2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
19 * @brief Definitions of struct for the Key Manager's CAPI and their utility functions.
22 #ifndef __TIZEN_CORE_CKMC_TYPE_H
23 #define __TIZEN_CORE_CKMC_TYPE_H
26 #include <ckmc/ckmc-error.h>
28 #define KEY_MANAGER_CAPI __attribute__((visibility("default")))
36 * @addtogroup CAPI_KEY_MANAGER_TYPES_MODULE
41 * alias can be provided as an alias alone, or together with label - in this
42 * case, separator " " (space bar) is used to separate label and alias.
43 * @see key-manager_doc.h
45 KEY_MANAGER_CAPI extern char const * const ckmc_label_name_separator;
48 * @brief Enumeration for key types of key manager.
51 typedef enum __ckmc_key_type {
52 CKMC_KEY_NONE = 0, /**< key type not specified */
53 CKMC_KEY_RSA_PUBLIC, /**< RSA public key */
54 CKMC_KEY_RSA_PRIVATE, /**< RSA private key */
55 CKMC_KEY_ECDSA_PUBLIC, /**< ECDSA public key */
56 CKMC_KEY_ECDSA_PRIVATE, /**< ECDSA private key */
57 CKMC_KEY_DSA_PUBLIC, /**< DSA public key */
58 CKMC_KEY_DSA_PRIVATE, /**< DSA private key */
59 CKMC_KEY_AES, /**< AES key */
63 * @brief Enumeration for data format.
66 typedef enum __ckmc_data_format {
67 CKMC_FORM_DER_BASE64 = 0, /**< DER format base64 encoded data */
68 CKMC_FORM_DER, /**< DER encoded data */
69 CKMC_FORM_PEM /**< PEM encoded data. It consists of the DER format base64 encoded
70 with additional header and footer lines. */
74 * @brief Enumeration for elliptic curve.
77 typedef enum __ckmc_ec_type {
78 CKMC_EC_PRIME192V1 = 0, /**< Elliptic curve domain "secp192r1" listed in "SEC 2" recommended
79 elliptic curve domain */
80 CKMC_EC_PRIME256V1, /**< "SEC 2" recommended elliptic curve domain - secp256r1 */
81 CKMC_EC_SECP384R1 /**< NIST curve P-384 (covers "secp384r1", the elliptic curve domain
82 listed in See SEC 2 */
86 * @brief Enumeration for hash algorithm.
89 typedef enum __ckmc_hash_algo {
90 CKMC_HASH_NONE = 0, /**< No Hash Algorithm */
91 CKMC_HASH_SHA1, /**< Hash Algorithm SHA1 */
92 CKMC_HASH_SHA256, /**< Hash Algorithm SHA256 */
93 CKMC_HASH_SHA384, /**< Hash Algorithm SHA384 */
94 CKMC_HASH_SHA512 /**< Hash Algorithm SHA512 */
98 * @brief Enumeration for RSA padding algorithm.
101 typedef enum __ckmc_rsa_padding_algo {
102 CKMC_NONE_PADDING = 0, /**< No Padding */
103 CKMC_PKCS1_PADDING, /**< PKCS#1 Padding */
104 CKMC_X931_PADDING /**< X9.31 padding */
105 } ckmc_rsa_padding_algo_e;
108 * @deprecated Deprecated since 2.4. [Use ckmc_permission_e() instead]
109 * @brief Enumeration for database access rights.
112 typedef enum __ckmc_access_right{
113 CKMC_AR_READ = 0, /**< access right for read*/
114 CKMC_AR_READ_REMOVE /**< access right for read and remove*/
115 } ckmc_access_right_e;
118 * @brief Enumeration for permissions to access/modify alias.
121 typedef enum __ckmc_permission{
122 CKMC_PERMISSION_NONE = 0x00, /**< clear permissions */
123 CKMC_PERMISSION_READ = 0x01, /**< read allowed */
124 CKMC_PERMISSION_REMOVE = 0x02 /**< remove allowed */
128 * @brief the structure for binary buffer used in key manager CAPI.
131 typedef struct __ckmc_raw_buff {
132 unsigned char* data; /**< Byte array containing binary data */
133 size_t size; /**< The size of the binary data */
137 * @brief The structure for a policy for storing key/certificate/binary data.
140 typedef struct __ckmc_policy {
141 char* password; /**< Byte array used to encrypt data inside CKM. If it is not null, the data
142 (or key, or certificate) is stored encrypted with this password inside
144 bool extractable; /**< If true key may be extracted from storage */
148 * @brief The structure for key used in key manager CAPI.
151 typedef struct __ckmc_key {
152 unsigned char* raw_key; /**< Byte array of key. raw_key may be encrypted with password */
153 size_t key_size; /**< The byte size of raw_key */
154 ckmc_key_type_e key_type; /**< The raw_key's type */
155 char* password; /**< Byte array used to decrypt data raw_key inside key manager. */
159 * @brief The structure for certificate used in key manager CAPI.
162 typedef struct __ckmc_cert {
163 unsigned char* raw_cert; /**< Byte array of certificate */
164 size_t cert_size; /**< Byte size of raw_cert */
165 ckmc_data_format_e data_format; /**< Raw_cert's encoding format */
169 * @brief The structure for linked list of alias.
172 typedef struct __ckmc_alias_list {
173 char *alias; /**< The name of key, certificate or data stored in key manager */
174 struct __ckmc_alias_list *next; /**< The pointer pointing to the next ckmc_alias_list_s */
178 * @brief The structure for linked list of ckmc_cert_s
181 typedef struct __ckmc_cert_list {
182 ckmc_cert_s *cert; /**< The pointer of ckmc_cert_s */
183 struct __ckmc_cert_list *next; /**< The pointer pointing to the next ckmc_cert_list_s */
187 * @brief Enumeration for OCSP status.
190 typedef enum __ckmc_ocsp_status {
191 CKMC_OCSP_STATUS_GOOD = 0, /**< OCSP status is good */
192 CKMC_OCSP_STATUS_REVOKED, /**< certificate is revoked */
193 CKMC_OCSP_STATUS_UNKNOWN, /**< unknown error */
194 CKMC_OCSP_ERROR_UNSUPPORTED, /**< certificate does not provide OCSP extension */
195 CKMC_OCSP_ERROR_INVALID_URL, /**< invalid URL in certificate OCSP extension */
196 CKMC_OCSP_ERROR_INVALID_RESPONSE, /**< invalid response from OCSP server */
197 CKMC_OCSP_ERROR_REMOTE, /**< OCSP remote server error */
198 CKMC_OCSP_ERROR_NET, /**< network connection error */
199 CKMC_OCSP_ERROR_INTERNAL /**< OpenSSL API error */
200 } ckmc_ocsp_status_e;
203 * @brief The structure for PKCS12 used in key manager CAPI.
206 typedef struct __ckmc_pkcs12 {
207 ckmc_key_s *priv_key; /**< private key, may be null */
208 ckmc_cert_s *cert; /**< certificate, may be null */
209 ckmc_cert_list_s *ca_chain; /**< chain certificates list, may be null */
215 * @brief Creates a new @a ckmc_key_s handle and returns it.
219 * @remarks You must destroy the newly created @a ckmc_key_s by calling ckmc_key_free() if it is no
222 * @param[in] raw_key The byte array of key \n
223 * @a raw_key may be encrypted with password.
224 * @param[in] key_size The byte size of @a raw_key
225 * @param[in] key_type The @a raw_key's type
226 * @param[in] password The byte array used to decrypt @a raw_key inside key manager \n
227 * If @a raw_key is not encrypted, @a password can be null.
228 * @param[out] ppkey The pointer to a newly created @a ckmc_key_s handle
230 * @return @c 0 on success,
231 * otherwise a negative error value
233 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
234 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory
236 * @see ckmc_key_free()
239 int ckmc_key_new(unsigned char *raw_key,
241 ckmc_key_type_e key_type,
242 char *password, ckmc_key_s **ppkey);
245 * @brief Destroys the @a ckmc_key_s handle and releases all its resources.
249 * @param[in] key The @a ckmc_key_s handle to destroy
252 void ckmc_key_free(ckmc_key_s *key);
256 * @brief Creates a new @a ckmc_raw_buffer_s handle and returns it.
260 * @remarks You must destroy the newly created @a ckmc_raw_buffer_s by calling ckmc_buffer_free() if
261 * it is no longer needed.
263 * @param[in] data The byte array of buffer
264 * @param[in] size The byte size of buffer
265 * @param[out] ppbuffer The pointer to a newly created @a ckmc_buffer_s handle
267 * @return @c 0 on success,
268 * otherwise a negative error value
270 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
271 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory
273 * @see ckmc_buffer_free()
274 * @see #ckmc_raw_buffer_s
276 int ckmc_buffer_new(unsigned char *data, size_t size,ckmc_raw_buffer_s **ppbuffer);
279 * @brief Destroys the @a ckmc_raw_buffer_s handle and releases all its resources.
283 * @param[in] buffer The @a ckmc_raw_buffer_s handle to destroy
286 void ckmc_buffer_free(ckmc_raw_buffer_s *buffer);
290 * @brief Creates a new @a ckmc_cert_s handle and returns it.
294 * @remarks You must destroy the newly created @a ckmc_cert_s by calling ckmc_cert_free() if it is
297 * @param[in] raw_cert The byte array of certificate
298 * @param[in] cert_size The byte size of raw_cert
299 * @param[in] data_format The encoding format of raw_cert
300 * @param[out] ppcert The pointer to a newly created @a ckmc_cert_s handle
302 * @return @c 0 on success,
303 * otherwise a negative error value
305 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
306 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory
308 * @see ckmc_cert_free()
309 * @see ckmc_load_cert_from_file()
312 int ckmc_cert_new(unsigned char *raw_cert,
314 ckmc_data_format_e data_format,
315 ckmc_cert_s **ppcert);
318 * @brief Destroys the @a ckmc_cert handle and releases all its resources.
322 * @param[in] cert The @a ckmc_cert_s handle to destroy
324 * @see ckmc_load_cert_from_file()
325 * @see ckmc_load_from_pkcs12_file
327 void ckmc_cert_free(ckmc_cert_s *cert);
330 * @brief Creates a new @a ckmc_cert_s handle from a given file and returns it.
334 * @remarks You must destroy the newly created @a ckmc_cert_s by calling ckmc_cert_free() if it is
337 * @param[in] file_path The path of certificate file to be loaded \n
338 * The only DER or PEM encoded certificate file is supported.
339 * @param[out] cert The pointer of newly created @a ckmc_cert_s handle
341 * @return #CKMC_ERROR_NONE on success,
342 * otherwise a negative error value
344 * @retval #CKMC_ERROR_NONE Successful
345 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space
346 * @retval #CKMC_ERROR_INVALID_FORMAT Invalid certificate file format
347 * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed
349 * @see ckmc_cert_free()
352 int ckmc_load_cert_from_file(const char *file_path, ckmc_cert_s **cert);
356 * @brief Creates a new @a ckmc_pkcs12_s handle and returns it.
360 * @remarks You must destroy the newly created @a ckmc_pkcs12_s by calling ckmc_pkcs12_free() if it
361 * is no longer needed.
362 * @remarks On success, private_key, cert && ca_cert_list ownership is transferred into newly
363 * returned ckmc_pkcs12_s.
365 * @param[in] private_key @a ckmc_key_s handle to the private key (optional)
366 * @param[in] cert @a ckmc_cert_s handle to the certificate (optional)
367 * @param[in] ca_cert_list @a ckmc_cert_list_s list of chain certificate handles (optional)
368 * @param[out] pkcs12_bundle The pointer to a newly created @a ckmc_pkcs12_s handle
370 * @return @c 0 on success,
371 * otherwise a negative error value
373 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or private_key, cert and
374 * ca_cert_list all are null.
375 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory
377 * @see ckmc_pkcs12_free()
378 * @see ckmc_load_from_pkcs12_file()
379 * @see ckmc_pkcs12_load()
382 * @see #ckmc_cert_list_s
383 * @see #ckmc_pkcs12_s
385 int ckmc_pkcs12_new(ckmc_key_s *private_key,
387 ckmc_cert_list_s *ca_cert_list,
388 ckmc_pkcs12_s **pkcs12_bundle);
391 * @deprecated Deprecated since 2.4. [Use ckmc_pkcs12_load() instead]
392 * @brief Creates a new @a ckmc_key_s(private key), @a ckmc_cert_s(certificate), and
393 * @a ckmc_cert_list_s(CA certificates) handle from a given PKCS#12 file and returns them.
397 * @remarks You must destroy the newly created @a ckmc_key_s, @a ckmc_cert_s, and
398 * @a ckmc_cert_list_s by calling ckmc_key_free(), ckmc_cert_free(), and
399 * ckmc_cert_list_all_free() if they are no longer needed.
401 * @param[in] file_path The path of PKCS12 file to be loaded
402 * @param[in] passphrase The passphrase used to decrypt the PCKS12 file \n
403 * If PKCS12 file is not encrypted, passphrase can be null.
404 * @param[out] private_key The pointer of newly created @a ckmc_key_s handle for a private key
405 * @param[out] cert The pointer of newly created @a ckmc_cert_s handle for a certificate \n
406 * It is null if the PKCS12 file does not contain a certificate.
407 * @param[out] ca_cert_list The pointer of newly created @a ckmc_cert_list_s handle for CA
409 * It is null if the PKCS12 file does not contain CA certificates.
411 * @return #CKMC_ERROR_NONE on success,
412 * otherwise a negative error value
414 * @retval #CKMC_ERROR_NONE Successful
415 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space
416 * @retval #CKMC_ERROR_INVALID_FORMAT Invalid PKCS12 file format
417 * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed
419 * @see ckmc_pkcs12_new()
420 * @see ckmc_pkcs12_load()
421 * @see ckmc_key_free()
422 * @see ckmc_cert_free()
423 * @see ckmc_cert_list_all_free()
426 * @see #ckmc_cert_list_s
428 int ckmc_load_from_pkcs12_file(const char *file_path,
429 const char *passphrase,
430 ckmc_key_s **private_key, ckmc_cert_s **cert,
431 ckmc_cert_list_s **ca_cert_list);
434 * @brief Creates a new @a ckmc_pkcs12_s handle from a given PKCS#12 file and returns it.
438 * @remarks You must destroy the newly created @a ckmc_pkcs12_s by calling ckmc_pkcs12_free() if
439 * they are no longer needed.
441 * @param[in] file_path The path of PKCS12 file to be loaded
442 * @param[in] passphrase The passphrase used to decrypt the PCKS12 file \n
443 * If PKCS12 file is not encrypted, passphrase can be null.
444 * @param[out] ca_cert_list The pointer of newly created @a ckmc_cert_list_s handle for CA
446 * It is null if the PKCS12 file does not contain CA certificates.
448 * @return #CKMC_ERROR_NONE on success,
449 * otherwise a negative error value
451 * @retval #CKMC_ERROR_NONE Successful
452 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space
453 * @retval #CKMC_ERROR_INVALID_FORMAT Invalid PKCS12 file format
454 * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed
456 * @see ckmc_pkcs12_free()
457 * @see #ckmc_pkcs12_s
459 int ckmc_pkcs12_load(const char *file_path,
460 const char *passphrase,
461 ckmc_pkcs12_s **pkcs12_bundle);
464 * @brief Destroys the @a ckmc_pkcs12_s handle and releases all its resources.
468 * @param[in] pkcs12 The @a ckmc_pkcs12_s handle to destroy
470 * @see ckmc_pkcs12_new()
471 * @see ckmc_pkcs12_load()
473 void ckmc_pkcs12_free(ckmc_pkcs12_s *pkcs12);
477 * @brief Creates a new @a ckmc_alias_list_s handle and returns it.
478 * The alias pointer in the returned @a ckmc_alias_list_s handle points to the provided
479 * characters and next is null.
483 * @remarks You must destroy the newly created @a ckmc_alias_list_s
484 * by calling ckmc_alias_list_free() or ckmc_alias_list_all_free() if it is no longer
487 * @param[in] alias The first item to be set in the newly created @a ckmc_alias_list_s
488 * @param[out] ppalias_list The pointer to a newly created @a ckmc_alias_list_s handle
490 * @return @c 0 on success,
491 * otherwise a negative error value
493 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
494 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory
496 * @see ckmc_alias_list_all_free()
497 * @see #ckmc_alias_list_s
499 int ckmc_alias_list_new(char *alias, ckmc_alias_list_s **ppalias_list);
503 * @brief Creates a new @a ckmc_alias_list_s handle, adds it to a previous @a ckmc_alias_list_s and
504 * returns it. The alias pointer in the returned @a ckmc_alias_list_s handle points to the
505 * provided characters and next is null.
509 * @param[in] previous The last @a ckmc_alias_list_s handle to which a newly created
510 * @a ckmc_alias_list_s is added
511 * @param[in] alias The item to be set in the newly created @a ckmc_alias_list_s
512 * @param[out] pplast The pointer to a newly created and added @a ckmc_alias_list_s handle
514 * @return @c 0 on success,
515 * otherwise a negative error value
517 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
518 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory
520 * @see ckmc_alias_list_all_free()
521 * @see #ckmc_alias_list_s
523 int ckmc_alias_list_add(ckmc_alias_list_s *previous,
525 ckmc_alias_list_s **pplast);
529 * @brief Destroys the @a ckmc_alias_list_s handle and releases resources of @a ckmc_alias_list_s
530 * from the provided first handle cascadingly.
534 * @remarks It does not destroy an alias itself in @a ckmc_alias_list_s.
536 * @param[in] first The first @a ckmc_alias_list_s handle to destroy
538 * @see ckmc_alias_list_all_free()
539 * @see #ckmc_alias_list_s
541 void ckmc_alias_list_free(ckmc_alias_list_s *first);
544 * @brief Destroys the @a ckmc_alias_list_s handle and releases all its resources from the provided
545 * first handle cascadingly.
549 * @remarks It also destroys the alias in @a ckmc_alias_list_s.
551 * @param[in] first The first @a ckmc_alias_list_s handle to destroy
553 * @see #ckmc_alias_list_s
555 void ckmc_alias_list_all_free(ckmc_alias_list_s *first);
559 * @brief Creates a new @a ckmc_cert_list_s handle and returns it.
560 * The cert pointer in the returned @a ckmc_cert_list_s handle points to the provided
561 * @a ckmc_cert_s and next is null.
565 * @remarks You must destroy the newly created @a ckmc_cert_list_s by calling ckmc_cert_list_free()
566 * or ckmc_cert_list_all_free() if it is no longer needed.
568 * @param[in] cert The first item to be set in the newly created @a ckmc_cert_list_s
569 * @param[out] ppalias_list The pointer to a newly created @a ckmc_alias_list_s handle
571 * @return @c 0 on success,
572 * otherwise a negative error value
574 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
575 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory
577 * @see ckmc_cert_list_all_free()
578 * @see #ckmc_cert_list_s
580 int ckmc_cert_list_new(ckmc_cert_s *cert, ckmc_cert_list_s **ppalias_list);
584 * @brief Creates a new @a ckmc_cert_list_s handle, adds it to a previous @a ckmc_cert_list_s and
585 * returns it. The cert pointer in the returned @a ckmc_alias_list_s handle points to the
586 * provided @a ckmc_cert_s and next is null.
590 * @param[in] previous The last @a ckmc_cert_list_s handle to which a newly created
591 * @a ckmc_cert_list_s is added
592 * @param[in] cert The item to be set in the newly created @a ckmc_cert_list_s
593 * @param[out] pplast The pointer to a newly created and added @a ckmc_alias_list_s handle
595 * @return @c 0 on success,
596 * otherwise a negative error value
598 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
599 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory
601 * @see ckmc_cert_list_all_free()
602 * @see #ckmc_cert_list_s
604 int ckmc_cert_list_add(ckmc_cert_list_s *previous, ckmc_cert_s *cert, ckmc_cert_list_s **pplast);
608 * @brief Destroys the @a ckmc_cert_list_s handle and releases resources of @a ckmc_cert_list_s
609 * from the provided first handle cascadingly.
613 * @remarks It does not destroy @a ckmc_cert_s itself in @a ckmc_cert_list_s.
615 * @param[in] first The first @a ckmc_cert_list_s handle to destroy
617 * @see ckmc_cert_list_all_free()
618 * @see #ckmc_cert_list_s
620 void ckmc_cert_list_free(ckmc_cert_list_s *first);
623 * @brief Destroys the @a ckmc_cert_list_s handle and releases all its resources from the provided
624 * first handle cascadingly.
628 * @remarks It also destroys @a ckmc_cert_s in ckmc_cert_list_s.
630 * @param[in] first The first @a ckmc_cert_list_s handle to destroy
632 * @see #ckmc_cert_list_s
634 void ckmc_cert_list_all_free(ckmc_cert_list_s *first);
644 #endif /* __TIZEN_CORE_CKMC_TYPE_H */