2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file ckmc-manager.h
19 * @brief Provides management functions(storing, retrieving, and removing) for keys,
20 * certificates and data of a user and additional crypto functions.
24 #ifndef __TIZEN_CORE_CKMC_MANAGER_H
25 #define __TIZEN_CORE_CKMC_MANAGER_H
28 #include <sys/types.h>
30 #include <ckmc/ckmc-type.h>
31 #include <ckmc/ckmc-error.h>
38 * @addtogroup CAPI_KEY_MANAGER_CLIENT_MODULE
44 * @brief Stores a key inside key manager based on the provided policy.
48 * @privilege %http://tizen.org/privilege/keymanager
50 * @remarks Currently only six types of keys are supported for this API. These are RSA
51 * public/private key, DSA public/private key and ECDSA public/private key.
52 * @remarks key_type in key may be set to #CKMC_KEY_NONE as an input. key_type is determined inside
53 * key manager during storing keys.
54 * @remarks Some private key files are protected by a password. If raw_key in key read from those
55 * encrypted files is encrypted with a password, the password should be provided in the
56 * #ckmc_key_s structure.
57 * @remarks If password in policy is provided, the key is additionally encrypted with the password
60 * @param[in] alias The name of a key to be stored
61 * @param[in] key The key's binary value to be stored
62 * @param[in] policy The policy about how to store a key securely
64 * @return @c 0 on success,
65 * otherwise a negative error value
67 * @retval #CKMC_ERROR_NONE Successful
68 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
69 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
71 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
72 * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_key is not valid
73 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
74 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
76 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
78 * @see ckmc_remove_key()
80 * @see ckmc_get_key_alias_list()
84 int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy);
87 * @brief Removes a key from key manager.
91 * @privilege %http://tizen.org/privilege/keymanager
93 * @remarks To remove key, client must have remove permission to the specified key.
94 * @remarks The key owner can remove by default.
96 * @param[in] alias The name of a key to be removed
98 * @return @c 0 on success,
99 * otherwise a negative error value
101 * @retval #CKMC_ERROR_NONE Successful
102 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
103 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
105 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
106 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
107 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
109 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
111 * @see ckmc_save_key()
112 * @see ckmc_get_key()
113 * @see ckmc_get_key_alias_list()
115 int ckmc_remove_key(const char *alias);
118 * @brief Gets a key from key manager.
122 * @privilege %http://tizen.org/privilege/keymanager
124 * @remarks A client can access only data stored by the client.
125 * @remarks You must destroy the newly created @a ppkey by calling ckmc_key_free() if it is no
128 * @param[in] alias The name of a key to retrieve
129 * @param[in] password The password used in decrypting a key value \n
130 * If password of policy is provided in ckmc_save_key(), the same password
131 * should be provided.
132 * @param[out] ppkey The pointer to a newly created ckmc_key_s handle
134 * @return @c 0 on success,
135 * otherwise a negative error value
137 * @retval #CKMC_ERROR_NONE Successful
138 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
139 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
141 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
142 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
143 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
144 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
145 * Decryption failed because password is incorrect.
147 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
149 * @see ckmc_save_key()
150 * @see ckmc_remove_key()
151 * @see ckmc_get_key_alias_list()
153 int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **ppkey);
156 * @brief Gets all the alias of keys that the client can access.
160 * @privilege %http://tizen.org/privilege/keymanager
162 * @remarks A client can access only data stored by the client.
163 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
164 * if it is no longer needed.
166 * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
167 * available alias of keys \n
168 * If there is no available key alias, *ppalias_list will be null.
170 * @return @c 0 on success,
171 * otherwise a negative error value
173 * @retval #CKMC_ERROR_NONE Successful
174 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
175 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
177 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
178 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
179 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
181 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
183 * @see ckmc_save_key()
184 * @see ckmc_remove_key()
185 * @see ckmc_get_key()
187 int ckmc_get_key_alias_list(ckmc_alias_list_s** ppalias_list);
193 * @brief Stores a certificate inside key manager based on the provided policy.
197 * @privilege %http://tizen.org/privilege/keymanager
199 * @remarks the certificate's binary value will be converted and saved as binary DER encoded
202 * @param[in] alias The name of a certificate to be stored
203 * @param[in] cert The certificate's binary value to be stored
204 * @param[in] policy The policy about how to store a certificate securely
206 * @return @c 0 on success,
207 * otherwise a negative error value
209 * @retval #CKMC_ERROR_NONE Successful
210 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
211 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
213 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
214 * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_cert is not valid
215 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
216 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
218 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
220 * @see ckmc_remove_cert()
221 * @see ckmc_get_cert()
222 * @see ckmc_get_cert_alias_list()
224 * @see #ckmc_policy_s
226 int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy);
229 * @brief Removes a certificate from key manager.
233 * @privilege %http://tizen.org/privilege/keymanager
235 * @remarks To remove certificate, client must have remove permission to the specified certificate.
236 * @remarks The key owner can remove by default.
238 * @param[in] alias The name of a certificate to be removed
240 * @return @c 0 on success,
241 * otherwise a negative error value
243 * @retval #CKMC_ERROR_NONE Successful
244 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
245 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
247 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
248 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
249 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
251 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
253 * @see ckmc_save_cert()
254 * @see ckmc_get_cert()
255 * @see ckmc_get_cert_alias_list()
257 int ckmc_remove_cert(const char *alias);
260 * @brief Gets a certificate from key manager.
264 * @privilege %http://tizen.org/privilege/keymanager
266 * @remarks A client can access only certificate stored by the client.
267 * @remarks A DER encoded certificate will be returned as a return value.
268 * @remarks You must destroy the newly created @a ppcert by calling ckmc_cert_free() if it is no
271 * @param[in] alias The name of a certificate to retrieve
272 * @param[in] password The password used in decrypting a certificate value \n
273 * If password of policy is provided in ckmc_save_cert(), the same password
274 * should be provided.
275 * @param[out] ppcert The pointer to a newly created ckmc_cert_s handle
277 * @return @c 0 on success,
278 * otherwise a negative error value
280 * @retval #CKMC_ERROR_NONE Successful
281 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
282 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
284 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
285 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exists
286 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
287 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
288 * Decryption failed because password is incorrect.
290 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
292 * @see ckmc_save_cert()
293 * @see ckmc_remove_cert()
294 * @see ckmc_get_cert_alias_list()
296 int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **ppcert);
299 * @brief Gets all alias of certificates which the client can access.
303 * @privilege %http://tizen.org/privilege/keymanager
305 * @remarks A client can access only data stored by the client.
306 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
307 * if it is no longer needed.
309 * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
310 * available alias of keys \n
311 * If there is no available key alias, *ppalias_list will be null.
313 * @return @c 0 on success,
314 * otherwise a negative error value
316 * @retval #CKMC_ERROR_NONE Successful
317 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
318 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
320 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
321 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
322 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
324 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
326 * @see ckmc_save_cert()
327 * @see ckmc_remove_cert()
328 * @see ckmc_get_cert()
330 int ckmc_get_cert_alias_list(ckmc_alias_list_s** ppalias_list);
336 * @brief Stores PKCS12's contents inside key manager based on the provided policies.
337 * All items from the PKCS12 will use the same alias.
341 * @privilege %http://tizen.org/privilege/keymanager
343 * @param[in] alias The name of a data to be stored
344 * @param[in] pkcs Pointer to the pkcs12 structure to be saved
345 * @param[in] key_policy The policy about how to store pkcs's private key
346 * @param[in] cert_policy The policy about how to store pkcs's certificate
348 * @return @c 0 on success,
349 * otherwise a negative error value
351 * @retval #CKMC_ERROR_NONE Successful
352 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
353 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
355 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
356 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
357 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
359 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
361 * @see ckmc_remove_pkcs12()
362 * @see ckmc_get_pkcs12()
363 * @see ckmc_get_data_alias_list()
364 * @see ckmc_load_from_pkcs12_file2()
365 * @see #ckmc_pkcs12_s
366 * @see #ckmc_policy_s
368 int ckmc_save_pkcs12(const char *alias,
369 const ckmc_pkcs12_s *pkcs,
370 const ckmc_policy_s key_policy,
371 const ckmc_policy_s cert_policy);
374 * @brief Removes all PKCS12 contents from key manager.
378 * @privilege %http://tizen.org/privilege/keymanager
380 * @remarks To remove PKCS12, client must have remove permission to the specified PKCS12 object.
381 * @remarks The key owner can remove by default.
383 * @param[in] alias The name of PKCS12 to be removed
385 * @return @c 0 on success,
386 * otherwise a negative error value
388 * @retval #CKMC_ERROR_NONE Successful
389 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
390 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
392 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
393 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
394 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
396 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
398 * @see ckmc_save_pkcs12()
399 * @see ckmc_get_pkcs12()
401 int ckmc_remove_pkcs12(const char *alias);
404 * @brief Gets a pkcs12 from key manager.
408 * @privilege %http://tizen.org/privilege/keymanager
410 * @remarks A client can access only data stored by the client.
411 * @remarks You must destroy the newly created @a pkcs12 by calling ckmc_pkcs12_free() if it is no
414 * @param[in] alias The name of a data to retrieve
415 * @param[in] keyPassword Password that was used to encrypt privateKey (may be NULL)
416 * @param[in] certPassword Password used to encrypt certificates (may be NULL)
417 * @param[out] pkcs12 The pointer to a newly created ckmc_pkcs12_s handle
419 * @return @c 0 on success,
420 * otherwise a negative error value
422 * @retval #CKMC_ERROR_NONE Successful
423 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
424 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
426 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
427 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
428 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
429 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
430 * Decryption failed because password is incorrect.
432 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
434 * @see ckmc_save_pkcs12()
435 * @see ckmc_remove_pkcs12()
437 int ckmc_get_pkcs12(const char *alias, const char *keyPassword, const char *certPassword, ckmc_pkcs12_s **pkcs12);
440 * @brief Stores a data inside key manager based on the provided policy.
444 * @privilege %http://tizen.org/privilege/keymanager
446 * @param[in] alias The name of a data to be stored
447 * @param[in] data The binary value to be stored
448 * @param[in] policy The policy about how to store a data securely
450 * @return @c 0 on success,
451 * otherwise a negative error value
453 * @retval #CKMC_ERROR_NONE Successful
454 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
455 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
457 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
458 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
459 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
461 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
463 * @see ckmc_remove_data()
464 * @see ckmc_get_data()
465 * @see ckmc_get_data_alias_list()
466 * @see #ckmc_raw_buffer_s
467 * @see #ckmc_policy_s
469 int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy);
472 * @brief Removes a data from key manager.
476 * @privilege %http://tizen.org/privilege/keymanager
478 * @remarks To remove data, client must have remove permission to the specified data object.
479 * @remarks The data owner can remove by default.
481 * @param[in] alias The name of a data to be removed
483 * @return @c 0 on success,
484 * otherwise a negative error value
486 * @retval #CKMC_ERROR_NONE Successful
487 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
488 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
490 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
491 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
492 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
494 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
496 * @see ckmc_save_data()
497 * @see ckmc_get_data()
498 * @see ckmc_get_data_alias_list()
500 int ckmc_remove_data(const char *alias);
503 * @brief Gets a data from key manager.
507 * @privilege %http://tizen.org/privilege/keymanager
509 * @remarks A client can access only data stored by the client.
510 * @remarks You must destroy the newly created @a ppdata by calling ckmc_buffer_free() if it is no
513 * @param[in] alias The name of a data to retrieve
514 * @param[in] password The password used in decrypting a data value \n
515 * If password of policy is provided in ckmc_save_data(), the same password
516 * should be provided.
517 * @param[out] ppdata The pointer to a newly created ckmc_raw_buffer_s handle
519 * @return @c 0 on success,
520 * otherwise a negative error value
522 * @retval #CKMC_ERROR_NONE Successful
523 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
524 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
526 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
527 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
528 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
529 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
530 * Decryption failed because password is incorrect.
531 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
533 * @see ckmc_save_data()
534 * @see ckmc_remove_data()
535 * @see ckmc_get_data_alias_list()
537 int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **ppdata);
540 * @brief Gets all alias of data which the client can access.
544 * @privilege %http://tizen.org/privilege/keymanager
546 * @remarks A client can access only data stored by the client.
547 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
548 * if it is no longer needed.
550 * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
551 * available alias of keys \n
552 * If there is no available key alias, *ppalias_list will be null.
554 * @return @c 0 on success,
555 * otherwise a negative error value
557 * @retval #CKMC_ERROR_NONE Successful
558 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
559 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
561 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
562 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
563 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
565 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
567 * @see ckmc_save_data()
568 * @see ckmc_remove_data()
569 * @see ckmc_get_data()
571 int ckmc_get_data_alias_list(ckmc_alias_list_s** ppalias_list);
577 * @brief Creates RSA private/public key pair and stores them inside key manager based on each
582 * @privilege %http://tizen.org/privilege/keymanager
584 * @remarks If password in policy is provided, the key is additionally encrypted with the password
587 * @param[in] size The size of key strength to be created \n
588 * @c 1024, @c 2048, and @c 4096 are supported.
589 * @param[in] private_key_alias The name of private key to be stored
590 * @param[in] public_key_alias The name of public key to be stored
591 * @param[in] policy_private_key The policy about how to store a private key securely
592 * @param[in] policy_public_key The policy about how to store a public key securely
594 * @return @c 0 on success,
595 * otherwise a negative error value
597 * @retval #CKMC_ERROR_NONE Successful
598 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
599 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
601 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
602 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
603 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
605 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
607 * @see ckmc_create_key_pair_dsa()
608 * @see ckmc_create_key_pair_ecdsa()
609 * @see ckmc_create_signature()
610 * @see ckmc_verify_signature()
612 int ckmc_create_key_pair_rsa(const size_t size,
613 const char *private_key_alias,
614 const char *public_key_alias,
615 const ckmc_policy_s policy_private_key,
616 const ckmc_policy_s policy_public_key);
619 * @brief Creates DSA private/public key pair and stores them inside key manager based on each
624 * @privilege %http://tizen.org/privilege/keymanager
626 * @remarks If password in policy is provided, the key is additionally encrypted with the password
629 * @param[in] size The size of key strength to be created \n
630 * @c 1024, @c 2048, @c 3072 and @c 4096 are supported.
631 * @param[in] private_key_alias The name of private key to be stored
632 * @param[in] public_key_alias The name of public key to be stored
633 * @param[in] policy_private_key The policy about how to store a private key securely
634 * @param[in] policy_public_key The policy about how to store a public key securely
636 * @return @c 0 on success,
637 * otherwise a negative error value
639 * @retval #CKMC_ERROR_NONE Successful
640 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
641 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
643 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
644 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
645 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
647 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
649 * @see ckmc_create_key_pair_rsa()
650 * @see ckmc_create_key_pair_ecdsa()
651 * @see ckmc_create_signature()
652 * @see ckmc_verify_signature()
654 int ckmc_create_key_pair_dsa(const size_t size,
655 const char *private_key_alias,
656 const char *public_key_alias,
657 const ckmc_policy_s policy_private_key,
658 const ckmc_policy_s policy_public_key);
661 * @brief Creates ECDSA private/public key pair and stores them inside key manager based on each
666 * @privilege %http://tizen.org/privilege/keymanager
668 * @remarks If password in policy is provided, the key is additionally encrypted with the password
671 * @param[in] type The type of elliptic curve of ECDSA
672 * @param[in] private_key_alias The name of private key to be stored
673 * @param[in] public_key_alias The name of public key to be stored
674 * @param[in] policy_private_key The policy about how to store a private key securely
675 * @param[in] policy_public_key The policy about how to store a public key securely
677 * @return @c 0 on success,
678 * otherwise a negative error value
680 * @retval #CKMC_ERROR_NONE Successful
681 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
682 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
684 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
685 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
686 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
688 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
690 * @see ckmc_create_key_pair_rsa()
691 * @see ckmc_create_key_pair_dsa()
692 * @see ckmc_create_signature()
693 * @see ckmc_verify_signature()
694 * @see #ckmc_ec_type_e
696 int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type,
697 const char *private_key_alias,
698 const char *public_key_alias,
699 const ckmc_policy_s policy_private_key,
700 const ckmc_policy_s policy_public_key);
703 * @brief Creates a signature on a given message using a private key and returns the signature.
707 * @privilege %http://tizen.org/privilege/keymanager
709 * @remarks If password of policy is provided during storing a key, the same password should be
711 * @remarks You must destroy the newly created @a ppsignature by calling ckmc_buffer_free() if it is
714 * @param[in] private_key_alias The name of private key
715 * @param[in] password The password used in decrypting a private key value
716 * @param[in] message The message that is signed with a private key
717 * @param[in] hash The hash algorithm used in creating signature
718 * @param[in] padding The RSA padding algorithm used in creating signature \n
719 * It is used only when the signature algorithm is RSA.
720 * @param[out] ppsignature The pointer to a newly created signature \n
721 * If an error occurs, @a *ppsignature will be null.
723 * @return @c 0 on success,
724 * otherwise a negative error value
726 * @retval #CKMC_ERROR_NONE Successful
727 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
728 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
730 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
731 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
732 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
733 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
734 * Decryption failed because password is incorrect.
736 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
738 * @see ckmc_create_key_pair_rsa()
739 * @see ckmc_create_key_pair_ecdsa()
740 * @see ckmc_verify_signature()
741 * @see ckmc_buffer_free()
742 * @see #ckmc_hash_algo_e
743 * @see #ckmc_rsa_padding_algo_e
745 int ckmc_create_signature(const char *private_key_alias,
746 const char *password,
747 const ckmc_raw_buffer_s message,
748 const ckmc_hash_algo_e hash,
749 const ckmc_rsa_padding_algo_e padding,
750 ckmc_raw_buffer_s **ppsignature);
753 * @brief Verifies a given signature on a given message using a public key and returns the signature
758 * @privilege %http://tizen.org/privilege/keymanager
760 * @remarks If password of policy is provided during storing a key, the same password should be
763 * @param[in] public_key_alias The name of public key
764 * @param[in] password The password used in decrypting a public key value
765 * @param[in] message The input on which the signature is created
766 * @param[in] signature The signature that is verified with public key
767 * @param[in] hash The hash algorithm used in verifying signature
768 * @param[in] padding The RSA padding algorithm used in verifying signature \n
769 * It is used only when the signature algorithm is RSA.
771 * @return @c 0 on success and the signature is valid,
772 * otherwise a negative error value
774 * @retval #CKMC_ERROR_NONE Successful
775 * @retval #CKMC_ERROR_VERIFICATION_FAILED The signature is invalid
776 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
777 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
779 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
780 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
781 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
782 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
783 * Decryption failed because password is incorrect.
785 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
787 * @see ckmc_create_key_pair_rsa()
788 * @see ckmc_create_key_pair_ecdsa()
789 * @see ckmc_verify_signature()
790 * @see #ckmc_hash_algo_e
791 * @see #ckmc_rsa_padding_algo_e
793 int ckmc_verify_signature(const char *public_key_alias,
794 const char *password,
795 const ckmc_raw_buffer_s message,
796 const ckmc_raw_buffer_s signature,
797 const ckmc_hash_algo_e hash,
798 const ckmc_rsa_padding_algo_e padding);
801 * @deprecated, see ckmc_get_certificate_chain()
802 * @brief Verifies a certificate chain and returns that chain.
806 * @privilege %http://tizen.org/privilege/keymanager
808 * @remarks The trusted root certificate of the chain should exist in the system's certificate
810 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
811 * ckmc_cert_list_all_free() if it is no longer needed.
813 * @param[in] cert The certificate to be verified
814 * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate
816 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
817 * If an error occurs, @a *ppcert_chain_list will be null.
819 * @return @c 0 on success and the signature is valid,
820 * otherwise a negative error value
822 * @retval #CKMC_ERROR_NONE Successful
823 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
824 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
825 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
827 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
828 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
829 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
830 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
831 * Decryption failed because password is incorrect.
833 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
835 * @see ckmc_get_cert_chain_with_alias())
836 * @see ckmc_cert_list_all_free()
838 int ckmc_get_cert_chain(const ckmc_cert_s *cert,
839 const ckmc_cert_list_s *untrustedcerts,
840 ckmc_cert_list_s **ppcert_chain_list);
843 * @deprecated, see ckmc_get_certificate_chain_with_alias()
844 * @brief Verifies a certificate chain using an alias list of untrusted certificates and return that
849 * @privilege %http://tizen.org/privilege/keymanager
851 * @remarks The trusted root certificate of the chain should exist in the system's certificate
853 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
854 * ckmc_cert_list_all_free() if it is no longer needed.
856 * @param[in] cert The certificate to be verified
857 * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key manager
858 * to be used in verifying a certificate chain
859 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
860 * If an error occurs, @a *ppcert_chain_list will be null.
862 * @return @c 0 on success and the signature is valid,
863 * otherwise a negative error value
865 * @retval #CKMC_ERROR_NONE Successful
866 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
867 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
868 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
870 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
871 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
872 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
873 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
874 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
875 * Some certificates were encrypted with password and could not
878 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
880 * @see ckmc_get_cert_chain())
881 * @see ckmc_cert_list_all_free()
883 int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert,
884 const ckmc_alias_list_s *untrustedcerts,
885 ckmc_cert_list_s **ppcert_chain_list);
888 * @brief Verifies a certificate chain and returns that chain using user entered trusted and
889 * untrusted CA certificates
893 * @privilege %http://tizen.org/privilege/keymanager
895 * @remarks If the trusted root certificates are provided as a user input, these certificates do not
896 * need to exist in the system's certificate storage.
897 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
898 * ckmc_cert_list_all_free() if it is no longer needed.
900 * @param[in] cert The certificate to be verified
901 * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a
903 * @param[in] trustedcerts The trusted CA certificates to be used in verifying a
905 * @param[in] use_trustedsystemcerts The flag indicating the use of the trusted root certificates
906 * in the system's certificate storage.
907 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
908 * If an error occurs, @a *ppcert_chain_list will be null.
910 * @return @c 0 on success and the signature is valid,
911 * otherwise a negative error value
913 * @retval #CKMC_ERROR_NONE Successful
914 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
915 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
916 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
918 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
919 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
920 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
922 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
924 * @see ckmc_get_cert_chain_with_alias())
925 * @see ckmc_cert_list_all_free()
927 int ckmc_get_certificate_chain(const ckmc_cert_s *cert,
928 const ckmc_cert_list_s *untrustedcerts,
929 const ckmc_cert_list_s *trustedcerts,
930 const bool use_trustedsystemcerts,
931 ckmc_cert_list_s **ppcert_chain_list);
934 * @brief Verifies a certificate chain and returns that chain using alias lists of untrusted and
935 * trusted certificates
939 * @privilege %http://tizen.org/privilege/keymanager
941 * @remarks If the alias list of trusted root certificates is provided as a user input, these
942 * certificates do not need to exist in the system's certificate storage.
943 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
944 * ckmc_cert_list_all_free() if it is no longer needed.
946 * @param[in] cert The certificate to be verified
947 * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key
948 * manager to be used in verifying a certificate chain
949 * @param[in] trustedcerts The alias list of trusted CA certificates stored in key
950 * manager to be used in verifying a certificate chain
951 * @param[in] use_trustedsystemcerts The flag indicating the use of the trusted root certificates
952 * in the system's certificate storage.
953 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
954 * If an error occurs, @a *ppcert_chain_list will be null.
956 * @return @c 0 on success and the signature is valid,
957 * otherwise a negative error value
959 * @retval #CKMC_ERROR_NONE Successful
960 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
961 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
962 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
964 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
965 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
966 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
967 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
968 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
969 * Some certificates were encrypted with password and could not
972 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
974 * @see ckmc_get_cert_chain())
975 * @see ckmc_cert_list_all_free()
977 int ckmc_get_certificate_chain_with_alias(const ckmc_cert_s *cert,
978 const ckmc_alias_list_s *untrustedcerts,
979 const ckmc_alias_list_s *trustedcerts,
980 const bool use_trustedsystemcerts,
981 ckmc_cert_list_s **ppcert_chain_list);
984 * @brief Perform OCSP which checks certificate is whether revoked or not
988 * @privilege %http://tizen.org/privilege/keymanager
990 * @param[in] pcert_chain_list Valid certificate chain to perform OCSP check
991 * @param[out] ocsp_status The pointer to status result of OCSP check
993 * @return @c 0 on success, otherwise a negative error value
995 * @retval #CKMC_ERROR_NONE Successful
996 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
997 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
999 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1000 * @pre @a pcert_chain_list is created with ckmc_get_certificate_chain() or
1001 * ckmc_get_certificate_chain_with_alias()
1003 * @see ckmc_get_cert_chain())
1004 * @see ckmc_cert_list_all_free()
1006 int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status);
1009 * @deprecated, see ckmc_set_permission()
1010 * @brief Allows another application to access client's application data
1014 * @privilege %http://tizen.org/privilege/keymanager
1016 * @remarks Data identified by @a alias should exist
1018 * @param[in] alias Data alias for which access will be granted
1019 * @param[in] accessor Package id of the application that will gain access rights
1020 * @param[in] granted Rights granted for @a accessor application
1022 * @return @c 0 on success, otherwise a negative error value
1024 * @retval #CKMC_ERROR_NONE Successful
1025 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1026 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1028 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1029 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1030 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1032 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1034 * @see ckmc_deny_access()
1036 int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted);
1039 * @brief Allows another application to access client's application data
1043 * @privilege %http://tizen.org/privilege/keymanager
1045 * @remarks Data identified by @a alias should exist
1047 * @param[in] alias Data alias for which access will be granted
1048 * @param[in] accessor Package id of the application that will gain access rights
1049 * @param[in] permissions Mask of permissions granted for @a accessor application
1050 * (@a ckmc_permission_e)
1051 * (previous permission mask will be replaced with the new mask value)
1053 * @return @c 0 on success, otherwise a negative error value
1055 * @retval #CKMC_ERROR_NONE Successful
1056 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1057 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1059 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1060 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1061 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1063 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1065 int ckmc_set_permission(const char *alias, const char *accessor, int permissions);
1068 * @deprecated, see ckmc_set_permission()
1069 * @brief Revokes another application's access to client's application data
1073 * @privilege %http://tizen.org/privilege/keymanager
1075 * @remarks Data identified by @a alias should exist
1076 * @remarks Only access previously granted with ckmc_allow_access can be revoked.
1078 * @param[in] alias Data alias for which access will be revoked
1079 * @param[in] accessor Package id of the application that will lose access rights
1081 * @return @c 0 on success, otherwise a negative error value
1083 * @retval #CKMC_ERROR_NONE Successful
1084 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or the @a accessor doesn't
1085 * have access to @a alias
1086 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1088 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1089 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1090 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1092 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1094 * @see ckmc_allow_access()
1095 * @see ckmc_set_permission()
1097 int ckmc_deny_access(const char *alias, const char *accessor);
1100 * @brief Removes a an entry (no matter of type) from the key manager.
1104 * @privilege %http://tizen.org/privilege/keymanager
1106 * @remarks To remove item, client must have remove permission to the specified item.
1107 * @remarks The item owner can remove by default.
1109 * @param[in] alias Item alias to be removed
1111 * @return @c 0 on success,
1112 * otherwise a negative error value
1114 * @retval #CKMC_ERROR_NONE Successful
1115 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1116 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1118 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
1119 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1120 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1122 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1124 * @see ckmc_save_key()
1125 * @see ckmc_save_cert
1126 * @see ckmc_save_data
1127 * @see ckmc_save_pkcs12
1128 * @see ckmc_create_key_pair_rsa
1129 * @see ckmc_create_key_pair_dsa
1130 * @see ckmc_create_key_pair_ecdsa
1132 int ckmc_remove_alias(const char *alias);
1143 #endif /* __TIZEN_CORE_CKMC_MANAGER_H */