2 * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief Main header file for client library.
27 #include <ckm/ckm-certificate.h>
28 #include <ckm/ckm-error.h>
29 #include <ckm/ckm-key.h>
30 #include <ckm/ckm-pkcs12.h>
31 #include <ckm/ckm-type.h>
33 // Central Key Manager namespace
37 typedef std::shared_ptr<Manager> ManagerShPtr;
43 virtual int saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) = 0;
44 virtual int saveCertificate(const Alias &alias, const CertificateShPtr &cert, const Policy &policy) = 0;
45 virtual int savePKCS12(
47 const PKCS12ShPtr &pkcs,
48 const Policy &keyPolicy,
49 const Policy &certPolicy) = 0;
52 * Data must be extractable. If you set extractable bit to false function will
53 * return ERROR_INPUT_PARAM.
55 virtual int saveData(const Alias &alias, const RawBuffer &data, const Policy &policy) = 0;
57 virtual int removeAlias(const Alias &alias) = 0;
59 virtual int getKey(const Alias &alias, const Password &password, KeyShPtr &key) = 0;
60 virtual int getCertificate(
62 const Password &password,
63 CertificateShPtr &certificate) = 0;
64 virtual int getData(const Alias &alias, const Password &password, RawBuffer &data) = 0;
65 virtual int getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs) = 0;
67 // send request for list of all keys/certificates/data that application/user may use
68 virtual int getKeyAliasVector(AliasVector &aliasVector) = 0;
69 virtual int getCertificateAliasVector(AliasVector &aliasVector) = 0;
70 virtual int getDataAliasVector(AliasVector &aliasVector) = 0;
72 virtual int createKeyPairRSA(
73 const int size, // size in bits [1024, 2048, 4096]
74 const Alias &privateKeyAlias,
75 const Alias &publicKeyAlias,
76 const Policy &policyPrivateKey = Policy(),
77 const Policy &policyPublicKey = Policy()) = 0;
79 virtual int createKeyPairDSA(
80 const int size, // size in bits [1024, 2048, 3072, 4096]
81 const Alias &privateKeyAlias,
82 const Alias &publicKeyAlias,
83 const Policy &policyPrivateKey = Policy(),
84 const Policy &policyPublicKey = Policy()) = 0;
86 virtual int createKeyPairECDSA(
87 const ElipticCurve type,
88 const Alias &privateKeyAlias,
89 const Alias &publicKeyAlias,
90 const Policy &policyPrivateKey = Policy(),
91 const Policy &policyPublicKey = Policy()) = 0;
93 virtual int getCertificateChain(
94 const CertificateShPtr &certificate,
95 const CertificateShPtrVector &untrustedCertificates,
96 const CertificateShPtrVector &trustedCertificates,
97 bool useTrustedSystemCertificates,
98 CertificateShPtrVector &certificateChainVector) = 0;
100 virtual int getCertificateChain(
101 const CertificateShPtr &certificate,
102 const AliasVector &untrustedCertificates,
103 const AliasVector &trustedCertificates,
104 bool useTrustedSystemCertificates,
105 CertificateShPtrVector &certificateChainVector) = 0;
107 virtual int createSignature(
108 const Alias &privateKeyAlias,
109 const Password &password, // password for private_key
110 const RawBuffer &message,
111 const HashAlgorithm hash,
112 const RSAPaddingAlgorithm padding,
113 RawBuffer &signature) = 0;
115 virtual int verifySignature(
116 const Alias &publicKeyOrCertAlias,
117 const Password &password, // password for public_key (optional)
118 const RawBuffer &message,
119 const RawBuffer &signature,
120 const HashAlgorithm hash,
121 const RSAPaddingAlgorithm padding) = 0;
123 // This function will check all certificates in chain except Root CA.
124 // This function will delegate task to service. You may use this even
125 // if application does not have permission to use network.
126 virtual int ocspCheck(const CertificateShPtrVector &certificateChainVector, int &ocspStatus) = 0;
128 virtual int setPermission(const Alias &alias, const Label &accessor, PermissionMask permissionMask) = 0;
131 static ManagerShPtr create();
132 // static ManagerShPtr getManager(int uid); // TODO