2 * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
19 * @brief Definitions of struct for the Key Manager's CAPI and their utility functions.
22 #ifndef __TIZEN_CORE_CKMC_TYPE_H
23 #define __TIZEN_CORE_CKMC_TYPE_H
28 #define KEY_MANAGER_CAPI __attribute__((visibility("default")))
36 * @addtogroup CAPI_KEY_MANAGER_TYPES_MODULE
41 * @brief Sperator between alias and label.
43 * @remarks Alias can be provided as an alias alone, or together with label - in this
44 * case, separator " " (space bar) is used to separate label and alias.
45 * @see key-manager_doc.h
47 KEY_MANAGER_CAPI extern char const * const ckmc_label_name_separator;
50 * @brief Enumeration for key types of key manager.
53 typedef enum __ckmc_key_type {
54 CKMC_KEY_NONE = 0, /**< Key type not specified */
55 CKMC_KEY_RSA_PUBLIC, /**< RSA public key */
56 CKMC_KEY_RSA_PRIVATE, /**< RSA private key */
57 CKMC_KEY_ECDSA_PUBLIC, /**< ECDSA public key */
58 CKMC_KEY_ECDSA_PRIVATE, /**< ECDSA private key */
59 CKMC_KEY_DSA_PUBLIC, /**< DSA public key */
60 CKMC_KEY_DSA_PRIVATE, /**< DSA private key */
61 CKMC_KEY_AES, /**< AES key */
65 * @brief Enumeration for data format.
68 typedef enum __ckmc_data_format {
69 CKMC_FORM_DER_BASE64 = 0, /**< DER format base64 encoded data */
70 CKMC_FORM_DER, /**< DER encoded data */
71 CKMC_FORM_PEM /**< PEM encoded data. It consists of the DER format base64 encoded
72 with additional header and footer lines. */
76 * @brief Enumeration for elliptic curve.
79 typedef enum __ckmc_ec_type {
80 CKMC_EC_PRIME192V1 = 0, /**< Elliptic curve domain "secp192r1" listed in "SEC 2" recommended
81 elliptic curve domain */
82 CKMC_EC_PRIME256V1, /**< "SEC 2" recommended elliptic curve domain - secp256r1 */
83 CKMC_EC_SECP384R1 /**< NIST curve P-384 (covers "secp384r1", the elliptic curve domain
84 listed in See SEC 2 */
88 * @brief Enumeration for hash algorithm.
91 typedef enum __ckmc_hash_algo {
92 CKMC_HASH_NONE = 0, /**< No Hash Algorithm */
93 CKMC_HASH_SHA1, /**< Hash Algorithm SHA1 */
94 CKMC_HASH_SHA256, /**< Hash Algorithm SHA256 */
95 CKMC_HASH_SHA384, /**< Hash Algorithm SHA384 */
96 CKMC_HASH_SHA512 /**< Hash Algorithm SHA512 */
100 * @brief Enumeration for RSA padding algorithm.
103 typedef enum __ckmc_rsa_padding_algo {
104 CKMC_NONE_PADDING = 0, /**< No Padding */
105 CKMC_PKCS1_PADDING, /**< PKCS#1 Padding */
106 CKMC_X931_PADDING /**< X9.31 padding */
107 } ckmc_rsa_padding_algo_e;
110 * @deprecated Deprecated since 2.4. [Use ckmc_permission_e() instead]
111 * @brief Enumeration for database access rights.
114 typedef enum __ckmc_access_right{
115 CKMC_AR_READ = 0, /**< Access right for read*/
116 CKMC_AR_READ_REMOVE /**< Access right for read and remove*/
117 } ckmc_access_right_e;
120 * @brief Enumeration for permissions to access/modify alias.
123 typedef enum __ckmc_permission{
124 CKMC_PERMISSION_NONE = 0x00, /**< Clear permissions */
125 CKMC_PERMISSION_READ = 0x01, /**< Eead allowed */
126 CKMC_PERMISSION_REMOVE = 0x02 /**< Remove allowed */
130 * @brief the structure for binary buffer used in key manager CAPI.
133 typedef struct __ckmc_raw_buff {
134 unsigned char* data; /**< Byte array containing binary data */
135 size_t size; /**< The size of the binary data */
139 * @brief The structure for a policy for storing key/certificate/binary data.
142 typedef struct __ckmc_policy {
143 char* password; /**< Byte array used to encrypt data inside CKM. If it is not null, the data
144 (or key, or certificate) is stored encrypted with this password inside
146 bool extractable; /**< If true key may be extracted from storage */
150 * @brief The structure for key used in key manager CAPI.
153 typedef struct __ckmc_key {
154 unsigned char* raw_key; /**< Byte array of key. raw_key may be encrypted with password */
155 size_t key_size; /**< The byte size of raw_key */
156 ckmc_key_type_e key_type; /**< The raw_key's type */
157 char* password; /**< Byte array used to decrypt data raw_key inside key manager. */
161 * @brief The structure for certificate used in key manager CAPI.
164 typedef struct __ckmc_cert {
165 unsigned char* raw_cert; /**< Byte array of certificate */
166 size_t cert_size; /**< Byte size of raw_cert */
167 ckmc_data_format_e data_format; /**< Raw_cert's encoding format */
171 * @brief The structure for linked list of alias.
174 typedef struct __ckmc_alias_list {
175 char *alias; /**< The name of key, certificate or data stored in key manager */
176 struct __ckmc_alias_list *next; /**< The pointer pointing to the next ckmc_alias_list_s */
180 * @brief The structure for linked list of #ckmc_cert_s.
183 typedef struct __ckmc_cert_list {
184 ckmc_cert_s *cert; /**< The pointer of #ckmc_cert_s */
185 struct __ckmc_cert_list *next; /**< The pointer pointing to the next #ckmc_cert_list_s */
189 * @brief Enumeration for OCSP status.
192 typedef enum __ckmc_ocsp_status {
193 CKMC_OCSP_STATUS_GOOD = 0, /**< OCSP status is good */
194 CKMC_OCSP_STATUS_REVOKED, /**< The certificate is revoked */
195 CKMC_OCSP_STATUS_UNKNOWN, /**< Unknown error */
196 CKMC_OCSP_ERROR_UNSUPPORTED, /**< The certificate does not provide OCSP extension */
197 CKMC_OCSP_ERROR_INVALID_URL, /**< The invalid URL in certificate OCSP extension */
198 CKMC_OCSP_ERROR_INVALID_RESPONSE, /**< The invalid response from OCSP server */
199 CKMC_OCSP_ERROR_REMOTE, /**< OCSP remote server error */
200 CKMC_OCSP_ERROR_NET, /**< Network connection error */
201 CKMC_OCSP_ERROR_INTERNAL /**< OpenSSL API error */
202 } ckmc_ocsp_status_e;
205 * @brief The structure for PKCS12 used in key manager CAPI.
208 typedef struct __ckmc_pkcs12 {
209 ckmc_key_s *priv_key; /**< The private key, may be null */
210 ckmc_cert_s *cert; /**< The certificate, may be null */
211 ckmc_cert_list_s *ca_chain; /**< The chain certificate list, may be null */
216 * @brief Creates a new #ckmc_key_s handle and returns it.
220 * @remarks You must destroy the newly created @a ppkey by calling ckmc_key_free()
221 * if it is no longer needed.
223 * @param[in] raw_key The byte array of key @a raw_key may be encrypted with password
224 * @param[in] key_size The byte size of @a raw_key
225 * @param[in] key_type The @a raw_key's type
226 * @param[in] password The byte array used to decrypt @a raw_key inside key manager \n
227 * If @a raw_key is not encrypted, @a password can be null
228 * @param[out] ppkey The pointer to a newly created #ckmc_key_s handle
230 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
232 * @retval #CKMC_ERROR_NONE Successful
233 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
234 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory
236 * @see ckmc_key_free()
239 int ckmc_key_new(unsigned char *raw_key,
241 ckmc_key_type_e key_type,
246 * @brief Destroys the #ckmc_key_s handle and releases all its resources.
250 * @param[in] key The #ckmc_key_s handle to destroy
253 void ckmc_key_free(ckmc_key_s *key);
256 * @brief Creates a new #ckmc_raw_buffer_s handle and returns it.
260 * @remarks You must destroy the newly created @a ppbuffer by calling ckmc_buffer_free()
261 * if it is no longer needed.
263 * @param[in] data The byte array of buffer
264 * @param[in] size The byte size of buffer
265 * @param[out] ppbuffer The pointer to a newly created #ckmc_buffer_s handle
267 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
269 * @retval #CKMC_ERROR_NONE Successful
270 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
271 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory
273 * @see ckmc_buffer_free()
274 * @see #ckmc_raw_buffer_s
276 int ckmc_buffer_new(unsigned char *data, size_t size, ckmc_raw_buffer_s **ppbuffer);
279 * @brief Destroys the #ckmc_raw_buffer_s handle and releases all its resources.
283 * @param[in] buffer The #ckmc_raw_buffer_s structure to destroy
286 void ckmc_buffer_free(ckmc_raw_buffer_s *buffer);
289 * @brief Creates a new #ckmc_cert_s handle and returns it.
293 * @remarks You must destroy the newly created @a ppcert by calling ckmc_cert_free()
294 * if it is no longer needed.
296 * @param[in] raw_cert The byte array of certificate
297 * @param[in] cert_size The byte size of raw_cert
298 * @param[in] data_format The encoding format of raw_cert
299 * @param[out] ppcert The pointer to a newly created #ckmc_cert_s handle
301 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
303 * @retval #CKMC_ERROR_NONE Successful
304 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
305 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory
307 * @see ckmc_cert_free()
308 * @see ckmc_load_cert_from_file()
309 * @see #ckmc_data_format_e
312 int ckmc_cert_new(unsigned char *raw_cert,
314 ckmc_data_format_e data_format,
315 ckmc_cert_s **ppcert);
318 * @brief Destroys the #ckmc_cert handle and releases all its resources.
322 * @param[in] cert The #ckmc_cert_s handle to destroy
324 * @see ckmc_load_cert_from_file()
325 * @see ckmc_load_from_pkcs12_file()
328 void ckmc_cert_free(ckmc_cert_s *cert);
331 * @brief Creates a new #ckmc_cert_s handle from a given file and returns it.
335 * @remarks You must destroy the newly created @a cert by calling ckmc_cert_free()
336 * if it is no longer needed.
338 * @param[in] file_path The path of certificate file to be loaded \n
339 * The only DER or PEM encoded certificate file is supported
340 * @param[out] cert The pointer of newly created #ckmc_cert_s handle
342 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
344 * @retval #CKMC_ERROR_NONE Successful
345 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space
346 * @retval #CKMC_ERROR_INVALID_FORMAT Invalid certificate file format
347 * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed
349 * @see ckmc_cert_free()
352 int ckmc_load_cert_from_file(const char *file_path, ckmc_cert_s **cert);
355 * @brief Creates a new #ckmc_pkcs12_s handle and returns it.
359 * @remarks You must destroy the newly created @a pkcs12_bundle by calling ckmc_pkcs12_free()
360 * if it is no longer needed.
361 * @remarks On success, @a private_key, @a cert and @a ca_cert_list ownership is transferred
362 * into newly returned #ckmc_pkcs12_s.
364 * @param[in] private_key #ckmc_key_s handle to the private key (optional)
365 * @param[in] cert #ckmc_cert_s handle to the certificate (optional)
366 * @param[in] ca_cert_list #ckmc_cert_list_s list of chain certificate handles (optional)
367 * @param[out] pkcs12_bundle The pointer to a newly created #ckmc_pkcs12_s handle
369 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
371 * @retval #CKMC_ERROR_NONE Successful
372 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid or @a private_key, @a cert
373 * and @a ca_cert_list all are null
374 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory
376 * @see ckmc_pkcs12_free()
377 * @see ckmc_load_from_pkcs12_file()
378 * @see ckmc_pkcs12_load()
381 * @see #ckmc_cert_list_s
382 * @see #ckmc_pkcs12_s
384 int ckmc_pkcs12_new(ckmc_key_s *private_key,
386 ckmc_cert_list_s *ca_cert_list,
387 ckmc_pkcs12_s **pkcs12_bundle);
390 * @deprecated Deprecated since 2.4. [Use ckmc_pkcs12_load() instead]
391 * @brief Creates a new @a private_key, @a cert and @a ca_cert_list handle from a given
392 * PKCS12 file and returns them.
396 * @remarks You must destroy the newly created @a private_key, @a cert and
397 * @a ca_cert_list by calling ckmc_key_free(), ckmc_cert_free() and
398 * ckmc_cert_list_all_free() if they are no longer needed.
400 * @param[in] file_path The path of PKCS12 file to be loaded
401 * @param[in] passphrase The passphrase used to decrypt the PCKS12 file \n
402 * If PKCS12 file is not encrypted, passphrase can be null
403 * @param[out] private_key The pointer of newly created #ckmc_key_s handle for a private key
404 * @param[out] cert The pointer of newly created #ckmc_cert_s handle for a certificate \n
405 * It is null if the PKCS12 file does not contain a certificate
406 * @param[out] ca_cert_list The pointer of newly created #ckmc_cert_list_s handle for CA
408 * It is null if the PKCS12 file does not contain CA certificates
410 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
412 * @retval #CKMC_ERROR_NONE Successful
413 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space
414 * @retval #CKMC_ERROR_INVALID_FORMAT Invalid PKCS12 file format
415 * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed
417 * @see ckmc_pkcs12_new()
418 * @see ckmc_pkcs12_load()
419 * @see ckmc_key_free()
420 * @see ckmc_cert_free()
421 * @see ckmc_cert_list_all_free()
424 * @see #ckmc_cert_list_s
426 int ckmc_load_from_pkcs12_file(const char *file_path,
427 const char *passphrase,
428 ckmc_key_s **private_key,
430 ckmc_cert_list_s **ca_cert_list);
433 * @brief Creates a new #ckmc_pkcs12_s handle from a given PKCS#12 file and returns it.
437 * @remarks You must destroy the newly created @a pkcs12_bundle by calling ckmc_pkcs12_free() if
438 * they are no longer needed.
440 * @param[in] file_path The path of PKCS12 file to be loaded
441 * @param[in] passphrase The passphrase used to decrypt the PCKS12 file \n
442 * If PKCS12 file is not encrypted, passphrase can be null
443 * @param[out] pkcs12_bundle The pointer of newly created #ckmc_cert_list_s handle for CA
445 * It is null if the PKCS12 file does not contain CA certificates
447 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
449 * @retval #CKMC_ERROR_NONE Successful
450 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory space
451 * @retval #CKMC_ERROR_INVALID_FORMAT Invalid PKCS12 file format
452 * @retval #CKMC_ERROR_FILE_ACCESS_DENIED Provided file does not exist or cannot be accessed
454 * @see ckmc_pkcs12_free()
455 * @see #ckmc_pkcs12_s
457 int ckmc_pkcs12_load(const char *file_path,
458 const char *passphrase,
459 ckmc_pkcs12_s **pkcs12_bundle);
462 * @brief Destroys the #ckmc_pkcs12_s handle and releases all its resources.
466 * @param[in] pkcs12 The #ckmc_pkcs12_s handle to destroy
468 * @see ckmc_pkcs12_new()
469 * @see ckmc_pkcs12_load()
471 void ckmc_pkcs12_free(ckmc_pkcs12_s *pkcs12);
474 * @brief Creates a new #ckmc_alias_list_s handle and returns it.
475 * The alias pointer in the returned #ckmc_alias_list_s handle points to the provided
476 * characters and next is null.
480 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_list_free()
481 * or ckmc_alias_list_all_free() if it is no longer needed.
483 * @param[in] alias The first item to be set in the newly created #ckmc_alias_list_s
484 * @param[out] ppalias_list The pointer to a newly created #ckmc_alias_list_s handle
486 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
488 * @retval #CKMC_ERROR_NONE Successful
489 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
490 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory
492 * @see ckmc_alias_list_all_free()
493 * @see #ckmc_alias_list_s
495 int ckmc_alias_list_new(char *alias, ckmc_alias_list_s **ppalias_list);
498 * @brief Creates a new #ckmc_alias_list_s handle, adds it to a @a previous and returns it.
499 * The alias pointer in the returned #ckmc_alias_list_s handle points to the
500 * provided characters and next is null.
504 * @param[in] previous The last #ckmc_alias_list_s handle to which a newly created
505 * #ckmc_alias_list_s is added
506 * @param[in] alias The item to be set in the newly created #ckmc_alias_list_s
507 * @param[out] pplast The pointer to a newly created and added #ckmc_alias_list_s handle
509 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
511 * @retval #CKMC_ERROR_NONE Successful
512 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
513 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory
515 * @see ckmc_alias_list_all_free()
516 * @see #ckmc_alias_list_s
518 int ckmc_alias_list_add(ckmc_alias_list_s *previous,
520 ckmc_alias_list_s **pplast);
523 * @brief Destroys the #ckmc_alias_list_s handle and releases resources from the provided
524 * @a first handle cascadingly.
528 * @remarks It does not destroy an alias itself in #ckmc_alias_list_s.
530 * @param[in] first The first #ckmc_alias_list_s handle to destroy
532 * @see ckmc_alias_list_all_free()
533 * @see #ckmc_alias_list_s
535 void ckmc_alias_list_free(ckmc_alias_list_s *first);
538 * @brief Destroys the #ckmc_alias_list_s handle and releases all its resources from the provided
539 * @a first handle cascadingly.
543 * @remarks It also destroys the alias in #ckmc_alias_list_s.
545 * @param[in] first The first #ckmc_alias_list_s handle to destroy
547 * @see ckmc_alias_list_free()
548 * @see #ckmc_alias_list_s
550 void ckmc_alias_list_all_free(ckmc_alias_list_s *first);
553 * @brief Creates a new #ckmc_cert_list_s handle and returns it.
554 * The cert pointer in the returned #ckmc_cert_list_s handle points to the provided
555 * #ckmc_cert_s and next is null.
559 * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_cert_list_free()
560 * or ckmc_cert_list_all_free() if it is no longer needed.
562 * @param[in] cert The first item to be set in the newly created #ckmc_cert_list_s
563 * @param[out] ppalias_list The pointer to a newly created #ckmc_alias_list_s handle
565 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
567 * @retval #CKMC_ERROR_NONE Successful
568 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
569 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory
571 * @see ckmc_cert_list_all_free()
572 * @see #ckmc_cert_list_s
574 int ckmc_cert_list_new(ckmc_cert_s *cert, ckmc_cert_list_s **ppalias_list);
577 * @brief Creates a new #ckmc_cert_list_s handle, adds it to a previous #ckmc_cert_list_s and
578 * returns it. The cert pointer in the returned #ckmc_alias_list_s handle points to the
579 * provided #ckmc_cert_s and next is null.
583 * @param[in] previous The last #ckmc_cert_list_s handle to which a newly created
584 * #ckmc_cert_list_s is added
585 * @param[in] cert The item to be set in the newly created #ckmc_cert_list_s
586 * @param[out] pplast The pointer to a newly created and added #ckmc_alias_list_s handle
588 * @return #CKMC_ERROR_NONE on success, otherwise a negative error value
590 * @retval #CKMC_ERROR_NONE Successful
591 * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
592 * @retval #CKMC_ERROR_OUT_OF_MEMORY Not enough memory
594 * @see ckmc_cert_list_all_free()
595 * @see #ckmc_cert_list_s
597 int ckmc_cert_list_add(ckmc_cert_list_s *previous, ckmc_cert_s *cert, ckmc_cert_list_s **pplast);
600 * @brief Destroys the #ckmc_cert_list_s handle and releases resources from the provided
601 * @a first handle cascadingly.
605 * @remarks It does not destroy #ckmc_cert_s itself in #ckmc_cert_list_s.
607 * @param[in] first The first #ckmc_cert_list_s handle to destroy
609 * @see ckmc_cert_list_all_free()
610 * @see #ckmc_cert_list_s
612 void ckmc_cert_list_free(ckmc_cert_list_s *first);
615 * @brief Destroys the #ckmc_cert_list_s handle and releases all its resources from the provided
616 * @a first handle cascadingly.
620 * @remarks It also destroys #ckmc_cert_s in #ckmc_cert_list_s.
622 * @param[in] first The first #ckmc_cert_list_s handle to destroy
624 * @see ckmc_cert_list_free()
625 * @see #ckmc_cert_list_s
627 void ckmc_cert_list_all_free(ckmc_cert_list_s *first);
637 #endif /* __TIZEN_CORE_CKMC_TYPE_H */