2 * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief Main header file for client library.
27 #include <ckm/ckm-certificate.h>
28 #include <ckm/ckm-error.h>
29 #include <ckm/ckm-key.h>
30 #include <ckm/ckm-pkcs12.h>
31 #include <ckm/ckm-type.h>
33 // Central Key Manager namespace
37 typedef std::shared_ptr<Manager> ManagerShPtr;
39 class KEY_MANAGER_API Manager {
44 Manager(const Manager &) = delete;
45 Manager &operator=(const Manager &) = delete;
49 int saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy);
50 int saveCertificate(const Alias &alias, const CertificateShPtr &cert,
51 const Policy &policy);
54 const PKCS12ShPtr &pkcs,
55 const Policy &keyPolicy,
56 const Policy &certPolicy);
59 * Data must be extractable. If you set extractable bit to false function will
60 * return ERROR_INPUT_PARAM.
62 int saveData(const Alias &alias, const RawBuffer &data, const Policy &policy);
64 int removeAlias(const Alias &alias);
66 int getKey(const Alias &alias, const Password &password, KeyShPtr &key);
69 const Password &password,
70 CertificateShPtr &certificate);
71 int getData(const Alias &alias, const Password &password, RawBuffer &data);
72 int getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs);
75 const Password &keyPass,
76 const Password &certPass,
79 // send request for list of all keys/certificates/data that application/user may use
80 int getKeyAliasVector(AliasVector &aliasVector);
81 int getCertificateAliasVector(AliasVector &aliasVector);
82 int getDataAliasVector(AliasVector &aliasVector);
85 const int size, // size in bits [1024, 2048, 4096]
86 const Alias &privateKeyAlias,
87 const Alias &publicKeyAlias,
88 const Policy &policyPrivateKey = Policy(),
89 const Policy &policyPublicKey = Policy());
92 const int size, // size in bits [1024, 2048, 3072, 4096]
93 const Alias &privateKeyAlias,
94 const Alias &publicKeyAlias,
95 const Policy &policyPrivateKey = Policy(),
96 const Policy &policyPublicKey = Policy());
98 int createKeyPairECDSA(
99 const ElipticCurve type,
100 const Alias &privateKeyAlias,
101 const Alias &publicKeyAlias,
102 const Policy &policyPrivateKey = Policy(),
103 const Policy &policyPublicKey = Policy());
106 const int size, // size in bits [128, 192, 256]
107 const Alias &keyAlias,
108 const Policy &policyKey = Policy());
110 int getCertificateChain(
111 const CertificateShPtr &certificate,
112 const CertificateShPtrVector &untrustedCertificates,
113 const CertificateShPtrVector &trustedCertificates,
114 bool useTrustedSystemCertificates,
115 CertificateShPtrVector &certificateChainVector);
117 int getCertificateChain(
118 const CertificateShPtr &certificate,
119 const AliasVector &untrustedCertificates,
120 const AliasVector &trustedCertificates,
121 bool useTrustedSystemCertificates,
122 CertificateShPtrVector &certificateChainVector);
125 const Alias &privateKeyAlias,
126 const Password &password, // password for private_key
127 const RawBuffer &message,
128 const HashAlgorithm hash,
129 const RSAPaddingAlgorithm padding,
130 RawBuffer &signature);
133 const Alias &publicKeyOrCertAlias,
134 const Password &password, // password for public_key (optional)
135 const RawBuffer &message,
136 const RawBuffer &signature,
137 const HashAlgorithm hash,
138 const RSAPaddingAlgorithm padding);
140 // This function will check all certificates in chain except Root CA.
141 // This function will delegate task to service. You may use this even
142 // if application does not have permission to use network.
143 int ocspCheck(const CertificateShPtrVector &certificateChainVector,
146 int setPermission(const Alias &alias, const Label &accessor,
147 PermissionMask permissionMask);
149 // This function will encrypt data.
150 // Since Tizen 5.0, on chosen images using TEE backend:
151 // * maximum size of data can be limited to TEE-specific value; minimum 500 kB is supported)
152 // * GCM modes with short tags (32 and 64 bits) are not supported
153 // In these cases, key-manager can return a CKM_API_ERROR_SERVER_ERROR
154 int encrypt(const CryptoAlgorithm &algo,
155 const Alias &keyAlias,
156 const Password &password,
157 const RawBuffer &plain,
158 RawBuffer &encrypted);
160 // This function will decrypt data.
161 // Since Tizen 5.0, on chosen images using TEE backend:
162 // * maximum size of data can be limited to TEE-specific value; minimum 500 kB is supported)
163 // * GCM modes with short tags (32 and 64 bits) are not supported
164 // In these cases, key-manager can return a CKM_API_ERROR_SERVER_ERROR
165 int decrypt(const CryptoAlgorithm &algo,
166 const Alias &keyAlias,
167 const Password &password,
168 const RawBuffer &encrypted,
169 RawBuffer &decrypted);
171 static ManagerShPtr create();
174 std::unique_ptr<Impl> m_impl;