store::import(const Data &data, const Password &pass, const EncryptionParams &e)
 {
-	if (!iv.empty())
+	if (!e.iv.empty())
 		ThrowErr(Exc::Crypto::OperationNotSupported,
 			"Encrypted import is not yet supported on software backend!");
 
diff --git a/src/manager/crypto/sw-backend/store.h b/src/manager/crypto/sw-backend/store.h
index 82798cd5..3dc50b81 100644
--- a/src/manager/crypto/sw-backend/store.h
+++ b/src/manager/crypto/sw-backend/store.h
@@ -35,7 +35,7 @@ public:
 	virtual TokenPair generateAKey(const CryptoAlgorithm &, const Password &,
 								   const Password &);
 	virtual Token generateSKey(const CryptoAlgorithm &, const Password &);
-	virtual Token import(const Data &data, const Password &, const RawBuffer &);
+	virtual Token import(const Data &data, const Password &, const EncryptionParams &);
 	virtual void destroy(const Token &) {}
 
 private:
diff --git a/src/manager/crypto/tz-backend/internals.cpp b/src/manager/crypto/tz-backend/internals.cpp
index 90cc9fb7..317a775c 100644
--- a/src/manager/crypto/tz-backend/internals.cpp
+++ b/src/manager/crypto/tz-backend/internals.cpp
@@ -119,7 +119,7 @@ void destroyKey(const RawBuffer &key)
 }
 
 RawBuffer importData(const Data &data,
-					 const RawBuffer &encIV,
+					 const EncryptionParams &encData,
 					 const Password &pwd,
 					 const RawBuffer &pwdIV,
 					 RawBuffer &tag)
@@ -142,7 +142,7 @@ RawBuffer importData(const Data &data,
 	uint32_t keySizeBits = data.data.size() * 8;
 	TrustZoneContext::Instance().importData(dataType,
 										data.data,
-										encIV,
+										encData,
 										pwdBuf,
 										pwdIV,
 										keySizeBits,
diff --git a/src/manager/crypto/tz-backend/internals.h b/src/manager/crypto/tz-backend/internals.h
index c27933b0..1c76f8d3 100644
--- a/src/manager/crypto/tz-backend/internals.h
+++ b/src/manager/crypto/tz-backend/internals.h
@@ -49,7 +49,7 @@ Data generateSKey(const CryptoAlgorithm &alg,
 				RawBuffer &tag);
 
 RawBuffer importData(const Data &key,
-					 const RawBuffer &encIV,
+					 const EncryptionParams &encData,
 					 const Password &pwd,
 					 const RawBuffer &pwdIV,
 					 RawBuffer &tag);
diff --git a/src/manager/crypto/tz-backend/store.cpp b/src/manager/crypto/tz-backend/store.cpp
index a3d65c75..166ae744 100644
--- a/src/manager/crypto/tz-backend/store.cpp
+++ b/src/manager/crypto/tz-backend/store.cpp
@@ -142,7 +142,7 @@ Token Store::generateSKey(const CryptoAlgorithm &alg, const Password &pass)
 	return Token(m_backendId, ret.type, pack(ret.data, pass, iv, tag));
 }
 
-Token Store::import(const Data &data, const Password &pass, const RawBuffer &encIV)
+Token Store::import(const Data &data, const Password &pass, const EncryptionParams &e)
 {
 	if (!data.type.isBinaryData() && !data.type.isSKey())
 		ThrowErr(Exc::Crypto::DataTypeNotSupported, "Invalid data provided for import");
@@ -155,7 +155,7 @@ Token Store::import(const Data &data, const Password &pass, const RawBuffer &enc
 		passIV = Internals::generateIV();
 	}
 
-	RawBuffer dataId = Internals::importData(data, encIV, pass, passIV, tag);
+	RawBuffer dataId = Internals::importData(data, e, pass, passIV, tag);
 	return Token(m_backendId, data.type, pack(dataId, pass, passIV, tag));
 }
 
diff --git a/src/manager/crypto/tz-backend/store.h b/src/manager/crypto/tz-backend/store.h
index 4d44b6bc..664c7562 100644
--- a/src/manager/crypto/tz-backend/store.h
+++ b/src/manager/crypto/tz-backend/store.h
@@ -35,7 +35,7 @@ public:
 	virtual TokenPair generateAKey(const CryptoAlgorithm &, const Password &,
 								   const Password &);
 	virtual Token generateSKey(const CryptoAlgorithm &, const Password &);
-	virtual Token import(const Data &, const Password &, const RawBuffer &);
+	virtual Token import(const Data &, const Password &, const EncryptionParams &);
 	virtual void destroy(const Token &);
 
 	// TODO device key ID is needed here to support importEncrypted
diff --git a/src/manager/crypto/tz-backend/tz-context.cpp b/src/manager/crypto/tz-backend/tz-context.cpp
index 859c5a2d..83ac6948 100644
--- a/src/manager/crypto/tz-backend/tz-context.cpp
+++ b/src/manager/crypto/tz-backend/tz-context.cpp
@@ -23,6 +23,7 @@
 #include <tz-backend/tz-memory.h>
 #include <generic-backend/exception.h>
 #include <generic-backend/crypto-params.h>
+#include <generic-backend/encryption-params.h>
 #include <dpl/log/log.h>
 
 #include <km_serialization.h>
@@ -641,7 +642,7 @@ void TrustZoneContext::executeDestroy(const RawBuffer &keyId)
 void TrustZoneContext::importData(
 				const uint32_t dataType,
 				const RawBuffer &data,
-				const RawBuffer &encIV,
+				const Crypto::EncryptionParams &encData,
 				const RawBuffer &pwd,
 				const RawBuffer &iv,
 				const uint32_t keySizeBits,
@@ -655,7 +656,8 @@ void TrustZoneContext::importData(
 	//        uint32_t dataType contains information about type stored as binary data
 	//        KM_BinaryData with binary data
 	//        uint32_t binary/key size in bits
-	//        KM_BinaryData IV for data decryption with build in key
+	//        KM_BinaryData IV for data decryption with built in key
+	//        KM_BinaryData TAG for data decryption with built in key
 	//        uint32_t boolean value - true if password is provided
 	//        KM_PwdData with password (optional)
 	// Output:
@@ -677,10 +679,15 @@ void TrustZoneContext::importData(
 	inMemorySize += KM_SizeOfFlag();
 
 	KM_BinaryData ta_data_enc_iv;
-	ta_data_enc_iv.data_size = static_cast<uint32_t>(encIV.size());
-	ta_data_enc_iv.data = const_cast<unsigned char *>(encIV.data());
+	ta_data_enc_iv.data_size = static_cast<uint32_t>(encData.iv.size());
+	ta_data_enc_iv.data = const_cast<unsigned char *>(encData.iv.data());
 	inMemorySize += KM_SizeOfBinaryData(&ta_data_enc_iv);
 
+	KM_BinaryData ta_data_enc_tag;
+	ta_data_enc_tag.data_size = static_cast<uint32_t>(encData.tag.size());
+	ta_data_enc_tag.data = const_cast<unsigned char *>(encData.tag.data());
+	inMemorySize += KM_SizeOfBinaryData(&ta_data_enc_tag);
+
 	uint32_t pwd_flag = pwd.empty() ? 0 : 1;
 	inMemorySize += KM_SizeOfFlag();
 
@@ -723,6 +730,11 @@ void TrustZoneContext::importData(
 		ThrowErr(Exc::Crypto::InternalError, "Failed to serialize data, ret: ", ret);
 	}
 
+	ret = KM_SerializeBinaryData(&inMemoryPtr, &inMemorySize, &ta_data_enc_tag);
+	if (ret) {
+		ThrowErr(Exc::Crypto::InternalError, "Failed to serialize data, ret: ", ret);
+	}
+
 	ret = KM_SerializeFlag(&inMemoryPtr, &inMemorySize, pwd_flag);
 	if (ret) {
 		ThrowErr(Exc::Crypto::InternalError, "Failed to serialize data, ret: ", ret);
diff --git a/src/manager/crypto/tz-backend/tz-context.h b/src/manager/crypto/tz-backend/tz-context.h
index fdce3ebd..123c21e1 100644
--- a/src/manager/crypto/tz-backend/tz-context.h
+++ b/src/manager/crypto/tz-backend/tz-context.h
@@ -26,6 +26,7 @@
 #include <km_ta_defines.h>
 #include <memory>
 #include <tz-backend/obj.h>
+#include <generic-backend/encryption-params.h>
 
 namespace CKM {
 namespace Crypto {
@@ -49,7 +50,7 @@ public:
 						RawBuffer &pwdTag);
 	void importData(uint32_t dataType,
 					const RawBuffer &data,
-					const RawBuffer &encIV,
+					const Crypto::EncryptionParams &encData,
 					const RawBuffer &pwd,
 					const RawBuffer &pwdIV,
 					const uint32_t keySizeBits,
diff --git a/src/manager/initial-values/BufferHandler.cpp b/src/manager/initial-values/BufferHandler.cpp
index cca06b20..59178442 100644
--- a/src/manager/initial-values/BufferHandler.cpp
+++ b/src/manager/initial-values/BufferHandler.cpp
@@ -29,6 +29,7 @@
 
 namespace {
 const char *const XML_ATTR_IV  = "IV";
+const char *const XML_ATTR_TAG = "tag";
 }
 
 namespace CKM {
@@ -39,14 +40,22 @@ BufferHandler::~BufferHandler() {}
 
 void BufferHandler::Start(const XML::Parser::Attributes &attr)
 {
-	// get key type
 	if (attr.find(XML_ATTR_IV) != attr.end()) {
 		std::string IVstring = attr.at(XML_ATTR_IV);
 		Base64Decoder base64;
 		base64.reset();
 		base64.append(RawBuffer(IVstring.begin(), IVstring.end()));
 		base64.finalize();
-		m_IV = base64.get();
+		m_encryptionParams.iv = base64.get();
+	}
+
+	if (attr.find(XML_ATTR_TAG) != attr.end()) {
+		std::string tag = attr.at(XML_ATTR_TAG);
+		Base64Decoder base64;
+		base64.reset();
+		base64.append(RawBuffer(tag.begin(), tag.end()));
+		base64.finalize();
+		m_encryptionParams.tag = base64.get();
 	}
 }
 
diff --git a/src/manager/initial-values/BufferHandler.h b/src/manager/initial-values/BufferHandler.h
index 08bca527..1b45839b 100644
--- a/src/manager/initial-values/BufferHandler.h
+++ b/src/manager/initial-values/BufferHandler.h
@@ -26,7 +26,7 @@
 #include <parser.h>
 #include <EncodingType.h>
 #include <ckm/ckm-type.h>
-#include <generic-backend/gobj.h>
+#include <generic-backend/encryption-params.h>
 
 namespace CKM {
 namespace InitialValues {
@@ -47,14 +47,14 @@ public:
 		return m_data;
 	}
 
-	const RawBuffer &getIV() const
+	const Crypto::EncryptionParams &getEncryptionParams() const
 	{
-		return m_IV;
+		return m_encryptionParams;
 	}
 
 private:
 	EncodingType m_encoding;
-	RawBuffer m_IV;
+	Crypto::EncryptionParams m_encryptionParams;
 	RawBuffer m_data;
 };
 
diff --git a/src/manager/initial-values/InitialValueHandler.cpp b/src/manager/initial-values/InitialValueHandler.cpp
index 7853d391..6ca335a7 100644
--- a/src/manager/initial-values/InitialValueHandler.cpp
+++ b/src/manager/initial-values/InitialValueHandler.cpp
@@ -80,7 +80,7 @@ void InitialValueHandler::End()
 
 	int ec = m_db_logic.importInitialData(m_name,
 	                                      Crypto::Data(getDataType(), m_bufferHandler->getData()),
-	                                      m_bufferHandler->getIV(),
+	                                      m_bufferHandler->getEncryptionParams(),
 	                                      policy);
 
 	if (CKM_API_SUCCESS != ec) {
diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp
index 98248ec6..6a10ad78 100644
--- a/src/manager/service/ckm-logic.cpp
+++ b/src/manager/service/ckm-logic.cpp
@@ -405,7 +405,7 @@ DB::Row CKMLogic::createEncryptedRow(
 	// do not encrypt data with password during cc_mode on
 	Token token = store.import(data,
 							   m_accessControl.isCCMode() ? "" : policy.password,
-							   RawBuffer());
+							   Crypto::EncryptionParams());
 	DB::Row row(std::move(token), name, owner,
 				static_cast<int>(policy.extractable));
 	crypto.encryptRow(row);
@@ -804,7 +804,7 @@ Crypto::GObjUPtr CKMLogic::rowToObject(
 		store.destroy(row);
 
 		// import it to store with new scheme: data -> pass(data)
-		Token token = store.import(Crypto::Data(row.dataType, row.data), pass, RawBuffer());
+		Token token = store.import(Crypto::Data(row.dataType, row.data), pass, Crypto::EncryptionParams());
 
 		// get it from the store (it can be different than the data we imported into store)
 		obj = store.getObject(token, pass);
@@ -1160,10 +1160,15 @@ RawBuffer CKMLogic::getDataList(
 int CKMLogic::importInitialData(
 	const Name &name,
 	const Crypto::Data &data,
-	const RawBuffer &iv,
+	const Crypto::EncryptionParams &encParams,
 	const Policy &policy)
 {
 	try {
+		if (encParams.iv.empty() != encParams.tag.empty()) {
+			LogError("Both iv and tag must be empty or set");
+			return CKM_API_ERROR_INPUT_PARAM;
+		}
+
 		// Inital values are always imported with root credentials. Client id is not important.
 		Credentials rootCred(0, "");
 
@@ -1176,11 +1181,12 @@ int CKMLogic::importInitialData(
 		if (retCode != CKM_API_SUCCESS)
 			return retCode;
 
-		Crypto::GStore &store = m_decider.getStore(data.type, policy, !iv.empty());
+		Crypto::GStore &store =
+				m_decider.getStore(data.type, policy, !encParams.iv.empty());
 
 		Token token;
 
-		if (iv.empty()) {
+		if (encParams.iv.empty()) {
             // Data are not encrypted, let's try to verify them
 			Crypto::Data binaryData;
 
@@ -1189,11 +1195,11 @@ int CKMLogic::importInitialData(
 
 			token = store.import(binaryData,
 								 m_accessControl.isCCMode() ? "" : policy.password,
-								 iv);
+								 encParams);
 		} else {
 			token = store.import(data,
 								 m_accessControl.isCCMode() ? "" : policy.password,
-								 iv);
+								 encParams);
 		}
 
 		DB::Row row(std::move(token), name, CLIENT_ID_SYSTEM,
diff --git a/src/manager/service/ckm-logic.h b/src/manager/service/ckm-logic.h
index 8115117e..7f9b5f02 100644
--- a/src/manager/service/ckm-logic.h
+++ b/src/manager/service/ckm-logic.h
@@ -36,7 +36,7 @@
 #include <certificate-impl.h>
 #include <sys/types.h>
 #include <generic-backend/gobj.h>
-
+#include <generic-backend/encryption-params.h>
 #include <platform/decider.h>
 
 namespace CKM {
@@ -209,7 +209,7 @@ public:
 	int importInitialData(
 		const Name &name,
 		const Crypto::Data &data,
-		const RawBuffer &iv,
+		const Crypto::EncryptionParams &encData,
 		const Policy &policy);
 
 	int unlockSystemDB();
diff --git a/tests/test_crypto-logic.cpp b/tests/test_crypto-logic.cpp
index f519e27b..d13f6af3 100644
--- a/tests/test_crypto-logic.cpp
+++ b/tests/test_crypto-logic.cpp
@@ -91,7 +91,7 @@ BOOST_AUTO_TEST_CASE(row_encryption)
 	Crypto::Data data(DataType(DataType::Type::BINARY_DATA), createRandom(10));
 	Crypto::Decider decider;
 	Crypto::GStore &store = decider.getStore(data.type, policy);
-	Token token = store.import(data, policy.password, RawBuffer());
+	Token token = store.import(data, policy.password, Crypto::EncryptionParams());
 
 	Name name = "test_data";
 	ClientId owner = "test_owner";
@@ -113,7 +113,7 @@ BOOST_AUTO_TEST_CASE(row_encryption_negatives)
 	Crypto::Data data(DataType(DataType::Type::BINARY_DATA), createRandom(10));
 	Crypto::Decider decider;
 	Crypto::GStore &store = decider.getStore(data.type, policy);
-	Token token = store.import(data, policy.password, RawBuffer());
+	Token token = store.import(data, policy.password, Crypto::EncryptionParams());
 
 	Name name = "test_data";
 	ClientId owner = "test_owner";
diff --git a/tests/test_generic-backend.cpp b/tests/test_generic-backend.cpp
index 0b39bf37..5814a264 100644
--- a/tests/test_generic-backend.cpp
+++ b/tests/test_generic-backend.cpp
@@ -15,7 +15,8 @@
  */
 #include <generic-backend/gobj.h>
 #include <generic-backend/gstore.h>
-//#include <generic-backend/algo-validation.h>
+#include <generic-backend/algo-validation.h>
+#include <generic-backend/encryption-params.h>
 
 #include <boost/test/unit_test.hpp>
 
@@ -72,7 +73,7 @@ BOOST_AUTO_TEST_CASE(gstore)
 						Exc::Crypto::OperationNotSupported);
 	BOOST_REQUIRE_THROW(store.generateSKey(CryptoAlgorithm(), Password()),
 						Exc::Crypto::OperationNotSupported);
-	BOOST_REQUIRE_THROW(store.import(Crypto::Data(), Password(), RawBuffer()),
+	BOOST_REQUIRE_THROW(store.import(Crypto::Data(), Password(), Crypto::EncryptionParams()),
 						Exc::Crypto::OperationNotSupported);
 	BOOST_REQUIRE_THROW(store.destroy(Token()),
 						Exc::Crypto::OperationNotSupported);
diff --git a/tests/test_tz-backend.cpp b/tests/test_tz-backend.cpp
index 880211bc..93447dea 100644
--- a/tests/test_tz-backend.cpp
+++ b/tests/test_tz-backend.cpp
@@ -14,6 +14,7 @@
  *  limitations under the License
  */
 #include <tz-backend/store.h>
+#include <generic-backend/encryption-params.h>
 
 #include <boost/test/unit_test.hpp>
 
@@ -30,7 +31,7 @@ BOOST_AUTO_TEST_CASE(store)
 						Exc::Crypto::OperationNotSupported);
 	BOOST_REQUIRE_THROW(store.generateAKey(CryptoAlgorithm(), Password(), Password()),
 						Exc::Crypto::OperationNotSupported);
-	BOOST_REQUIRE_THROW(store.import(Data(), Password(), RawBuffer()),
+	BOOST_REQUIRE_THROW(store.import(Data(), Password(), Crypto::EncryptionParams()),
 						Exc::Crypto::OperationNotSupported);
 	BOOST_REQUIRE_NO_THROW(store.destroy(Token()));
 }
author	Bartlomiej Grzelewski <b.grzelewski@samsung.com>	2018-09-28 13:46:21 +0200
committer	Bartlomiej Grzelewski <b.grzelewski@samsung.com>	2018-10-04 15:00:19 +0200
commit	f0a0b4b6f6f5047df98a75ec999a964ce772b012 (patch)
tree	21f6e26843a4fcd758f5f0410356e053a5db0a2d
parent	78b884add004bc306a81bb79e91aacab44cb98a9 (diff)
download	key-manager-f0a0b4b6f6f5047df98a75ec999a964ce772b012.tar.gz key-manager-f0a0b4b6f6f5047df98a75ec999a964ce772b012.tar.bz2 key-manager-f0a0b4b6f6f5047df98a75ec999a964ce772b012.zip