2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file ckmc-manager.h
19 * @brief Provides management functions(storing, retrieving, and removing) for keys,
20 * certificates and data of a user and additional crypto functions.
24 #ifndef __TIZEN_CORE_CKMC_MANAGER_H
25 #define __TIZEN_CORE_CKMC_MANAGER_H
28 #include <sys/types.h>
30 #include <ckmc/ckmc-type.h>
31 #include <ckmc/ckmc-error.h>
38 * @addtogroup CAPI_KEY_MANAGER_CLIENT_MODULE
44 * @brief Stores a key inside key manager based on the provided policy.
48 * @privilege %http://tizen.org/privilege/keymanager
50 * @remarks Currently only six types of keys are supported for this API. These are RSA
51 * public/private key, DSA public/private key and ECDSA public/private key.
52 * @remarks key_type in key may be set to #CKMC_KEY_NONE as an input. key_type is determined inside
53 * key manager during storing keys.
54 * @remarks Some private key files are protected by a password. If raw_key in key read from those
55 * encrypted files is encrypted with a password, the password should be provided in the
56 * #ckmc_key_s structure.
57 * @remarks If password in policy is provided, the key is additionally encrypted with the password
60 * @param[in] alias The name of a key to be stored
61 * @param[in] key The key's binary value to be stored
62 * @param[in] policy The policy about how to store a key securely
64 * @return @c 0 on success,
65 * otherwise a negative error value
67 * @retval #CKMC_ERROR_NONE Successful
68 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
69 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
71 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
72 * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_key is not valid
73 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
74 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
76 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
78 * @see ckmc_remove_key()
80 * @see ckmc_get_key_alias_list()
84 int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy);
87 * @brief Removes a key from key manager.
91 * @privilege %http://tizen.org/privilege/keymanager
93 * @remarks To remove key, client must have remove permission to the specified key.
94 * @remarks The key owner can remove by default.
96 * @param[in] alias The name of a key to be removed
98 * @return @c 0 on success,
99 * otherwise a negative error value
101 * @retval #CKMC_ERROR_NONE Successful
102 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
103 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
105 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
106 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
107 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
109 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
111 * @see ckmc_save_key()
112 * @see ckmc_get_key()
113 * @see ckmc_get_key_alias_list()
115 int ckmc_remove_key(const char *alias);
118 * @brief Gets a key from key manager.
122 * @privilege %http://tizen.org/privilege/keymanager
124 * @remarks A client can access only data stored by the client.
125 * @remarks You must destroy the newly created @a ppkey by calling ckmc_key_free() if it is no
128 * @param[in] alias The name of a key to retrieve
129 * @param[in] password The password used in decrypting a key value \n
130 * If password of policy is provided in ckmc_save_key(), the same password
131 * should be provided.
132 * @param[out] ppkey The pointer to a newly created ckmc_key_s handle
134 * @return @c 0 on success,
135 * otherwise a negative error value
137 * @retval #CKMC_ERROR_NONE Successful
138 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
139 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
141 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
142 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
143 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
145 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
147 * @see ckmc_save_key()
148 * @see ckmc_remove_key()
149 * @see ckmc_get_key_alias_list()
151 int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **ppkey);
154 * @brief Gets all the alias of keys that the client can access.
158 * @privilege %http://tizen.org/privilege/keymanager
160 * @remarks A client can access only data stored by the client.
161 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
162 * if it is no longer needed.
164 * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
165 * available alias of keys \n
166 * If there is no available key alias, *ppalias_list will be null.
168 * @return @c 0 on success,
169 * otherwise a negative error value
171 * @retval #CKMC_ERROR_NONE Successful
172 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
173 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
175 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
176 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
177 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
179 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
181 * @see ckmc_save_key()
182 * @see ckmc_remove_key()
183 * @see ckmc_get_key()
185 int ckmc_get_key_alias_list(ckmc_alias_list_s** ppalias_list);
191 * @brief Stores a certificate inside key manager based on the provided policy.
195 * @privilege %http://tizen.org/privilege/keymanager
197 * @remarks the certificate's binary value will be converted and saved as binary DER encoded
200 * @param[in] alias The name of a certificate to be stored
201 * @param[in] cert The certificate's binary value to be stored
202 * @param[in] policy The policy about how to store a certificate securely
204 * @return @c 0 on success,
205 * otherwise a negative error value
207 * @retval #CKMC_ERROR_NONE Successful
208 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
209 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
211 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
212 * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_cert is not valid
213 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
214 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
216 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
218 * @see ckmc_remove_cert()
219 * @see ckmc_get_cert()
220 * @see ckmc_get_cert_alias_list()
222 * @see #ckmc_policy_s
224 int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy);
227 * @brief Removes a certificate from key manager.
231 * @privilege %http://tizen.org/privilege/keymanager
233 * @remarks To remove certificate, client must have remove permission to the specified certificate.
234 * @remarks The key owner can remove by default.
236 * @param[in] alias The name of a certificate to be removed
238 * @return @c 0 on success,
239 * otherwise a negative error value
241 * @retval #CKMC_ERROR_NONE Successful
242 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
243 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
245 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
246 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
247 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
249 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
251 * @see ckmc_save_cert()
252 * @see ckmc_get_cert()
253 * @see ckmc_get_cert_alias_list()
255 int ckmc_remove_cert(const char *alias);
258 * @brief Gets a certificate from key manager.
262 * @privilege %http://tizen.org/privilege/keymanager
264 * @remarks A client can access only certificate stored by the client.
265 * @remarks A DER encoded certificate will be returned as a return value.
266 * @remarks You must destroy the newly created @a ppcert by calling ckmc_cert_free() if it is no
269 * @param[in] alias The name of a certificate to retrieve
270 * @param[in] password The password used in decrypting a certificate value \n
271 * If password of policy is provided in ckmc_save_cert(), the same password
272 * should be provided.
273 * @param[out] ppcert The pointer to a newly created ckmc_cert_s handle
275 * @return @c 0 on success,
276 * otherwise a negative error value
278 * @retval #CKMC_ERROR_NONE Successful
279 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
280 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
282 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
283 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exists
284 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
286 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
288 * @see ckmc_save_cert()
289 * @see ckmc_remove_cert()
290 * @see ckmc_get_cert_alias_list()
292 int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **ppcert);
295 * @brief Gets all alias of certificates which the client can access.
299 * @privilege %http://tizen.org/privilege/keymanager
301 * @remarks A client can access only data stored by the client.
302 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
303 * if it is no longer needed.
305 * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
306 * available alias of keys \n
307 * If there is no available key alias, *ppalias_list will be null.
309 * @return @c 0 on success,
310 * otherwise a negative error value
312 * @retval #CKMC_ERROR_NONE Successful
313 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
314 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
316 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
317 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
318 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
320 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
322 * @see ckmc_save_cert()
323 * @see ckmc_remove_cert()
324 * @see ckmc_get_cert()
326 int ckmc_get_cert_alias_list(ckmc_alias_list_s** ppalias_list);
332 * @brief Stores PKCS12's contents inside key manager based on the provided policies.
333 * All items from the PKCS12 will use the same alias.
337 * @privilege %http://tizen.org/privilege/keymanager
339 * @param[in] alias The name of a data to be stored
340 * @param[in] pkcs Pointer to the pkcs12 structure to be saved
341 * @param[in] key_policy The policy about how to store pkcs's private key
342 * @param[in] cert_policy The policy about how to store pkcs's certificate
344 * @return @c 0 on success,
345 * otherwise a negative error value
347 * @retval #CKMC_ERROR_NONE Successful
348 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
349 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
351 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
352 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
353 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
355 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
357 * @see ckmc_remove_pkcs12()
358 * @see ckmc_get_pkcs12()
359 * @see ckmc_get_data_alias_list()
360 * @see ckmc_load_from_pkcs12_file2()
361 * @see #ckmc_pkcs12_s
362 * @see #ckmc_policy_s
364 int ckmc_save_pkcs12(const char *alias,
365 const ckmc_pkcs12_s *pkcs,
366 const ckmc_policy_s key_policy,
367 const ckmc_policy_s cert_policy);
370 * @brief Removes all PKCS12 contents from key manager.
374 * @privilege %http://tizen.org/privilege/keymanager
376 * @remarks To remove PKCS12, client must have remove permission to the specified PKCS12 object.
377 * @remarks The key owner can remove by default.
379 * @param[in] alias The name of PKCS12 to be removed
381 * @return @c 0 on success,
382 * otherwise a negative error value
384 * @retval #CKMC_ERROR_NONE Successful
385 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
386 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
388 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
389 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
390 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
392 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
394 * @see ckmc_save_pkcs12()
395 * @see ckmc_get_pkcs12()
397 int ckmc_remove_pkcs12(const char *alias);
400 * @brief Gets a pkcs12 from key manager.
404 * @privilege %http://tizen.org/privilege/keymanager
406 * @remarks A client can access only data stored by the client.
407 * @remarks You must destroy the newly created @a pkcs12 by calling ckmc_pkcs12_free() if it is no
410 * @param[in] alias The name of a data to retrieve
411 * @param[in] keyPassword Password that was used to encrypt privateKey (may be NULL)
412 * @param[in] certPassword Password used to encrypt certificates (may be NULL)
413 * @param[out] pkcs12 The pointer to a newly created ckmc_pkcs12_s handle
415 * @return @c 0 on success,
416 * otherwise a negative error value
418 * @retval #CKMC_ERROR_NONE Successful
419 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
420 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
422 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
423 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
424 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
425 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
426 * keyPassword or certPassword does not match with password
427 * used to encrypt data.
429 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
431 * @see ckmc_save_pkcs12()
432 * @see ckmc_remove_pkcs12()
434 int ckmc_get_pkcs12(const char *alias, const char *keyPassword, const char *certPassword, ckmc_pkcs12_s **pkcs12);
437 * @brief Stores a data inside key manager based on the provided policy.
441 * @privilege %http://tizen.org/privilege/keymanager
443 * @param[in] alias The name of a data to be stored
444 * @param[in] data The binary value to be stored
445 * @param[in] policy The policy about how to store a data securely
447 * @return @c 0 on success,
448 * otherwise a negative error value
450 * @retval #CKMC_ERROR_NONE Successful
451 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
452 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
454 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
455 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
456 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
458 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
460 * @see ckmc_remove_data()
461 * @see ckmc_get_data()
462 * @see ckmc_get_data_alias_list()
463 * @see #ckmc_raw_buffer_s
464 * @see #ckmc_policy_s
466 int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy);
469 * @brief Removes a data from key manager.
473 * @privilege %http://tizen.org/privilege/keymanager
475 * @remarks To remove data, client must have remove permission to the specified data object.
476 * @remarks The data owner can remove by default.
478 * @param[in] alias The name of a data to be removed
480 * @return @c 0 on success,
481 * otherwise a negative error value
483 * @retval #CKMC_ERROR_NONE Successful
484 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
485 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
487 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
488 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
489 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
491 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
493 * @see ckmc_save_data()
494 * @see ckmc_get_data()
495 * @see ckmc_get_data_alias_list()
497 int ckmc_remove_data(const char *alias);
500 * @brief Gets a data from key manager.
504 * @privilege %http://tizen.org/privilege/keymanager
506 * @remarks A client can access only data stored by the client.
507 * @remarks You must destroy the newly created @a ppdata by calling ckmc_buffer_free() if it is no
510 * @param[in] alias The name of a data to retrieve
511 * @param[in] password The password used in decrypting a data value \n
512 * If password of policy is provided in ckmc_save_data(), the same password
513 * should be provided.
514 * @param[out] ppdata The pointer to a newly created ckmc_raw_buffer_s handle
516 * @return @c 0 on success,
517 * otherwise a negative error value
519 * @retval #CKMC_ERROR_NONE Successful
520 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
521 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
523 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
524 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
525 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
527 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
529 * @see ckmc_save_data()
530 * @see ckmc_remove_data()
531 * @see ckmc_get_data_alias_list()
533 int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **ppdata);
536 * @brief Gets all alias of data which the client can access.
540 * @privilege %http://tizen.org/privilege/keymanager
542 * @remarks A client can access only data stored by the client.
543 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
544 * if it is no longer needed.
546 * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
547 * available alias of keys \n
548 * If there is no available key alias, *ppalias_list will be null.
550 * @return @c 0 on success,
551 * otherwise a negative error value
553 * @retval #CKMC_ERROR_NONE Successful
554 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
555 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
557 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
558 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
559 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
561 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
563 * @see ckmc_save_data()
564 * @see ckmc_remove_data()
565 * @see ckmc_get_data()
567 int ckmc_get_data_alias_list(ckmc_alias_list_s** ppalias_list);
573 * @brief Creates RSA private/public key pair and stores them inside key manager based on each
578 * @privilege %http://tizen.org/privilege/keymanager
580 * @remarks If password in policy is provided, the key is additionally encrypted with the password
583 * @param[in] size The size of key strength to be created \n
584 * @c 1024, @c 2048, and @c 4096 are supported.
585 * @param[in] private_key_alias The name of private key to be stored
586 * @param[in] public_key_alias The name of public key to be stored
587 * @param[in] policy_private_key The policy about how to store a private key securely
588 * @param[in] policy_public_key The policy about how to store a public key securely
590 * @return @c 0 on success,
591 * otherwise a negative error value
593 * @retval #CKMC_ERROR_NONE Successful
594 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
595 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
597 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
598 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
599 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
601 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
603 * @see ckmc_create_key_pair_dsa()
604 * @see ckmc_create_key_pair_ecdsa()
605 * @see ckmc_create_signature()
606 * @see ckmc_verify_signature()
608 int ckmc_create_key_pair_rsa(const size_t size,
609 const char *private_key_alias,
610 const char *public_key_alias,
611 const ckmc_policy_s policy_private_key,
612 const ckmc_policy_s policy_public_key);
615 * @brief Creates DSA private/public key pair and stores them inside key manager based on each
620 * @privilege %http://tizen.org/privilege/keymanager
622 * @remarks If password in policy is provided, the key is additionally encrypted with the password
625 * @param[in] size The size of key strength to be created \n
626 * @c 1024, @c 2048, @c 3072 and @c 4096 are supported.
627 * @param[in] private_key_alias The name of private key to be stored
628 * @param[in] public_key_alias The name of public key to be stored
629 * @param[in] policy_private_key The policy about how to store a private key securely
630 * @param[in] policy_public_key The policy about how to store a public key securely
632 * @return @c 0 on success,
633 * otherwise a negative error value
635 * @retval #CKMC_ERROR_NONE Successful
636 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
637 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
639 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
640 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
641 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
643 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
645 * @see ckmc_create_key_pair_rsa()
646 * @see ckmc_create_key_pair_ecdsa()
647 * @see ckmc_create_signature()
648 * @see ckmc_verify_signature()
650 int ckmc_create_key_pair_dsa(const size_t size,
651 const char *private_key_alias,
652 const char *public_key_alias,
653 const ckmc_policy_s policy_private_key,
654 const ckmc_policy_s policy_public_key);
657 * @brief Creates ECDSA private/public key pair and stores them inside key manager based on each
662 * @privilege %http://tizen.org/privilege/keymanager
664 * @remarks If password in policy is provided, the key is additionally encrypted with the password
667 * @param[in] type The type of elliptic curve of ECDSA
668 * @param[in] private_key_alias The name of private key to be stored
669 * @param[in] public_key_alias The name of public key to be stored
670 * @param[in] policy_private_key The policy about how to store a private key securely
671 * @param[in] policy_public_key The policy about how to store a public key securely
673 * @return @c 0 on success,
674 * otherwise a negative error value
676 * @retval #CKMC_ERROR_NONE Successful
677 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
678 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
680 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
681 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
682 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
684 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
686 * @see ckmc_create_key_pair_rsa()
687 * @see ckmc_create_key_pair_dsa()
688 * @see ckmc_create_signature()
689 * @see ckmc_verify_signature()
690 * @see #ckmc_ec_type_e
692 int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type,
693 const char *private_key_alias,
694 const char *public_key_alias,
695 const ckmc_policy_s policy_private_key,
696 const ckmc_policy_s policy_public_key);
699 * @brief Creates a signature on a given message using a private key and returns the signature.
703 * @privilege %http://tizen.org/privilege/keymanager
705 * @remarks If password of policy is provided during storing a key, the same password should be
707 * @remarks You must destroy the newly created @a ppsignature by calling ckmc_buffer_free() if it is
710 * @param[in] private_key_alias The name of private key
711 * @param[in] password The password used in decrypting a private key value
712 * @param[in] message The message that is signed with a private key
713 * @param[in] hash The hash algorithm used in creating signature
714 * @param[in] padding The RSA padding algorithm used in creating signature \n
715 * It is used only when the signature algorithm is RSA.
716 * @param[out] ppsignature The pointer to a newly created signature \n
717 * If an error occurs, @a *ppsignature will be null.
719 * @return @c 0 on success,
720 * otherwise a negative error value
722 * @retval #CKMC_ERROR_NONE Successful
723 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
724 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
726 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
727 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
728 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
730 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
732 * @see ckmc_create_key_pair_rsa()
733 * @see ckmc_create_key_pair_ecdsa()
734 * @see ckmc_verify_signature()
735 * @see ckmc_buffer_free()
736 * @see #ckmc_hash_algo_e
737 * @see #ckmc_rsa_padding_algo_e
739 int ckmc_create_signature(const char *private_key_alias,
740 const char *password,
741 const ckmc_raw_buffer_s message,
742 const ckmc_hash_algo_e hash,
743 const ckmc_rsa_padding_algo_e padding,
744 ckmc_raw_buffer_s **ppsignature);
747 * @brief Verifies a given signature on a given message using a public key and returns the signature
752 * @privilege %http://tizen.org/privilege/keymanager
754 * @remarks If password of policy is provided during storing a key, the same password should be
757 * @param[in] public_key_alias The name of public key
758 * @param[in] password The password used in decrypting a public key value
759 * @param[in] message The input on which the signature is created
760 * @param[in] signature The signature that is verified with public key
761 * @param[in] hash The hash algorithm used in verifying signature
762 * @param[in] padding The RSA padding algorithm used in verifying signature \n
763 * It is used only when the signature algorithm is RSA.
765 * @return @c 0 on success and the signature is valid,
766 * otherwise a negative error value
768 * @retval #CKMC_ERROR_NONE Successful
769 * @retval #CKMC_ERROR_VERIFICATION_FAILED The signature is invalid
770 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
771 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
773 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
774 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
775 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
777 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
779 * @see ckmc_create_key_pair_rsa()
780 * @see ckmc_create_key_pair_ecdsa()
781 * @see ckmc_verify_signature()
782 * @see #ckmc_hash_algo_e
783 * @see #ckmc_rsa_padding_algo_e
785 int ckmc_verify_signature(const char *public_key_alias,
786 const char *password,
787 const ckmc_raw_buffer_s message,
788 const ckmc_raw_buffer_s signature,
789 const ckmc_hash_algo_e hash,
790 const ckmc_rsa_padding_algo_e padding);
793 * @deprecated, see ckmc_get_certificate_chain()
794 * @brief Verifies a certificate chain and returns that chain.
798 * @privilege %http://tizen.org/privilege/keymanager
800 * @remarks The trusted root certificate of the chain should exist in the system's certificate
802 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
803 * ckmc_cert_list_all_free() if it is no longer needed.
805 * @param[in] cert The certificate to be verified
806 * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate
808 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
809 * If an error occurs, @a *ppcert_chain_list will be null.
811 * @return @c 0 on success and the signature is valid,
812 * otherwise a negative error value
814 * @retval #CKMC_ERROR_NONE Successful
815 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
816 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
817 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
819 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
820 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
821 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
823 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
825 * @see ckmc_get_cert_chain_with_alias())
826 * @see ckmc_cert_list_all_free()
828 int ckmc_get_cert_chain(const ckmc_cert_s *cert,
829 const ckmc_cert_list_s *untrustedcerts,
830 ckmc_cert_list_s **ppcert_chain_list);
833 * @deprecated, see ckmc_get_certificate_chain_with_alias()
834 * @brief Verifies a certificate chain using an alias list of untrusted certificates and return that
839 * @privilege %http://tizen.org/privilege/keymanager
841 * @remarks The trusted root certificate of the chain should exist in the system's certificate
843 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
844 * ckmc_cert_list_all_free() if it is no longer needed.
846 * @param[in] cert The certificate to be verified
847 * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key manager
848 * to be used in verifying a certificate chain
849 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
850 * If an error occurs, @a *ppcert_chain_list will be null.
852 * @return @c 0 on success and the signature is valid,
853 * otherwise a negative error value
855 * @retval #CKMC_ERROR_NONE Successful
856 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
857 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
858 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
860 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
861 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
862 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
863 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
865 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
867 * @see ckmc_get_cert_chain())
868 * @see ckmc_cert_list_all_free()
870 int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert,
871 const ckmc_alias_list_s *untrustedcerts,
872 ckmc_cert_list_s **ppcert_chain_list);
875 * @brief Verifies a certificate chain and returns that chain using user entered trusted and
876 * untrusted CA certificates
880 * @privilege %http://tizen.org/privilege/keymanager
882 * @remarks If the trusted root certificates are provided as a user input, these certificates do not
883 * need to exist in the system's certificate storage.
884 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
885 * ckmc_cert_list_all_free() if it is no longer needed.
887 * @param[in] cert The certificate to be verified
888 * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a
890 * @param[in] trustedcerts The trusted CA certificates to be used in verifying a
892 * @param[in] use_trustedsystemcerts The flag indicating the use of the trusted root certificates
893 * in the system's certificate storage.
894 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
895 * If an error occurs, @a *ppcert_chain_list will be null.
897 * @return @c 0 on success and the signature is valid,
898 * otherwise a negative error value
900 * @retval #CKMC_ERROR_NONE Successful
901 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
902 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
903 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
905 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
906 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
907 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
909 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
911 * @see ckmc_get_cert_chain_with_alias())
912 * @see ckmc_cert_list_all_free()
914 int ckmc_get_certificate_chain(const ckmc_cert_s *cert,
915 const ckmc_cert_list_s *untrustedcerts,
916 const ckmc_cert_list_s *trustedcerts,
917 const bool use_trustedsystemcerts,
918 ckmc_cert_list_s **ppcert_chain_list);
921 * @brief Verifies a certificate chain and returns that chain using alias lists of untrusted and
922 * trusted certificates
926 * @privilege %http://tizen.org/privilege/keymanager
928 * @remarks If the alias list of trusted root certificates is provided as a user input, these
929 * certificates do not need to exist in the system's certificate storage.
930 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
931 * ckmc_cert_list_all_free() if it is no longer needed.
933 * @param[in] cert The certificate to be verified
934 * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key
935 * manager to be used in verifying a certificate chain
936 * @param[in] trustedcerts The alias list of trusted CA certificates stored in key
937 * manager to be used in verifying a certificate chain
938 * @param[in] use_trustedsystemcerts The flag indicating the use of the trusted root certificates
939 * in the system's certificate storage.
940 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
941 * If an error occurs, @a *ppcert_chain_list will be null.
943 * @return @c 0 on success and the signature is valid,
944 * otherwise a negative error value
946 * @retval #CKMC_ERROR_NONE Successful
947 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
948 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
949 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
951 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
952 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
953 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
954 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
956 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
958 * @see ckmc_get_cert_chain())
959 * @see ckmc_cert_list_all_free()
961 int ckmc_get_certificate_chain_with_alias(const ckmc_cert_s *cert,
962 const ckmc_alias_list_s *untrustedcerts,
963 const ckmc_alias_list_s *trustedcerts,
964 const bool use_trustedsystemcerts,
965 ckmc_cert_list_s **ppcert_chain_list);
968 * @brief Perform OCSP which checks certificate is whether revoked or not
972 * @privilege %http://tizen.org/privilege/keymanager
974 * @param[in] pcert_chain_list Valid certificate chain to perform OCSP check
975 * @param[out] ocsp_status The pointer to status result of OCSP check
977 * @return @c 0 on success, otherwise a negative error value
979 * @retval #CKMC_ERROR_NONE Successful
980 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
981 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
983 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
984 * @pre @a pcert_chain_list is created with ckmc_get_certificate_chain() or
985 * ckmc_get_certificate_chain_with_alias()
987 * @see ckmc_get_cert_chain())
988 * @see ckmc_cert_list_all_free()
990 int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status);
993 * @deprecated, see ckmc_set_permission()
994 * @brief Allows another application to access client's application data
998 * @privilege %http://tizen.org/privilege/keymanager
1000 * @remarks Data identified by @a alias should exist
1002 * @param[in] alias Data alias for which access will be granted
1003 * @param[in] accessor Package id of the application that will gain access rights
1004 * @param[in] granted Rights granted for @a accessor application
1006 * @return @c 0 on success, otherwise a negative error value
1008 * @retval #CKMC_ERROR_NONE Successful
1009 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1010 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1012 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1013 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1014 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1016 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1018 * @see ckmc_deny_access()
1020 int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted);
1023 * @brief Allows another application to access client's application data
1027 * @privilege %http://tizen.org/privilege/keymanager
1029 * @remarks Data identified by @a alias should exist
1031 * @param[in] alias Data alias for which access will be granted
1032 * @param[in] accessor Package id of the application that will gain access rights
1033 * @param[in] permissions Mask of permissions granted for @a accessor application
1034 * (@a ckmc_permission_e)
1035 * (previous permission mask will be replaced with the new mask value)
1037 * @return @c 0 on success, otherwise a negative error value
1039 * @retval #CKMC_ERROR_NONE Successful
1040 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1041 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1043 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1044 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1045 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1047 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1049 int ckmc_set_permission(const char *alias, const char *accessor, int permissions);
1052 * @deprecated, see ckmc_set_permission()
1053 * @brief Revokes another application's access to client's application data
1057 * @privilege %http://tizen.org/privilege/keymanager
1059 * @remarks Data identified by @a alias should exist
1060 * @remarks Only access previously granted with ckmc_allow_access can be revoked.
1062 * @param[in] alias Data alias for which access will be revoked
1063 * @param[in] accessor Package id of the application that will lose access rights
1065 * @return @c 0 on success, otherwise a negative error value
1067 * @retval #CKMC_ERROR_NONE Successful
1068 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or the @a accessor doesn't
1069 * have access to @a alias
1070 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1072 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1073 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1074 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1076 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1078 * @see ckmc_allow_access()
1079 * @see ckmc_set_permission()
1081 int ckmc_deny_access(const char *alias, const char *accessor);
1084 * @brief Removes a an entry (no matter of type) from the key manager.
1088 * @privilege %http://tizen.org/privilege/keymanager
1090 * @remarks To remove item, client must have remove permission to the specified item.
1091 * @remarks The item owner can remove by default.
1093 * @param[in] alias Item alias to be removed
1095 * @return @c 0 on success,
1096 * otherwise a negative error value
1098 * @retval #CKMC_ERROR_NONE Successful
1099 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1100 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1102 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
1103 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1104 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1106 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1108 * @see ckmc_save_key()
1109 * @see ckmc_save_cert
1110 * @see ckmc_save_data
1111 * @see ckmc_save_pkcs12
1112 * @see ckmc_create_key_pair_rsa
1113 * @see ckmc_create_key_pair_dsa
1114 * @see ckmc_create_key_pair_ecdsa
1116 int ckmc_remove_alias(const char *alias);
1127 #endif /* __TIZEN_CORE_CKMC_MANAGER_H */