2 * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief Main header file for client library.
27 #include <ckm/ckm-certificate.h>
28 #include <ckm/ckm-error.h>
29 #include <ckm/ckm-key.h>
30 #include <ckm/ckm-pkcs12.h>
31 #include <ckm/ckm-type.h>
33 // Central Key Manager namespace
37 typedef std::shared_ptr<Manager> ManagerShPtr;
39 class KEY_MANAGER_API Manager {
44 Manager(const Manager &) = delete;
45 Manager& operator=(const Manager&) = delete;
49 int saveKey(const Alias &alias, const KeyShPtr &key, const Policy &policy);
50 int saveCertificate(const Alias &alias, const CertificateShPtr &cert, const Policy &policy);
53 const PKCS12ShPtr &pkcs,
54 const Policy &keyPolicy,
55 const Policy &certPolicy);
58 * Data must be extractable. If you set extractable bit to false function will
59 * return ERROR_INPUT_PARAM.
61 int saveData(const Alias &alias, const RawBuffer &data, const Policy &policy);
63 int removeAlias(const Alias &alias);
65 int getKey(const Alias &alias, const Password &password, KeyShPtr &key);
68 const Password &password,
69 CertificateShPtr &certificate);
70 int getData(const Alias &alias, const Password &password, RawBuffer &data);
71 int getPKCS12(const Alias &alias, PKCS12ShPtr &pkcs);
74 const Password &keyPass,
75 const Password &certPass,
78 // send request for list of all keys/certificates/data that application/user may use
79 int getKeyAliasVector(AliasVector &aliasVector);
80 int getCertificateAliasVector(AliasVector &aliasVector);
81 int getDataAliasVector(AliasVector &aliasVector);
84 const int size, // size in bits [1024, 2048, 4096]
85 const Alias &privateKeyAlias,
86 const Alias &publicKeyAlias,
87 const Policy &policyPrivateKey = Policy(),
88 const Policy &policyPublicKey = Policy());
91 const int size, // size in bits [1024, 2048, 3072, 4096]
92 const Alias &privateKeyAlias,
93 const Alias &publicKeyAlias,
94 const Policy &policyPrivateKey = Policy(),
95 const Policy &policyPublicKey = Policy());
97 int createKeyPairECDSA(
98 const ElipticCurve type,
99 const Alias &privateKeyAlias,
100 const Alias &publicKeyAlias,
101 const Policy &policyPrivateKey = Policy(),
102 const Policy &policyPublicKey = Policy());
105 const int size, // size in bits [128, 192, 256]
106 const Alias &keyAlias,
107 const Policy &policyKey = Policy());
109 int getCertificateChain(
110 const CertificateShPtr &certificate,
111 const CertificateShPtrVector &untrustedCertificates,
112 const CertificateShPtrVector &trustedCertificates,
113 bool useTrustedSystemCertificates,
114 CertificateShPtrVector &certificateChainVector);
116 int getCertificateChain(
117 const CertificateShPtr &certificate,
118 const AliasVector &untrustedCertificates,
119 const AliasVector &trustedCertificates,
120 bool useTrustedSystemCertificates,
121 CertificateShPtrVector &certificateChainVector);
124 const Alias &privateKeyAlias,
125 const Password &password, // password for private_key
126 const RawBuffer &message,
127 const HashAlgorithm hash,
128 const RSAPaddingAlgorithm padding,
129 RawBuffer &signature);
132 const Alias &publicKeyOrCertAlias,
133 const Password &password, // password for public_key (optional)
134 const RawBuffer &message,
135 const RawBuffer &signature,
136 const HashAlgorithm hash,
137 const RSAPaddingAlgorithm padding);
139 // This function will check all certificates in chain except Root CA.
140 // This function will delegate task to service. You may use this even
141 // if application does not have permission to use network.
142 int ocspCheck(const CertificateShPtrVector &certificateChainVector, int &ocspStatus);
144 int setPermission(const Alias &alias, const Label &accessor, PermissionMask permissionMask);
146 int encrypt(const CryptoAlgorithm &algo,
147 const Alias &keyAlias,
148 const Password &password,
149 const RawBuffer& plain,
150 RawBuffer& encrypted);
152 int decrypt(const CryptoAlgorithm &algo,
153 const Alias &keyAlias,
154 const Password &password,
155 const RawBuffer& encrypted,
156 RawBuffer& decrypted);
158 static ManagerShPtr create();
161 std::unique_ptr<Impl> m_impl;