2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file ckmc-manager.h
19 * @brief Provides management functions(storing, retrieving, and removing) for keys,
20 * certificates and data of a user and additional crypto functions.
24 #ifndef __TIZEN_CORE_CKMC_MANAGER_H
25 #define __TIZEN_CORE_CKMC_MANAGER_H
28 #include <sys/types.h>
30 #include <ckmc/ckmc-type.h>
31 #include <ckmc/ckmc-error.h>
38 * @addtogroup CAPI_KEY_MANAGER_CLIENT_MODULE
44 * @brief Stores a key inside key manager based on the provided policy.
48 * @privilege %http://tizen.org/privilege/keymanager
50 * @remarks Currently API supports seven types of keys. These are RSA public/private key,
51 * DSA public/private key, ECDSA public/private key and AES symmetric key.
52 * @remarks key_type in key may be set to #CKMC_KEY_NONE as an input. key_type is determined inside
53 * key manager during storing keys.
54 * @remarks Some private key files are protected by a password. If raw_key in key read from those
55 * encrypted files is encrypted with a password, the password should be provided in the
56 * #ckmc_key_s structure.
57 * @remarks If password in policy is provided, the key is additionally encrypted with the password
60 * @param[in] alias The name of a key to be stored
61 * @param[in] key The key's binary value to be stored
62 * @param[in] policy The policy about how to store a key securely
64 * @return @c 0 on success,
65 * otherwise a negative error value
67 * @retval #CKMC_ERROR_NONE Successful
68 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
69 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
71 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
72 * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_key is not valid
73 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
74 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
76 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
78 * @see ckmc_remove_alias()
80 * @see ckmc_get_key_alias_list()
84 int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy);
87 * @deprecated Deprecated since 2.4. [Use ckmc_remove_alias() instead]
88 * @brief Removes a key from key manager.
92 * @privilege %http://tizen.org/privilege/keymanager
94 * @remarks To remove key, client must have remove permission to the specified key.
95 * @remarks The key owner can remove by default.
97 * @param[in] alias The name of a key to be removed
99 * @return @c 0 on success,
100 * otherwise a negative error value
102 * @retval #CKMC_ERROR_NONE Successful
103 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
104 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
106 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
107 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
108 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
110 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
112 * @see ckmc_save_key()
113 * @see ckmc_get_key()
114 * @see ckmc_get_key_alias_list()
116 int ckmc_remove_key(const char *alias);
119 * @brief Gets a key from key manager.
123 * @privilege %http://tizen.org/privilege/keymanager
125 * @remarks A client can access only data stored by the client.
126 * @remarks You must destroy the newly created @a ppkey by calling ckmc_key_free() if it is no
129 * @param[in] alias The name of a key to retrieve
130 * @param[in] password The password used in decrypting a key value \n
131 * If password of policy is provided in ckmc_save_key(), the same password
132 * should be provided.
133 * @param[out] ppkey The pointer to a newly created ckmc_key_s handle
135 * @return @c 0 on success,
136 * otherwise a negative error value
138 * @retval #CKMC_ERROR_NONE Successful
139 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
140 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
142 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
143 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
144 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
145 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
146 * Decryption failed because password is incorrect.
148 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
150 * @see ckmc_save_key()
151 * @see ckmc_remove_alias()
152 * @see ckmc_get_key_alias_list()
154 int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **ppkey);
157 * @brief Gets all the alias of keys that the client can access.
161 * @privilege %http://tizen.org/privilege/keymanager
163 * @remarks A client can access only data stored by the client.
164 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
165 * if it is no longer needed.
167 * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
168 * available alias of keys \n
169 * If there is no available key alias, *ppalias_list will be null.
171 * @return @c 0 on success,
172 * otherwise a negative error value
174 * @retval #CKMC_ERROR_NONE Successful
175 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
176 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
178 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
179 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
180 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
182 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
184 * @see ckmc_save_key()
185 * @see ckmc_remove_alias()
186 * @see ckmc_get_key()
188 int ckmc_get_key_alias_list(ckmc_alias_list_s** ppalias_list);
194 * @brief Stores a certificate inside key manager based on the provided policy.
198 * @privilege %http://tizen.org/privilege/keymanager
200 * @remarks the certificate's binary value will be converted and saved as binary DER encoded
203 * @param[in] alias The name of a certificate to be stored
204 * @param[in] cert The certificate's binary value to be stored
205 * @param[in] policy The policy about how to store a certificate securely
207 * @return @c 0 on success,
208 * otherwise a negative error value
210 * @retval #CKMC_ERROR_NONE Successful
211 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
212 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
214 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
215 * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_cert is not valid
216 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
217 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
219 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
221 * @see ckmc_remove_alias()
222 * @see ckmc_get_cert()
223 * @see ckmc_get_cert_alias_list()
225 * @see #ckmc_policy_s
227 int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy);
230 * @deprecated Deprecated since 2.4. [Use ckmc_remove_alias() instead]
231 * @brief Removes a certificate from key manager.
235 * @privilege %http://tizen.org/privilege/keymanager
237 * @remarks To remove certificate, client must have remove permission to the specified certificate.
238 * @remarks The key owner can remove by default.
240 * @param[in] alias The name of a certificate to be removed
242 * @return @c 0 on success,
243 * otherwise a negative error value
245 * @retval #CKMC_ERROR_NONE Successful
246 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
247 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
249 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
250 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
251 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
253 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
255 * @see ckmc_save_cert()
256 * @see ckmc_get_cert()
257 * @see ckmc_get_cert_alias_list()
259 int ckmc_remove_cert(const char *alias);
262 * @brief Gets a certificate from key manager.
266 * @privilege %http://tizen.org/privilege/keymanager
268 * @remarks A client can access only certificate stored by the client.
269 * @remarks A DER encoded certificate will be returned as a return value.
270 * @remarks You must destroy the newly created @a ppcert by calling ckmc_cert_free() if it is no
273 * @param[in] alias The name of a certificate to retrieve
274 * @param[in] password The password used in decrypting a certificate value \n
275 * If password of policy is provided in ckmc_save_cert(), the same password
276 * should be provided.
277 * @param[out] ppcert The pointer to a newly created ckmc_cert_s handle
279 * @return @c 0 on success,
280 * otherwise a negative error value
282 * @retval #CKMC_ERROR_NONE Successful
283 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
284 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
286 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
287 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exists
288 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
289 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
290 * Decryption failed because password is incorrect.
292 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
294 * @see ckmc_save_cert()
295 * @see ckmc_remove_alias()
296 * @see ckmc_get_cert_alias_list()
298 int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **ppcert);
301 * @brief Gets all alias of certificates which the client can access.
305 * @privilege %http://tizen.org/privilege/keymanager
307 * @remarks A client can access only data stored by the client.
308 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
309 * if it is no longer needed.
311 * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
312 * available alias of keys \n
313 * If there is no available key alias, *ppalias_list will be null.
315 * @return @c 0 on success,
316 * otherwise a negative error value
318 * @retval #CKMC_ERROR_NONE Successful
319 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
320 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
322 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
323 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
324 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
326 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
328 * @see ckmc_save_cert()
329 * @see ckmc_remove_alias()
330 * @see ckmc_get_cert()
332 int ckmc_get_cert_alias_list(ckmc_alias_list_s** ppalias_list);
338 * @brief Stores PKCS12's contents inside key manager based on the provided policies.
339 * All items from the PKCS12 will use the same alias.
343 * @privilege %http://tizen.org/privilege/keymanager
345 * @param[in] alias The name of a data to be stored
346 * @param[in] pkcs Pointer to the pkcs12 structure to be saved
347 * @param[in] key_policy The policy about how to store pkcs's private key
348 * @param[in] cert_policy The policy about how to store pkcs's certificate
350 * @return @c 0 on success,
351 * otherwise a negative error value
353 * @retval #CKMC_ERROR_NONE Successful
354 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
355 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
357 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
358 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
359 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
361 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
363 * @see ckmc_remove_alias()
364 * @see ckmc_get_pkcs12()
365 * @see ckmc_get_data_alias_list()
366 * @see ckmc_pkcs12_load()
367 * @see #ckmc_pkcs12_s
368 * @see #ckmc_policy_s
370 int ckmc_save_pkcs12(const char *alias,
371 const ckmc_pkcs12_s *pkcs,
372 const ckmc_policy_s key_policy,
373 const ckmc_policy_s cert_policy);
376 * @deprecated Deprecated since 2.4. [Use ckmc_remove_alias() instead]
377 * @brief Removes all PKCS12 contents from key manager.
381 * @privilege %http://tizen.org/privilege/keymanager
383 * @remarks To remove PKCS12, client must have remove permission to the specified PKCS12 object.
384 * @remarks The key owner can remove by default.
386 * @param[in] alias The name of PKCS12 to be removed
388 * @return @c 0 on success,
389 * otherwise a negative error value
391 * @retval #CKMC_ERROR_NONE Successful
392 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
393 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
395 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
396 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
397 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
399 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
401 * @see ckmc_remove_alias()
402 * @see ckmc_save_pkcs12()
403 * @see ckmc_get_pkcs12()
405 int ckmc_remove_pkcs12(const char *alias);
408 * @brief Gets a pkcs12 from key manager.
412 * @privilege %http://tizen.org/privilege/keymanager
414 * @remarks A client can access only data stored by the client.
415 * @remarks You must destroy the newly created @a pkcs12 by calling ckmc_pkcs12_free() if it is no
418 * @param[in] alias The name of a data to retrieve
419 * @param[in] key_password Password that was used to encrypt privateKey (may be NULL)
420 * @param[in] cert_password Password used to encrypt certificates (may be NULL)
421 * @param[out] pkcs12 The pointer to a newly created ckmc_pkcs12_s handle
423 * @return @c 0 on success,
424 * otherwise a negative error value
426 * @retval #CKMC_ERROR_NONE Successful
427 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
428 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
430 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
431 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
432 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
433 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
434 * Decryption failed because password is incorrect.
436 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
438 * @see ckmc_save_pkcs12()
439 * @see ckmc_remove_alias()
441 int ckmc_get_pkcs12(const char *alias, const char *key_password, const char *cert_password, ckmc_pkcs12_s **pkcs12);
444 * @brief Stores a data inside key manager based on the provided policy.
448 * @privilege %http://tizen.org/privilege/keymanager
450 * @param[in] alias The name of a data to be stored
451 * @param[in] data The binary value to be stored
452 * @param[in] policy The policy about how to store a data securely
454 * @return @c 0 on success,
455 * otherwise a negative error value
457 * @retval #CKMC_ERROR_NONE Successful
458 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
459 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
461 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
462 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
463 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
465 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
467 * @see ckmc_remove_alias()
468 * @see ckmc_get_data()
469 * @see ckmc_get_data_alias_list()
470 * @see #ckmc_raw_buffer_s
471 * @see #ckmc_policy_s
473 int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy);
476 * @deprecated Deprecated since 2.4. [Use ckmc_remove_alias() instead]
477 * @brief Removes a data from key manager.
481 * @privilege %http://tizen.org/privilege/keymanager
483 * @remarks To remove data, client must have remove permission to the specified data object.
484 * @remarks The data owner can remove by default.
486 * @param[in] alias The name of a data to be removed
488 * @return @c 0 on success,
489 * otherwise a negative error value
491 * @retval #CKMC_ERROR_NONE Successful
492 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
493 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
495 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
496 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
497 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
499 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
501 * @see ckmc_save_data()
502 * @see ckmc_get_data()
503 * @see ckmc_get_data_alias_list()
505 int ckmc_remove_data(const char *alias);
508 * @brief Gets a data from key manager.
512 * @privilege %http://tizen.org/privilege/keymanager
514 * @remarks A client can access only data stored by the client.
515 * @remarks You must destroy the newly created @a ppdata by calling ckmc_buffer_free() if it is no
518 * @param[in] alias The name of a data to retrieve
519 * @param[in] password The password used in decrypting a data value \n
520 * If password of policy is provided in ckmc_save_data(), the same password
521 * should be provided.
522 * @param[out] ppdata The pointer to a newly created ckmc_raw_buffer_s handle
524 * @return @c 0 on success,
525 * otherwise a negative error value
527 * @retval #CKMC_ERROR_NONE Successful
528 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
529 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
531 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
532 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
533 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
534 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
535 * Decryption failed because password is incorrect.
536 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
538 * @see ckmc_save_data()
539 * @see ckmc_remove_alias()
540 * @see ckmc_get_data_alias_list()
542 int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **ppdata);
545 * @brief Gets all alias of data which the client can access.
549 * @privilege %http://tizen.org/privilege/keymanager
551 * @remarks A client can access only data stored by the client.
552 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
553 * if it is no longer needed.
555 * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
556 * available alias of keys \n
557 * If there is no available key alias, *ppalias_list will be null.
559 * @return @c 0 on success,
560 * otherwise a negative error value
562 * @retval #CKMC_ERROR_NONE Successful
563 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
564 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
566 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
567 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
568 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
570 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
572 * @see ckmc_save_data()
573 * @see ckmc_remove_alias()
574 * @see ckmc_get_data()
576 int ckmc_get_data_alias_list(ckmc_alias_list_s** ppalias_list);
582 * @brief Creates RSA private/public key pair and stores them inside key manager based on each
587 * @privilege %http://tizen.org/privilege/keymanager
589 * @remarks If password in policy is provided, the key is additionally encrypted with the password
592 * @param[in] size The size of key strength to be created \n
593 * @c 1024, @c 2048, and @c 4096 are supported.
594 * @param[in] private_key_alias The name of private key to be stored
595 * @param[in] public_key_alias The name of public key to be stored
596 * @param[in] policy_private_key The policy about how to store a private key securely
597 * @param[in] policy_public_key The policy about how to store a public key securely
599 * @return @c 0 on success,
600 * otherwise a negative error value
602 * @retval #CKMC_ERROR_NONE Successful
603 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
604 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
606 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
607 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
608 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
610 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
612 * @see ckmc_create_key_pair_dsa()
613 * @see ckmc_create_key_pair_ecdsa()
614 * @see ckmc_create_signature()
615 * @see ckmc_verify_signature()
617 int ckmc_create_key_pair_rsa(const size_t size,
618 const char *private_key_alias,
619 const char *public_key_alias,
620 const ckmc_policy_s policy_private_key,
621 const ckmc_policy_s policy_public_key);
624 * @brief Creates DSA private/public key pair and stores them inside key manager based on each
629 * @privilege %http://tizen.org/privilege/keymanager
631 * @remarks If password in policy is provided, the key is additionally encrypted with the password
634 * @param[in] size The size of key strength to be created \n
635 * @c 1024, @c 2048, @c 3072 and @c 4096 are supported.
636 * @param[in] private_key_alias The name of private key to be stored
637 * @param[in] public_key_alias The name of public key to be stored
638 * @param[in] policy_private_key The policy about how to store a private key securely
639 * @param[in] policy_public_key The policy about how to store a public key securely
641 * @return @c 0 on success,
642 * otherwise a negative error value
644 * @retval #CKMC_ERROR_NONE Successful
645 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
646 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
648 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
649 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
650 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
652 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
654 * @see ckmc_create_key_pair_rsa()
655 * @see ckmc_create_key_pair_ecdsa()
656 * @see ckmc_create_signature()
657 * @see ckmc_verify_signature()
659 int ckmc_create_key_pair_dsa(const size_t size,
660 const char *private_key_alias,
661 const char *public_key_alias,
662 const ckmc_policy_s policy_private_key,
663 const ckmc_policy_s policy_public_key);
666 * @brief Creates ECDSA private/public key pair and stores them inside key manager based on each
671 * @privilege %http://tizen.org/privilege/keymanager
673 * @remarks If password in policy is provided, the key is additionally encrypted with the password
676 * @param[in] type The type of elliptic curve of ECDSA
677 * @param[in] private_key_alias The name of private key to be stored
678 * @param[in] public_key_alias The name of public key to be stored
679 * @param[in] policy_private_key The policy about how to store a private key securely
680 * @param[in] policy_public_key The policy about how to store a public key securely
682 * @return @c 0 on success,
683 * otherwise a negative error value
685 * @retval #CKMC_ERROR_NONE Successful
686 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
687 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
689 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
690 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
691 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
693 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
695 * @see ckmc_create_key_pair_rsa()
696 * @see ckmc_create_key_pair_dsa()
697 * @see ckmc_create_signature()
698 * @see ckmc_verify_signature()
699 * @see #ckmc_ec_type_e
701 int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type,
702 const char *private_key_alias,
703 const char *public_key_alias,
704 const ckmc_policy_s policy_private_key,
705 const ckmc_policy_s policy_public_key);
708 * @brief Creates AES key and stores it inside key manager based on the policy.
712 * @privilege %http://tizen.org/privilege/keymanager
714 * @remarks If password in policy is provided, the key is additionally encrypted with the password
717 * @param[in] size The size of key strength to be created. \n
718 * @c 128, @c 192 and @c 256 are supported.
719 * @param[in] key_alias The name of key to be stored
720 * @param[in] key_policy The policy about how to store the key securely
722 * @return @c 0 on success,
723 * otherwise a negative error value
725 * @retval #CKMC_ERROR_NONE Successful
726 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
727 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
729 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
730 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
731 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
733 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
735 * @see ckmc_create_key_pair_rsa()
736 * @see ckmc_create_key_pair_dsa()
737 * @see ckmc_create_key_pair_ecdsa()
739 int ckmc_create_key_aes(const size_t size,
740 const char *key_alias,
741 const ckmc_policy_s key_policy);
744 * @brief Creates a signature on a given message using a private key and returns the signature.
748 * @privilege %http://tizen.org/privilege/keymanager
750 * @remarks If password of policy is provided during storing a key, the same password should be
752 * @remarks You must destroy the newly created @a ppsignature by calling ckmc_buffer_free() if it is
755 * @param[in] private_key_alias The name of private key
756 * @param[in] password The password used in decrypting a private key value
757 * @param[in] message The message that is signed with a private key
758 * @param[in] hash The hash algorithm used in creating signature
759 * @param[in] padding The RSA padding algorithm used in creating signature \n
760 * It is used only when the signature algorithm is RSA.
761 * @param[out] ppsignature The pointer to a newly created signature \n
762 * If an error occurs, @a *ppsignature will be null.
764 * @return @c 0 on success,
765 * otherwise a negative error value
767 * @retval #CKMC_ERROR_NONE Successful
768 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
769 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
771 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
772 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
773 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
774 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
775 * Decryption failed because password is incorrect.
777 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
779 * @see ckmc_create_key_pair_rsa()
780 * @see ckmc_create_key_pair_ecdsa()
781 * @see ckmc_verify_signature()
782 * @see ckmc_buffer_free()
783 * @see #ckmc_hash_algo_e
784 * @see #ckmc_rsa_padding_algo_e
786 int ckmc_create_signature(const char *private_key_alias,
787 const char *password,
788 const ckmc_raw_buffer_s message,
789 const ckmc_hash_algo_e hash,
790 const ckmc_rsa_padding_algo_e padding,
791 ckmc_raw_buffer_s **ppsignature);
794 * @brief Verifies a given signature on a given message using a public key and returns the signature
799 * @privilege %http://tizen.org/privilege/keymanager
801 * @remarks If password of policy is provided during storing a key, the same password should be
804 * @param[in] public_key_alias The name of public key
805 * @param[in] password The password used in decrypting a public key value
806 * @param[in] message The input on which the signature is created
807 * @param[in] signature The signature that is verified with public key
808 * @param[in] hash The hash algorithm used in verifying signature
809 * @param[in] padding The RSA padding algorithm used in verifying signature \n
810 * It is used only when the signature algorithm is RSA.
812 * @return @c 0 on success and the signature is valid,
813 * otherwise a negative error value
815 * @retval #CKMC_ERROR_NONE Successful
816 * @retval #CKMC_ERROR_VERIFICATION_FAILED The signature is invalid
817 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
818 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
820 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
821 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
822 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
823 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
824 * Decryption failed because password is incorrect.
826 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
828 * @see ckmc_create_key_pair_rsa()
829 * @see ckmc_create_key_pair_ecdsa()
830 * @see ckmc_verify_signature()
831 * @see #ckmc_hash_algo_e
832 * @see #ckmc_rsa_padding_algo_e
834 int ckmc_verify_signature(const char *public_key_alias,
835 const char *password,
836 const ckmc_raw_buffer_s message,
837 const ckmc_raw_buffer_s signature,
838 const ckmc_hash_algo_e hash,
839 const ckmc_rsa_padding_algo_e padding);
842 * @brief Verifies a certificate chain and returns that chain.
846 * @privilege %http://tizen.org/privilege/keymanager
848 * @remarks The trusted root certificate of the chain should exist in the system's certificate
850 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
851 * ckmc_cert_list_all_free() if it is no longer needed.
853 * @param[in] cert The certificate to be verified
854 * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate
856 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
857 * If an error occurs, @a *ppcert_chain_list will be null.
859 * @return @c 0 on success and the signature is valid,
860 * otherwise a negative error value
862 * @retval #CKMC_ERROR_NONE Successful
863 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
864 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
865 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
867 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
868 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
869 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
870 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
871 * Decryption failed because password is incorrect.
873 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
875 * @see ckmc_get_cert_chain_with_alias())
876 * @see ckmc_cert_list_all_free()
878 int ckmc_get_cert_chain(const ckmc_cert_s *cert,
879 const ckmc_cert_list_s *untrustedcerts,
880 ckmc_cert_list_s **ppcert_chain_list);
883 * @brief Verifies a certificate chain using an alias list of untrusted certificates and return that
888 * @privilege %http://tizen.org/privilege/keymanager
890 * @remarks The trusted root certificate of the chain should exist in the system's certificate
892 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
893 * ckmc_cert_list_all_free() if it is no longer needed.
895 * @param[in] cert The certificate to be verified
896 * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key manager
897 * to be used in verifying a certificate chain
898 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
899 * If an error occurs, @a *ppcert_chain_list will be null.
901 * @return @c 0 on success and the signature is valid,
902 * otherwise a negative error value
904 * @retval #CKMC_ERROR_NONE Successful
905 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
906 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
907 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
909 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
910 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
911 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
912 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
913 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
914 * Some certificates were encrypted with password and could not
917 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
919 * @see ckmc_get_cert_chain()
920 * @see ckmc_cert_list_all_free()
922 int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert,
923 const ckmc_alias_list_s *untrustedcerts,
924 ckmc_cert_list_s **ppcert_chain_list);
927 * @brief Verifies a certificate chain and returns that chain using user entered trusted and
928 * untrusted CA certificates
932 * @privilege %http://tizen.org/privilege/keymanager
934 * @remarks If the trusted root certificates are provided as a user input, these certificates do not
935 * need to exist in the system's certificate storage.
936 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
937 * ckmc_cert_list_all_free() if it is no longer needed.
939 * @param[in] cert The certificate to be verified
940 * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a
942 * @param[in] trustedcerts The trusted CA certificates to be used in verifying a
944 * @param[in] use_trustedsystemcerts The flag indicating the use of the trusted root certificates
945 * in the system's certificate storage.
946 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
947 * If an error occurs, @a *ppcert_chain_list will be null.
949 * @return @c 0 on success and the signature is valid,
950 * otherwise a negative error value
952 * @retval #CKMC_ERROR_NONE Successful
953 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
954 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
955 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
957 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
958 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
959 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
961 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
963 * @see ckmc_get_cert_chain_with_trustedcert_alias()
964 * @see ckmc_cert_list_all_free()
966 int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s *cert,
967 const ckmc_cert_list_s *untrustedcerts,
968 const ckmc_cert_list_s *trustedcerts,
969 const bool use_trustedsystemcerts,
970 ckmc_cert_list_s **ppcert_chain_list);
973 * @brief Verifies a certificate chain and returns that chain using alias lists of untrusted and
974 * trusted certificates
978 * @privilege %http://tizen.org/privilege/keymanager
980 * @remarks If the alias list of trusted root certificates is provided as a user input, these
981 * certificates do not need to exist in the system's certificate storage.
982 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
983 * ckmc_cert_list_all_free() if it is no longer needed.
985 * @param[in] cert The certificate to be verified
986 * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key
987 * manager to be used in verifying a certificate chain
988 * @param[in] trustedcerts The alias list of trusted CA certificates stored in key
989 * manager to be used in verifying a certificate chain
990 * @param[in] use_trustedsystemcerts The flag indicating the use of the trusted root certificates
991 * in the system's certificate storage.
992 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
993 * If an error occurs, @a *ppcert_chain_list will be null.
995 * @return @c 0 on success and the signature is valid,
996 * otherwise a negative error value
998 * @retval #CKMC_ERROR_NONE Successful
999 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
1000 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1001 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1003 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1004 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1005 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
1006 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1007 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
1008 * Some certificates were encrypted with password and could not
1011 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1013 * @see ckmc_get_cert_chain_with_trustedcert()
1014 * @see ckmc_cert_list_all_free()
1016 int ckmc_get_cert_chain_with_trustedcert_alias(const ckmc_cert_s *cert,
1017 const ckmc_alias_list_s *untrustedcerts,
1018 const ckmc_alias_list_s *trustedcerts,
1019 const bool use_trustedsystemcerts,
1020 ckmc_cert_list_s **ppcert_chain_list);
1023 * @brief Perform OCSP which checks certificate is whether revoked or not
1027 * @privilege %http://tizen.org/privilege/keymanager
1029 * @param[in] pcert_chain_list Valid certificate chain to perform OCSP check
1030 * @param[out] ocsp_status The pointer to status result of OCSP check
1032 * @return @c 0 on success, otherwise a negative error value
1034 * @retval #CKMC_ERROR_NONE Successful
1035 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1036 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1038 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1039 * @pre @a pcert_chain_list is created with ckmc_get_certificate_chain() or
1040 * ckmc_get_certificate_chain_with_alias()
1042 * @see ckmc_get_cert_chain())
1043 * @see ckmc_cert_list_all_free()
1045 int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status);
1048 * @deprecated Deprecated since 2.4. [Use ckmc_set_permission() instead]
1049 * @brief Allows another application to access client's application data
1053 * @privilege %http://tizen.org/privilege/keymanager
1055 * @remarks Data identified by @a alias should exist
1057 * @param[in] alias Data alias for which access will be granted
1058 * @param[in] accessor Package id of the application that will gain access rights
1059 * @param[in] granted Rights granted for @a accessor application
1061 * @return @c 0 on success, otherwise a negative error value
1063 * @retval #CKMC_ERROR_NONE Successful
1064 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1065 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1067 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1068 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1069 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1071 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1073 * @see ckmc_deny_access()
1075 int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted);
1078 * @brief Allows another application to access client's application data
1082 * @privilege %http://tizen.org/privilege/keymanager
1084 * @remarks Data identified by @a alias should exist
1086 * @param[in] alias Data alias for which access will be granted
1087 * @param[in] accessor Package id of the application that will gain access rights
1088 * @param[in] permissions Mask of permissions granted for @a accessor application
1089 * (@a ckmc_permission_e)
1090 * (previous permission mask will be replaced with the new mask value)
1092 * @return @c 0 on success, otherwise a negative error value
1094 * @retval #CKMC_ERROR_NONE Successful
1095 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1096 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1098 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1099 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1100 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1102 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1104 int ckmc_set_permission(const char *alias, const char *accessor, int permissions);
1107 * @deprecated Deprecated since 2.4. [Use ckmc_set_permission() instead]
1108 * @brief Revokes another application's access to client's application data
1112 * @privilege %http://tizen.org/privilege/keymanager
1114 * @remarks Data identified by @a alias should exist
1115 * @remarks Only access previously granted with ckmc_allow_access can be revoked.
1117 * @param[in] alias Data alias for which access will be revoked
1118 * @param[in] accessor Package id of the application that will lose access rights
1120 * @return @c 0 on success, otherwise a negative error value
1122 * @retval #CKMC_ERROR_NONE Successful
1123 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or the @a accessor doesn't
1124 * have access to @a alias
1125 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1127 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1128 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1129 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1131 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1133 * @see ckmc_allow_access()
1134 * @see ckmc_set_permission()
1136 int ckmc_deny_access(const char *alias, const char *accessor);
1139 * @brief Removes a an entry (no matter of type) from the key manager.
1143 * @privilege %http://tizen.org/privilege/keymanager
1145 * @remarks To remove item, client must have remove permission to the specified item.
1146 * @remarks The item owner can remove by default.
1148 * @param[in] alias Item alias to be removed
1150 * @return @c 0 on success,
1151 * otherwise a negative error value
1153 * @retval #CKMC_ERROR_NONE Successful
1154 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1155 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1157 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
1158 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1159 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1161 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1163 * @see ckmc_save_key()
1164 * @see ckmc_save_cert
1165 * @see ckmc_save_data
1166 * @see ckmc_save_pkcs12
1167 * @see ckmc_create_key_pair_rsa
1168 * @see ckmc_create_key_pair_dsa
1169 * @see ckmc_create_key_pair_ecdsa
1171 int ckmc_remove_alias(const char *alias);
1174 * @brief Encrypts data using selected key and algorithm
1178 * @privilege %http://tizen.org/privilege/keymanager
1180 * @remarks Key identified by @a key_alias should exist
1182 * @param[in] params Algorithm parameters
1183 * @param[in] key_alias Alias of the key to be used for encryption
1184 * @param[in] password The password used in decrypting a key value. If password of policy
1185 * is provided in ckmc_save_key(), the same password should be provided
1186 * @param[in] decrypted Data to be encrypted
1187 * @param[out] ppencrypted Encrypted data (some algorithms may return additional information
1188 * embedded in encrypted data. AES GCM is an example). The caller is
1189 * responsible for freeing ppencrypted with ckmc_buffer_free().
1191 * @return @c 0 on success, otherwise a negative error value
1193 * @retval #CKMC_ERROR_NONE Successful
1194 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1195 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1197 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1198 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist
1199 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1200 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
1201 * Key decryption failed because password is incorrect.
1203 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1205 int ckmc_encrypt_data(const ckmc_param_list_s *params,
1206 const char *key_alias,
1207 const char *password,
1208 const ckmc_raw_buffer_s decrypted,
1209 ckmc_raw_buffer_s **ppencrypted);
1212 * @brief Decrypts data using selected key and algorithm
1216 * @privilege %http://tizen.org/privilege/keymanager
1218 * @remarks Key identified by @a key_alias should exist
1220 * @param[in] params Algorithm parameters
1221 * @param[in] key_alias Alias of the key to be used for encryption
1222 * @param[in] password The password used in decrypting a key value. If password of policy
1223 * is provided in ckmc_save_key(), the same password should be provided
1224 * @param[in] encrypted Data to be decrypted (some algorithms may require additional
1225 * information embedded in encrypted data. AES GCM is an example).
1226 * @param[out] ppdecrypted Decrypted data. The caller is responsible for freeing ppdecrypted
1227 * with ckmc_buffer_free().
1229 * @return @c 0 on success, otherwise a negative error value
1231 * @retval #CKMC_ERROR_NONE Successful
1232 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1233 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1235 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1236 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist
1237 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1238 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
1239 * Key decryption failed because password is incorrect.
1241 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1243 int ckmc_decrypt_data(const ckmc_param_list_s *params,
1244 const char *key_alias,
1245 const char *password,
1246 const ckmc_raw_buffer_s encrypted,
1247 ckmc_raw_buffer_s **ppdecrypted);
1258 #endif /* __TIZEN_CORE_CKMC_MANAGER_H */