2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file ckmc-manager.h
19 * @brief Provides management functions(storing, retrieving, and removing) for keys, certificates and data of a user and additional crypto functions.
23 #ifndef __TIZEN_CORE_CKMC_MANAGER_H
24 #define __TIZEN_CORE_CKMC_MANAGER_H
27 #include <sys/types.h>
29 #include <ckmc/ckmc-type.h>
30 #include <ckmc/ckmc-error.h>
37 * @addtogroup CAPI_KEY_MANAGER_CLIENT_MODULE
43 * @brief Stores a key inside key manager based on the provided policy.
47 * @privilege %http://tizen.org/privilege/keymanager
49 * @remarks Currently only four types of keys are supported for this API. These are RSA public/private key and ECDSA /private key.
50 * @remarks key_type in key may be set to #CKMC_KEY_NONE as an input. key_type is determined inside key manager during storing keys.
51 * @remarks Some private key files are protected by a password. If raw_key in key read from those encrypted files is encrypted with a password, the password should be provided in the #ckmc_key_s structure.
52 * @remarks If password in policy is provided, the key is additionally encrypted with the password in policy.
54 * @param[in] alias The name of a key to be stored
55 * @param[in] key The key's binary value to be stored
56 * @param[in] policy The policy about how to store a key securely
58 * @return @c 0 on success,
59 * otherwise a negative error value
61 * @retval #CKMC_ERROR_NONE Successful
62 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
63 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
64 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
65 * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_key is not valid
66 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
67 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
69 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
71 * @see ckmc_remove_key()
73 * @see ckmc_get_key_alias_list()
77 int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy);
80 * @brief Removes a key from key manager.
84 * @privilege %http://tizen.org/privilege/keymanager
86 * @remarks A client can remove only keys stored by the client.
88 * @param[in] alias The name of a key to be removed
90 * @return @c 0 on success,
91 * otherwise a negative error value
93 * @retval #CKMC_ERROR_NONE Successful
94 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
95 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
96 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
97 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
98 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
100 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
102 * @see ckmc_save_key()
103 * @see ckmc_get_key()
104 * @see ckmc_get_key_alias_list()
106 int ckmc_remove_key(const char *alias);
109 * @brief Gets a key from key manager.
113 * @privilege %http://tizen.org/privilege/keymanager
115 * @remarks A client can access only data stored by the client and non-restricted data stored by other clients.
116 * @remarks You must destroy the newly created @a ppkey by calling ckmc_key_free() if it is no longer needed.
118 * @param[in] alias The name of a key to retrieve
119 * @param[in] password The password used in decrypting a key value \n
120 * If password of policy is provided in ckmc_save_key(), the same password should be provided.
121 * @param[out] ppkey The pointer to a newly created ckmc_key_s handle
123 * @return @c 0 on success,
124 * otherwise a negative error value
126 * @retval #CKMC_ERROR_NONE Successful
127 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
128 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
129 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
130 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
131 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
133 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
135 * @see ckmc_save_key()
136 * @see ckmc_remove_key()
137 * @see ckmc_get_key_alias_list()
139 int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **ppkey);
142 * @brief Gets all the alias of keys that the client can access.
146 * @privilege %http://tizen.org/privilege/keymanager
148 * @remarks A client can access only data stored by the client and non-restricted data stored by other clients.
149 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free() if it is no longer needed.
151 * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys \n
152 * If there is no available key alias, *ppalias_list will be null.
154 * @return @c 0 on success,
155 * otherwise a negative error value
157 * @retval #CKMC_ERROR_NONE Successful
158 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
159 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
160 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
161 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
163 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
165 * @see ckmc_save_key()
166 * @see ckmc_remove_key()
167 * @see ckmc_get_key()
169 int ckmc_get_key_alias_list(ckmc_alias_list_s** ppalias_list);
175 * @brief Stores a certificate inside key manager based on the provided policy.
179 * @privilege %http://tizen.org/privilege/keymanager
181 * @param[in] alias The name of a certificate to be stored
182 * @param[in] cert The certificate's binary value to be stored
183 * @param[in] policy The policy about how to store a certificate securely
185 * @return @c 0 on success,
186 * otherwise a negative error value
188 * @retval #CKMC_ERROR_NONE Successful
189 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
190 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
191 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
192 * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_cert is not valid
193 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
194 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
196 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
198 * @see ckmc_remove_cert()
199 * @see ckmc_get_cert()
200 * @see ckmc_get_cert_alias_list()
202 * @see #ckmc_policy_s
204 int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy);
207 * @brief Removes a certificate from key manager.
211 * @privilege %http://tizen.org/privilege/keymanager
213 * @remarks A client can remove only certificates stored by the client.
215 * @param[in] alias The name of a certificate to be removed
217 * @return @c 0 on success,
218 * otherwise a negative error value
220 * @retval #CKMC_ERROR_NONE Successful
221 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
222 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
223 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
224 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
225 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
227 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
229 * @see ckmc_save_cert()
230 * @see ckmc_get_cert()
231 * @see ckmc_get_cert_alias_list()
233 int ckmc_remove_cert(const char *alias);
236 * @brief Gets a certificate from key manager.
240 * @privilege %http://tizen.org/privilege/keymanager
242 * @remarks A client can access only certificate stored by the client and non-restricted certificate stored by other clients.
243 * @remarks You must destroy the newly created @a ppcert by calling ckmc_cert_free() if it is no longer needed.
245 * @param[in] alias The name of a certificate to retrieve
246 * @param[in] password The password used in decrypting a certificate value \n
247 * If password of policy is provided in ckmc_save_cert(), the same password should be provided.
248 * @param[out] ppcert The pointer to a newly created ckmc_cert_s handle
250 * @return @c 0 on success,
251 * otherwise a negative error value
253 * @retval #CKMC_ERROR_NONE Successful
254 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
255 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
256 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
257 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exists
258 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
260 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
262 * @see ckmc_save_cert()
263 * @see ckmc_remove_cert()
264 * @see ckmc_get_cert_alias_list()
266 int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **ppcert);
269 * @brief Gets all alias of certificates which the client can access.
273 * @privilege %http://tizen.org/privilege/keymanager
275 * @remarks A client can access only data stored by the client and non-restricted data stored by other clients.
276 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free() if it is no longer needed.
278 * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys \n
279 * If there is no available key alias, *ppalias_list will be null.
281 * @return @c 0 on success,
282 * otherwise a negative error value
284 * @retval #CKMC_ERROR_NONE Successful
285 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
286 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
287 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
288 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
290 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
292 * @see ckmc_save_cert()
293 * @see ckmc_remove_cert()
294 * @see ckmc_get_cert()
296 int ckmc_get_cert_alias_list(ckmc_alias_list_s** ppalias_list);
302 * @brief Stores a data inside key manager based on the provided policy.
306 * @privilege %http://tizen.org/privilege/keymanager
308 * @param[in] alias The name of a data to be stored
309 * @param[in] data The binary value to be stored
310 * @param[in] policy The policy about how to store a data securely
312 * @return @c 0 on success,
313 * otherwise a negative error value
315 * @retval #CKMC_ERROR_NONE Successful
316 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
317 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
318 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
319 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
320 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
322 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
324 * @see ckmc_remove_data()
325 * @see ckmc_get_data()
326 * @see ckmc_get_data_alias_list()
327 * @see #ckmc_raw_buffer_s
328 * @see #ckmc_policy_s
330 int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy);
333 * @brief Removes a data from key manager.
337 * @privilege %http://tizen.org/privilege/keymanager
339 * @remarks A client can remove only data stored by the client.
341 * @param[in] alias The name of a data to be removed
343 * @return @c 0 on success,
344 * otherwise a negative error value
346 * @retval #CKMC_ERROR_NONE Successful
347 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
348 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
349 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
350 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
351 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
353 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
355 * @see ckmc_save_data()
356 * @see ckmc_get_data()
357 * @see ckmc_get_data_alias_list()
359 int ckmc_remove_data(const char *alias);
362 * @brief Gets a data from key manager.
366 * @privilege %http://tizen.org/privilege/keymanager
368 * @remarks A client can access only data stored by the client and non-restricted data stored by other clients.
369 * @remarks You must destroy the newly created @a ppdata by calling ckmc_buffer_free() if it is no longer needed.
371 * @param[in] alias The name of a data to retrieve
372 * @param[in] password The password used in decrypting a data value \n
373 * If password of policy is provided in ckmc_save_data(), the same password should be provided.
374 * @param[out] ppdata The pointer to a newly created ckmc_raw_buffer_s handle
376 * @return @c 0 on success,
377 * otherwise a negative error value
379 * @retval #CKMC_ERROR_NONE Successful
380 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
381 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
382 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
383 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
384 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
386 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
388 * @see ckmc_save_data()
389 * @see ckmc_remove_data()
390 * @see ckmc_get_data_alias_list()
392 int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **ppdata);
395 * @brief Gets all alias of data which the client can access.
399 * @privilege %http://tizen.org/privilege/keymanager
401 * @remarks A client can access only data stored by the client and non-restricted data stored by other clients.
402 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free() if it is no longer needed.
404 * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys \n
405 * If there is no available key alias, *ppalias_list will be null.
407 * @return @c 0 on success,
408 * otherwise a negative error value
410 * @retval #CKMC_ERROR_NONE Successful
411 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
412 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
413 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
414 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
416 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
418 * @see ckmc_save_data()
419 * @see ckmc_remove_data()
420 * @see ckmc_get_data()
422 int ckmc_get_data_alias_list(ckmc_alias_list_s** ppalias_list);
428 * @brief Creates RSA private/public key pair and stores them inside key manager based on each policy.
432 * @privilege %http://tizen.org/privilege/keymanager
434 * @remarks If password in policy is provided, the key is additionally encrypted with the password in policy.
436 * @param[in] size The size of key strength to be created \n
437 * @c 1024, @c 2048, and @c 4096 are supported.
438 * @param[in] private_key_alias The name of private key to be stored
439 * @param[in] public_key_alias The name of public key to be stored
440 * @param[in] policy_private_key The policy about how to store a private key securely
441 * @param[in] policy_public_key The policy about how to store a public key securely
443 * @return @c 0 on success,
444 * otherwise a negative error value
446 * @retval #CKMC_ERROR_NONE Successful
447 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
448 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
449 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
450 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
451 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
453 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
455 * @see ckmc_create_key_pair_ecdsa()
456 * @see ckmc_create_signature()
457 * @see ckmc_verify_signature()
459 int ckmc_create_key_pair_rsa(const size_t size, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key);
462 * @brief Creates ECDSA private/public key pair and stores them inside key manager based on each policy.
466 * @privilege %http://tizen.org/privilege/keymanager
468 * @remarks If password in policy is provided, the key is additionally encrypted with the password in policy.
470 * @param[in] type The type of elliptic curve of ECDSA
471 * @param[in] private_key_alias The name of private key to be stored
472 * @param[in] public_key_alias The name of public key to be stored
473 * @param[in] policy_private_key The policy about how to store a private key securely
474 * @param[in] policy_public_key The policy about how to store a public key securely
476 * @return @c 0 on success,
477 * otherwise a negative error value
479 * @retval #CKMC_ERROR_NONE Successful
480 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
481 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
482 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
483 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
484 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
486 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
488 * @see ckmc_create_key_pair_rsa()
489 * @see ckmc_create_signature()
490 * @see ckmc_verify_signature()
491 * @see #ckmc_ec_type_e
493 int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key);
496 * @brief Creates a signature on a given message using a private key and returns the signature.
500 * @privilege %http://tizen.org/privilege/keymanager
502 * @remarks If password of policy is provided during storing a key, the same password should be provided.
503 * @remarks You must destroy the newly created @a ppsignature by calling ckmc_buffer_free() if it is no longer needed.
505 * @param[in] private_key_alias The name of private key
506 * @param[in] password The password used in decrypting a private key value
507 * @param[in] message The message that is signed with a private key
508 * @param[in] hash The hash algorithm used in creating signature
509 * @param[in] padding The RSA padding algorithm used in creating signature \n
510 * It is used only when the signature algorithm is RSA.
511 * @param[out] ppsignature The pointer to a newly created signature \n
512 * If an error occurs, @a *ppsignature will be null.
514 * @return @c 0 on success,
515 * otherwise a negative error value
517 * @retval #CKMC_ERROR_NONE Successful
518 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
519 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
520 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
521 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
523 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
525 * @see ckmc_create_key_pair_rsa()
526 * @see ckmc_create_key_pair_ecdsa()
527 * @see ckmc_verify_signature()
528 * @see ckmc_buffer_free()
529 * @see #ckmc_hash_algo_e
530 * @see #ckmc_rsa_padding_algo_e
532 int ckmc_create_signature(const char *private_key_alias, const char *password, const ckmc_raw_buffer_s message, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding, ckmc_raw_buffer_s **ppsignature);
535 * @brief Verifies a given signature on a given message using a public key and returns the signature status.
539 * @privilege %http://tizen.org/privilege/keymanager
541 * @remarks If password of policy is provided during storing a key, the same password should be provided.
543 * @param[in] public_key_alias The name of public key
544 * @param[in] password The password used in decrypting a public key value
545 * @param[in] message The input on which the signature is created
546 * @param[in] signature The signature that is verified with public key
547 * @param[in] hash The hash algorithm used in verifying signature
548 * @param[in] padding The RSA padding algorithm used in verifying signature \n
549 * It is used only when the signature algorithm is RSA.
551 * @return @c 0 on success and the signature is valid,
552 * otherwise a negative error value
554 * @retval #CKMC_ERROR_NONE Successful
555 * @retval #CKMC_ERROR_VERIFICATION_FAILED The signature is invalid
556 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
557 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
558 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
559 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
561 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
563 * @see ckmc_create_key_pair_rsa()
564 * @see ckmc_create_key_pair_ecdsa()
565 * @see ckmc_verify_signature()
566 * @see #ckmc_hash_algo_e
567 * @see #ckmc_rsa_padding_algo_e
569 int ckmc_verify_signature(const char *public_key_alias, const char *password, const ckmc_raw_buffer_s message, const ckmc_raw_buffer_s signature, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding);
572 * @brief Verifies a certificate chain and returns that chain.
576 * @privilege %http://tizen.org/privilege/keymanager
578 * @remarks The trusted root certificate of the chain should exist in the system's certificate storage.
579 * @remarks You must destroy the newly created @a ppcert_chain_list by calling ckmc_cert_list_all_free() if it is no longer needed.
581 * @param[in] cert The certificate to be verified
582 * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate chain
583 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
584 * If an error occurs, @a *ppcert_chain_list will be null.
586 * @return @c 0 on success and the signature is valid,
587 * otherwise a negative error value
589 * @retval #CKMC_ERROR_NONE Successful
590 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
591 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
592 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
593 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
594 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
596 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
598 * @see ckmc_get_cert_chain_with_alias())
599 * @see ckmc_cert_list_all_free()
601 int ckmc_get_cert_chain(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, ckmc_cert_list_s **ppcert_chain_list);
604 * @brief Verifies a certificate chain using an alias list of untrusted certificates and return that chain.
608 * @privilege %http://tizen.org/privilege/keymanager
610 * @remarks The trusted root certificate of the chain should exist in the system's certificate storage.
611 * @remarks You must destroy the newly created @a ppcert_chain_list by calling ckmc_cert_list_all_free() if it is no longer needed.
613 * @param[in] cert The certificate to be verified
614 * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key manager to be used in verifying a certificate chain
615 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
616 * If an error occurs, @a *ppcert_chain_list will be null.
618 * @return @c 0 on success and the signature is valid,
619 * otherwise a negative error value
621 * @retval #CKMC_ERROR_NONE Successful
622 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
623 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
624 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
625 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
626 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
627 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
629 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
631 * @see ckmc_get_cert_chain())
632 * @see ckmc_cert_list_all_free()
634 int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **ppcert_chain_list);
646 #endif /* __TIZEN_CORE_CKMC_MANAGER_H */