2 * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief Main header file for client library.
27 #include <ckm/ckm-certificate.h>
28 #include <ckm/ckm-error.h>
29 #include <ckm/ckm-key.h>
30 #include <ckm/ckm-pkcs12.h>
31 #include <ckm/ckm-type.h>
33 // Central Key Manager namespace
37 typedef std::shared_ptr<Manager> ManagerShPtr;
39 class KEY_MANAGER_API Manager {
44 Manager(const Manager &) = delete;
45 Manager &operator=(const Manager &) = delete;
49 int saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy);
50 int saveCertificate(const Alias &alias, const CertificateShPtr &cert,
51 const Policy &policy);
54 const PKCS12ShPtr &pkcs,
55 const Policy &keyPolicy,
56 const Policy &certPolicy);
58 int saveData(const Alias &alias, const RawBuffer &data, const Policy &policy);
60 int removeAlias(const Alias &alias);
62 int getKey(const Alias &alias, const Password &password, KeyShPtr &key);
65 const Password &password,
66 CertificateShPtr &certificate);
67 int getData(const Alias &alias, const Password &password, RawBuffer &data);
68 int getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs);
71 const Password &keyPass,
72 const Password &certPass,
75 // send request for list of all keys/certificates/data that application/user may use
76 int getKeyAliasVector(AliasVector &aliasVector);
77 int getKeyAliasPwdVector(AliasPwdVector &aliasPwdVector);
78 int getKeyEncryptionStatus(const Alias &alias, bool &status);
79 int getCertificateAliasVector(AliasVector &aliasVector);
80 int getCertificateAliasPwdVector(AliasPwdVector &aliasPwdVector);
81 int getCertificateEncryptionStatus(const Alias &alias, bool &status);
82 int getDataAliasVector(AliasVector &aliasVector);
83 int getDataAliasPwdVector(AliasPwdVector &aliasPwdVector);
84 int getDataEncryptionStatus(const Alias &alias, bool &status);
87 const int size, // size in bits [1024, 2048, 4096]
88 const Alias &privateKeyAlias,
89 const Alias &publicKeyAlias,
90 const Policy &policyPrivateKey = Policy(),
91 const Policy &policyPublicKey = Policy());
94 const int size, // size in bits [1024, 2048, 3072, 4096]
95 const Alias &privateKeyAlias,
96 const Alias &publicKeyAlias,
97 const Policy &policyPrivateKey = Policy(),
98 const Policy &policyPublicKey = Policy());
100 int createKeyPairECDSA(
101 const ElipticCurve type,
102 const Alias &privateKeyAlias,
103 const Alias &publicKeyAlias,
104 const Policy &policyPrivateKey = Policy(),
105 const Policy &policyPublicKey = Policy());
108 const int size, // size in bits [128, 192, 256]
109 const Alias &keyAlias,
110 const Policy &policyKey = Policy());
112 int getCertificateChain(
113 const CertificateShPtr &certificate,
114 const CertificateShPtrVector &untrustedCertificates,
115 const CertificateShPtrVector &trustedCertificates,
116 bool useTrustedSystemCertificates,
117 CertificateShPtrVector &certificateChainVector);
119 int getCertificateChain(
120 const CertificateShPtr &certificate,
121 const AliasVector &untrustedCertificates,
122 const AliasVector &trustedCertificates,
123 bool useTrustedSystemCertificates,
124 CertificateShPtrVector &certificateChainVector);
127 const Alias &privateKeyAlias,
128 const Password &password, // password for private_key
129 const RawBuffer &message,
130 const HashAlgorithm hash,
131 const RSAPaddingAlgorithm padding,
132 RawBuffer &signature);
135 const Alias &publicKeyOrCertAlias,
136 const Password &password, // password for public_key (optional)
137 const RawBuffer &message,
138 const RawBuffer &signature,
139 const HashAlgorithm hash,
140 const RSAPaddingAlgorithm padding);
142 // This function will check all certificates in chain except Root CA.
143 // This function will delegate task to service. You may use this even
144 // if application does not have permission to use network.
145 int ocspCheck(const CertificateShPtrVector &certificateChainVector,
148 int setPermission(const Alias &alias, const ClientId &accessor,
149 PermissionMask permissionMask);
151 // This function will encrypt data.
152 // Since Tizen 5.0, on chosen images using TEE backend:
153 // * maximum size of data can be limited to TEE-specific value; minimum 500 kB is supported)
154 // * GCM modes with short tags (32 and 64 bits) are not supported
155 // In these cases, key-manager can return a CKM_API_ERROR_SERVER_ERROR
156 int encrypt(const CryptoAlgorithm &algo,
157 const Alias &keyAlias,
158 const Password &password,
159 const RawBuffer &plain,
160 RawBuffer &encrypted);
162 // This function will decrypt data.
163 // Since Tizen 5.0, on chosen images using TEE backend:
164 // * maximum size of data can be limited to TEE-specific value; minimum 500 kB is supported)
165 // * GCM modes with short tags (32 and 64 bits) are not supported
166 // In these cases, key-manager can return a CKM_API_ERROR_SERVER_ERROR
167 int decrypt(const CryptoAlgorithm &algo,
168 const Alias &keyAlias,
169 const Password &password,
170 const RawBuffer &encrypted,
171 RawBuffer &decrypted);
173 int deriveKey(const CryptoAlgorithm &algo,
174 const Alias &secretAlias,
175 const Password &secretPassword,
176 const Alias &newKeyAlias,
177 const Policy &newKeyPolicy);
179 static ManagerShPtr create();
182 std::unique_ptr<Impl> m_impl;