2 * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file ckmc-manager.h
19 * @brief Provides management functions(storing, retrieving, and removing) for keys,
20 * certificates and data of a user and additional crypto functions.
24 #ifndef __TIZEN_CORE_CKMC_MANAGER_H
25 #define __TIZEN_CORE_CKMC_MANAGER_H
28 #include <sys/types.h>
30 #include <ckmc/ckmc-type.h>
31 #include <ckmc/ckmc-error.h>
38 * @addtogroup CAPI_KEY_MANAGER_CLIENT_MODULE
44 * @brief Stores a key inside key manager based on the provided policy.
47 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
48 * required to use this API since 3.0.
50 * @remarks Currently API supports seven types of keys. These are RSA public/private key,
51 * DSA public/private key, ECDSA public/private key and AES symmetric key.
52 * @remarks key_type in key may be set to #CKMC_KEY_NONE as an input. key_type is determined inside
53 * key manager during storing keys.
54 * @remarks Some private key files are protected by a password. If raw_key in key read from those
55 * encrypted files is encrypted with a password, the password should be provided in the
56 * #ckmc_key_s structure.
57 * @remarks If password in policy is provided, the key is additionally encrypted with the password
60 * @param[in] alias The name of a key to be stored
61 * @param[in] key The key's binary value to be stored
62 * @param[in] policy The policy about how to store a key securely
64 * @return @c 0 on success,
65 * otherwise a negative error value
67 * @retval #CKMC_ERROR_NONE Successful
68 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
69 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
71 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
72 * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_key is not valid
73 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
74 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
76 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
78 * @see ckmc_remove_alias()
80 * @see ckmc_get_key_alias_list()
84 int ckmc_save_key(const char *alias, const ckmc_key_s key,
85 const ckmc_policy_s policy);
88 * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_remove_alias() instead]
89 * @brief Removes a key from key manager.
92 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
93 * required to use this API since 3.0.
95 * @remarks To remove key, client must have remove permission to the specified key.
96 * @remarks The key owner can remove by default.
98 * @param[in] alias The name of a key to be removed
100 * @return @c 0 on success,
101 * otherwise a negative error value
103 * @retval #CKMC_ERROR_NONE Successful
104 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
105 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
107 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
108 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
109 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
111 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
113 * @see ckmc_save_key()
114 * @see ckmc_get_key()
115 * @see ckmc_get_key_alias_list()
117 int ckmc_remove_key(const char *alias);
120 * @brief Gets a key from key manager.
123 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
124 * required to use this API since 3.0.
126 * @remarks A client can access only data stored by the client.
127 * @remarks You must destroy the newly created @a ppkey by calling ckmc_key_free() if it is no
130 * @param[in] alias The name of a key to retrieve
131 * @param[in] password The password used in decrypting a key value \n
132 * If password of policy is provided in ckmc_save_key(), the same password
133 * should be provided.
134 * @param[out] ppkey The pointer to a newly created ckmc_key_s handle
136 * @return @c 0 on success,
137 * otherwise a negative error value
139 * @retval #CKMC_ERROR_NONE Successful
140 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
141 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
143 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
144 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
145 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
146 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
147 * Decryption failed because password is incorrect.
149 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
151 * @see ckmc_save_key()
152 * @see ckmc_remove_alias()
153 * @see ckmc_get_key_alias_list()
155 int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **ppkey);
158 * @brief Gets all the alias of keys that the client can access.
161 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
162 * required to use this API since 3.0.
164 * @remarks A client can access only data stored by the client.
165 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
166 * if it is no longer needed.
168 * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
169 * available alias of keys \n
170 * If there is no available key alias, *ppalias_list will be null.
172 * @return @c 0 on success,
173 * otherwise a negative error value
175 * @retval #CKMC_ERROR_NONE Successful
176 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
177 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
179 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
180 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
181 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
183 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
185 * @see ckmc_save_key()
186 * @see ckmc_remove_alias()
187 * @see ckmc_get_key()
189 int ckmc_get_key_alias_list(ckmc_alias_list_s **ppalias_list);
195 * @brief Stores a certificate inside key manager based on the provided policy.
198 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
200 * @remarks the certificate's binary value will be converted and saved as binary DER encoded
203 * @param[in] alias The name of a certificate to be stored
204 * @param[in] cert The certificate's binary value to be stored
205 * @param[in] policy The policy about how to store a certificate securely
207 * @return @c 0 on success,
208 * otherwise a negative error value
210 * @retval #CKMC_ERROR_NONE Successful
211 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
212 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
214 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
215 * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_cert is not valid
216 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
217 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
219 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
221 * @see ckmc_remove_alias()
222 * @see ckmc_get_cert()
223 * @see ckmc_get_cert_alias_list()
225 * @see #ckmc_policy_s
227 int ckmc_save_cert(const char *alias, const ckmc_cert_s cert,
228 const ckmc_policy_s policy);
231 * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_remove_alias() instead]
232 * @brief Removes a certificate from key manager.
235 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
236 * required to use this API since 3.0.
238 * @remarks To remove certificate, client must have remove permission to the specified certificate.
239 * @remarks The key owner can remove by default.
241 * @param[in] alias The name of a certificate to be removed
243 * @return @c 0 on success,
244 * otherwise a negative error value
246 * @retval #CKMC_ERROR_NONE Successful
247 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
248 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
250 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
251 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
252 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
254 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
256 * @see ckmc_save_cert()
257 * @see ckmc_get_cert()
258 * @see ckmc_get_cert_alias_list()
260 int ckmc_remove_cert(const char *alias);
263 * @brief Gets a certificate from key manager.
266 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
267 * required to use this API since 3.0.
269 * @remarks A client can access only certificate stored by the client.
270 * @remarks A DER encoded certificate will be returned as a return value.
271 * @remarks You must destroy the newly created @a ppcert by calling ckmc_cert_free() if it is no
274 * @param[in] alias The name of a certificate to retrieve
275 * @param[in] password The password used in decrypting a certificate value \n
276 * If password of policy is provided in ckmc_save_cert(), the same password
277 * should be provided.
278 * @param[out] ppcert The pointer to a newly created ckmc_cert_s handle
280 * @return @c 0 on success,
281 * otherwise a negative error value
283 * @retval #CKMC_ERROR_NONE Successful
284 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
285 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
287 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
288 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exists
289 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
290 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
291 * Decryption failed because password is incorrect.
293 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
295 * @see ckmc_save_cert()
296 * @see ckmc_remove_alias()
297 * @see ckmc_get_cert_alias_list()
299 int ckmc_get_cert(const char *alias, const char *password,
300 ckmc_cert_s **ppcert);
303 * @brief Gets all alias of certificates which the client can access.
306 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
307 * required to use this API since 3.0.
309 * @remarks A client can access only data stored by the client.
310 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
311 * if it is no longer needed.
313 * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
314 * available alias of keys \n
315 * If there is no available key alias, *ppalias_list will be null.
317 * @return @c 0 on success,
318 * otherwise a negative error value
320 * @retval #CKMC_ERROR_NONE Successful
321 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
322 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
324 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
325 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
326 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
328 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
330 * @see ckmc_save_cert()
331 * @see ckmc_remove_alias()
332 * @see ckmc_get_cert()
334 int ckmc_get_cert_alias_list(ckmc_alias_list_s **ppalias_list);
340 * @brief Stores PKCS12's contents inside key manager based on the provided policies.
341 * All items from the PKCS12 will use the same alias.
343 * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif
344 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
345 * required to use this API since 3.0.
347 * @param[in] alias The name of a data to be stored
348 * @param[in] pkcs Pointer to the pkcs12 structure to be saved
349 * @param[in] key_policy The policy about how to store pkcs's private key
350 * @param[in] cert_policy The policy about how to store pkcs's certificate
352 * @return @c 0 on success,
353 * otherwise a negative error value
355 * @retval #CKMC_ERROR_NONE Successful
356 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
357 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
359 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
360 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
361 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
363 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
365 * @see ckmc_remove_alias()
366 * @see ckmc_get_pkcs12()
367 * @see ckmc_get_data_alias_list()
368 * @see ckmc_pkcs12_load()
369 * @see #ckmc_pkcs12_s
370 * @see #ckmc_policy_s
372 int ckmc_save_pkcs12(const char *alias,
373 const ckmc_pkcs12_s *pkcs,
374 const ckmc_policy_s key_policy,
375 const ckmc_policy_s cert_policy);
378 * @brief Gets a pkcs12 from key manager.
380 * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif
381 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
382 * required to use this API since 3.0.
384 * @remarks A client can access only data stored by the client.
385 * @remarks You must destroy the newly created @a pkcs12 by calling ckmc_pkcs12_free() if it is no
388 * @param[in] alias The name of a data to retrieve
389 * @param[in] key_password Password that was used to encrypt privateKey (may be NULL)
390 * @param[in] cert_password Password used to encrypt certificates (may be NULL)
391 * @param[out] pkcs12 The pointer to a newly created ckmc_pkcs12_s handle
393 * @return @c 0 on success,
394 * otherwise a negative error value
396 * @retval #CKMC_ERROR_NONE Successful
397 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
398 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
400 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
401 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
402 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
403 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
404 * key_password or cert_password does not match with password
405 * used to encrypt data
407 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
409 * @see ckmc_save_pkcs12()
410 * @see ckmc_remove_alias()
412 int ckmc_get_pkcs12(const char *alias, const char *key_password,
413 const char *cert_password, ckmc_pkcs12_s **pkcs12);
416 * @brief Stores a data inside key manager based on the provided policy.
419 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
420 * required to use this API since 3.0.
422 * @param[in] alias The name of a data to be stored
423 * @param[in] data The binary value to be stored
424 * @param[in] policy The policy about how to store a data securely
426 * @return @c 0 on success,
427 * otherwise a negative error value
429 * @retval #CKMC_ERROR_NONE Successful
430 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
431 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
433 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
434 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
435 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
437 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
439 * @see ckmc_remove_alias()
440 * @see ckmc_get_data()
441 * @see ckmc_get_data_alias_list()
442 * @see #ckmc_raw_buffer_s
443 * @see #ckmc_policy_s
445 int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data,
446 const ckmc_policy_s policy);
449 * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_remove_alias() instead]
450 * @brief Removes a data from key manager.
453 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
454 * required to use this API since 3.0.
456 * @remarks To remove data, client must have remove permission to the specified data object.
457 * @remarks The data owner can remove by default.
459 * @param[in] alias The name of a data to be removed
461 * @return @c 0 on success,
462 * otherwise a negative error value
464 * @retval #CKMC_ERROR_NONE Successful
465 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
466 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
468 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
469 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
470 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
472 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
474 * @see ckmc_save_data()
475 * @see ckmc_get_data()
476 * @see ckmc_get_data_alias_list()
478 int ckmc_remove_data(const char *alias);
481 * @brief Gets a data from key manager.
484 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
485 * required to use this API since 3.0.
487 * @remarks A client can access only data stored by the client.
488 * @remarks You must destroy the newly created @a ppdata by calling ckmc_buffer_free() if it is no
491 * @param[in] alias The name of a data to retrieve
492 * @param[in] password The password used in decrypting a data value \n
493 * If password of policy is provided in ckmc_save_data(), the same password
494 * should be provided.
495 * @param[out] ppdata The pointer to a newly created ckmc_raw_buffer_s handle
497 * @return @c 0 on success,
498 * otherwise a negative error value
500 * @retval #CKMC_ERROR_NONE Successful
501 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
502 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
504 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
505 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
506 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
507 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
508 * Decryption failed because password is incorrect.
509 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
511 * @see ckmc_save_data()
512 * @see ckmc_remove_alias()
513 * @see ckmc_get_data_alias_list()
515 int ckmc_get_data(const char *alias, const char *password,
516 ckmc_raw_buffer_s **ppdata);
519 * @brief Gets all alias of data which the client can access.
522 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
523 * required to use this API since 3.0.
525 * @remarks A client can access only data stored by the client.
526 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
527 * if it is no longer needed.
529 * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
530 * available alias of keys \n
531 * If there is no available key alias, *ppalias_list will be null.
533 * @return @c 0 on success,
534 * otherwise a negative error value
536 * @retval #CKMC_ERROR_NONE Successful
537 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
538 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
540 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
541 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
542 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
544 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
546 * @see ckmc_save_data()
547 * @see ckmc_remove_alias()
548 * @see ckmc_get_data()
550 int ckmc_get_data_alias_list(ckmc_alias_list_s **ppalias_list);
556 * @brief Creates RSA private/public key pair and stores them inside key manager based on each
560 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
561 * required to use this API since 3.0.
563 * @remarks If password in policy is provided, the key is additionally encrypted with the password
566 * @param[in] size The size of key strength to be created \n
567 * @c 1024, @c 2048, and @c 4096 are supported
568 * @param[in] private_key_alias The name of private key to be stored
569 * @param[in] public_key_alias The name of public key to be stored
570 * @param[in] policy_private_key The policy about how to store a private key securely
571 * @param[in] policy_public_key The policy about how to store a public key securely
573 * @return @c 0 on success,
574 * otherwise a negative error value
576 * @retval #CKMC_ERROR_NONE Successful
577 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
578 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
580 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
581 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
582 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
584 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
586 * @see ckmc_create_key_pair_dsa()
587 * @see ckmc_create_key_pair_ecdsa()
588 * @see ckmc_create_signature()
589 * @see ckmc_verify_signature()
591 int ckmc_create_key_pair_rsa(const size_t size,
592 const char *private_key_alias,
593 const char *public_key_alias,
594 const ckmc_policy_s policy_private_key,
595 const ckmc_policy_s policy_public_key);
598 * @brief Creates DSA private/public key pair and stores them inside key manager based on each
602 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
603 * required to use this API since 3.0.
605 * @remarks If password in policy is provided, the key is additionally encrypted with the password
608 * @param[in] size The size of key strength to be created \n
609 * @c 1024, @c 2048, @c 3072 and @c 4096 are supported
610 * @param[in] private_key_alias The name of private key to be stored
611 * @param[in] public_key_alias The name of public key to be stored
612 * @param[in] policy_private_key The policy about how to store a private key securely
613 * @param[in] policy_public_key The policy about how to store a public key securely
615 * @return @c 0 on success,
616 * otherwise a negative error value
618 * @retval #CKMC_ERROR_NONE Successful
619 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
620 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
622 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
623 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
624 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
626 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
628 * @see ckmc_create_key_pair_rsa()
629 * @see ckmc_create_key_pair_ecdsa()
630 * @see ckmc_create_signature()
631 * @see ckmc_verify_signature()
633 int ckmc_create_key_pair_dsa(const size_t size,
634 const char *private_key_alias,
635 const char *public_key_alias,
636 const ckmc_policy_s policy_private_key,
637 const ckmc_policy_s policy_public_key);
640 * @brief Creates ECDSA private/public key pair and stores them inside key manager based on each
644 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
645 * required to use this API since 3.0.
647 * @remarks If password in policy is provided, the key is additionally encrypted with the password
650 * @param[in] type The type of elliptic curve of ECDSA
651 * @param[in] private_key_alias The name of private key to be stored
652 * @param[in] public_key_alias The name of public key to be stored
653 * @param[in] policy_private_key The policy about how to store a private key securely
654 * @param[in] policy_public_key The policy about how to store a public key securely
656 * @return @c 0 on success,
657 * otherwise a negative error value
659 * @retval #CKMC_ERROR_NONE Successful
660 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
661 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
663 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
664 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
665 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
667 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
669 * @see ckmc_create_key_pair_rsa()
670 * @see ckmc_create_key_pair_dsa()
671 * @see ckmc_create_signature()
672 * @see ckmc_verify_signature()
673 * @see #ckmc_ec_type_e
675 int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type,
676 const char *private_key_alias,
677 const char *public_key_alias,
678 const ckmc_policy_s policy_private_key,
679 const ckmc_policy_s policy_public_key);
682 * @brief Creates AES key and stores it inside key manager based on the policy.
686 * @remarks If password in policy is provided, the key is additionally encrypted with the password
689 * @param[in] size The size of key strength to be created \n
690 * @c 128, @c 192 and @c 256 are supported
691 * @param[in] key_alias The name of key to be stored
692 * @param[in] key_policy The policy about how to store the key securely
694 * @return @c 0 on success,
695 * otherwise a negative error value
697 * @retval #CKMC_ERROR_NONE Successful
698 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
699 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
701 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
702 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
703 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
705 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
707 * @see ckmc_create_key_pair_rsa()
708 * @see ckmc_create_key_pair_dsa()
709 * @see ckmc_create_key_pair_ecdsa()
710 * @see #ckmc_policy_s
712 int ckmc_create_key_aes(size_t size,
713 const char *key_alias,
714 ckmc_policy_s key_policy);
717 * @brief Creates a signature on a given message using a private key and returns the signature.
720 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
721 * required to use this API since 3.0.
723 * @remarks If password of policy is provided during storing a key, the same password should be
725 * @remarks You must destroy the newly created @a ppsignature by calling ckmc_buffer_free() if it is
728 * @param[in] private_key_alias The name of private key
729 * @param[in] password The password used in decrypting a private key value
730 * @param[in] message The message that is signed with a private key
731 * @param[in] hash The hash algorithm used in creating signature
732 * @param[in] padding The RSA padding algorithm used in creating signature \n
733 * It is used only when the signature algorithm is RSA
734 * @param[out] ppsignature The pointer to a newly created signature \n
735 * If an error occurs, @a *ppsignature will be null
737 * @return @c 0 on success,
738 * otherwise a negative error value
740 * @retval #CKMC_ERROR_NONE Successful
741 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
742 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
744 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
745 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
746 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
747 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
748 * Decryption failed because password is incorrect
750 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
752 * @see ckmc_create_key_pair_rsa()
753 * @see ckmc_create_key_pair_ecdsa()
754 * @see ckmc_verify_signature()
755 * @see ckmc_buffer_free()
756 * @see #ckmc_hash_algo_e
757 * @see #ckmc_rsa_padding_algo_e
759 int ckmc_create_signature(const char *private_key_alias,
760 const char *password,
761 const ckmc_raw_buffer_s message,
762 const ckmc_hash_algo_e hash,
763 const ckmc_rsa_padding_algo_e padding,
764 ckmc_raw_buffer_s **ppsignature);
767 * @brief Verifies a given signature on a given message using a public key and returns the signature
771 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
772 * required to use this API since 3.0.
774 * @remarks If password of policy is provided during storing a key, the same password should be
777 * @param[in] public_key_alias The name of public key
778 * @param[in] password The password used in decrypting a public key value
779 * @param[in] message The input on which the signature is created
780 * @param[in] signature The signature that is verified with public key
781 * @param[in] hash The hash algorithm used in verifying signature
782 * @param[in] padding The RSA padding algorithm used in verifying signature \n
783 * It is used only when the signature algorithm is RSA
785 * @return @c 0 on success and the signature is valid,
786 * otherwise a negative error value
788 * @retval #CKMC_ERROR_NONE Successful
789 * @retval #CKMC_ERROR_VERIFICATION_FAILED The signature is invalid
790 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
791 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
793 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
794 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
795 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
796 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
797 * Decryption failed because password is incorrect
799 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
801 * @see ckmc_create_key_pair_rsa()
802 * @see ckmc_create_key_pair_ecdsa()
803 * @see ckmc_verify_signature()
804 * @see #ckmc_hash_algo_e
805 * @see #ckmc_rsa_padding_algo_e
807 int ckmc_verify_signature(const char *public_key_alias,
808 const char *password,
809 const ckmc_raw_buffer_s message,
810 const ckmc_raw_buffer_s signature,
811 const ckmc_hash_algo_e hash,
812 const ckmc_rsa_padding_algo_e padding);
815 * @brief Verifies a certificate chain and returns that chain.
818 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
819 * required to use this API since 3.0.
821 * @remarks The trusted root certificate of the chain should exist in the system's certificate
823 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
824 * ckmc_cert_list_all_free() if it is no longer needed.
826 * @param[in] cert The certificate to be verified
827 * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate
829 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
830 * If an error occurs, @a *ppcert_chain_list will be null
832 * @return @c 0 on success and the signature is valid,
833 * otherwise a negative error value
835 * @retval #CKMC_ERROR_NONE Successful
836 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
837 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
838 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
840 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
841 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
842 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
843 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
844 * Decryption failed because password is incorrect
846 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
848 * @see ckmc_cert_list_all_free()
850 int ckmc_get_cert_chain(const ckmc_cert_s *cert,
851 const ckmc_cert_list_s *untrustedcerts,
852 ckmc_cert_list_s **ppcert_chain_list);
855 * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_get_cert_chain() instead]
856 * @brief Verifies a certificate chain using an alias list of untrusted certificates and return that
860 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
861 * required to use this API since 3.0.
863 * @remarks The trusted root certificate of the chain should exist in the system's certificate
865 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
866 * ckmc_cert_list_all_free() if it is no longer needed.
867 * @remarks @a untrustedcerts shouldn't be protected with optional password.
869 * @param[in] cert The certificate to be verified
870 * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key manager
871 * to be used in verifying a certificate chain
872 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
873 * If an error occurs, @a *ppcert_chain_list will be null
875 * @return @c 0 on success and the signature is valid,
876 * otherwise a negative error value
878 * @retval #CKMC_ERROR_NONE Successful
879 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
880 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
881 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
883 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
884 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
885 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
886 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
887 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
888 * Some certificates were encrypted with password and could not
891 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
893 * @see ckmc_get_cert_chain()
894 * @see ckmc_cert_list_all_free()
896 int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert,
897 const ckmc_alias_list_s *untrustedcerts,
898 ckmc_cert_list_s **ppcert_chain_list);
901 * @brief Verifies a certificate chain and returns that chain using user entered trusted and
902 * untrusted CA certificates.
904 * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif
905 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
906 * required to use this API since 3.0.
908 * @remarks If the trusted root certificates are provided as a user input, these certificates do not
909 * need to exist in the system's certificate storage.
910 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
911 * ckmc_cert_list_all_free() if it is no longer needed.
913 * @param[in] cert The certificate to be verified
914 * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a
916 * @param[in] trustedcerts The trusted CA certificates to be used in verifying a
918 * @param[in] use_trustedsystemcerts The flag indicating the use of the trusted root certificates
919 * in the system's certificate storage
920 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
921 * If an error occurs, @a *ppcert_chain_list will be null
923 * @return @c 0 on success and the signature is valid,
924 * otherwise a negative error value
926 * @retval #CKMC_ERROR_NONE Successful
927 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
928 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
929 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
931 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
932 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
933 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
935 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
937 * @see ckmc_cert_list_all_free()
939 int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s *cert,
940 const ckmc_cert_list_s *untrustedcerts,
941 const ckmc_cert_list_s *trustedcerts,
942 const bool use_trustedsystemcerts,
943 ckmc_cert_list_s **ppcert_chain_list);
946 * @brief Perform OCSP which checks certificate is whether revoked or not.
948 * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif
950 * @privilege %http://tizen.org/privilege/internet
952 * @remarks %http://tizen.org/privilege/internet (public level privilege) is required
953 * to use this API instead of %http://tizen.org/privilege/keymanager (public
954 * level privilege) since 3.0.
956 * @param[in] pcert_chain_list Valid certificate chain to perform OCSP check
957 * @param[out] ocsp_status The pointer to status result of OCSP check
959 * @return @c 0 on success, otherwise a negative error value
961 * @retval #CKMC_ERROR_NONE Successful
962 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
963 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
964 * @retval #CKMC_ERROR_NOT_SUPPORTED Device needed to run API is not supported
966 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
967 * @pre @a pcert_chain_list is created with ckmc_get_certificate_chain() or
968 * ckmc_get_certificate_chain_with_alias().
970 * @see ckmc_get_cert_chain())
971 * @see ckmc_cert_list_all_free()
973 int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list,
974 ckmc_ocsp_status_e *ocsp_status);
977 * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_set_permission() instead]
978 * @brief Allows another application to access client's application data.
981 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
982 * required to use this API since 3.0.
984 * @remarks Data identified by @a alias should exist.
986 * @param[in] alias Data alias for which access will be granted
987 * @param[in] accessor Package id of the application that will gain access rights
988 * @param[in] granted Rights granted for @a accessor application
990 * @return @c 0 on success, otherwise a negative error value
992 * @retval #CKMC_ERROR_NONE Successful
993 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
994 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
996 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
997 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
998 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1000 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1002 * @see ckmc_deny_access()
1004 int ckmc_allow_access(const char *alias, const char *accessor,
1005 ckmc_access_right_e granted);
1008 * @brief Allows another application to access client's application data.
1010 * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif
1011 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
1012 * required to use this API since 3.0.
1014 * @remarks Data identified by @a alias should exist.
1016 * @param[in] alias Data alias for which access will be granted
1017 * @param[in] accessor Package id of the application that will gain access rights
1018 * @param[in] permissions Mask of permissions granted for @a accessor application
1019 * (@a ckmc_permission_e)
1020 * (previous permission mask will be replaced with the new mask value)
1022 * @return @c 0 on success, otherwise a negative error value
1024 * @retval #CKMC_ERROR_NONE Successful
1025 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1026 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1028 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1029 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1030 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1032 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1034 int ckmc_set_permission(const char *alias, const char *accessor,
1038 * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_set_permission() instead]
1039 * @brief Revokes another application's access to client's application data.
1042 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
1043 * required to use this API since 3.0.
1045 * @remarks Data identified by @a alias should exist.
1046 * @remarks Only access previously granted with ckmc_allow_access can be revoked.
1048 * @param[in] alias Data alias for which access will be revoked
1049 * @param[in] accessor Package id of the application that will lose access rights
1051 * @return @c 0 on success, otherwise a negative error value
1053 * @retval #CKMC_ERROR_NONE Successful
1054 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or the @a accessor doesn't
1055 * have access to @a alias
1056 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1058 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1059 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1060 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1062 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1064 * @see ckmc_allow_access()
1065 * @see ckmc_set_permission()
1067 int ckmc_deny_access(const char *alias, const char *accessor);
1070 * @brief Removes a an entry (no matter of type) from the key manager.
1072 * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif
1073 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
1074 * required to use this API since 3.0.
1076 * @remarks To remove item, client must have remove permission to the specified item.
1077 * @remarks The item owner can remove by default.
1079 * @param[in] alias Item alias to be removed
1081 * @return @c 0 on success,
1082 * otherwise a negative error value
1084 * @retval #CKMC_ERROR_NONE Successful
1085 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1086 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1088 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
1089 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1090 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1092 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1094 * @see ckmc_save_key()
1095 * @see ckmc_save_cert()
1096 * @see ckmc_save_data()
1097 * @see ckmc_save_pkcs12()
1098 * @see ckmc_create_key_pair_rsa()
1099 * @see ckmc_create_key_pair_dsa()
1100 * @see ckmc_create_key_pair_ecdsa()
1102 int ckmc_remove_alias(const char *alias);
1105 * @brief Encrypts data using selected key and algorithm.
1109 * @remarks Key identified by @a key_alias should exist.
1111 * @param[in] params Algorithm parameter list handle. See #ckmc_param_list_h and
1112 * #ckmc_algo_type_e for details
1113 * @param[in] key_alias Alias of the key to be used for encryption
1114 * @param[in] password The password used in decrypting a key value \n
1115 * If password of policy is provided in ckmc_save_key(), the same
1116 * password should be provided
1117 * @param[in] decrypted Data to be encrypted. In case of AES algorithm there are no
1118 * restrictions on the size of data. For RSA the size must be smaller
1119 * or equal to <key_size_in bytes> - 42. Example: for 1024 RSA key the
1120 * maximum data size is 1024/8 - 42 = 86.
1121 * @param[out] ppencrypted Encrypted data (some algorithms may return additional information
1122 * embedded in encrypted data. AES GCM is an example) \n
1123 * The caller is responsible for freeing @a encrypted with
1124 * ckmc_buffer_free()
1126 * @return @c 0 on success, otherwise a negative error value
1128 * @retval #CKMC_ERROR_NONE Successful
1129 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid
1130 * mandatory algorithm parameter, decrypted = NULL,
1131 * ppencrypted = NULL)
1132 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1134 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1135 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist
1136 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1137 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
1138 * Key decryption failed because password is incorrect
1140 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1142 * @see ckmc_buffer_free()
1143 * @see ckmc_param_list_new()
1144 * @see ckmc_param_list_free()
1145 * @see ckmc_param_list_set_integer()
1146 * @see ckmc_param_list_set_buffer()
1147 * @see ckmc_generate_new_params()
1148 * @see #ckmc_param_list_h
1149 * @see #ckmc_param_name_e
1150 * @see #ckmc_algo_type_e
1152 int ckmc_encrypt_data(ckmc_param_list_h params,
1153 const char *key_alias,
1154 const char *password,
1155 const ckmc_raw_buffer_s decrypted,
1156 ckmc_raw_buffer_s **ppencrypted);
1159 * @brief Decrypts data using selected key and algorithm.
1163 * @remarks Key identified by @a key_alias should exist.
1165 * @param[in] params Algorithm parameter list handle. You should use the same parameters
1166 * that were used for encryption. See #ckmc_param_list_h and
1167 * #ckmc_algo_type_e for details
1168 * @param[in] key_alias Alias of the key to be used for encryption
1169 * @param[in] password The password used in decrypting a key value \n
1170 * If password of policy is provided in ckmc_save_key(), the same
1171 * password should be provided
1172 * @param[in] encrypted Data to be decrypted (some algorithms may require additional
1173 * information embedded in encrypted data. AES GCM is an example)
1174 * @param[out] ppdecrypted Decrypted data \n
1175 * The caller is responsible for freeing @a decrypted with
1176 * ckmc_buffer_free()
1178 * @return @c 0 on success, otherwise a negative error value
1180 * @retval #CKMC_ERROR_NONE Successful
1181 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid
1182 * mandatory algorithm parameter, encrypted = NULL,
1183 * ppdecrypted = NULL)
1184 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1186 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1187 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist
1188 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1189 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
1190 * Key decryption failed because password is incorrect
1192 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1194 * @see ckmc_buffer_free()
1195 * @see ckmc_param_list_new()
1196 * @see ckmc_param_list_free()
1197 * @see ckmc_param_list_set_integer()
1198 * @see ckmc_param_list_set_buffer()
1199 * @see ckmc_generate_new_params()
1200 * @see #ckmc_param_list_h
1201 * @see #ckmc_param_name_e
1202 * @see #ckmc_algo_type_e
1204 int ckmc_decrypt_data(ckmc_param_list_h params,
1205 const char *key_alias,
1206 const char *password,
1207 const ckmc_raw_buffer_s encrypted,
1208 ckmc_raw_buffer_s **ppdecrypted);
1219 #endif /* __TIZEN_CORE_CKMC_MANAGER_H */