2 * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief Main header file for client library.
27 #include <ckm/ckm-certificate.h>
28 #include <ckm/ckm-error.h>
29 #include <ckm/ckm-key.h>
30 #include <ckm/ckm-type.h>
32 // Central Key Manager namespace
36 typedef std::shared_ptr<Manager> ManagerShPtr;
42 virtual int saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy) = 0;
43 virtual int saveCertificate(const Alias &alias, const CertificateShPtr &cert, const Policy &policy) = 0;
46 * Data must be extractable. If you set extractable bit to false function will
47 * return ERROR_INPUT_PARAM.
49 virtual int saveData(const Alias &alias, const RawBuffer &data, const Policy &policy) = 0;
51 virtual int removeAlias(const Alias &alias) = 0;
53 virtual int getKey(const Alias &alias, const Password &password, KeyShPtr &key) = 0;
54 virtual int getCertificate(
56 const Password &password,
57 CertificateShPtr &certificate) = 0;
58 virtual int getData(const Alias &alias, const Password &password, RawBuffer &data) = 0;
60 // send request for list of all keys/certificates/data that application/user may use
61 virtual int getKeyAliasVector(AliasVector &aliasVector) = 0;
62 virtual int getCertificateAliasVector(AliasVector &aliasVector) = 0;
63 virtual int getDataAliasVector(AliasVector &aliasVector) = 0;
65 virtual int createKeyPairRSA(
66 const int size, // size in bits [1024, 2048, 4096]
67 const Alias &privateKeyAlias,
68 const Alias &publicKeyAlias,
69 const Policy &policyPrivateKey = Policy(),
70 const Policy &policyPublicKey = Policy()) = 0;
72 virtual int createKeyPairDSA(
73 const int size, // size in bits [1024, 2048, 3072, 4096]
74 const Alias &privateKeyAlias,
75 const Alias &publicKeyAlias,
76 const Policy &policyPrivateKey = Policy(),
77 const Policy &policyPublicKey = Policy()) = 0;
79 virtual int createKeyPairECDSA(
80 const ElipticCurve type,
81 const Alias &privateKeyAlias,
82 const Alias &publicKeyAlias,
83 const Policy &policyPrivateKey = Policy(),
84 const Policy &policyPublicKey = Policy()) = 0;
86 virtual int getCertificateChain(
87 const CertificateShPtr &certificate,
88 const CertificateShPtrVector &untrustedCertificates,
89 CertificateShPtrVector &certificateChainVector) = 0;
91 virtual int getCertificateChain(
92 const CertificateShPtr &certificate,
93 const AliasVector &untrustedCertificates,
94 CertificateShPtrVector &certificateChainVector) = 0;
96 virtual int createSignature(
97 const Alias &privateKeyAlias,
98 const Password &password, // password for private_key
99 const RawBuffer &message,
100 const HashAlgorithm hash,
101 const RSAPaddingAlgorithm padding,
102 RawBuffer &signature) = 0;
104 virtual int verifySignature(
105 const Alias &publicKeyOrCertAlias,
106 const Password &password, // password for public_key (optional)
107 const RawBuffer &message,
108 const RawBuffer &signature,
109 const HashAlgorithm hash,
110 const RSAPaddingAlgorithm padding) = 0;
112 // This function will check all certificates in chain except Root CA.
113 // This function will delegate task to service. You may use this even
114 // if application does not have permission to use network.
115 virtual int ocspCheck(const CertificateShPtrVector &certificateChainVector, int &ocspStatus) = 0;
117 virtual int setPermission(const Alias &alias, const Label &accessor, Permission newPermission) = 0;
120 static ManagerShPtr create();
121 // static ManagerShPtr getManager(int uid); // TODO