2 * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file ckmc-manager.h
19 * @brief Provides management functions(storing, retrieving, and removing) for keys,
20 * certificates and data of a user and additional crypto functions.
24 #ifndef __TIZEN_CORE_CKMC_MANAGER_H
25 #define __TIZEN_CORE_CKMC_MANAGER_H
28 #include <sys/types.h>
30 #include <ckmc/ckmc-type.h>
31 #include <ckmc/ckmc-error.h>
38 * @addtogroup CAPI_KEY_MANAGER_CLIENT_MODULE
44 * @brief Stores a key inside key manager based on the provided policy.
47 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
48 * required to use this API since 3.0.
50 * @remarks Currently API supports seven types of keys. These are RSA public/private key,
51 * DSA public/private key, ECDSA public/private key and AES symmetric key.
52 * @remarks key_type in key may be set to #CKMC_KEY_NONE as an input. key_type is determined inside
53 * key manager during storing keys.
54 * @remarks Some private key files are protected by a password. If raw_key in key read from those
55 * encrypted files is encrypted with a password, the password should be provided in the
56 * #ckmc_key_s structure.
57 * @remarks If password in policy is provided, the key is additionally encrypted with the password
60 * @param[in] alias The name of a key to be stored
61 * @param[in] key The key's binary value to be stored
62 * @param[in] policy The policy about how to store a key securely
64 * @return @c 0 on success,
65 * otherwise a negative error value
67 * @retval #CKMC_ERROR_NONE Successful
68 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
69 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
71 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
72 * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_key is not valid
73 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
74 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
76 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
78 * @see ckmc_remove_alias()
80 * @see ckmc_get_key_alias_list()
84 int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy);
87 * @deprecated Deprecated since 2.4. [Use ckmc_remove_alias() instead]
88 * @brief Removes a key from key manager.
91 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
92 * required to use this API since 3.0.
94 * @remarks To remove key, client must have remove permission to the specified key.
95 * @remarks The key owner can remove by default.
97 * @param[in] alias The name of a key to be removed
99 * @return @c 0 on success,
100 * otherwise a negative error value
102 * @retval #CKMC_ERROR_NONE Successful
103 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
104 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
106 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
107 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
108 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
110 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
112 * @see ckmc_save_key()
113 * @see ckmc_get_key()
114 * @see ckmc_get_key_alias_list()
116 int ckmc_remove_key(const char *alias);
119 * @brief Gets a key from key manager.
122 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
123 * required to use this API since 3.0.
125 * @remarks A client can access only data stored by the client.
126 * @remarks You must destroy the newly created @a ppkey by calling ckmc_key_free() if it is no
129 * @param[in] alias The name of a key to retrieve
130 * @param[in] password The password used in decrypting a key value \n
131 * If password of policy is provided in ckmc_save_key(), the same password
132 * should be provided.
133 * @param[out] ppkey The pointer to a newly created ckmc_key_s handle
135 * @return @c 0 on success,
136 * otherwise a negative error value
138 * @retval #CKMC_ERROR_NONE Successful
139 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
140 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
142 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
143 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
144 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
145 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
146 * Decryption failed because password is incorrect.
148 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
150 * @see ckmc_save_key()
151 * @see ckmc_remove_alias()
152 * @see ckmc_get_key_alias_list()
154 int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **ppkey);
157 * @brief Gets all the alias of keys that the client can access.
160 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
161 * required to use this API since 3.0.
163 * @remarks A client can access only data stored by the client.
164 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
165 * if it is no longer needed.
167 * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
168 * available alias of keys \n
169 * If there is no available key alias, *ppalias_list will be null.
171 * @return @c 0 on success,
172 * otherwise a negative error value
174 * @retval #CKMC_ERROR_NONE Successful
175 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
176 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
178 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
179 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
180 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
182 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
184 * @see ckmc_save_key()
185 * @see ckmc_remove_alias()
186 * @see ckmc_get_key()
188 int ckmc_get_key_alias_list(ckmc_alias_list_s** ppalias_list);
194 * @brief Stores a certificate inside key manager based on the provided policy.
197 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
199 * @remarks the certificate's binary value will be converted and saved as binary DER encoded
202 * @param[in] alias The name of a certificate to be stored
203 * @param[in] cert The certificate's binary value to be stored
204 * @param[in] policy The policy about how to store a certificate securely
206 * @return @c 0 on success,
207 * otherwise a negative error value
209 * @retval #CKMC_ERROR_NONE Successful
210 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
211 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
213 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
214 * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_cert is not valid
215 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
216 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
218 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
220 * @see ckmc_remove_alias()
221 * @see ckmc_get_cert()
222 * @see ckmc_get_cert_alias_list()
224 * @see #ckmc_policy_s
226 int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy);
229 * @deprecated Deprecated since 2.4. [Use ckmc_remove_alias() instead]
230 * @brief Removes a certificate from key manager.
233 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
234 * required to use this API since 3.0.
236 * @remarks To remove certificate, client must have remove permission to the specified certificate.
237 * @remarks The key owner can remove by default.
239 * @param[in] alias The name of a certificate to be removed
241 * @return @c 0 on success,
242 * otherwise a negative error value
244 * @retval #CKMC_ERROR_NONE Successful
245 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
246 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
248 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
249 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
250 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
252 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
254 * @see ckmc_save_cert()
255 * @see ckmc_get_cert()
256 * @see ckmc_get_cert_alias_list()
258 int ckmc_remove_cert(const char *alias);
261 * @brief Gets a certificate from key manager.
264 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
265 * required to use this API since 3.0.
267 * @remarks A client can access only certificate stored by the client.
268 * @remarks A DER encoded certificate will be returned as a return value.
269 * @remarks You must destroy the newly created @a ppcert by calling ckmc_cert_free() if it is no
272 * @param[in] alias The name of a certificate to retrieve
273 * @param[in] password The password used in decrypting a certificate value \n
274 * If password of policy is provided in ckmc_save_cert(), the same password
275 * should be provided.
276 * @param[out] ppcert The pointer to a newly created ckmc_cert_s handle
278 * @return @c 0 on success,
279 * otherwise a negative error value
281 * @retval #CKMC_ERROR_NONE Successful
282 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
283 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
285 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
286 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exists
287 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
288 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
289 * Decryption failed because password is incorrect.
291 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
293 * @see ckmc_save_cert()
294 * @see ckmc_remove_alias()
295 * @see ckmc_get_cert_alias_list()
297 int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **ppcert);
300 * @brief Gets all alias of certificates which the client can access.
303 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
304 * required to use this API since 3.0.
306 * @remarks A client can access only data stored by the client.
307 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
308 * if it is no longer needed.
310 * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
311 * available alias of keys \n
312 * If there is no available key alias, *ppalias_list will be null.
314 * @return @c 0 on success,
315 * otherwise a negative error value
317 * @retval #CKMC_ERROR_NONE Successful
318 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
319 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
321 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
322 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
323 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
325 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
327 * @see ckmc_save_cert()
328 * @see ckmc_remove_alias()
329 * @see ckmc_get_cert()
331 int ckmc_get_cert_alias_list(ckmc_alias_list_s** ppalias_list);
337 * @brief Stores PKCS12's contents inside key manager based on the provided policies.
338 * All items from the PKCS12 will use the same alias.
341 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
342 * required to use this API since 3.0.
344 * @param[in] alias The name of a data to be stored
345 * @param[in] pkcs Pointer to the pkcs12 structure to be saved
346 * @param[in] key_policy The policy about how to store pkcs's private key
347 * @param[in] cert_policy The policy about how to store pkcs's certificate
349 * @return @c 0 on success,
350 * otherwise a negative error value
352 * @retval #CKMC_ERROR_NONE Successful
353 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
354 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
356 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
357 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
358 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
360 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
362 * @see ckmc_remove_alias()
363 * @see ckmc_get_pkcs12()
364 * @see ckmc_get_data_alias_list()
365 * @see ckmc_pkcs12_load()
366 * @see #ckmc_pkcs12_s
367 * @see #ckmc_policy_s
369 int ckmc_save_pkcs12(const char *alias,
370 const ckmc_pkcs12_s *pkcs,
371 const ckmc_policy_s key_policy,
372 const ckmc_policy_s cert_policy);
375 * @brief Gets a pkcs12 from key manager.
378 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
379 * required to use this API since 3.0.
381 * @remarks A client can access only data stored by the client.
382 * @remarks You must destroy the newly created @a pkcs12 by calling ckmc_pkcs12_free() if it is no
385 * @param[in] alias The name of a data to retrieve
386 * @param[in] key_password Password that was used to encrypt privateKey (may be NULL)
387 * @param[in] cert_password Password used to encrypt certificates (may be NULL)
388 * @param[out] pkcs12 The pointer to a newly created ckmc_pkcs12_s handle
390 * @return @c 0 on success,
391 * otherwise a negative error value
393 * @retval #CKMC_ERROR_NONE Successful
394 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
395 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
397 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
398 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
399 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
400 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
401 * key_password or cert_password does not match with password
402 * used to encrypt data
404 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
406 * @see ckmc_save_pkcs12()
407 * @see ckmc_remove_alias()
409 int ckmc_get_pkcs12(const char *alias, const char *key_password, const char *cert_password, ckmc_pkcs12_s **pkcs12);
412 * @brief Stores a data inside key manager based on the provided policy.
415 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
416 * required to use this API since 3.0.
418 * @param[in] alias The name of a data to be stored
419 * @param[in] data The binary value to be stored
420 * @param[in] policy The policy about how to store a data securely
422 * @return @c 0 on success,
423 * otherwise a negative error value
425 * @retval #CKMC_ERROR_NONE Successful
426 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
427 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
429 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
430 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
431 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
433 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
435 * @see ckmc_remove_alias()
436 * @see ckmc_get_data()
437 * @see ckmc_get_data_alias_list()
438 * @see #ckmc_raw_buffer_s
439 * @see #ckmc_policy_s
441 int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy);
444 * @deprecated Deprecated since 2.4. [Use ckmc_remove_alias() instead]
445 * @brief Removes a data from key manager.
448 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
449 * required to use this API since 3.0.
451 * @remarks To remove data, client must have remove permission to the specified data object.
452 * @remarks The data owner can remove by default.
454 * @param[in] alias The name of a data to be removed
456 * @return @c 0 on success,
457 * otherwise a negative error value
459 * @retval #CKMC_ERROR_NONE Successful
460 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
461 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
463 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
464 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
465 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
467 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
469 * @see ckmc_save_data()
470 * @see ckmc_get_data()
471 * @see ckmc_get_data_alias_list()
473 int ckmc_remove_data(const char *alias);
476 * @brief Gets a data from key manager.
479 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
480 * required to use this API since 3.0.
482 * @remarks A client can access only data stored by the client.
483 * @remarks You must destroy the newly created @a ppdata by calling ckmc_buffer_free() if it is no
486 * @param[in] alias The name of a data to retrieve
487 * @param[in] password The password used in decrypting a data value \n
488 * If password of policy is provided in ckmc_save_data(), the same password
489 * should be provided.
490 * @param[out] ppdata The pointer to a newly created ckmc_raw_buffer_s handle
492 * @return @c 0 on success,
493 * otherwise a negative error value
495 * @retval #CKMC_ERROR_NONE Successful
496 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
497 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
499 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
500 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
501 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
502 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
503 * Decryption failed because password is incorrect.
504 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
506 * @see ckmc_save_data()
507 * @see ckmc_remove_alias()
508 * @see ckmc_get_data_alias_list()
510 int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **ppdata);
513 * @brief Gets all alias of data which the client can access.
516 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
517 * required to use this API since 3.0.
519 * @remarks A client can access only data stored by the client.
520 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
521 * if it is no longer needed.
523 * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
524 * available alias of keys \n
525 * If there is no available key alias, *ppalias_list will be null.
527 * @return @c 0 on success,
528 * otherwise a negative error value
530 * @retval #CKMC_ERROR_NONE Successful
531 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
532 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
534 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
535 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
536 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
538 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
540 * @see ckmc_save_data()
541 * @see ckmc_remove_alias()
542 * @see ckmc_get_data()
544 int ckmc_get_data_alias_list(ckmc_alias_list_s** ppalias_list);
550 * @brief Creates RSA private/public key pair and stores them inside key manager based on each
554 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
555 * required to use this API since 3.0.
557 * @remarks If password in policy is provided, the key is additionally encrypted with the password
560 * @param[in] size The size of key strength to be created \n
561 * @c 1024, @c 2048, and @c 4096 are supported
562 * @param[in] private_key_alias The name of private key to be stored
563 * @param[in] public_key_alias The name of public key to be stored
564 * @param[in] policy_private_key The policy about how to store a private key securely
565 * @param[in] policy_public_key The policy about how to store a public key securely
567 * @return @c 0 on success,
568 * otherwise a negative error value
570 * @retval #CKMC_ERROR_NONE Successful
571 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
572 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
574 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
575 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
576 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
578 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
580 * @see ckmc_create_key_pair_dsa()
581 * @see ckmc_create_key_pair_ecdsa()
582 * @see ckmc_create_signature()
583 * @see ckmc_verify_signature()
585 int ckmc_create_key_pair_rsa(const size_t size,
586 const char *private_key_alias,
587 const char *public_key_alias,
588 const ckmc_policy_s policy_private_key,
589 const ckmc_policy_s policy_public_key);
592 * @brief Creates DSA private/public key pair and stores them inside key manager based on each
596 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
597 * required to use this API since 3.0.
599 * @remarks If password in policy is provided, the key is additionally encrypted with the password
602 * @param[in] size The size of key strength to be created \n
603 * @c 1024, @c 2048, @c 3072 and @c 4096 are supported
604 * @param[in] private_key_alias The name of private key to be stored
605 * @param[in] public_key_alias The name of public key to be stored
606 * @param[in] policy_private_key The policy about how to store a private key securely
607 * @param[in] policy_public_key The policy about how to store a public key securely
609 * @return @c 0 on success,
610 * otherwise a negative error value
612 * @retval #CKMC_ERROR_NONE Successful
613 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
614 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
616 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
617 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
618 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
620 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
622 * @see ckmc_create_key_pair_rsa()
623 * @see ckmc_create_key_pair_ecdsa()
624 * @see ckmc_create_signature()
625 * @see ckmc_verify_signature()
627 int ckmc_create_key_pair_dsa(const size_t size,
628 const char *private_key_alias,
629 const char *public_key_alias,
630 const ckmc_policy_s policy_private_key,
631 const ckmc_policy_s policy_public_key);
634 * @brief Creates ECDSA private/public key pair and stores them inside key manager based on each
638 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
639 * required to use this API since 3.0.
641 * @remarks If password in policy is provided, the key is additionally encrypted with the password
644 * @param[in] type The type of elliptic curve of ECDSA
645 * @param[in] private_key_alias The name of private key to be stored
646 * @param[in] public_key_alias The name of public key to be stored
647 * @param[in] policy_private_key The policy about how to store a private key securely
648 * @param[in] policy_public_key The policy about how to store a public key securely
650 * @return @c 0 on success,
651 * otherwise a negative error value
653 * @retval #CKMC_ERROR_NONE Successful
654 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
655 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
657 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
658 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
659 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
661 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
663 * @see ckmc_create_key_pair_rsa()
664 * @see ckmc_create_key_pair_dsa()
665 * @see ckmc_create_signature()
666 * @see ckmc_verify_signature()
667 * @see #ckmc_ec_type_e
669 int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type,
670 const char *private_key_alias,
671 const char *public_key_alias,
672 const ckmc_policy_s policy_private_key,
673 const ckmc_policy_s policy_public_key);
676 * @brief Creates AES key and stores it inside key manager based on the policy.
680 * @remarks If password in policy is provided, the key is additionally encrypted with the password
683 * @param[in] size The size of key strength to be created \n
684 * @c 128, @c 192 and @c 256 are supported
685 * @param[in] key_alias The name of key to be stored
686 * @param[in] key_policy The policy about how to store the key securely
688 * @return @c 0 on success,
689 * otherwise a negative error value
691 * @retval #CKMC_ERROR_NONE Successful
692 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
693 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
695 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
696 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
697 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
699 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
701 * @see ckmc_create_key_pair_rsa()
702 * @see ckmc_create_key_pair_dsa()
703 * @see ckmc_create_key_pair_ecdsa()
704 * @see #ckmc_policy_s
706 int ckmc_create_key_aes(size_t size,
707 const char *key_alias,
708 ckmc_policy_s key_policy);
711 * @brief Creates a signature on a given message using a private key and returns the signature.
714 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
715 * required to use this API since 3.0.
717 * @remarks If password of policy is provided during storing a key, the same password should be
719 * @remarks You must destroy the newly created @a ppsignature by calling ckmc_buffer_free() if it is
722 * @param[in] private_key_alias The name of private key
723 * @param[in] password The password used in decrypting a private key value
724 * @param[in] message The message that is signed with a private key
725 * @param[in] hash The hash algorithm used in creating signature
726 * @param[in] padding The RSA padding algorithm used in creating signature \n
727 * It is used only when the signature algorithm is RSA
728 * @param[out] ppsignature The pointer to a newly created signature \n
729 * If an error occurs, @a *ppsignature will be null
731 * @return @c 0 on success,
732 * otherwise a negative error value
734 * @retval #CKMC_ERROR_NONE Successful
735 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
736 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
738 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
739 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
740 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
741 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
742 * Decryption failed because password is incorrect
744 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
746 * @see ckmc_create_key_pair_rsa()
747 * @see ckmc_create_key_pair_ecdsa()
748 * @see ckmc_verify_signature()
749 * @see ckmc_buffer_free()
750 * @see #ckmc_hash_algo_e
751 * @see #ckmc_rsa_padding_algo_e
753 int ckmc_create_signature(const char *private_key_alias,
754 const char *password,
755 const ckmc_raw_buffer_s message,
756 const ckmc_hash_algo_e hash,
757 const ckmc_rsa_padding_algo_e padding,
758 ckmc_raw_buffer_s **ppsignature);
761 * @brief Verifies a given signature on a given message using a public key and returns the signature
765 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
766 * required to use this API since 3.0.
768 * @remarks If password of policy is provided during storing a key, the same password should be
771 * @param[in] public_key_alias The name of public key
772 * @param[in] password The password used in decrypting a public key value
773 * @param[in] message The input on which the signature is created
774 * @param[in] signature The signature that is verified with public key
775 * @param[in] hash The hash algorithm used in verifying signature
776 * @param[in] padding The RSA padding algorithm used in verifying signature \n
777 * It is used only when the signature algorithm is RSA
779 * @return @c 0 on success and the signature is valid,
780 * otherwise a negative error value
782 * @retval #CKMC_ERROR_NONE Successful
783 * @retval #CKMC_ERROR_VERIFICATION_FAILED The signature is invalid
784 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
785 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
787 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
788 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
789 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
790 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
791 * Decryption failed because password is incorrect
793 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
795 * @see ckmc_create_key_pair_rsa()
796 * @see ckmc_create_key_pair_ecdsa()
797 * @see ckmc_verify_signature()
798 * @see #ckmc_hash_algo_e
799 * @see #ckmc_rsa_padding_algo_e
801 int ckmc_verify_signature(const char *public_key_alias,
802 const char *password,
803 const ckmc_raw_buffer_s message,
804 const ckmc_raw_buffer_s signature,
805 const ckmc_hash_algo_e hash,
806 const ckmc_rsa_padding_algo_e padding);
809 * @brief Verifies a certificate chain and returns that chain.
812 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
813 * required to use this API since 3.0.
815 * @remarks The trusted root certificate of the chain should exist in the system's certificate
817 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
818 * ckmc_cert_list_all_free() if it is no longer needed.
820 * @param[in] cert The certificate to be verified
821 * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate
823 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
824 * If an error occurs, @a *ppcert_chain_list will be null
826 * @return @c 0 on success and the signature is valid,
827 * otherwise a negative error value
829 * @retval #CKMC_ERROR_NONE Successful
830 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
831 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
832 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
834 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
835 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
836 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
837 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
838 * Decryption failed because password is incorrect
840 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
842 * @see ckmc_get_cert_chain_with_alias())
843 * @see ckmc_cert_list_all_free()
845 int ckmc_get_cert_chain(const ckmc_cert_s *cert,
846 const ckmc_cert_list_s *untrustedcerts,
847 ckmc_cert_list_s **ppcert_chain_list);
850 * @brief Verifies a certificate chain using an alias list of untrusted certificates and return that
854 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
855 * required to use this API since 3.0.
857 * @remarks The trusted root certificate of the chain should exist in the system's certificate
859 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
860 * ckmc_cert_list_all_free() if it is no longer needed.
862 * @param[in] cert The certificate to be verified
863 * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key manager
864 * to be used in verifying a certificate chain
865 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
866 * If an error occurs, @a *ppcert_chain_list will be null
868 * @return @c 0 on success and the signature is valid,
869 * otherwise a negative error value
871 * @retval #CKMC_ERROR_NONE Successful
872 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
873 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
874 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
876 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
877 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
878 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
879 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
880 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
881 * Some certificates were encrypted with password and could not
884 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
886 * @see ckmc_get_cert_chain()
887 * @see ckmc_cert_list_all_free()
889 int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert,
890 const ckmc_alias_list_s *untrustedcerts,
891 ckmc_cert_list_s **ppcert_chain_list);
894 * @brief Verifies a certificate chain and returns that chain using user entered trusted and
895 * untrusted CA certificates.
898 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
899 * required to use this API since 3.0.
901 * @remarks If the trusted root certificates are provided as a user input, these certificates do not
902 * need to exist in the system's certificate storage.
903 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
904 * ckmc_cert_list_all_free() if it is no longer needed.
906 * @param[in] cert The certificate to be verified
907 * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a
909 * @param[in] trustedcerts The trusted CA certificates to be used in verifying a
911 * @param[in] use_trustedsystemcerts The flag indicating the use of the trusted root certificates
912 * in the system's certificate storage
913 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
914 * If an error occurs, @a *ppcert_chain_list will be null
916 * @return @c 0 on success and the signature is valid,
917 * otherwise a negative error value
919 * @retval #CKMC_ERROR_NONE Successful
920 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
921 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
922 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
924 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
925 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
926 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
928 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
930 * @see ckmc_get_cert_chain_with_trustedcert_alias()
931 * @see ckmc_cert_list_all_free()
933 int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s *cert,
934 const ckmc_cert_list_s *untrustedcerts,
935 const ckmc_cert_list_s *trustedcerts,
936 const bool use_trustedsystemcerts,
937 ckmc_cert_list_s **ppcert_chain_list);
940 * @brief Verifies a certificate chain and returns that chain using alias lists of untrusted and
941 * trusted certificates.
944 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
945 * required to use this API since 3.0.
947 * @remarks If the alias list of trusted root certificates is provided as a user input, these
948 * certificates do not need to exist in the system's certificate storage.
949 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
950 * ckmc_cert_list_all_free() if it is no longer needed.
952 * @param[in] cert The certificate to be verified
953 * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key
954 * manager to be used in verifying a certificate chain
955 * @param[in] trustedcerts The alias list of trusted CA certificates stored in key
956 * manager to be used in verifying a certificate chain
957 * @param[in] use_trustedsystemcerts The flag indicating the use of the trusted root certificates
958 * in the system's certificate storage
959 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
960 * If an error occurs, @a *ppcert_chain_list will be null
962 * @return @c 0 on success and the signature is valid,
963 * otherwise a negative error value
965 * @retval #CKMC_ERROR_NONE Successful
966 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
967 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
968 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
970 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
971 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
972 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
973 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
974 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
975 * Some certificates were encrypted with password and could not
978 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
980 * @see ckmc_get_cert_chain_with_trustedcert()
981 * @see ckmc_cert_list_all_free()
983 int ckmc_get_cert_chain_with_trustedcert_alias(const ckmc_cert_s *cert,
984 const ckmc_alias_list_s *untrustedcerts,
985 const ckmc_alias_list_s *trustedcerts,
986 const bool use_trustedsystemcerts,
987 ckmc_cert_list_s **ppcert_chain_list);
990 * @brief Perform OCSP which checks certificate is whether revoked or not.
994 * @privilege %http://tizen.org/privilege/internet
996 * @param[in] pcert_chain_list Valid certificate chain to perform OCSP check
997 * @param[out] ocsp_status The pointer to status result of OCSP check
999 * @return @c 0 on success, otherwise a negative error value
1001 * @retval #CKMC_ERROR_NONE Successful
1002 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1003 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1004 * @retval #CKMC_ERROR_NOT_SUPPORTED Device needed to run API is not supported
1006 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1007 * @pre @a pcert_chain_list is created with ckmc_get_certificate_chain() or
1008 * ckmc_get_certificate_chain_with_alias().
1010 * @see ckmc_get_cert_chain())
1011 * @see ckmc_cert_list_all_free()
1013 int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status);
1016 * @deprecated Deprecated since 2.4. [Use ckmc_set_permission() instead]
1017 * @brief Allows another application to access client's application data.
1020 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
1021 * required to use this API since 3.0.
1023 * @remarks Data identified by @a alias should exist.
1025 * @param[in] alias Data alias for which access will be granted
1026 * @param[in] accessor Package id of the application that will gain access rights
1027 * @param[in] granted Rights granted for @a accessor application
1029 * @return @c 0 on success, otherwise a negative error value
1031 * @retval #CKMC_ERROR_NONE Successful
1032 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1033 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1035 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1036 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1037 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1039 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1041 * @see ckmc_deny_access()
1043 int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted);
1046 * @brief Allows another application to access client's application data.
1049 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
1050 * required to use this API since 3.0.
1052 * @remarks Data identified by @a alias should exist.
1054 * @param[in] alias Data alias for which access will be granted
1055 * @param[in] accessor Package id of the application that will gain access rights
1056 * @param[in] permissions Mask of permissions granted for @a accessor application
1057 * (@a ckmc_permission_e)
1058 * (previous permission mask will be replaced with the new mask value)
1060 * @return @c 0 on success, otherwise a negative error value
1062 * @retval #CKMC_ERROR_NONE Successful
1063 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1064 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1066 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1067 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1068 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1070 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1072 int ckmc_set_permission(const char *alias, const char *accessor, int permissions);
1075 * @deprecated Deprecated since 2.4. [Use ckmc_set_permission() instead]
1076 * @brief Revokes another application's access to client's application data.
1079 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
1080 * required to use this API since 3.0.
1082 * @remarks Data identified by @a alias should exist.
1083 * @remarks Only access previously granted with ckmc_allow_access can be revoked.
1085 * @param[in] alias Data alias for which access will be revoked
1086 * @param[in] accessor Package id of the application that will lose access rights
1088 * @return @c 0 on success, otherwise a negative error value
1090 * @retval #CKMC_ERROR_NONE Successful
1091 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or the @a accessor doesn't
1092 * have access to @a alias
1093 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1095 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1096 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1097 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1099 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1101 * @see ckmc_allow_access()
1102 * @see ckmc_set_permission()
1104 int ckmc_deny_access(const char *alias, const char *accessor);
1107 * @brief Removes a an entry (no matter of type) from the key manager.
1110 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
1111 * required to use this API since 3.0.
1113 * @remarks To remove item, client must have remove permission to the specified item.
1114 * @remarks The item owner can remove by default.
1116 * @param[in] alias Item alias to be removed
1118 * @return @c 0 on success,
1119 * otherwise a negative error value
1121 * @retval #CKMC_ERROR_NONE Successful
1122 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1123 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1125 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
1126 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1127 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1129 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1131 * @see ckmc_save_key()
1132 * @see ckmc_save_cert()
1133 * @see ckmc_save_data()
1134 * @see ckmc_save_pkcs12()
1135 * @see ckmc_create_key_pair_rsa()
1136 * @see ckmc_create_key_pair_dsa()
1137 * @see ckmc_create_key_pair_ecdsa()
1139 int ckmc_remove_alias(const char *alias);
1142 * @brief Encrypts data using selected key and algorithm.
1146 * @remarks Key identified by @a key_alias should exist.
1148 * @param[in] params Algorithm parameter list handle
1149 * @param[in] key_alias Alias of the key to be used for encryption
1150 * @param[in] password The password used in decrypting a key value \n
1151 * If password of policy is provided in ckmc_save_key(), the same
1152 * password should be provided
1153 * @param[in] decrypted Data to be encrypted
1154 * @param[out] ppencrypted Encrypted data (some algorithms may return additional information
1155 * embedded in encrypted data. AES GCM is an example) \n
1156 * The caller is responsible for freeing @a encrypted with
1157 * ckmc_buffer_free()
1159 * @return @c 0 on success, otherwise a negative error value
1161 * @retval #CKMC_ERROR_NONE Successful
1162 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1163 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1165 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1166 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist
1167 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1168 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
1169 * Key decryption failed because password is incorrect
1171 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1173 * @see ckmc_buffer_free()
1174 * @see ckmc_param_list_new()
1175 * @see ckmc_param_list_free()
1176 * @see ckmc_param_list_set_integer()
1177 * @see ckmc_param_list_set_buffer()
1178 * @see ckmc_generate_new_params()
1179 * @see #ckmc_param_list_h
1180 * @see #ckmc_param_name_e
1182 int ckmc_encrypt_data(ckmc_param_list_h params,
1183 const char *key_alias,
1184 const char *password,
1185 const ckmc_raw_buffer_s decrypted,
1186 ckmc_raw_buffer_s **ppencrypted);
1189 * @brief Decrypts data using selected key and algorithm.
1193 * @remarks Key identified by @a key_alias should exist.
1195 * @param[in] params Algorithm parameter list handle
1196 * @param[in] key_alias Alias of the key to be used for encryption
1197 * @param[in] password The password used in decrypting a key value \n
1198 * If password of policy is provided in ckmc_save_key(), the same
1199 * password should be provided
1200 * @param[in] encrypted Data to be decrypted (some algorithms may require additional
1201 * information embedded in encrypted data. AES GCM is an example)
1202 * @param[out] ppdecrypted Decrypted data \n
1203 * The caller is responsible for freeing @a decrypted with
1204 * ckmc_buffer_free()
1206 * @return @c 0 on success, otherwise a negative error value
1208 * @retval #CKMC_ERROR_NONE Successful
1209 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1210 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1212 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1213 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist
1214 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1215 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
1216 * Key decryption failed because password is incorrect
1218 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1220 * @see ckmc_buffer_free()
1221 * @see ckmc_param_list_new()
1222 * @see ckmc_param_list_free()
1223 * @see ckmc_param_list_set_integer()
1224 * @see ckmc_param_list_set_buffer()
1225 * @see ckmc_generate_new_params()
1226 * @see #ckmc_param_list_h
1227 * @see #ckmc_param_name_e
1229 int ckmc_decrypt_data(ckmc_param_list_h params,
1230 const char *key_alias,
1231 const char *password,
1232 const ckmc_raw_buffer_s encrypted,
1233 ckmc_raw_buffer_s **ppdecrypted);
1244 #endif /* __TIZEN_CORE_CKMC_MANAGER_H */