2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file ckmc-manager.h
19 * @brief Provides management functions(storing, retrieving, and removing) for keys, certificates and data of a user and additional crypto functions.
23 #ifndef __TIZEN_CORE_CKMC_MANAGER_H
24 #define __TIZEN_CORE_CKMC_MANAGER_H
27 #include <sys/types.h>
29 #include <ckmc/ckmc-type.h>
30 #include <ckmc/ckmc-error.h>
37 * @addtogroup CAPI_KEY_MANAGER_CLIENT_MODULE
43 * @brief Stores a key inside key manager based on the provided policy.
47 * @privilege %http://tizen.org/privilege/keymanager
49 * @remarks Currently only four types of keys are supported for this API. These are RSA public/private key and ECDSA /private key.
50 * @remarks key_type in key may be set to #CKMC_KEY_NONE as an input. key_type is determined inside key manager during storing keys.
51 * @remarks Some private key files are protected by a password. if raw_key in key read from those encrypted files is encrypted with a password, the password should be provided in the #ckmc_key_s structure.
52 * @remarks if password in policy is provided, the key is additionally encrypted with the password in policy.
54 * @param[in] alias the name of a key to be stored
55 * @param[in] key a key's binary value to be stored.
56 * @param[in] policy about how to store a key securely.
58 * @return 0 on success, otherwise a negative error value
59 * @retval #CKMC_ERROR_NONE Successful
60 * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
61 * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
62 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS alias already exists.
63 * @retval #CKMC_ERROR_INVALID_FORMAT the format of raw_key is not valid.
64 * @retval #CKMC_ERROR_DB_ERROR failed due to other DB transaction unexpectedly.
65 * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
67 * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
69 * @see ckmc_remove_key()
71 * @see ckmc_get_key_alias_list()
75 int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy);
78 * @brief Removes a key from key manager
82 * @privilege %http://tizen.org/privilege/keymanager
84 * @remarks a client can remove only keys stored by the client.
86 * @param[in] alias the name of a key to be removed
88 * @return 0 on success, otherwise a negative error value
89 * @retval #CKMC_ERROR_NONE Successful
90 * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
91 * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
92 * @retval #CKMC_ERROR_DB_ERROR failed due to the error with unknown reason
93 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN alias doesn't exists.
94 * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
96 * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
98 * @see ckmc_save_key()
100 * @see ckmc_get_key_alias_list()
102 int ckmc_remove_key(const char *alias);
105 * @brief Gets a key from key manager
109 * @privilege %http://tizen.org/privilege/keymanager
111 * @remarks a client can access only data stored by the client and non-restricted data stored by other clients.
112 * @remarks A newly created ppkey should be destroyed by calling ckmc_key_free() if it is no longer needed.
114 * @param[in] alias the name of a key to retrieve
115 * @param[in] password used in decrypting a key value. If password of policy is provided in ckmc_save_key(), the same password should be provided.
116 * @param[out] ppkey a pointer to a newly created ckmc_key_s handle
118 * @return 0 on success, otherwise a negative error value
119 * @retval #CKMC_ERROR_NONE Successful
120 * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
121 * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
122 * @retval #CKMC_ERROR_DB_ERROR failed due to the error with unknown reason
123 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN alias doesn't exists.
124 * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
126 * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
128 * @see ckmc_save_key()
129 * @see ckmc_remove_key()
130 * @see ckmc_get_key_alias_list()
132 int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **ppkey);
135 * @brief Gets a all alias of keys to which the client can access
139 * @privilege %http://tizen.org/privilege/keymanager
141 * @remarks a client can access only data stored by the client and non-restricted data stored by other clients.
142 * @remarks A newly created ppalias_list should be destroyed by calling ckmc_alias_list_all_free() if it is no longer needed.
144 * @param[out] ppalias_list a pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys. If there is no available key alias, *ppalias_list will be null.
146 * @return 0 on success, otherwise a negative error value
147 * @retval #CKMC_ERROR_NONE Successful
148 * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
149 * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
150 * @retval #CKMC_ERROR_DB_ERROR failed due to the error with unknown reason
151 * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
153 * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
155 * @see ckmc_save_key()
156 * @see ckmc_remove_key()
157 * @see ckmc_get_key()
159 int ckmc_get_key_alias_list(ckmc_alias_list_s** ppalias_list);
165 * @brief Stores a certificate inside key manager based on the provided policy.
169 * @privilege %http://tizen.org/privilege/keymanager
171 * @param[in] alias the name of a certificate to be stored
172 * @param[in] cert a certificate's binary value to be stored.
173 * @param[in] policy about how to store a certificate securely.
175 * @return 0 on success, otherwise a negative error value
176 * @retval #CKMC_ERROR_NONE Successful
177 * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
178 * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
179 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS alias already exists.
180 * @retval #CKMC_ERROR_INVALID_FORMAT the format of raw_cert is not valid.
181 * @retval #CKMC_ERROR_DB_ERROR failed due to other DB transaction unexpectedly.
182 * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
184 * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
186 * @see ckmc_remove_cert()
187 * @see ckmc_get_cert()
188 * @see ckmc_get_cert_alias_list()
190 * @see #ckmc_policy_s
192 int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy);
195 * @brief Removes a certificate from key manager
199 * @privilege %http://tizen.org/privilege/keymanager
201 * @remarks a client can remove only certificates stored by the client.
203 * @param[in] alias the name of a certificate to be removed
205 * @return 0 on success, otherwise a negative error value
206 * @retval #CKMC_ERROR_NONE Successful
207 * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
208 * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
209 * @retval #CKMC_ERROR_DB_ERROR failed due to the error with unknown reason
210 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN alias doesn't exists.
211 * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
213 * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
215 * @see ckmc_save_cert()
216 * @see ckmc_get_cert()
217 * @see ckmc_get_cert_alias_list()
219 int ckmc_remove_cert(const char *alias);
222 * @brief Gets a certificate from key manager
226 * @privilege %http://tizen.org/privilege/keymanager
228 * @remarks a client can access only certificate stored by the client and non-restricted certificate stored by other clients.
229 * @remarks A newly created ppcert should be destroyed by calling ckmc_cert_free() if it is no longer needed.
231 * @param[in] alias the name of a certificate to retrieve
232 * @param[in] password used in decrypting a certificate value. If password of policy is provided in ckmc_save_cert(), the same password should be provided.
233 * @param[out] ppcert a pointer to a newly created ckmc_cert_s handle
235 * @return 0 on success, otherwise a negative error value
236 * @retval #CKMC_ERROR_NONE Successful
237 * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
238 * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
239 * @retval #CKMC_ERROR_DB_ERROR failed due to the error with unknown reason
240 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN alias doesn't exists.
241 * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
243 * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
245 * @see ckmc_save_cert()
246 * @see ckmc_remove_cert()
247 * @see ckmc_get_cert_alias_list()
249 int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **ppcert);
252 * @brief Gets a all alias of certificates to which the client can access
256 * @privilege %http://tizen.org/privilege/keymanager
258 * @remarks a client can access only data stored by the client and non-restricted data stored by other clients.
259 * @remarks A newly created ppalias_list should be destroyed by calling ckmc_alias_list_all_free() if it is no longer needed.
261 * @param[out] ppalias_list a pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys. If there is no available key alias, *ppalias_list will be null.
263 * @return 0 on success, otherwise a negative error value
264 * @retval #CKMC_ERROR_NONE Successful
265 * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
266 * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
267 * @retval #CKMC_ERROR_DB_ERROR failed due to the error with unknown reason
268 * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
270 * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
272 * @see ckmc_save_cert()
273 * @see ckmc_remove_cert()
274 * @see ckmc_get_cert()
276 int ckmc_get_cert_alias_list(ckmc_alias_list_s** ppalias_list);
282 * @brief Stores a data inside key manager based on the provided policy.
286 * @privilege %http://tizen.org/privilege/keymanager
288 * @param[in] alias the name of a data to be stored
289 * @param[in] data a binary value to be stored.
290 * @param[in] policy about how to store a data securely.
292 * @return 0 on success, otherwise a negative error value
293 * @retval #CKMC_ERROR_NONE Successful
294 * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
295 * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
296 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS alias already exists.
297 * @retval #CKMC_ERROR_DB_ERROR failed due to other DB transaction unexpectedly.
298 * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
300 * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
302 * @see ckmc_remove_data()
303 * @see ckmc_get_data()
304 * @see ckmc_get_data_alias_list()
305 * @see #ckmc_raw_buffer_s
306 * @see #ckmc_policy_s
308 int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy);
311 * @brief Removes a data from key manager
315 * @privilege %http://tizen.org/privilege/keymanager
317 * @remarks a client can remove only data stored by the client.
319 * @param[in] alias the name of a data to be removed
321 * @return 0 on success, otherwise a negative error value
322 * @retval #CKMC_ERROR_NONE Successful
323 * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
324 * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
325 * @retval #CKMC_ERROR_DB_ERROR failed due to the error with unknown reason
326 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN alias doesn't exists.
327 * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
329 * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
331 * @see ckmc_save_data()
332 * @see ckmc_get_data()
333 * @see ckmc_get_data_alias_list()
335 int ckmc_remove_data(const char *alias);
338 * @brief Gets a data from key manager
342 * @privilege %http://tizen.org/privilege/keymanager
344 * @remarks a client can access only data stored by the client and non-restricted data stored by other clients.
345 * @remarks A newly created ppdata should be destroyed by calling ckmc_buffer_free() if it is no longer needed.
347 * @param[in] alias the name of a data to retrieve
348 * @param[in] password used in decrypting a data value. If password of policy is provided in ckmc_save_data(), the same password should be provided.
349 * @param[out] ppdata a pointer to a newly created ckmc_raw_buffer_s handle
351 * @return 0 on success, otherwise a negative error value
352 * @retval #CKMC_ERROR_NONE Successful
353 * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
354 * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
355 * @retval #CKMC_ERROR_DB_ERROR failed due to the error with unknown reason
356 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN alias doesn't exists.
357 * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
359 * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
361 * @see ckmc_save_data()
362 * @see ckmc_remove_data()
363 * @see ckmc_get_data_alias_list()
365 int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **ppdata);
368 * @brief Gets a all alias of data to which the client can access
372 * @privilege %http://tizen.org/privilege/keymanager
374 * @remarks a client can access only data stored by the client and non-restricted data stored by other clients.
375 * @remarks A newly created ppalias_list should be destroyed by calling ckmc_alias_list_all_free() if it is no longer needed.
377 * @param[out] ppalias_list a pointer to a newly created ckmc_alias_list_s handle containing all available alias of keys. If there is no available key alias, *ppalias_list will be null.
379 * @return 0 on success, otherwise a negative error value
380 * @retval #CKMC_ERROR_NONE Successful
381 * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
382 * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
383 * @retval #CKMC_ERROR_DB_ERROR failed due to the error with unknown reason
384 * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
386 * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
388 * @see ckmc_save_data()
389 * @see ckmc_remove_data()
390 * @see ckmc_get_data()
392 int ckmc_get_data_alias_list(ckmc_alias_list_s** ppalias_list);
398 * @brief Creates RSA private/public key pair and stores them inside key manager based on each policy.
402 * @privilege %http://tizen.org/privilege/keymanager
404 * @remarks if password in policy is provided, the key is additionally encrypted with the password in policy.
406 * @param[in] size the size of key strength to be created. 1024, 2048, and 4096 are supported.
407 * @param[in] private_key_alias the name of private key to be stored.
408 * @param[in] public_key_alias the name of public key to be stored.
409 * @param[in] policy_private_key about how to store a private key securely.
410 * @param[in] policy_public_key about how to store a public key securely.
412 * @return 0 on success, otherwise a negative error value
413 * @retval #CKMC_ERROR_NONE Successful
414 * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
415 * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
416 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS alias already exists.
417 * @retval #CKMC_ERROR_DB_ERROR failed due to other DB transaction unexpectedly.
418 * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
420 * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
422 * @see ckmc_create_key_pair_ecdsa()
423 * @see ckmc_create_signature()
424 * @see ckmc_verify_signature()
426 int ckmc_create_key_pair_rsa(const size_t size, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key);
429 * @brief Creates ECDSA private/public key pair and stores them inside key manager based on each policy.
433 * @privilege %http://tizen.org/privilege/keymanager
435 * @remarks if password in policy is provided, the key is additionally encrypted with the password in policy.
437 * @param[in] type the type of eliptic curve of ECDSA.
438 * @param[in] private_key_alias the name of private key to be stored.
439 * @param[in] public_key_alias the name of public key to be stored.
440 * @param[in] policy_private_key about how to store a private key securely.
441 * @param[in] policy_public_key about how to store a public key securely.
443 * @return 0 on success, otherwise a negative error value
444 * @retval #CKMC_ERROR_NONE Successful
445 * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
446 * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
447 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS alias already exists.
448 * @retval #CKMC_ERROR_DB_ERROR failed due to other DB transaction unexpectedly.
449 * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
451 * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
453 * @see ckmc_create_key_pair_rsa()
454 * @see ckmc_create_signature()
455 * @see ckmc_verify_signature()
456 * @see #ckmc_ec_type_e
458 int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type, const char *private_key_alias, const char *public_key_alias, const ckmc_policy_s policy_private_key, const ckmc_policy_s policy_public_key);
461 * @brief Creates a signature on a given message using a private key and returns the signature
465 * @privilege %http://tizen.org/privilege/keymanager
467 * @remarks If password of policy is provided during storing a key, the same password should be provided.
468 * @remarks A newly created ppsignature should be destroyed by calling ckmc_buffer_free() if it is no longer needed.
471 * @param[in] private_key_alias the name of private key.
472 * @param[in] password used in decrypting a private key value.
473 * @param[in] message signed with a private key .
474 * @param[in] hash the hash algorithm used in creating signature.
475 * @param[in] padding the RSA padding algorithm used in creating signature. It is used only when the signature algorithm is RSA.
476 * @param[out] ppsignature a pointer to a newly created signature's. If an error occurs, *ppsignature will be null.
478 * @return 0 on success, otherwise a negative error value
479 * @retval #CKMC_ERROR_NONE Successful
480 * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
481 * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
482 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN alias doesn't exists.
483 * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
485 * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
487 * @see ckmc_create_key_pair_rsa()
488 * @see ckmc_create_key_pair_ecdsa()
489 * @see ckmc_verify_signature()
490 * @see ckmc_buffer_free()
491 * @see #ckmc_hash_algo_e
492 * @see #ckmc_rsa_padding_algo_e
494 int ckmc_create_signature(const char *private_key_alias, const char *password, const ckmc_raw_buffer_s message, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding, ckmc_raw_buffer_s **ppsignature);
497 * @brief Verifies a given signature on a given message using a public key and returns the signature status.
501 * @privilege %http://tizen.org/privilege/keymanager
503 * @remarks If password of policy is provided during storing a key, the same password should be provided.
505 * @param[in] public_key_alias the name of public key.
506 * @param[in] password used in decrypting a public key value.
507 * @param[in] message a input on which the signature is created.
508 * @param[in] signature verified with public key.
509 * @param[in] hash the hash algorithm used in verifying signature.
510 * @param[in] padding the RSA padding algorithm used in verifying signature. It is used only when the signature algorithm is RSA.
512 * @return 0 on success and the signature is valid, otherwise a negative error value
513 * @retval #CKMC_ERROR_NONE Successful
514 * @retval #CKMC_ERROR_VERIFICATION_FAILED the signature is invalid
515 * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
516 * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
517 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN alias doesn't exists.
518 * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
520 * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
522 * @see ckmc_create_key_pair_rsa()
523 * @see ckmc_create_key_pair_ecdsa()
524 * @see ckmc_verify_signature()
525 * @see #ckmc_hash_algo_e
526 * @see #ckmc_rsa_padding_algo_e
528 int ckmc_verify_signature(const char *public_key_alias, const char *password, const ckmc_raw_buffer_s message, const ckmc_raw_buffer_s signature, const ckmc_hash_algo_e hash, const ckmc_rsa_padding_algo_e padding);
531 * @brief Verifies a certificate chain and return that chain.
535 * @privilege %http://tizen.orckmc_buffer_freeg/privilege/keymanager
537 * @remarks The trusted root certificate of the chain should exist in the system's certificate storage.
538 * @remarks A newly created ppcert_chain_list should be destroyed by calling ckmc_cert_list_all_free() if it is no longer needed.
540 * @param[in] cert the certificate to be verified
541 * @param[in] untrustedcerts the untrusted CA certificates to be used in verifying a certificate chain.
542 * @param[out] ppcert_chain_list a pointer to a newly created certificate chain's handle. If an error occurs, *ppcert_chain_list will be null.
544 * @return 0 on success and the signature is valid, otherwise a negative error value
545 * @retval #CKMC_ERROR_NONE Successful
546 * @retval #CKMC_ERROR_VERIFICATION_FAILED the certificate chain is not valid
547 * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
548 * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
549 * @retval #CKMC_ERROR_INVALID_FORMAT the format of certificate is not valid.
550 * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
552 * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
554 * @see ckmc_get_cert_chain_with_alias())
555 * @see ckmc_cert_list_all_free()
557 int ckmc_get_cert_chain(const ckmc_cert_s *cert, const ckmc_cert_list_s *untrustedcerts, ckmc_cert_list_s **ppcert_chain_list);
560 * @brief Verifies a certificate chain using a alias list of untrusted certificates and return that chain.
564 * @privilege %http://tizen.org/privilege/keymanager
566 * @remarks The trusted root certificate of the chain should exist in the system's certificate storage.
567 * @remarks A newly created ppcert_chain_list should be destroyed by calling ckmc_cert_list_all_free() if it is no longer needed.
569 * @param[in] cert the certificate to be verified
570 * @param[in] untrustedcerts an alias list of untrusted CA certificates stored in key manager to be used in verifying a certificate chain.
571 * @param[out] ppcert_chain_list a pointer to a newly created certificate chain's handle. If an error occurs, *ppcert_chain_list will be null.
573 * @return 0 on success and the signature is valid, otherwise a negative error value
574 * @retval #CKMC_ERROR_NONE Successful
575 * @retval #CKMC_ERROR_VERIFICATION_FAILED the certificate chain is not valid
576 * @retval #CKMC_ERROR_INVALID_PARAMETER input parameter is invalid
577 * @retval #CKMC_ERROR_DB_LOCKED a user key is not loaded in memory(a user is not logged in)
578 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN alias doesn't exists.
579 * @retval #CKMC_ERROR_INVALID_FORMAT the format of certificate is not valid.
580 * @retval #CKMC_ERROR_PERMISSION_DENIED failed to access key manager
582 * @pre User must be already logged in and his user key is already loaded into memory in plain text form.
584 * @see ckmc_get_cert_chain())
585 * @see ckmc_cert_list_all_free()
587 int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert, const ckmc_alias_list_s *untrustedcerts, ckmc_cert_list_s **ppcert_chain_list);
599 #endif /* __TIZEN_CORE_CKMC_MANAGER_H */