2 * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
17 * @file ckmc-manager.h
19 * @brief Provides management functions(storing, retrieving, and removing) for keys,
20 * certificates and data of a user and additional crypto functions.
24 #ifndef __TIZEN_CORE_CKMC_MANAGER_H
25 #define __TIZEN_CORE_CKMC_MANAGER_H
28 #include <sys/types.h>
30 #include <ckmc/ckmc-type.h>
31 #include <ckmc/ckmc-error.h>
38 * @addtogroup CAPI_KEY_MANAGER_CLIENT_MODULE
44 * @brief Stores a key inside key manager based on the provided policy.
47 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
48 * required to use this API since 3.0.
50 * @remarks Currently API supports seven types of keys. These are RSA public/private key,
51 * DSA public/private key, ECDSA public/private key and AES symmetric key.
52 * @remarks key_type in key may be set to #CKMC_KEY_NONE as an input. key_type is determined inside
53 * key manager during storing keys.
54 * @remarks Some private key files are protected by a password. If raw_key in key read from those
55 * encrypted files is encrypted with a password, the password should be provided in the
56 * #ckmc_key_s structure.
57 * @remarks If password in policy is provided, the key is additionally encrypted with the password
60 * @param[in] alias The name of a key to be stored
61 * @param[in] key The key's binary value to be stored
62 * @param[in] policy The policy about how to store a key securely
64 * @return @c 0 on success,
65 * otherwise a negative error value
67 * @retval #CKMC_ERROR_NONE Successful
68 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
69 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
71 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
72 * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_key is not valid
73 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
74 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
76 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
78 * @see ckmc_remove_alias()
80 * @see ckmc_get_key_alias_list()
84 int ckmc_save_key(const char *alias, const ckmc_key_s key,
85 const ckmc_policy_s policy);
88 * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_remove_alias() instead]
89 * @brief Removes a key from key manager.
92 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
93 * required to use this API since 3.0.
95 * @remarks To remove key, client must have remove permission to the specified key.
96 * @remarks The key owner can remove by default.
98 * @param[in] alias The name of a key to be removed
100 * @return @c 0 on success,
101 * otherwise a negative error value
103 * @retval #CKMC_ERROR_NONE Successful
104 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
105 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
107 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
108 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
109 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
111 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
113 * @see ckmc_save_key()
114 * @see ckmc_get_key()
115 * @see ckmc_get_key_alias_list()
117 int ckmc_remove_key(const char *alias)
118 TIZEN_DEPRECATED_API;
121 * @brief Gets a key from key manager.
124 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
125 * required to use this API since 3.0.
127 * @remarks A client can access only data stored by the client.
128 * @remarks You must destroy the newly created @a ppkey by calling ckmc_key_free() if it is no
131 * @param[in] alias The name of a key to retrieve
132 * @param[in] password The password used in decrypting a key value \n
133 * If password of policy is provided in ckmc_save_key(), the same password
134 * should be provided.
135 * @param[out] ppkey The pointer to a newly created ckmc_key_s handle
137 * @return @c 0 on success,
138 * otherwise a negative error value
140 * @retval #CKMC_ERROR_NONE Successful
141 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
142 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
144 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
145 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
146 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
147 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
148 * Decryption failed because password is incorrect.
150 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
152 * @see ckmc_save_key()
153 * @see ckmc_remove_alias()
154 * @see ckmc_get_key_alias_list()
156 int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **ppkey);
159 * @brief Gets all the alias of keys that the client can access.
162 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
163 * required to use this API since 3.0.
165 * @remarks A client can access only data stored by the client.
166 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
167 * if it is no longer needed.
169 * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
170 * available alias of keys \n
171 * If there is no available key alias, *ppalias_list will be null.
173 * @return @c 0 on success,
174 * otherwise a negative error value
176 * @retval #CKMC_ERROR_NONE Successful
177 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
178 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
180 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
181 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
182 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
184 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
186 * @see ckmc_save_key()
187 * @see ckmc_remove_alias()
188 * @see ckmc_get_key()
190 int ckmc_get_key_alias_list(ckmc_alias_list_s **ppalias_list);
196 * @brief Stores a certificate inside key manager based on the provided policy.
199 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0
201 * @remarks the certificate's binary value will be converted and saved as binary DER encoded
204 * @param[in] alias The name of a certificate to be stored
205 * @param[in] cert The certificate's binary value to be stored
206 * @param[in] policy The policy about how to store a certificate securely
208 * @return @c 0 on success,
209 * otherwise a negative error value
211 * @retval #CKMC_ERROR_NONE Successful
212 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
213 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
215 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
216 * @retval #CKMC_ERROR_INVALID_FORMAT The format of raw_cert is not valid
217 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
218 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
220 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
222 * @see ckmc_remove_alias()
223 * @see ckmc_get_cert()
224 * @see ckmc_get_cert_alias_list()
226 * @see #ckmc_policy_s
228 int ckmc_save_cert(const char *alias, const ckmc_cert_s cert,
229 const ckmc_policy_s policy);
232 * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_remove_alias() instead]
233 * @brief Removes a certificate from key manager.
236 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
237 * required to use this API since 3.0.
239 * @remarks To remove certificate, client must have remove permission to the specified certificate.
240 * @remarks The key owner can remove by default.
242 * @param[in] alias The name of a certificate to be removed
244 * @return @c 0 on success,
245 * otherwise a negative error value
247 * @retval #CKMC_ERROR_NONE Successful
248 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
249 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
251 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
252 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
253 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
255 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
257 * @see ckmc_save_cert()
258 * @see ckmc_get_cert()
259 * @see ckmc_get_cert_alias_list()
261 int ckmc_remove_cert(const char *alias)
262 TIZEN_DEPRECATED_API;
265 * @brief Gets a certificate from key manager.
268 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
269 * required to use this API since 3.0.
271 * @remarks A client can access only certificate stored by the client.
272 * @remarks A DER encoded certificate will be returned as a return value.
273 * @remarks You must destroy the newly created @a ppcert by calling ckmc_cert_free() if it is no
276 * @param[in] alias The name of a certificate to retrieve
277 * @param[in] password The password used in decrypting a certificate value \n
278 * If password of policy is provided in ckmc_save_cert(), the same password
279 * should be provided.
280 * @param[out] ppcert The pointer to a newly created ckmc_cert_s handle
282 * @return @c 0 on success,
283 * otherwise a negative error value
285 * @retval #CKMC_ERROR_NONE Successful
286 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
287 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
289 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
290 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exists
291 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
292 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
293 * Decryption failed because password is incorrect.
295 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
297 * @see ckmc_save_cert()
298 * @see ckmc_remove_alias()
299 * @see ckmc_get_cert_alias_list()
301 int ckmc_get_cert(const char *alias, const char *password,
302 ckmc_cert_s **ppcert);
305 * @brief Gets all alias of certificates which the client can access.
308 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
309 * required to use this API since 3.0.
311 * @remarks A client can access only data stored by the client.
312 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
313 * if it is no longer needed.
315 * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
316 * available alias of keys \n
317 * If there is no available key alias, *ppalias_list will be null.
319 * @return @c 0 on success,
320 * otherwise a negative error value
322 * @retval #CKMC_ERROR_NONE Successful
323 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
324 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
326 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
327 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
328 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
330 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
332 * @see ckmc_save_cert()
333 * @see ckmc_remove_alias()
334 * @see ckmc_get_cert()
336 int ckmc_get_cert_alias_list(ckmc_alias_list_s **ppalias_list);
342 * @brief Stores PKCS12's contents inside key manager based on the provided policies.
343 * All items from the PKCS12 will use the same alias.
345 * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif
346 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
347 * required to use this API since 3.0.
349 * @param[in] alias The name of a data to be stored
350 * @param[in] pkcs Pointer to the pkcs12 structure to be saved
351 * @param[in] key_policy The policy about how to store pkcs's private key
352 * @param[in] cert_policy The policy about how to store pkcs's certificate
354 * @return @c 0 on success,
355 * otherwise a negative error value
357 * @retval #CKMC_ERROR_NONE Successful
358 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
359 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
361 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
362 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
363 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
365 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
367 * @see ckmc_remove_alias()
368 * @see ckmc_get_pkcs12()
369 * @see ckmc_get_data_alias_list()
370 * @see ckmc_pkcs12_load()
371 * @see #ckmc_pkcs12_s
372 * @see #ckmc_policy_s
374 int ckmc_save_pkcs12(const char *alias,
375 const ckmc_pkcs12_s *pkcs,
376 const ckmc_policy_s key_policy,
377 const ckmc_policy_s cert_policy);
380 * @brief Gets a pkcs12 from key manager.
382 * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif
383 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
384 * required to use this API since 3.0.
386 * @remarks A client can access only data stored by the client.
387 * @remarks You must destroy the newly created @a pkcs12 by calling ckmc_pkcs12_free() if it is no
390 * @param[in] alias The name of a data to retrieve
391 * @param[in] key_password Password that was used to encrypt privateKey (may be NULL)
392 * @param[in] cert_password Password used to encrypt certificates (may be NULL)
393 * @param[out] pkcs12 The pointer to a newly created ckmc_pkcs12_s handle
395 * @return @c 0 on success,
396 * otherwise a negative error value
398 * @retval #CKMC_ERROR_NONE Successful
399 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
400 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
402 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
403 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
404 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
405 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
406 * key_password or cert_password does not match with password
407 * used to encrypt data
409 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
411 * @see ckmc_save_pkcs12()
412 * @see ckmc_remove_alias()
414 int ckmc_get_pkcs12(const char *alias, const char *key_password,
415 const char *cert_password, ckmc_pkcs12_s **pkcs12);
418 * @brief Stores a data inside key manager based on the provided policy.
421 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
422 * required to use this API since 3.0.
424 * @param[in] alias The name of a data to be stored
425 * @param[in] data The binary value to be stored
426 * @param[in] policy The policy about how to store a data securely
428 * @return @c 0 on success,
429 * otherwise a negative error value
431 * @retval #CKMC_ERROR_NONE Successful
432 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
433 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
435 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
436 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
437 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
439 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
441 * @see ckmc_remove_alias()
442 * @see ckmc_get_data()
443 * @see ckmc_get_data_alias_list()
444 * @see #ckmc_raw_buffer_s
445 * @see #ckmc_policy_s
447 int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data,
448 const ckmc_policy_s policy);
451 * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_remove_alias() instead]
452 * @brief Removes a data from key manager.
455 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
456 * required to use this API since 3.0.
458 * @remarks To remove data, client must have remove permission to the specified data object.
459 * @remarks The data owner can remove by default.
461 * @param[in] alias The name of a data to be removed
463 * @return @c 0 on success,
464 * otherwise a negative error value
466 * @retval #CKMC_ERROR_NONE Successful
467 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
468 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
470 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
471 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
472 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
474 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
476 * @see ckmc_save_data()
477 * @see ckmc_get_data()
478 * @see ckmc_get_data_alias_list()
480 int ckmc_remove_data(const char *alias)
481 TIZEN_DEPRECATED_API;
484 * @brief Gets a data from key manager.
487 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
488 * required to use this API since 3.0.
490 * @remarks A client can access only data stored by the client.
491 * @remarks You must destroy the newly created @a ppdata by calling ckmc_buffer_free() if it is no
494 * @param[in] alias The name of a data to retrieve
495 * @param[in] password The password used in decrypting a data value \n
496 * If password of policy is provided in ckmc_save_data(), the same password
497 * should be provided.
498 * @param[out] ppdata The pointer to a newly created ckmc_raw_buffer_s handle
500 * @return @c 0 on success,
501 * otherwise a negative error value
503 * @retval #CKMC_ERROR_NONE Successful
504 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
505 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
507 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
508 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
509 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
510 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
511 * Decryption failed because password is incorrect.
512 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
514 * @see ckmc_save_data()
515 * @see ckmc_remove_alias()
516 * @see ckmc_get_data_alias_list()
518 int ckmc_get_data(const char *alias, const char *password,
519 ckmc_raw_buffer_s **ppdata);
522 * @brief Gets all alias of data which the client can access.
525 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
526 * required to use this API since 3.0.
528 * @remarks A client can access only data stored by the client.
529 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_all_free()
530 * if it is no longer needed.
532 * @param[out] ppalias_list The pointer to a newly created ckmc_alias_list_s handle containing all
533 * available alias of keys \n
534 * If there is no available key alias, *ppalias_list will be null.
536 * @return @c 0 on success,
537 * otherwise a negative error value
539 * @retval #CKMC_ERROR_NONE Successful
540 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
541 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
543 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
544 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
545 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
547 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
549 * @see ckmc_save_data()
550 * @see ckmc_remove_alias()
551 * @see ckmc_get_data()
553 int ckmc_get_data_alias_list(ckmc_alias_list_s **ppalias_list);
559 * @brief Creates RSA private/public key pair and stores them inside key manager based on each
563 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
564 * required to use this API since 3.0.
566 * @remarks If password in policy is provided, the key is additionally encrypted with the password
569 * @param[in] size The size of key strength to be created \n
570 * @c 1024, @c 2048, and @c 4096 are supported
571 * @param[in] private_key_alias The name of private key to be stored
572 * @param[in] public_key_alias The name of public key to be stored
573 * @param[in] policy_private_key The policy about how to store a private key securely
574 * @param[in] policy_public_key The policy about how to store a public key securely
576 * @return @c 0 on success,
577 * otherwise a negative error value
579 * @retval #CKMC_ERROR_NONE Successful
580 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
581 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
583 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
584 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
585 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
587 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
589 * @see ckmc_create_key_pair_dsa()
590 * @see ckmc_create_key_pair_ecdsa()
591 * @see ckmc_create_signature()
592 * @see ckmc_verify_signature()
594 int ckmc_create_key_pair_rsa(const size_t size,
595 const char *private_key_alias,
596 const char *public_key_alias,
597 const ckmc_policy_s policy_private_key,
598 const ckmc_policy_s policy_public_key);
601 * @brief Creates DSA private/public key pair and stores them inside key manager based on each
605 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
606 * required to use this API since 3.0.
608 * @remarks If password in policy is provided, the key is additionally encrypted with the password
611 * @param[in] size The size of key strength to be created \n
612 * @c 1024, @c 2048, @c 3072 and @c 4096 are supported
613 * @param[in] private_key_alias The name of private key to be stored
614 * @param[in] public_key_alias The name of public key to be stored
615 * @param[in] policy_private_key The policy about how to store a private key securely
616 * @param[in] policy_public_key The policy about how to store a public key securely
618 * @return @c 0 on success,
619 * otherwise a negative error value
621 * @retval #CKMC_ERROR_NONE Successful
622 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
623 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
625 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
626 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
627 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
629 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
631 * @see ckmc_create_key_pair_rsa()
632 * @see ckmc_create_key_pair_ecdsa()
633 * @see ckmc_create_signature()
634 * @see ckmc_verify_signature()
636 int ckmc_create_key_pair_dsa(const size_t size,
637 const char *private_key_alias,
638 const char *public_key_alias,
639 const ckmc_policy_s policy_private_key,
640 const ckmc_policy_s policy_public_key);
643 * @brief Creates ECDSA private/public key pair and stores them inside key manager based on each
647 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
648 * required to use this API since 3.0.
650 * @remarks If password in policy is provided, the key is additionally encrypted with the password
653 * @param[in] type The type of elliptic curve of ECDSA
654 * @param[in] private_key_alias The name of private key to be stored
655 * @param[in] public_key_alias The name of public key to be stored
656 * @param[in] policy_private_key The policy about how to store a private key securely
657 * @param[in] policy_public_key The policy about how to store a public key securely
659 * @return @c 0 on success,
660 * otherwise a negative error value
662 * @retval #CKMC_ERROR_NONE Successful
663 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
664 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
666 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
667 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
668 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
670 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
672 * @see ckmc_create_key_pair_rsa()
673 * @see ckmc_create_key_pair_dsa()
674 * @see ckmc_create_signature()
675 * @see ckmc_verify_signature()
676 * @see #ckmc_ec_type_e
678 int ckmc_create_key_pair_ecdsa(const ckmc_ec_type_e type,
679 const char *private_key_alias,
680 const char *public_key_alias,
681 const ckmc_policy_s policy_private_key,
682 const ckmc_policy_s policy_public_key);
685 * @brief Creates AES key and stores it inside key manager based on the policy.
689 * @remarks If password in policy is provided, the key is additionally encrypted with the password
692 * @param[in] size The size of key strength to be created \n
693 * @c 128, @c 192 and @c 256 are supported
694 * @param[in] key_alias The name of key to be stored
695 * @param[in] key_policy The policy about how to store the key securely
697 * @return @c 0 on success,
698 * otherwise a negative error value
700 * @retval #CKMC_ERROR_NONE Successful
701 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
702 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
704 * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
705 * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
706 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
708 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
710 * @see ckmc_create_key_pair_rsa()
711 * @see ckmc_create_key_pair_dsa()
712 * @see ckmc_create_key_pair_ecdsa()
713 * @see #ckmc_policy_s
715 int ckmc_create_key_aes(size_t size,
716 const char *key_alias,
717 ckmc_policy_s key_policy);
720 * @brief Creates a signature on a given message using a private key and returns the signature.
723 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
724 * required to use this API since 3.0.
726 * @remarks If password of policy is provided during storing a key, the same password should be
728 * @remarks You must destroy the newly created @a ppsignature by calling ckmc_buffer_free() if it is
731 * @param[in] private_key_alias The name of private key
732 * @param[in] password The password used in decrypting a private key value
733 * @param[in] message The message that is signed with a private key
734 * @param[in] hash The hash algorithm used in creating signature
735 * @param[in] padding The RSA padding algorithm used in creating signature \n
736 * It is used only when the signature algorithm is RSA
737 * @param[out] ppsignature The pointer to a newly created signature \n
738 * If an error occurs, @a *ppsignature will be null
740 * @return @c 0 on success,
741 * otherwise a negative error value
743 * @retval #CKMC_ERROR_NONE Successful
744 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
745 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
747 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
748 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
749 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
750 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
751 * Decryption failed because password is incorrect
753 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
755 * @see ckmc_create_key_pair_rsa()
756 * @see ckmc_create_key_pair_ecdsa()
757 * @see ckmc_verify_signature()
758 * @see ckmc_buffer_free()
759 * @see #ckmc_hash_algo_e
760 * @see #ckmc_rsa_padding_algo_e
762 int ckmc_create_signature(const char *private_key_alias,
763 const char *password,
764 const ckmc_raw_buffer_s message,
765 const ckmc_hash_algo_e hash,
766 const ckmc_rsa_padding_algo_e padding,
767 ckmc_raw_buffer_s **ppsignature);
770 * @brief Verifies a given signature on a given message using a public key and returns the signature
774 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
775 * required to use this API since 3.0.
777 * @remarks If password of policy is provided during storing a key, the same password should be
780 * @param[in] public_key_alias The name of public key
781 * @param[in] password The password used in decrypting a public key value
782 * @param[in] message The input on which the signature is created
783 * @param[in] signature The signature that is verified with public key
784 * @param[in] hash The hash algorithm used in verifying signature
785 * @param[in] padding The RSA padding algorithm used in verifying signature \n
786 * It is used only when the signature algorithm is RSA
788 * @return @c 0 on success and the signature is valid,
789 * otherwise a negative error value
791 * @retval #CKMC_ERROR_NONE Successful
792 * @retval #CKMC_ERROR_VERIFICATION_FAILED The signature is invalid
793 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
794 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
796 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
797 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
798 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
799 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
800 * Decryption failed because password is incorrect
802 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
804 * @see ckmc_create_key_pair_rsa()
805 * @see ckmc_create_key_pair_ecdsa()
806 * @see ckmc_verify_signature()
807 * @see #ckmc_hash_algo_e
808 * @see #ckmc_rsa_padding_algo_e
810 int ckmc_verify_signature(const char *public_key_alias,
811 const char *password,
812 const ckmc_raw_buffer_s message,
813 const ckmc_raw_buffer_s signature,
814 const ckmc_hash_algo_e hash,
815 const ckmc_rsa_padding_algo_e padding);
818 * @brief Verifies a certificate chain and returns that chain.
821 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
822 * required to use this API since 3.0.
824 * @remarks The trusted root certificate of the chain should exist in the system's certificate
826 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
827 * ckmc_cert_list_all_free() if it is no longer needed.
829 * @param[in] cert The certificate to be verified
830 * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a certificate
832 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
833 * If an error occurs, @a *ppcert_chain_list will be null
835 * @return @c 0 on success and the signature is valid,
836 * otherwise a negative error value
838 * @retval #CKMC_ERROR_NONE Successful
839 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
840 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
841 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
843 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
844 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
845 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
846 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
847 * Decryption failed because password is incorrect
849 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
851 * @see ckmc_cert_list_all_free()
853 int ckmc_get_cert_chain(const ckmc_cert_s *cert,
854 const ckmc_cert_list_s *untrustedcerts,
855 ckmc_cert_list_s **ppcert_chain_list);
858 * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_get_cert_chain() instead]
859 * @brief Verifies a certificate chain using an alias list of untrusted certificates and return that
863 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
864 * required to use this API since 3.0.
866 * @remarks The trusted root certificate of the chain should exist in the system's certificate
868 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
869 * ckmc_cert_list_all_free() if it is no longer needed.
870 * @remarks @a untrustedcerts shouldn't be protected with optional password.
872 * @param[in] cert The certificate to be verified
873 * @param[in] untrustedcerts The alias list of untrusted CA certificates stored in key manager
874 * to be used in verifying a certificate chain
875 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
876 * If an error occurs, @a *ppcert_chain_list will be null
878 * @return @c 0 on success and the signature is valid,
879 * otherwise a negative error value
881 * @retval #CKMC_ERROR_NONE Successful
882 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
883 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
884 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
886 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
887 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
888 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
889 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
890 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
891 * Some certificates were encrypted with password and could not
894 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
896 * @see ckmc_get_cert_chain()
897 * @see ckmc_cert_list_all_free()
899 int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert,
900 const ckmc_alias_list_s *untrustedcerts,
901 ckmc_cert_list_s **ppcert_chain_list)
902 TIZEN_DEPRECATED_API;
905 * @brief Verifies a certificate chain and returns that chain using user entered trusted and
906 * untrusted CA certificates.
908 * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif
909 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
910 * required to use this API since 3.0.
912 * @remarks If the trusted root certificates are provided as a user input, these certificates do not
913 * need to exist in the system's certificate storage.
914 * @remarks You must destroy the newly created @a ppcert_chain_list by calling
915 * ckmc_cert_list_all_free() if it is no longer needed.
917 * @param[in] cert The certificate to be verified
918 * @param[in] untrustedcerts The untrusted CA certificates to be used in verifying a
920 * @param[in] trustedcerts The trusted CA certificates to be used in verifying a
922 * @param[in] use_trustedsystemcerts The flag indicating the use of the trusted root certificates
923 * in the system's certificate storage
924 * @param[out] ppcert_chain_list The pointer to a newly created certificate chain's handle \n
925 * If an error occurs, @a *ppcert_chain_list will be null
927 * @return @c 0 on success and the signature is valid,
928 * otherwise a negative error value
930 * @retval #CKMC_ERROR_NONE Successful
931 * @retval #CKMC_ERROR_VERIFICATION_FAILED The certificate chain is not valid
932 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
933 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
935 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
936 * @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
937 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
939 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
941 * @see ckmc_cert_list_all_free()
943 int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s *cert,
944 const ckmc_cert_list_s *untrustedcerts,
945 const ckmc_cert_list_s *trustedcerts,
946 const bool use_trustedsystemcerts,
947 ckmc_cert_list_s **ppcert_chain_list);
950 * @brief Perform OCSP which checks certificate is whether revoked or not.
952 * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif
954 * @privilege %http://tizen.org/privilege/internet
956 * @remarks %http://tizen.org/privilege/internet (public level privilege) is required
957 * to use this API instead of %http://tizen.org/privilege/keymanager (public
958 * level privilege) since 3.0.
960 * @param[in] pcert_chain_list Valid certificate chain to perform OCSP check
961 * @param[out] ocsp_status The pointer to status result of OCSP check
963 * @return @c 0 on success, otherwise a negative error value
965 * @retval #CKMC_ERROR_NONE Successful
966 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
967 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
968 * @retval #CKMC_ERROR_NOT_SUPPORTED Device needed to run API is not supported
970 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
971 * @pre @a pcert_chain_list is created with ckmc_get_certificate_chain() or
972 * ckmc_get_certificate_chain_with_alias().
974 * @see ckmc_get_cert_chain())
975 * @see ckmc_cert_list_all_free()
977 int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list,
978 ckmc_ocsp_status_e *ocsp_status);
981 * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_set_permission() instead]
982 * @brief Allows another application to access client's application data.
985 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
986 * required to use this API since 3.0.
988 * @remarks Data identified by @a alias should exist.
990 * @param[in] alias Data alias for which access will be granted
991 * @param[in] accessor Package id of the application that will gain access rights
992 * @param[in] granted Rights granted for @a accessor application
994 * @return @c 0 on success, otherwise a negative error value
996 * @retval #CKMC_ERROR_NONE Successful
997 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
998 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1000 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1001 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1002 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1004 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1006 * @see ckmc_deny_access()
1008 int ckmc_allow_access(const char *alias, const char *accessor,
1009 ckmc_access_right_e granted)
1010 TIZEN_DEPRECATED_API;
1013 * @brief Allows another application to access client's application data.
1015 * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif
1016 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
1017 * required to use this API since 3.0.
1019 * @remarks Data identified by @a alias should exist.
1021 * @param[in] alias Data alias for which access will be granted
1022 * @param[in] accessor Package id of the application that will gain access rights
1023 * @param[in] permissions Mask of permissions granted for @a accessor application
1024 * (#ckmc_permission_e)
1025 * (previous permission mask will be replaced with the new mask value)
1027 * @return @c 0 on success, otherwise a negative error value
1029 * @retval #CKMC_ERROR_NONE Successful
1030 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1031 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1033 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1034 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1035 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1037 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1039 int ckmc_set_permission(const char *alias, const char *accessor,
1043 * @deprecated Deprecated since @if MOBILE 2.4. @elseif WEARABLE 3.0. @endif [Use ckmc_set_permission() instead]
1044 * @brief Revokes another application's access to client's application data.
1047 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
1048 * required to use this API since 3.0.
1050 * @remarks Data identified by @a alias should exist.
1051 * @remarks Only access previously granted with ckmc_allow_access can be revoked.
1053 * @param[in] alias Data alias for which access will be revoked
1054 * @param[in] accessor Package id of the application that will lose access rights
1056 * @return @c 0 on success, otherwise a negative error value
1058 * @retval #CKMC_ERROR_NONE Successful
1059 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or the @a accessor doesn't
1060 * have access to @a alias
1061 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1063 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1064 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1065 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1067 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1069 * @see ckmc_allow_access()
1070 * @see ckmc_set_permission()
1072 int ckmc_deny_access(const char *alias, const char *accessor)
1073 TIZEN_DEPRECATED_API;
1076 * @brief Removes a an entry (no matter of type) from the key manager.
1078 * @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif
1079 * @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer
1080 * required to use this API since 3.0.
1082 * @remarks To remove item, client must have remove permission to the specified item.
1083 * @remarks The item owner can remove by default.
1085 * @param[in] alias Item alias to be removed
1087 * @return @c 0 on success,
1088 * otherwise a negative error value
1090 * @retval #CKMC_ERROR_NONE Successful
1091 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
1092 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1094 * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
1095 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
1096 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1098 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1100 * @see ckmc_save_key()
1101 * @see ckmc_save_cert()
1102 * @see ckmc_save_data()
1103 * @see ckmc_save_pkcs12()
1104 * @see ckmc_create_key_pair_rsa()
1105 * @see ckmc_create_key_pair_dsa()
1106 * @see ckmc_create_key_pair_ecdsa()
1108 int ckmc_remove_alias(const char *alias);
1111 * @brief Encrypts data using selected key and algorithm.
1115 * @remarks Key identified by @a key_alias should exist.
1117 * @param[in] params Algorithm parameter list handle. See #ckmc_param_list_h and
1118 * #ckmc_algo_type_e for details
1119 * @param[in] key_alias Alias of the key to be used for encryption
1120 * @param[in] password The password used in decrypting a key value \n
1121 * If password of policy is provided in ckmc_save_key(), the same
1122 * password should be provided
1123 * @param[in] decrypted Data to be encrypted. In case of AES algorithm there are no
1124 * restrictions on the size of data. For RSA the size must be smaller
1125 * or equal to key size in bytes - 42. Example: for 1024 RSA key the
1126 * maximum data size is 1024/8 - 42 = 86.
1127 * @param[out] ppencrypted Encrypted data (some algorithms may return additional information
1128 * embedded in encrypted data. AES GCM is an example) \n
1129 * The caller is responsible for freeing @a encrypted with
1130 * ckmc_buffer_free()
1132 * @return @c 0 on success, otherwise a negative error value
1134 * @retval #CKMC_ERROR_NONE Successful
1135 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid
1136 * mandatory algorithm parameter, decrypted = NULL,
1137 * ppencrypted = NULL)
1138 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1140 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1141 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist
1142 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1143 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
1144 * Key decryption failed because password is incorrect
1146 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1148 * @see ckmc_buffer_free()
1149 * @see ckmc_param_list_new()
1150 * @see ckmc_param_list_free()
1151 * @see ckmc_param_list_set_integer()
1152 * @see ckmc_param_list_set_buffer()
1153 * @see ckmc_generate_new_params()
1154 * @see #ckmc_param_list_h
1155 * @see #ckmc_param_name_e
1156 * @see #ckmc_algo_type_e
1158 int ckmc_encrypt_data(ckmc_param_list_h params,
1159 const char *key_alias,
1160 const char *password,
1161 const ckmc_raw_buffer_s decrypted,
1162 ckmc_raw_buffer_s **ppencrypted);
1165 * @brief Decrypts data using selected key and algorithm.
1169 * @remarks Key identified by @a key_alias should exist.
1171 * @param[in] params Algorithm parameter list handle. You should use the same parameters
1172 * that were used for encryption. See #ckmc_param_list_h and
1173 * #ckmc_algo_type_e for details
1174 * @param[in] key_alias Alias of the key to be used for encryption
1175 * @param[in] password The password used in decrypting a key value \n
1176 * If password of policy is provided in ckmc_save_key(), the same
1177 * password should be provided
1178 * @param[in] encrypted Data to be decrypted (some algorithms may require additional
1179 * information embedded in encrypted data. AES GCM is an example)
1180 * @param[out] ppdecrypted Decrypted data \n
1181 * The caller is responsible for freeing @a decrypted with
1182 * ckmc_buffer_free()
1184 * @return @c 0 on success, otherwise a negative error value
1186 * @retval #CKMC_ERROR_NONE Successful
1187 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid
1188 * mandatory algorithm parameter, encrypted = NULL,
1189 * ppdecrypted = NULL)
1190 * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
1192 * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
1193 * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist
1194 * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
1195 * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
1196 * Key decryption failed because password is incorrect
1198 * @pre User is already logged in and the user key is already loaded into memory in plain text form.
1200 * @see ckmc_buffer_free()
1201 * @see ckmc_param_list_new()
1202 * @see ckmc_param_list_free()
1203 * @see ckmc_param_list_set_integer()
1204 * @see ckmc_param_list_set_buffer()
1205 * @see ckmc_generate_new_params()
1206 * @see #ckmc_param_list_h
1207 * @see #ckmc_param_name_e
1208 * @see #ckmc_algo_type_e
1210 int ckmc_decrypt_data(ckmc_param_list_h params,
1211 const char *key_alias,
1212 const char *password,
1213 const ckmc_raw_buffer_s encrypted,
1214 ckmc_raw_buffer_s **ppdecrypted);
1225 #endif /* __TIZEN_CORE_CKMC_MANAGER_H */