2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file ckmc-manager.h
19 * @brief Provides management functions(storing, retrieving, and removing) for keys,
20 * certificates and data of a user and additional crypto functions.
24 #ifndef __TIZEN_CORE_CKMC_MANAGER_H
25 #define __TIZEN_CORE_CKMC_MANAGER_H
29 #include <sys/types.h>
31 #include <ckmc/ckmc-error.h>
32 #include <ckmc/ckmc-type.h>
38 * @addtogroup CAPI_KEY_MANAGER_CLIENT_MODULE
44 * @brief Stores a key inside key manager based on the provided policy.
48 * @privilege %http://tizen.org/privilege/keymanager
50 * @remarks Currently only six types of keys are supported for this API. These are RSA
51 * public/private key, DSA public/private key and ECDSA public/private key.
52 * @remarks key_type in key may be set to #CKMC_KEY_NONE as an input. key_type is determined inside
53 * key manager during storing keys.
54 * @remarks Some private key files are protected by a password. If raw_key in key read from those
55 * encrypted files is encrypted with a password, the password should be provided in the
56 * #ckmc_key_s structure.
57 * @remarks If password in policy is provided, the key is additionally encrypted with the password
60 * @param[in] alias The name of a key to be stored
61 * @param[in] key The key's binary value to be stored
62 * @param[in] policy The policy about how to store a key securely
64 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
66 * @retval #CKMC_ERROR_NONE Successful
67 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
68 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
70 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
71 * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_key is not valid
72 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
73 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
75 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
77 * @see ckmc_remove_alias()
79 * @see ckmc_get_key_alias_list()
80 * @see ckmc_key_free()
84 int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy);
87 * @deprecated Deprecated since 2.4. [Use ckmc_remove_alias() instead]
88 * @brief Removes a key from key manager.
92 * @privilege %http://tizen.org/privilege/keymanager
94 * @remarks To remove key, client must have remove permission to the specified key.
95 * @remarks The key owner can remove by default.
97 * @param[in] alias The name of a key to be removed
99 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
101 * @retval #CKMC_ERROR_NONE Successful
102 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
103 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
105 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
106 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
107 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
109 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
111 * @see ckmc_save_key()
112 * @see ckmc_get_key()
113 * @see ckmc_get_key_alias_list()
114 * @see ckmc_remove_alias()
116 int ckmc_remove_key(const char *alias);
119 * @brief Gets a key from key manager.
123 * @privilege %http://tizen.org/privilege/keymanager
125 * @remarks A client can access only data stored by the client.
126 * @remarks You must destroy the newly created @a ppkey by calling ckmc_key_free() if it is no
129 * @param[in] alias The name of a key to retrieve
130 * @param[in] password The password used in decrypting a key value \n
131 * If password of policy is provided in ckmc_save_key(), the same password
133 * @param[out] ppkey The pointer to a newly created #ckmc_key_s handle
135 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
137 * @retval #CKMC_ERROR_NONE Successful
138 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
139 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
141 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
142 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
143 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
144 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
145 * Decryption failed because password is incorrect
147 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
149 * @see ckmc_save_key()
150 * @see ckmc_remove_alias()
151 * @see ckmc_get_key_alias_list()
152 * @see ckmc_key_free()
155 int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **ppkey);
158 * @brief Gets all the alias of keys that the client can access.
162 * @privilege %http://tizen.org/privilege/keymanager
164 * @remarks A client can access only data stored by the client.
165 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
166 * if it is no longer needed.
168 * @param[out] ppalias_list The pointer to a newly created #ckmc_alias_list_s handle containing all
169 * available alias of keys \n
170 * If there is no available key alias, @a *ppalias_list will be null
172 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
174 * @retval #CKMC_ERROR_NONE Successful
175 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
176 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
178 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
179 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
180 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
182 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
184 * @see ckmc_save_key()
185 * @see ckmc_remove_alias()
186 * @see ckmc_get_key()
187 * @see ckmc_alias_list_all_free()
188 * @see #ckmc_alias_list_s
190 int ckmc_get_key_alias_list(ckmc_alias_list_s** ppalias_list);
196 * @brief Stores a certificate inside key manager based on the provided policy.
200 * @privilege %http://tizen.org/privilege/keymanager
202 * @remarks the certificate's binary value will be converted and saved as binary DER encoded
205 * @param[in] alias The name of a certificate to be stored
206 * @param[in] cert The certificate's binary value to be stored
207 * @param[in] policy The policy about how to store a certificate securely
209 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
211 * @retval #CKMC_ERROR_NONE Successful
212 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
213 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
215 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
216 * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_cert is not valid
217 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
218 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
220 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
222 * @see ckmc_remove_alias()
223 * @see ckmc_get_cert()
224 * @see ckmc_get_cert_alias_list()
226 * @see #ckmc_policy_s
228 int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy);
231 * @deprecated Deprecated since 2.4. [Use ckmc_remove_alias() instead]
232 * @brief Removes a certificate from key manager.
236 * @privilege %http://tizen.org/privilege/keymanager
238 * @remarks To remove certificate, client must have remove permission to the specified certificate.
239 * @remarks The key owner can remove by default.
241 * @param[in] alias The name of a certificate to be removed
243 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
245 * @retval #CKMC_ERROR_NONE Successful
246 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
247 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
249 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
250 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
251 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
253 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
255 * @see ckmc_save_cert()
256 * @see ckmc_get_cert()
257 * @see ckmc_get_cert_alias_list()
258 * @see ckmc_remove_alias()
260 int ckmc_remove_cert(const char *alias);
263 * @brief Gets a certificate from key manager.
267 * @privilege %http://tizen.org/privilege/keymanager
269 * @remarks A client can access only certificate stored by the client.
270 * @remarks A DER encoded certificate will be returned as a return value.
271 * @remarks You must destroy the newly created @a ppcert by calling ckmc_cert_free() if it is no
274 * @param[in] alias The name of a certificate to retrieve
275 * @param[in] password The password used in decrypting a certificate value \n
276 * If password of policy is provided in ckmc_save_cert(), the same password
278 * @param[out] ppcert The pointer to a newly created #ckmc_cert_s handle
280 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
282 * @retval #CKMC_ERROR_NONE Successful
283 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
284 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
286 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
287 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exists
288 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
289 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
290 * Decryption failed because password is incorrect
292 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
294 * @see ckmc_save_cert()
295 * @see ckmc_remove_alias()
296 * @see ckmc_get_cert_alias_list()
299 int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **ppcert);
302 * @brief Gets all alias of certificates which the client can access.
306 * @privilege %http://tizen.org/privilege/keymanager
308 * @remarks A client can access only data stored by the client.
309 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
310 * if it is no longer needed.
312 * @param[out] ppalias_list The pointer to a newly created #ckmc_alias_list_s handle containing all
313 * available alias of keys \n
314 * If there is no available key alias, @a *ppalias_list will be null
316 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
318 * @retval #CKMC_ERROR_NONE Successful
319 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
320 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
322 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
323 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
324 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
326 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
328 * @see ckmc_save_cert()
329 * @see ckmc_remove_alias()
330 * @see ckmc_get_cert()
331 * @see ckmc_alias_list_all_free()
332 * @see #ckmc_alias_list_s
334 int ckmc_get_cert_alias_list(ckmc_alias_list_s** ppalias_list);
340 * @brief Stores PKCS12's contents inside key manager based on the provided policies.
341 * All items from the PKCS12 will use the same alias.
345 * @privilege %http://tizen.org/privilege/keymanager
347 * @param[in] alias The name of a data to be stored
348 * @param[in] pkcs Pointer to the pkcs12 structure to be saved
349 * @param[in] key_policy The policy about how to store pkcs's private key
350 * @param[in] cert_policy The policy about how to store pkcs's certificate
352 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
354 * @retval #CKMC_ERROR_NONE Successful
355 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
356 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
358 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
359 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
360 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
362 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
364 * @see ckmc_remove_alias()
365 * @see ckmc_get_pkcs12()
366 * @see ckmc_get_data_alias_list()
367 * @see ckmc_pkcs12_load()
368 * @see #ckmc_pkcs12_s
369 * @see #ckmc_policy_s
371 int ckmc_save_pkcs12(const char *alias,
372 const ckmc_pkcs12_s *pkcs,
373 const ckmc_policy_s key_policy,
374 const ckmc_policy_s cert_policy);
377 * @brief Gets a pkcs12 from key manager.
381 * @privilege %http://tizen.org/privilege/keymanager
383 * @remarks A client can access only data stored by the client.
384 * @remarks You must destroy the newly created @a pkcs12 by calling ckmc_pkcs12_free() if it is no
387 * @param[in] alias The name of a data to retrieve
388 * @param[in] key_password Password that was used to encrypt privateKey (may be NULL)
389 * @param[in] cert_password Password used to encrypt certificates (may be NULL)
390 * @param[out] pkcs12 The pointer to a newly created #ckmc_pkcs12_s handle
392 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
394 * @retval #CKMC_ERROR_NONE Successful
395 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
396 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
398 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
399 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
400 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
401 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
402 * keyPassword or certPassword does not match with password
403 * used to encrypt data
405 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
407 * @see ckmc_save_pkcs12()
408 * @see ckmc_remove_alias()
409 * @see ckmc_pkcs12_free()
410 * @see #ckmc_pkcs12_s
412 int ckmc_get_pkcs12(const char *alias, const char *key_password, const char *cert_password, ckmc_pkcs12_s **pkcs12);
415 * @brief Stores a data inside key manager based on the provided policy.
419 * @privilege %http://tizen.org/privilege/keymanager
421 * @param[in] alias The name of a data to be stored
422 * @param[in] data The binary value to be stored
423 * @param[in] policy The policy about how to store a data securely
425 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
427 * @retval #CKMC_ERROR_NONE Successful
428 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
429 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
431 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
432 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
433 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
435 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
437 * @see ckmc_remove_alias()
438 * @see ckmc_get_data()
439 * @see ckmc_get_data_alias_list()
440 * @see #ckmc_raw_buffer_s
441 * @see #ckmc_policy_s
443 int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy);
446 * @deprecated Deprecated since 2.4. [Use ckmc_remove_alias() instead]
447 * @brief Removes a data from key manager.
451 * @privilege %http://tizen.org/privilege/keymanager
453 * @remarks To remove data, client must have remove permission to the specified data object.
454 * @remarks The data owner can remove by default.
456 * @param[in] alias The name of a data to be removed
458 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
460 * @retval #CKMC_ERROR_NONE Successful
461 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
462 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
464 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
465 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
466 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
468 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
470 * @see ckmc_save_data()
471 * @see ckmc_get_data()
472 * @see ckmc_get_data_alias_list()
473 * @see ckmc_remove_alias()
475 int ckmc_remove_data(const char *alias);
478 * @brief Gets a data from key manager.
482 * @privilege %http://tizen.org/privilege/keymanager
484 * @remarks A client can access only data stored by the client.
485 * @remarks You must destroy the newly created @a ppdata by calling ckmc_buffer_free() if it is no
488 * @param[in] alias The name of a data to retrieve
489 * @param[in] password The password used in decrypting a data value \n
490 * If password of policy is provided in ckmc_save_data(), the same password
492 * @param[out] ppdata The pointer to a newly created #ckmc_raw_buffer_s handle
494 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
496 * @retval #CKMC_ERROR_NONE Successful
497 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
498 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
500 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
501 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
502 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
503 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
504 * Decryption failed because password is incorrect.
505 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
507 * @see ckmc_save_data()
508 * @see ckmc_remove_alias()
509 * @see ckmc_get_data_alias_list()
510 * @see ckmc_buffer_free()
511 * @see #ckmc_raw_buffer_s
513 int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **ppdata);
516 * @brief Gets all alias of data which the client can access.
520 * @privilege %http://tizen.org/privilege/keymanager
522 * @remarks A client can access only data stored by the client.
523 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
524 * if it is no longer needed.
526 * @param[out] ppalias_list The pointer to a newly created #ckmc_alias_list_s handle containing all
527 * available alias of keys \n
528 * If there is no available key alias, @a *ppalias_list will be null
530 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
532 * @retval #CKMC_ERROR_NONE Successful
533 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
534 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
536 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
537 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
538 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
540 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
542 * @see ckmc_save_data()
543 * @see ckmc_remove_alias()
544 * @see ckmc_get_data()
545 * @see ckmc_alias_list_all_free()
546 * @see #ckmc_alias_list_s
548 int ckmc_get_data_alias_list(ckmc_alias_list_s** ppalias_list);
554 * @brief Creates RSA private/public key pair and stores them inside key manager based on each
559 * @privilege %http://tizen.org/privilege/keymanager
561 * @remarks If password in policy is provided, the key is additionally encrypted with the password
564 * @param[in] size The size of key strength to be created \n
565 * @c 1024, @c 2048, and @c 4096 are supported
566 * @param[in] private_key_alias The name of private key to be stored
567 * @param[in] public_key_alias The name of public key to be stored
568 * @param[in] policy_private_key The policy about how to store a private key securely
569 * @param[in] policy_public_key The policy about how to store a public key securely
571 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
573 * @retval #CKMC_ERROR_NONE Successful
574 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
575 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
577 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
578 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
579 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
581 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
583 * @see ckmc_create_key_pair_dsa()
584 * @see ckmc_create_key_pair_ecdsa()
585 * @see ckmc_create_signature()
586 * @see ckmc_verify_signature()
587 * @see #ckmc_policy_s
589 int ckmc_create_key_pair_rsa(const size_t size,
590 const char *private_key_alias,
591 const char *public_key_alias,
592 const ckmc_policy_s policy_private_key,
593 const ckmc_policy_s policy_public_key);
596 * @brief Creates DSA private/public key pair and stores them inside key manager based on each
601 * @privilege %http://tizen.org/privilege/keymanager
603 * @remarks If password in policy is provided, the key is additionally encrypted with the password
606 * @param[in] size The size of key strength to be created \n
607 * @c 1024, @c 2048, @c 3072 and @c 4096 are supported
608 * @param[in] private_key_alias The name of private key to be stored
609 * @param[in] public_key_alias The name of public key to be stored
610 * @param[in] policy_private_key The policy about how to store a private key securely
611 * @param[in] policy_public_key The policy about how to store a public key securely
613 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
615 * @retval #CKMC_ERROR_NONE Successful
616 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
617 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
619 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
620 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
621 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
623 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
625 * @see ckmc_create_key_pair_rsa()
626 * @see ckmc_create_key_pair_ecdsa()
627 * @see ckmc_create_signature()
628 * @see ckmc_verify_signature()
629 * @see #ckmc_policy_s
631 int ckmc_create_key_pair_dsa(const size_t size,
632 const char *private_key_alias,
633 const char *public_key_alias,
634 const ckmc_policy_s policy_private_key,
635 const ckmc_policy_s policy_public_key);
638 * @brief Creates ECDSA private/public key pair and stores them inside key manager based on each
643 * @privilege %http://tizen.org/privilege/keymanager
645 * @remarks If password in policy is provided, the key is additionally encrypted with the password
648 * @param[in] type The type of elliptic curve of ECDSA
649 * @param[in] private_key_alias The name of private key to be stored
650 * @param[in] public_key_alias The name of public key to be stored
651 * @param[in] policy_private_key The policy about how to store a private key securely
652 * @param[in] policy_public_key The policy about how to store a public key securely
654 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
656 * @retval #CKMC_ERROR_NONE Successful
657 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
658 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
660 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
661 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
662 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
664 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
666 * @see ckmc_create_key_pair_rsa()
667 * @see ckmc_create_key_pair_dsa()
668 * @see ckmc_create_signature()
669 * @see ckmc_verify_signature()
670 * @see #ckmc_ec_type_e
671 * @see #ckmc_policy_s
673 int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type,
674 const char *private_key_alias,
675 const char *public_key_alias,
676 const ckmc_policy_s policy_private_key,
677 const ckmc_policy_s policy_public_key);
680 * @brief Creates a signature on a given message using a private key and returns the signature.
684 * @privilege %http://tizen.org/privilege/keymanager
686 * @remarks If password of policy is provided during storing a key, the same password should be
688 * @remarks You must destroy the newly created @a ppsignature by calling ckmc_buffer_free() if it is
691 * @param[in] private_key_alias The name of private key
692 * @param[in] password The password used in decrypting a private key value
693 * @param[in] message The message that is signed with a private key
694 * @param[in] hash The hash algorithm used in creating signature
695 * @param[in] padding The RSA padding algorithm used in creating signature \n
696 * It is used only when the signature algorithm is RSA
697 * @param[out] ppsignature The pointer to a newly created signature \n
698 * If an error occurs, @a *ppsignature will be null
700 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
702 * @retval #CKMC_ERROR_NONE Successful
703 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
704 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
706 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
707 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
708 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
709 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
710 * Decryption failed because password is incorrect
712 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
714 * @see ckmc_create_key_pair_rsa()
715 * @see ckmc_create_key_pair_ecdsa()
716 * @see ckmc_verify_signature()
717 * @see ckmc_buffer_free()
718 * @see #ckmc_raw_buffer_s
719 * @see #ckmc_hash_algo_e
720 * @see #ckmc_rsa_padding_algo_e
722 int ckmc_create_signature(const char *private_key_alias,
723 const char *password,
724 const ckmc_raw_buffer_s message,
725 const ckmc_hash_algo_e hash,
726 const ckmc_rsa_padding_algo_e padding,
727 ckmc_raw_buffer_s **ppsignature);
730 * @brief Verifies a given signature on a given message using a public key and returns the signature
735 * @privilege %http://tizen.org/privilege/keymanager
737 * @remarks If password of policy is provided during storing a key, the same password should be
740 * @param[in] public_key_alias The name of public key
741 * @param[in] password The password used in decrypting a public key value
742 * @param[in] message The input on which the signature is created
743 * @param[in] signature The signature that is verified with public key
744 * @param[in] hash The hash algorithm used in verifying signature
745 * @param[in] padding The RSA padding algorithm used in verifying signature \n
746 * It is used only when the signature algorithm is RSA
748 * @return #CKMC_ERROR_NONE on success and the signature is valid, otherwise a negative error value
750 * @retval #CKMC_ERROR_NONE Successful
751 * @retval #CKMC_ERROR_VERIFICATION_FAILED The signature is invalid
752 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
753 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
755 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
756 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
757 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
758 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
759 * Decryption failed because password is incorrect
761 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
763 * @see ckmc_create_key_pair_rsa()
764 * @see ckmc_create_key_pair_dsa()
765 * @see ckmc_create_key_pair_ecdsa()
766 * @see #ckmc_raw_buffer_s
767 * @see #ckmc_hash_algo_e
768 * @see #ckmc_rsa_padding_algo_e
770 int ckmc_verify_signature(const char *public_key_alias,
771 const char *password,
772 const ckmc_raw_buffer_s message,
773 const ckmc_raw_buffer_s signature,
774 const ckmc_hash_algo_e hash,
775 const ckmc_rsa_padding_algo_e padding);
778 * @brief Verifies a certificate chain and returns that chain.
782 * @privilege %http://tizen.org/privilege/keymanager
784 * @remarks The trusted root certificate of the chain should exist in the system's certificate
786 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
787 * ckmc_cert_list_all_free() if it is no longer needed.
789 * @param[in] cert The certificate to be verified
790 * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate
792 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
793 * If an error occurs, @a *ppcert_chain_list will be null
795 * @return #CKMC_ERROR_NONE on success and the signature is valid, otherwise a negative error value
797 * @retval #CKMC_ERROR_NONE Successful
798 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
799 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
800 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
802 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
803 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
804 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
805 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
806 * Decryption failed because password is incorrect
808 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
810 * @see ckmc_get_cert_chain_with_alias())
811 * @see ckmc_cert_list_all_free()
812 * @see #ckmc_cert_list_s
814 int ckmc_get_cert_chain(const ckmc_cert_s *cert,
815 const ckmc_cert_list_s *untrustedcerts,
816 ckmc_cert_list_s **ppcert_chain_list);
819 * @deprecated Deprecated since 2.4. [Use ckmc_get_cert_chain() instead]
820 * @brief Verifies a certificate chain using an alias list of untrusted certificates and return that
825 * @privilege %http://tizen.org/privilege/keymanager
827 * @remarks The trusted root certificate of the chain should exist in the system's certificate
829 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
830 * ckmc_cert_list_all_free() if it is no longer needed.
831 * @remarks @a untrustedcerts shouldn't be protected with optional password.
833 * @param[in] cert The certificate to be verified
834 * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key manager
835 * to be used in verifying a certificate chain
836 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
837 * If an error occurs, @a *ppcert_chain_list will be null
839 * @return #CKMC_ERROR_NONE on success and the signature is valid, otherwise a negative error value
841 * @retval #CKMC_ERROR_NONE Successful
842 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
843 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
844 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
846 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
847 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
848 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
849 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
850 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
851 * Some certificates were encrypted with password and could not
854 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
856 * @see ckmc_get_cert_chain()
857 * @see ckmc_cert_list_all_free()
859 * @see #ckmc_alias_list_s
860 * @see #ckmc_cert_list_s
862 int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert,
863 const ckmc_alias_list_s *untrustedcerts,
864 ckmc_cert_list_s **ppcert_chain_list);
867 * @brief Verifies a certificate chain and returns that chain using user entered trusted and
868 * untrusted CA certificates.
872 * @privilege %http://tizen.org/privilege/keymanager
874 * @remarks If the trusted root certificates are provided as a user input, these certificates do not
875 * need to exist in the system's certificate storage.
876 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
877 * ckmc_cert_list_all_free() if it is no longer needed.
879 * @param[in] cert The certificate to be verified
880 * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a
882 * @param[in] trustedcerts The trusted CA certificates to be used in verifying a
884 * @param[in] use_trustedsystemcerts The flag indicating the use of the trusted root certificates
885 * in the system's certificate storage
886 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
887 * If an error occurs, @a *ppcert_chain_list will be null
889 * @return #CKMC_ERROR_NONE on success and the signature is valid, otherwise a negative error value
891 * @retval #CKMC_ERROR_NONE Successful
892 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
893 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
894 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
896 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
897 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
898 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
900 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
902 * @see ckmc_cert_list_all_free()
904 * @see #ckmc_cert_list_s
906 int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s *cert,
907 const ckmc_cert_list_s *untrustedcerts,
908 const ckmc_cert_list_s *trustedcerts,
909 const bool use_trustedsystemcerts,
910 ckmc_cert_list_s **ppcert_chain_list);
913 * @brief Perform OCSP which checks certificate is whether revoked or not.
917 * @privilege %http://tizen.org/privilege/keymanager
919 * @param[in] pcert_chain_list Valid certificate chain to perform OCSP check
920 * @param[out] ocsp_status The pointer to status result of OCSP check
922 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
924 * @retval #CKMC_ERROR_NONE Successful
925 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
926 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
927 * @retval #CKMC_ERROR_NOT_SUPPORTED Device needed to run API is not supported
929 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
930 * @pre @a pcert_chain_list is created with ckmc_get_certificate_chain() or
931 * ckmc_get_certificate_chain_with_alias().
933 * @see ckmc_get_cert_chain()
934 * @see ckmc_get_cert_chain_with_alias()
935 * @see ckmc_get_cert_chain_with_trustedcert()
936 * @see ckmc_cert_list_all_free()
937 * @see #ckmc_cert_list_s
938 * @see #ckmc_ocsp_status_e
940 int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status);
943 * @deprecated Deprecated since 2.4. [Use ckmc_set_permission() instead]
944 * @brief Allows another application to access client's application data.
948 * @privilege %http://tizen.org/privilege/keymanager
950 * @remarks Data identified by @a alias should exist.
952 * @param[in] alias Data alias for which access will be granted
953 * @param[in] accessor Package id of the application that will gain access rights
954 * @param[in] granted Rights granted for @a accessor application
956 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
958 * @retval #CKMC_ERROR_NONE Successful
959 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
960 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
962 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
963 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
964 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
966 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
968 * @see ckmc_deny_access()
969 * @see ckmc_set_permission()
970 * @see #ckmc_access_right_e
972 int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted);
975 * @brief Allows another application to access client's application data.
979 * @privilege %http://tizen.org/privilege/keymanager
981 * @remarks Data identified by @a alias should exist.
983 * @param[in] alias Data alias for which access will be granted
984 * @param[in] accessor Package id of the application that will gain access rights
985 * @param[in] permissions Mask of #ckmc_permission_e granted for @a accessor application \n
986 * Previous permission mask will be replaced with the new mask value
988 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
990 * @retval #CKMC_ERROR_NONE Successful
991 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
992 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
994 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
995 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
996 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
998 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1000 * @see #ckmc_permission_e
1002 int ckmc_set_permission(const char *alias, const char *accessor, int permissions);
1005 * @deprecated Deprecated since 2.4. [Use ckmc_set_permission() instead]
1006 * @brief Revokes another application's access to client's application data.
1010 * @privilege %http://tizen.org/privilege/keymanager
1012 * @remarks Data identified by @a alias should exist.
1013 * @remarks Only access previously granted with ckmc_allow_access() can be revoked.
1015 * @param[in] alias Data alias for which access will be revoked
1016 * @param[in] accessor Package id of the application that will lose access rights
1018 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
1020 * @retval #CKMC_ERROR_NONE Successful
1021 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or the @a accessor doesn't
1022 * have access to @a alias
1023 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1025 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1026 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1027 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1029 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1031 * @see ckmc_allow_access()
1032 * @see ckmc_set_permission()
1034 int ckmc_deny_access(const char *alias, const char *accessor);
1037 * @brief Removes a an entry (no matter of type) from the key manager.
1041 * @privilege %http://tizen.org/privilege/keymanager
1043 * @remarks To remove item, client must have remove permission to the specified item.
1044 * @remarks The item owner can remove by default.
1046 * @param[in] alias Item alias to be removed
1048 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
1050 * @retval #CKMC_ERROR_NONE Successful
1051 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1052 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1054 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
1055 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1056 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1058 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1060 * @see ckmc_save_key()
1061 * @see ckmc_save_cert()
1062 * @see ckmc_save_data()
1063 * @see ckmc_save_pkcs12()
1064 * @see ckmc_create_key_pair_rsa()
1065 * @see ckmc_create_key_pair_dsa()
1066 * @see ckmc_create_key_pair_ecdsa()
1068 int ckmc_remove_alias(const char *alias);
1079 #endif /* __TIZEN_CORE_CKMC_MANAGER_H */