/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2019 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
int ckmc_get_key_alias_list(ckmc_alias_list_s **ppalias_list);
+/**
+ * @brief Gets the information about all the aliases of keys that the client can access.
+ * @since_tizen 5.5
+ * @remarks A client can access only data stored by the client and the entries from system database
+ * if it was explicitly permitted to.
+ * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_info_list_all_free()
+ * if it is no longer needed.
+ * @param[out] ppalias_list The pointer to a newly created ckmc_alias_info_list_s handle containing
+ * information about all key aliases \n
+ * If there is no available key alias, *ppalias_list will be null
+ * @return @c 0 on success,
+ * otherwise a negative error value
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ * @see ckmc_save_key()
+ * @see ckmc_remove_alias()
+ * @see ckmc_get_key()
+ */
+int ckmc_get_key_alias_info_list(ckmc_alias_info_list_s **ppalias_list);
+
/**
* @brief Stores a certificate inside key manager based on the provided policy.
/**
+ * @brief Gets the information about all the aliases of certificates that the client can access.
+ * @since_tizen 5.5
+ * @remarks A client can access only data stored by the client and the entries from system database
+ * if it was explicitly permitted to.
+ * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_info_list_all_free()
+ * if it is no longer needed.
+ * @param[out] ppalias_list The pointer to a newly created ckmc_alias_info_list_s handle containing
+ * information about all certificate aliases \n
+ * If there is no available certificate alias, *ppalias_list will be null
+ * @return @c 0 on success,
+ * otherwise a negative error value
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ * @see ckmc_save_cert()
+ * @see ckmc_remove_alias()
+ * @see ckmc_get_cert()
+ */
+int ckmc_get_cert_alias_info_list(ckmc_alias_info_list_s **ppalias_list);
+
+
+/**
* @brief Stores PKCS12's contents inside key manager based on the provided policies. All items from the PKCS12 will use the same alias.
* @since_tizen @if MOBILE 2.4 @elseif WEARABLE 3.0 @endif
* @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0.
/**
+ * @brief Gets the information about all the aliases of data that the client can access.
+ * @since_tizen 5.5
+ * @remarks A client can access only data stored by the client and the entries from system database
+ * if it was explicitly permitted to.
+ * @remarks You must destroy the newly created @a ppalias_list by calling ckmc_alias_info_list_all_free()
+ * if it is no longer needed.
+ * @param[out] ppalias_list The pointer to a newly created ckmc_alias_info_list_s handle containing
+ * information about all data aliases \n
+ * If there is no available data alias, *ppalias_list will be null
+ * @return @c 0 on success,
+ * otherwise a negative error value
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ * @see ckmc_save_data()
+ * @see ckmc_remove_alias()
+ * @see ckmc_get_data()
+ */
+int ckmc_get_data_alias_info_list(ckmc_alias_info_list_s **ppalias_list);
+
+
+/**
* @brief Creates RSA private/public key pair and stores them inside key manager based on each policy.
* @since_tizen 2.3
* @remarks %http://tizen.org/privilege/keymanager (public level privilege) is no longer required to use this API since 3.0.
* @param[in] message The message that is signed with a private key
* @param[in] hash The hash algorithm used in creating signature
* @param[in] padding The RSA padding algorithm used in creating signature \n
- * It is used only when the signature algorithm is RSA
+ * It is used only when the signature algorithm is RSA. If
+ * @a padding is CKMC_NONE_PADDING you must use CKMC_HASH_NONE
+ * and the message must be equal to key length
* @param[out] ppsignature The pointer to a newly created signature \n
* If an error occurs, @a *ppsignature will be null
* @return @c 0 on success,
* @param[in] signature The signature that is verified with public key
* @param[in] hash The hash algorithm used in verifying signature
* @param[in] padding The RSA padding algorithm used in verifying signature \n
- * It is used only when the signature algorithm is RSA
+ * It is used only when the signature algorithm is RSA. If
+ * @a padding is CKMC_NONE_PADDING you must use CKMC_HASH_NONE
+ * and the message must be equal to key length
* @return @c 0 on success and the signature is valid,
* otherwise a negative error value
* @retval #CKMC_ERROR_NONE Successful
* @param[in] password The password used in decrypting a key value \n
* If password of the policy is provided in ckmc_save_key(), the same
* password should be provided
- * @param[in] decrypted Data to be encrypted. In case of AES algorithm there are no restrictions on the size of data.
+ * @param[in] decrypted Data to be encrypted. In case of AES algorithm there are no restrictions on the size of data,
+ * if S/W backend is used. If module uses TEE backend (since Tizen 5.0 on chosen images),
+ * maximum size of data is implementation-specific and at least 500 kB.
* For RSA the size must be smaller or equal to key size in bytes - 42.
- * Example: for 1024 RSA key the maximum data size is 1024/8 - 42 = 86
+ * Example: for 1024 RSA key the maximum data size is 1024/8 - 42 = 86.
* @param[out] ppencrypted Encrypted data (some algorithms may return additional information embedded in encrypted data.
* AES GCM is an example) \n
* The caller is responsible for freeing @a encrypted with ckmc_buffer_free()
* otherwise a negative error value
* @retval #CKMC_ERROR_NONE Successful
* @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid
- * mandatory algorithm parameter, decrypted = NULL,
+ * mandatory algorithm parameter or RSA data too long, decrypted = NULL,
* ppencrypted = NULL)
* @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
* @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
* @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist
* @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
* @retval #CKMC_ERROR_AUTHENTICATION_FAILED Key decryption failed because password is incorrect
+ * @retval #CKMC_ERROR_SERVER_ERROR Too big data size or unsupported GCM mode (32 and 64 bit tag lengths not supported on TEE backend) or internal error
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
* @see ckmc_buffer_free()
* @see ckmc_param_list_new()
* @param[in] password The password used in decrypting a key value \n
* If password of the policy is provided in ckmc_save_key(), the same password should be provided
* @param[in] encrypted Data to be decrypted (some algorithms may require additional information embedded in encrypted data. AES GCM is an example)
+ * Since Tizen 5.0, on chosen images where module is using TEE backend, data size is limited to at least 500 kB
+ * (TEE implementation-specific).
* @param[out] ppdecrypted Decrypted data \n
* The caller is responsible for freeing @a decrypted with ckmc_buffer_free()
* @return @c 0 on success,
* otherwise a negative error value
* @retval #CKMC_ERROR_NONE Successful
* @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid (missing or invalid
- * mandatory algorithm parameter, encrypted = NULL,
- * ppdecrypted = NULL)
+ * mandatory algorithm parameter, GCM tag authentication failed, key or data is wrong,
+ * in case of RSA key is wrong or data too long, encrypted = NULL, ppdecrypted = NULL)
* @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged in)
* @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
* @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist
* @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
* @retval #CKMC_ERROR_AUTHENTICATION_FAILED Key decryption failed because password is incorrect
+ * @retval #CKMC_ERROR_SERVER_ERROR Too big data size or unsupported GCM mode (32 and 64 bit tag lengths not supported on TEE backend) or internal error
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
* @see ckmc_buffer_free()
* @see ckmc_param_list_new()
projects / platform / core / security / key-manager.git / blobdiff