/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
- * @remarks Currently only six types of keys are supported for this API. These are RSA
- * public/private key, DSA public/private key and ECDSA public/private key.
+ * @remarks Currently API supports seven types of keys. These are RSA public/private key,
+ * DSA public/private key, ECDSA public/private key and AES symmetric key.
* @remarks key_type in key may be set to #CKMC_KEY_NONE as an input. key_type is determined inside
* key manager during storing keys.
* @remarks Some private key files are protected by a password. If raw_key in key read from those
*
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
- * @see ckmc_remove_key()
+ * @see ckmc_remove_alias()
* @see ckmc_get_key()
* @see ckmc_get_key_alias_list()
* @see #ckmc_key_s
int ckmc_save_key(const char *alias, const ckmc_key_s key, const ckmc_policy_s policy);
/**
+ * @deprecated Deprecated since 2.4. [Use ckmc_remove_alias() instead]
* @brief Removes a key from key manager.
*
* @since_tizen 2.3
* @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
* @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
* @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
+ * Decryption failed because password is incorrect.
*
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_save_key()
- * @see ckmc_remove_key()
+ * @see ckmc_remove_alias()
* @see ckmc_get_key_alias_list()
*/
int ckmc_get_key(const char *alias, const char *password, ckmc_key_s **ppkey);
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_save_key()
- * @see ckmc_remove_key()
+ * @see ckmc_remove_alias()
* @see ckmc_get_key()
*/
int ckmc_get_key_alias_list(ckmc_alias_list_s** ppalias_list);
*
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
- * @see ckmc_remove_cert()
+ * @see ckmc_remove_alias()
* @see ckmc_get_cert()
* @see ckmc_get_cert_alias_list()
* @see #ckmc_cert_s
int ckmc_save_cert(const char *alias, const ckmc_cert_s cert, const ckmc_policy_s policy);
/**
+ * @deprecated Deprecated since 2.4. [Use ckmc_remove_alias() instead]
* @brief Removes a certificate from key manager.
*
* @since_tizen 2.3
* @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
* @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exists
* @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
+ * Decryption failed because password is incorrect.
*
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_save_cert()
- * @see ckmc_remove_cert()
+ * @see ckmc_remove_alias()
* @see ckmc_get_cert_alias_list()
*/
int ckmc_get_cert(const char *alias, const char *password, ckmc_cert_s **ppcert);
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_save_cert()
- * @see ckmc_remove_cert()
+ * @see ckmc_remove_alias()
* @see ckmc_get_cert()
*/
int ckmc_get_cert_alias_list(ckmc_alias_list_s** ppalias_list);
/**
* @brief Stores PKCS12's contents inside key manager based on the provided policies.
- * All items from the PKCS12 will use the same alias.
+ * All items from the PKCS12 will use the same alias.
*
- * @since_tizen 2.3
+ * @since_tizen 2.4
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
*
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
- * @see ckmc_remove_pkcs12()
+ * @see ckmc_remove_alias()
* @see ckmc_get_pkcs12()
* @see ckmc_get_data_alias_list()
- * @see ckmc_load_from_pkcs12_file2()
+ * @see ckmc_pkcs12_load()
* @see #ckmc_pkcs12_s
* @see #ckmc_policy_s
*/
const ckmc_policy_s cert_policy);
/**
- * @brief Removes all PKCS12 contents from key manager.
- *
- * @since_tizen 2.3
- * @privlevel public
- * @privilege %http://tizen.org/privilege/keymanager
- *
- * @remarks To remove PKCS12, client must have remove permission to the specified PKCS12 object.
- * @remarks The key owner can remove by default.
- *
- * @param[in] alias The name of PKCS12 to be removed
- *
- * @return @c 0 on success,
- * otherwise a negative error value
- *
- * @retval #CKMC_ERROR_NONE Successful
- * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
- * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
- * in)
- * @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
- * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
- * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
- *
- * @pre User is already logged in and the user key is already loaded into memory in plain text form.
- *
- * @see ckmc_save_pkcs12()
- * @see ckmc_get_pkcs12()
- */
-int ckmc_remove_pkcs12(const char *alias);
-
-/**
* @brief Gets a pkcs12 from key manager.
*
- * @since_tizen 2.3
+ * @since_tizen 2.4
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
* @remarks You must destroy the newly created @a pkcs12 by calling ckmc_pkcs12_free() if it is no
* longer needed.
*
- * @param[in] alias The name of a data to retrieve
- * @param[out] pkcs12 The pointer to a newly created ckmc_pkcs12_s handle
+ * @param[in] alias The name of a data to retrieve
+ * @param[in] key_password Password that was used to encrypt privateKey (may be NULL)
+ * @param[in] cert_password Password used to encrypt certificates (may be NULL)
+ * @param[out] pkcs12 The pointer to a newly created ckmc_pkcs12_s handle
*
* @return @c 0 on success,
* otherwise a negative error value
* @retval #CKMC_ERROR_DB_ERROR Failed due to a database error
* @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
* @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
+ * key_password or cert_password does not match with password
+ * used to encrypt data
*
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_save_pkcs12()
- * @see ckmc_remove_pkcs12()
+ * @see ckmc_remove_alias()
*/
-int ckmc_get_pkcs12(const char *alias, ckmc_pkcs12_s **pkcs12);
-
-
-
+int ckmc_get_pkcs12(const char *alias, const char *key_password, const char *cert_password, ckmc_pkcs12_s **pkcs12);
/**
* @brief Stores a data inside key manager based on the provided policy.
*
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
- * @see ckmc_remove_data()
+ * @see ckmc_remove_alias()
* @see ckmc_get_data()
* @see ckmc_get_data_alias_list()
* @see #ckmc_raw_buffer_s
int ckmc_save_data(const char *alias, ckmc_raw_buffer_s data, const ckmc_policy_s policy);
/**
+ * @deprecated Deprecated since 2.4. [Use ckmc_remove_alias() instead]
* @brief Removes a data from key manager.
*
* @since_tizen 2.3
* @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
* @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
* @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
- *
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
+ * Decryption failed because password is incorrect.
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_save_data()
- * @see ckmc_remove_data()
+ * @see ckmc_remove_alias()
* @see ckmc_get_data_alias_list()
*/
int ckmc_get_data(const char *alias, const char *password, ckmc_raw_buffer_s **ppdata);
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_save_data()
- * @see ckmc_remove_data()
+ * @see ckmc_remove_alias()
* @see ckmc_get_data()
*/
int ckmc_get_data_alias_list(ckmc_alias_list_s** ppalias_list);
const ckmc_policy_s policy_public_key);
/**
+ * @brief Creates AES key and stores it inside key manager based on the policy.
+ *
+ * @since_tizen 3.0
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @remarks If password in policy is provided, the key is additionally encrypted with the password
+ * in policy.
+ *
+ * @param[in] size The size of key strength to be created. \n
+ * @c 128, @c 192 and @c 256 are supported.
+ * @param[in] key_alias The name of key to be stored
+ * @param[in] key_policy The policy about how to store the key securely
+ *
+ * @return @c 0 on success,
+ * otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ALIAS_EXISTS Alias already exists
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to other DB transaction unexpectedly
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_create_key_pair_rsa()
+ * @see ckmc_create_key_pair_dsa()
+ * @see ckmc_create_key_pair_ecdsa()
+ */
+int ckmc_create_key_aes(const size_t size,
+ const char *key_alias,
+ const ckmc_policy_s key_policy);
+
+/**
* @brief Creates a signature on a given message using a private key and returns the signature.
*
* @since_tizen 2.3
* @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
* @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
* @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
+ * Decryption failed because password is incorrect.
*
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
* @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
* @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
+ * Decryption failed because password is incorrect.
*
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
const ckmc_rsa_padding_algo_e padding);
/**
- * @deprecated, see ckmc_get_certificate_chain()
* @brief Verifies a certificate chain and returns that chain.
*
* @since_tizen 2.3
* @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
* @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
* @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
+ * Decryption failed because password is incorrect.
*
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
ckmc_cert_list_s **ppcert_chain_list);
/**
- * @deprecated, see ckmc_get_certificate_chain_with_alias()
* @brief Verifies a certificate chain using an alias list of untrusted certificates and return that
* chain.
*
* @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
* @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
* @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
+ * Some certificates were encrypted with password and could not
+ * be used.
*
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
- * @see ckmc_get_cert_chain())
+ * @see ckmc_get_cert_chain()
* @see ckmc_cert_list_all_free()
*/
int ckmc_get_cert_chain_with_alias(const ckmc_cert_s *cert,
* @brief Verifies a certificate chain and returns that chain using user entered trusted and
* untrusted CA certificates
*
- * @since_tizen 3.0
+ * @since_tizen 2.4
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
*
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
- * @see ckmc_get_cert_chain_with_alias())
+ * @see ckmc_get_cert_chain_with_trustedcert_alias()
* @see ckmc_cert_list_all_free()
*/
-int ckmc_get_certificate_chain(const ckmc_cert_s *cert,
- const ckmc_cert_list_s *untrustedcerts,
- const ckmc_cert_list_s *trustedcerts,
- const bool use_trustedsystemcerts,
- ckmc_cert_list_s **ppcert_chain_list);
+int ckmc_get_cert_chain_with_trustedcert(const ckmc_cert_s *cert,
+ const ckmc_cert_list_s *untrustedcerts,
+ const ckmc_cert_list_s *trustedcerts,
+ const bool use_trustedsystemcerts,
+ ckmc_cert_list_s **ppcert_chain_list);
/**
* @brief Verifies a certificate chain and returns that chain using alias lists of untrusted and
* trusted certificates
*
- * @since_tizen 3.0
+ * @since_tizen 2.4
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
* @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Alias does not exist
* @retval #CKMC_ERROR_INVALID_FORMAT The format of certificate is not valid
* @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
+ * Some certificates were encrypted with password and could not
+ * be used.
*
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
- * @see ckmc_get_cert_chain())
+ * @see ckmc_get_cert_chain_with_trustedcert()
* @see ckmc_cert_list_all_free()
*/
-int ckmc_get_certificate_chain_with_alias(const ckmc_cert_s *cert,
- const ckmc_alias_list_s *untrustedcerts,
- const ckmc_alias_list_s *trustedcerts,
- const bool use_trustedsystemcerts,
- ckmc_cert_list_s **ppcert_chain_list);
+int ckmc_get_cert_chain_with_trustedcert_alias(const ckmc_cert_s *cert,
+ const ckmc_alias_list_s *untrustedcerts,
+ const ckmc_alias_list_s *trustedcerts,
+ const bool use_trustedsystemcerts,
+ ckmc_cert_list_s **ppcert_chain_list);
/**
* @brief Perform OCSP which checks certificate is whether revoked or not
*
- * @since_tizen 3.0
+ * @since_tizen 2.4
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
* @retval #CKMC_ERROR_NONE Successful
* @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
* @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_NOT_SUPPORTED Device needed to run API is not supported
*
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
* @pre @a pcert_chain_list is created with ckmc_get_certificate_chain() or
int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e *ocsp_status);
/**
- * @deprecated, see ckmc_set_permission()
+ * @deprecated Deprecated since 2.4. [Use ckmc_set_permission() instead]
* @brief Allows another application to access client's application data
*
* @since_tizen 2.3
/**
* @brief Allows another application to access client's application data
*
- * @since_tizen 3.0
+ * @since_tizen 2.4
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
int ckmc_set_permission(const char *alias, const char *accessor, int permissions);
/**
- * @deprecated, see ckmc_set_permission()
+ * @deprecated Deprecated since 2.4. [Use ckmc_set_permission() instead]
* @brief Revokes another application's access to client's application data
*
* @since_tizen 2.3
/**
* @brief Removes a an entry (no matter of type) from the key manager.
*
- * @since_tizen 3.0
+ * @since_tizen 2.4
* @privlevel public
* @privilege %http://tizen.org/privilege/keymanager
*
* @pre User is already logged in and the user key is already loaded into memory in plain text form.
*
* @see ckmc_save_key()
- * @see ckmc_save_cert
- * @see ckmc_save_data
- * @see ckmc_save_pkcs12
- * @see ckmc_create_key_pair_rsa
- * @see ckmc_create_key_pair_dsa
- * @see ckmc_create_key_pair_ecdsa
+ * @see ckmc_save_cert()
+ * @see ckmc_save_data()
+ * @see ckmc_save_pkcs12()
+ * @see ckmc_create_key_pair_rsa()
+ * @see ckmc_create_key_pair_dsa()
+ * @see ckmc_create_key_pair_ecdsa()
*/
int ckmc_remove_alias(const char *alias);
+/**
+ * @brief Encrypts data using selected key and algorithm.
+ *
+ * @since_tizen 3.0
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @remarks Key identified by @a key_alias should exist.
+ *
+ * @param[in] params Algorithm parameters
+ * @param[in] key_alias Alias of the key to be used for encryption
+ * @param[in] password The password used in decrypting a key value \n
+ * If password of policy is provided in ckmc_save_key(), the same
+ * password should be provided
+ * @param[in] decrypted Data to be encrypted
+ * @param[out] ppencrypted Encrypted data (some algorithms may return additional information
+ * embedded in encrypted data. AES GCM is an example) \n
+ * The caller is responsible for freeing ppencrypted with
+ * ckmc_buffer_free()
+ *
+ * @return @c 0 on success, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
+ * Key decryption failed because password is incorrect
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_buffer_free()
+ * @see ckmc_param_list_new()
+ * @see ckmc_param_list_free()
+ * @see ckmc_param_list_add_integer()
+ * @see ckmc_param_list_add_buffer()
+ * @see ckmc_generate_params()
+ * @see #ckmc_param_list_s
+ * @see #ckmc_param_name_e
+ */
+int ckmc_encrypt_data(const ckmc_param_list_s *params,
+ const char *key_alias,
+ const char *password,
+ const ckmc_raw_buffer_s decrypted,
+ ckmc_raw_buffer_s **ppencrypted);
+
+/**
+ * @brief Decrypts data using selected key and algorithm.
+ *
+ * @since_tizen 3.0
+ * @privlevel public
+ * @privilege %http://tizen.org/privilege/keymanager
+ *
+ * @remarks Key identified by @a key_alias should exist.
+ *
+ * @param[in] params Algorithm parameters
+ * @param[in] key_alias Alias of the key to be used for encryption
+ * @param[in] password The password used in decrypting a key value \n
+ * If password of policy is provided in ckmc_save_key(), the same
+ * password should be provided
+ * @param[in] encrypted Data to be decrypted (some algorithms may require additional
+ * information embedded in encrypted data. AES GCM is an example)
+ * @param[out] ppdecrypted Decrypted data \n
+ * The caller is responsible for freeing ppdecrypted with
+ * ckmc_buffer_free()
+ *
+ * @return @c 0 on success, otherwise a negative error value
+ *
+ * @retval #CKMC_ERROR_NONE Successful
+ * @retval #CKMC_ERROR_INVALID_PARAMETER Input parameter is invalid
+ * @retval #CKMC_ERROR_DB_LOCKED A user key is not loaded in memory (a user is not logged
+ * in)
+ * @retval #CKMC_ERROR_DB_ERROR Failed due to the error with unknown reason
+ * @retval #CKMC_ERROR_DB_ALIAS_UNKNOWN Key with given alias does not exist
+ * @retval #CKMC_ERROR_PERMISSION_DENIED Failed to access key manager
+ * @retval #CKMC_ERROR_AUTHENTICATION_FAILED
+ * Key decryption failed because password is incorrect
+ *
+ * @pre User is already logged in and the user key is already loaded into memory in plain text form.
+ *
+ * @see ckmc_buffer_free()
+ * @see ckmc_param_list_new()
+ * @see ckmc_param_list_free()
+ * @see ckmc_param_list_add_integer()
+ * @see ckmc_param_list_add_buffer()
+ * @see ckmc_generate_params()
+ * @see #ckmc_param_list_s
+ * @see #ckmc_param_name_e
+ */
+int ckmc_decrypt_data(const ckmc_param_list_s *params,
+ const char *key_alias,
+ const char *password,
+ const ckmc_raw_buffer_s encrypted,
+ ckmc_raw_buffer_s **ppdecrypted);
+
#ifdef __cplusplus
}
#endif
projects / platform / core / security / key-manager.git / blobdiff